Identity Theft Red Flags
Whether they realize it or not, customers trust your bank with not only money, but also their identity. What happens when customers decide that your bank cannot protect their identity in the same manner it protects the money in their account? They will leave and tell at least 10 of their friends that your bank cannot be trusted. Put simply, identity theft scares your customers more than they may know or care to admit.
So what does identity theft look like in your bank? Stealing an identity is remarkably simple. If one of your employees is “hired” or placed by organized crime to steal your customer’s identities they can do so in a number of different ways. They can steal or photocopy paper documents containing elements of your customers’ identities. They can access all manner of information in the various databases your bank uses to house customer data. Alternatively, employees can unwittingly share crucial logon data via an email that phishes for information. Understanding what patterns to look for regardless of the source of the threat is critical. After all, your customers want you to protect their identity regardless of source of the threat.
On average, how many customer accounts does a lead teller access in your bank during one month? If the same teller is involved in identity theft, how many accounts will they access during the same period? Does their activity while viewing the account look different when they are in the process of stealing an identity versus conducting a normal business transaction with the customer standing in front of them? If your customers have received phishing emails that captured their online banking login information, how would you tell which customer’s information has been compromised?
Consider the following red flags that may indicate that your customer’s identities are being targeted by internal or external threats:
- A bank employee prints 1,000 account summaries every month
- Many of your customer’s accounts are being accessed online from Georgia (the county, not the state)
- Documents sent to your operations center are often delivered late, sometimes several hours late to allow your courier time to share them with criminals
- An employee appears to be emailing customer information to their personal email account on a daily basis
- A back office printer runs out of toner three times as often this year as it did last year. Employees in that department are printing duplicate copies of entire loan applications
Remember: The activity above is taking place before the stolen identities are put to work to commit fraud. Often, a criminal will use more than one source to steal all of the components of an identity that they need to commit fraud. Not only does your bank have to know when an identity is being stolen from your bank, it also has to recognize when that same identity is being used to commit fraud against your bank.
How many of the red flags noted above is your bank able to detect?
Cause or Effect?
Barry Ritcholtz of TheStreet.com writes in Volker Rule Aims at Moral Hazard: “I keep hearing people complain that the Volcker rule would not have prevented the crisis. The Volcker Rule is aimed at the side effects of the rescue, not prevention. Indeed, in the post crisis, post-bailout era, we must strive not only to prevent the next set of taxpayer funded bailouts — but to minimize the negative repercussions of the last rescue.”
He writes of a “false dichotomy — there is nothing that prevents a society from a) attacking the cause of problem and b) cleaning up the side effects of the prior rescue.”
Let’s look at the false dichotomy of the banking crisis in relation to bank fraud detection. The impact of the Goldman Sachs CDO scandal, Ponzi schemes, the Lehman Brothers failure, as well as the failure of other countless lesser known institutions, has a vast reach and impacts us all as tax payers hit by major recession. But does it also impact us as fraud prevention professionals? A discussion on LinkedIn asks What impact does the recession have on Fraud? The details of the responses vary, but they all point to the same answer… of course there is a positive correlation!
Over the last three years, the banking crisis and recession have created immense opportunities for fraudsters. The growth in fraud we’ve seen includes nearly all types - internal fraud, cyber fraud, wire fraud, check fraud, and kiting. And many legacy bank fraud solutions tackle the problem by taking a myopic approach, one characterized by rigid rules and narrow data sets. They focus on detecting the “side effects” of fraud, and often miss the opportunity to uncover truly risky activities early in the fraud cycle. The result of this approach is high false positive rates, and missed fraud altogether, thereby placing a variety of burdens and difficult choices on the financial institutions under attack.
We don’t have to be burdened by these legacy systems. Technology and analytical models exist that can enable us to look at fraud through a wider lens, with higher priority given to detecting the often interconnected roots of the problem. By taking this broader view, banks can move away from a defensive position of managing fraud loss to a budget threshold and take a proactive approach aimed at aggressively minimizing fraud losses.
What impact would this approach to fraud management have for your organization?
Check Kiting SARs
They say that absence makes the heart grow fonder, and in this case it’s true. Months have passed since my last edition of I Love SARs and in my research to create this post I have found a renewed appreciation for Fincen and the aggregated data they provide. For this post I’m going to concentrate on SAR filing specifically related to check fraud and even more specifically check kiting.
First let’s start by examining SAR activity for check fraud. In Fincen’s data through June 30th, 2009, SARs filed for check fraud (sum of check fraud, counterfeit checks and check kiting) accounted for 18.5% of all SARs filed. By far the highest percent of SARs filed after money laundering.
Pulling back the covers on check fraud, the volume of check kiting SARs is revealing. Bank Fraud Forum has covered check kiting in a number of previous posts and one theme we’ve explored is that kiting activity tends to increase considerably in a down economy. Do the numbers backup this hypothesis? You can tell from the chart below the answer is a resounding YES.
So check kiting is increasing rapidly. The next question is where? Fortunately SAR filing also helps in this regard, allowing state by state breakdowns on the number of kiting SARs filed. Plotting those on a map of the US shows that SAR filing is highest in Delaware, California, Texas, Nevada and Florida.
What is happening at your bank or credit union? Is kiting grounded or taking off? What about other types of check fraud?
Is Debit Card Fraud a More Significant Problem Than Check Fraud?
According to the 2009 ABA Deposit Account Fraud Survey Report, debit card losses totaled $788 million in 2008, compared to $1.024 billion lost to check fraud. More banks reported experiencing debit card fraud losses than check fraud losses. Under how you can detect and prevent more debit card fraud by analyzing clusters of data in a defined context.
No Need to Worry About Check Fraud - Checks are Disappearing, Right?
Many people claim checks are disappearing, and they quote all sorts of facts and figures related to growth in ACH debits, image exchange volumes, debit card activity, etc. The fact of the matter is all of these things are certainly true, nonetheless, checks continue to be issued in massive numbers. And estimated industry losses related to checks exceeded $1 billion in 2008.
Is Check Fraud Under Control?
Banker say they “don’t have a check fraud problem” or that they have check fraud “under control”. But the ABA’s 2009 Deposit Account Fraud Survey Report states that bank losses due to check fraud grew to exceed $1 Billion for the first time. Yes, that is billion with a B.
Bank Fraud Forum – One Year Later
The Bank Fraud Forum is one year old! This is a “thank you” our readers, for contributing to this ongoing project, and encouraging us in our efforts to foster industry collaboration. The goals of The Bank Fraud ForumSM are to convey insights, opinions and comments on the world of financial crime, as well as serve as an open forum for the fraud fighting community. We strive to offer intelligent, timely and thought-provoking analysis of trends, news, best practices and more, and we hope it inspires others to join the discussion. After all, fraud affects everyone.
Not All False Positives Are Bad
Not happy with your false positive rate? This article discusses the root cause analysis and why not all false positives are bad. Some false positives give you the opportunity to avoid a bank error, correct a bad procedure, or take other action for an operational customer service problem.
Making It Simple For Investigators To Stop On-Us Fraud
Many bank fraud investigators are they spending too much time jumping from system to system to gather data to review suspect items. This article discussed the hidden costs fraud departments incur with a labryinth of procedures to compensate for inadequate fraud detection technology.
Subscribe via Email
Most Popular
Most Recent
