Fraud Presentation Norway - PowerPoint PPT Presentation

1 / 47
About This Presentation
Title:

Fraud Presentation Norway

Description:

Operation Rhea. Referral from high street bank ... Operation Rhea. Insurance company holding bank details to send insurance credits ... – PowerPoint PPT presentation

Number of Views:87
Avg rating:3.0/5.0
Slides: 48
Provided by: nathali5
Category:

less

Transcript and Presenter's Notes

Title: Fraud Presentation Norway


1
Fraud PresentationNorway
  • Anne Green
  • Fraud Consultant
  • 0044 (0) 7813 855872
  • anne.green_at_uk.experian.com

2
Background
  • BA (hons) Law/Social Science combined studies
  • Member Institute of Credit Management (MICM)
  • Member International Association for Financial
    Crimes Investigators(IAFCI)
  • Five years as a Private Investigator
  • Six Years in Credit Management/ Civil Litigation
  • Thirteen Years HSBC Bank
  • Last two years on attachment to the Dedicated
    Cheque and Plastic Crime Unit (DCPCU)

3
Fraud In an International Perspective

Global fraud losses are expected to reach 15.5
billion dollars by the end of 2005
Meridien
The UN estimates that between 590 billion and
1.5 trillion per year is laundered globally by
arms and human traffickers, drug dealers and
other criminals
4
Fraud in an International Perspective
  • 67.2 billion FBI estimates of what US
    businesses lose annually because of computer
    related crime Source USA Today
  • On-line banking fraud up 90 2004 2005) APACS
  • An incidence of card fraud takes place on average
    every 9 seconds in the UK APACS
  • Insurance fraud in the UK costs an estimated 2
    billion per year

Meridien
CIFAS
CIFAS
5
Fraud Awareness
  • Fraud is happening
  • Many companies think this its not hitting them
  • Think they have adequate controls
  • They dont
  • It is costing them
  • They dont know how much

6
Organised Financial Crime
  • Financial services based on trust
  • People, families known
  • Local Knowledge
  • No longer Opportunist white collar crime
  • Removal of borders
  • EU Membership
  • Economic Migrants

7
Organised Financial Crime
  • Importation of foreign criminals for fraud
  • Cross-border nature of this crime
  • Networks of corrupted staff
  • Cellular working
  • Technical sophistication
  • Criminal gangs working internationally
  • Global patterns, the scams travel

8
Fraudsters Profile
  • Who predicts fraud?
  • The fraudsters, what are they doing?

9
So its growing
  • Fraud against financial institutions is
    increasing
  • Frequency
  • Average value of fraud
  • Not just Banks
  • Criminals target public private sectors
    indiscriminately
  • Look for weak links
  • Find weaknesses in the system the people
  • Most fraudsters are not opportunists they are
    linked to
  • serious and organised criminal groups
  • Finding the links can be difficult

10
Real size of the problem
  • Real size of the problem unknown
  • Many go undetected
  • Many institutions bury fraud in their bad debt
    numbers
  • Because they dont know
  • Or because they cant be certain
  • Collections staff are generally not fraud
    experts
  • All we know for sure is
  • Its bigger than we think!

11
In simple terms
  • Theft
  • Deception
  • Dishonestly obtaining and retaining credit

12
Fraud Methods Traditional
  • Application Fraud
  • Account Takeover
  • 3rd Party Fraud
  • Clearing Cycle Fraud
  • 419s
  • Telemarketing
  • Insurance Claims
  • Money Laundering

13
Current Trends
  • Identity Theft
  • Account takeover
  • Cybercrime
  • Phishing
  • Hacking
  • 1st Party Fraud
  • Data compromise
  • Internal/staff Fraud
  • Bust out/credit manipulation

14
Cybercrime
  • Criminal economy thats robs US businesses of
    67.2b
  • FBI US Secret Service work on disruptions
  • Typical cost of goods and services in Forums-
  • - 1,000 to 5,000 Trojan program that can
    transfer funds between online accounts
  • - 500 credit card number with pin
  • - 80 to 300 change of billing data, to include
    account number, address, social security number,
    DOB
  • - 150 driver licence
  • - 150 Birth certificate
  • - 100 social security card
  • - 7 to 25 credit card with security code and
    expiry date
  • - 7 paypal account logon and password
  • USA Today

15
Application Fraud
  • Application fraud involves criminal using stolen
    or false documents to open credit accounts
  • Criminals may obtain details from public sources
  • Telephone directory
  • Newspapers
  • Internet
  • Electoral register
  • Criminals will pay for data
  • Internal staff fraud an increasing threat
  • Corrupt staff
  • Example, bank clerk using false documents to open
    60 accounts

16
Application Fraud
  • Prosecutions for individuals making fraudulent
    applications for credit are rare
  • Credit reference agencies place great trust in
    Voters Roll
  • Council departments do not verify identity
  • Can change your name at any time
  • Form completed, taken to Solicitor 5 fixed fee,
    sworn on oath
  • No identity checks undertaken
  • Form can be used to have passport amended

17
Application Fraud
Alternately they may try to steal documents such
as utility bills and bank statements to build a
personal profile
  • They may use counterfeited documents for
    identification purposes
  • Driving licences
  • Passports
  • ID Cards
  • All readily available over the internet cheaply
  • A convincing driving licence in any name for 33
  • Total loss through application fraud over
    24million in 2004 in the UK alone

18
Spoof web Site
  • Web sites set up to obtain details
  • Know Cases
  • Credit Records
  • Cheap Car Insurance
  • Internet Service Transaction Supplier
  • Be wary of sites selling goods/services at
    unbelievable prices, the old adage if it seems
    too good to be true it probably is

19
Identity Theft/Impersonation
  • Identity theft fastest growing financial crime
  • Home Office figures state costing UK economy
    1.7bn

20
An attractive crime
  • Relatively low risk
  • Offers high returns
  • Easily attempted
  • Frequently regarded as victimless crime
  • Many organisations have weak defences

21
Identification
  • A variety of documents are used as evidence of
    identity and will vary between countries. No
    harmonisation amongst EU Countries
  • UK
  • Driving Licence
  • Passport
  • Birth certificate
  • National insurance Number
  • NHS Card
  • USA
  • Social Security Number (SSNs) used universally
    for credit applications
  • Photo driving Licence

22
Identification
  • Netherlands
  • No unique Identifier antipathy towards ID
    historical resonance from world war 11
  • Uses Verification of Identity System (VIS)
    lost/stolen documents Dutch Police
  • Six Million records including deceased file, also
    includes other country documents Passport
  • Database can be accessed by public Private
    sectors
  • 3million checks to data base made each year
  • Specific offence for identity, e.g.. Forging a
    driving licence 5 years
  • Strict controls for changing names reason
  • Can change forename by disposition in front of a
    Judge

23
Identification
  • Belgium
  • Compulsory Identity Cards
  • 10 million Belgium's must notify their address to
    police
  • Check made to home address to confirm
  • SIS card for social security purposes
  • France
  • 60 Million Citizens hold Identity cards, but not
    compulsory

24
Identification
  • Passport presented for formal proof of ID
  • ID valid for 10 years but numbering not
    continuous
  • Legal constraints on Public/private sharing of
    data
  • SPAIN
  • Compulsory ID Card Issued by local police at age
    14
  • 46 million cards valid for ten years
  • Must be carried at all times
  • Contains, name, address, photo, nationality,
    signature,place, DOB, parents name
  • Also used as a travel document

25
Identification
  • Germany
  • 82 million Citizens obliged to carry Photo ID
  • Passport for claiming benefits
  • Passport for driving licence or offences
  • Home addresses registered with local civic
    authorities
  • Processes used in the issuing and checking of
    documents used as evidence of identity are not
    secure

26
Identification
  • Denmark
  • All 5 Million Citizens have a unique ID number
  • -linked to centralised civil registration System
  • -holds data on name, address, place of birth,
    kinship, marital status, spouse details
  • System introduced in 1968
  • Id number used almost entire public
    administration, including tax, banks and insurers
  • Citizens legally advised to inform government
    when they move house
  • Between 1968 and 1995 individuals were issued
    with a card bearing their name, ID number, dob,
    but no photo on card
  • Stopped as ineffective and expensive

27
Identification The Problem
  • Identification Legacy systems
  • Pre computers
  • No world experts on document validation
  • Fake/genuine documents easily bought
  • Demographic changes

28
Account Opening
  • New accounts, essential
  • - Authentication of people
  • - Validation of documents
  • - Verification of data
  • - Cross matching for data irregularities
  • Fraudsters know to make multiple requests on
    assumption one will pass
  • Willing to sit on accounts for years before
    attack

29
Data Protection
  • Data protection Act set up to protect privacy of
    individuals
  • Fraudsters exploiting the DPA to their advantage
  • Organisations unwilling or unable to share fraud
    outcome data
  • Cross border/Cross EU communities interpretation
    or understanding of DPA

30
Organised Criminal
  • Will cross organisations
  • Different sectors
  • Countries
  • Understand fraud detection systems, hot lists
  • Company policies and procedures

31
Internal Staff Fraud
  • Weakness within any organisation
  • THE PEOPLE

32
Internal Staff Fraud
  • As measures are put in place to combat fraud like
    Chip N Pin
  • Fraudsters moving with the times to exploit
    weaknesses and look for new opportunities, they
    need help from within!
  • Account takeover
  • Data compromise
  • Genuine Plastics/Bank accounts
  • ID Fraud / Improvisation
  • CNP Fraud
  • Bust out/credit manipulation
  • New technology utilised to transfer data
  • Mobile phones
  • Key catcher
  • Portable data storage devices (e.g Pen)

33
Methodologies
  • Staff recruited whilst at night-clubs, bars,cafes
    close to financial institutions premises
  • Generally young and impressionable
  • Easy target / weaknesses
  • Low paid jobs call centre, data inputting
  • Unmotivated, lack of loyalty, bravado
  • Motive for employees to supplement income

34
  • Case Studies

35
Operation Horizon
  • High performance sales staff at a high street
    bank
  • Opened 1,200 accounts over nine months period
  • Losses c.3m
  • Had accepted false IDs and documents
  • Used same on all accounts
  • Audits on accounts would have highlighted same
    details used

36
Operation Ecru
  • Eight bank staff members identified
  • Unknown/unconnected to each other
  • Recruited in the street and offered 1,000 a time
    for account information
  • Targeting high status accounts
  • Changed address then opened up card facilities
  • Fraudulent CHAPS payments to transfer money from
    premier account to card account
  • Attack on bank bears hallmarks of organised level
    two criminal group with access to bank
    procedures, personal information and
    stolen/counterfeit documents

37
Operation Ecru
  • CHAPS (Clocks) password changed daily
  • Used stolen bank CHAPS forms. Faxed over to
    CHAPS, altered to reflect a recognisable fax
    number
  • Post-arrest, how to defraud the banks book
    recovered on suspect
  • One staff member had Rolex watch and drove top
    range Mercedes. Previously sacked from another
    bank
  • Also found Dun Bradstreet.com company searches
    showing directors home address and bank details

38
Operation Rhea
  • Referral from high street bank
  • Premier accounts compromised and fraudulent
    transfers made to student accounts
  • Students recruited to accept bill payments into
    their accounts
  • On receipt of funds, taken shopping to obtain
    goods/cash
  • Common link on premier a/accounts (point of
    compromise) identified by bank as a major
    insurance company

39
Operation Rhea
  • Insurance company holding bank details to send
    insurance credits
  • Originally problems in insurance companys audit
    trails no system in place to see who had viewed
    accounts
  • Fix put into place and staff member arrested
  • Evidence that data from most of the high streets
    banks had been compromised
  • Student turned victims as payments reversed off
    a/accounts so left with the debt

40
Easy Policing
  • Assumption or fact, most internal fraud in call
    centres
  • Temporary staff
  • Systems in place to detect
  • High volumes found/low value
  • Other areas, procurement, acquisitions high value
  • Technology in criminal fraternity, greater than
    found in most organisations
  • If not looking, will not find

41
Whos at risk ?
  • Any organisation
  • Fraudsters know no boundaries
  • Despite best practice (audit, compliance etc),
    fraudsters have the motivation, incentive and
    time to look for weaknesses in your systems

42
Warning signs
  • Lifestyle
  • Living beyond means
  • Obvious sighs of wealth
  • Exceptional performer
  • Experienced staff, not wanting job changes or
    promotions
  • Excessive (unpaid) sick time with no explanation
  • Complaints (customer / external)
  • Increase in losses

43
Lessons to be learned
  • Customer sign up procedures more rigorous than
    staff recruitment ?
  • Know your customer vs. know your staff
  • Thoroughly check CVs
  • Identify discrepancies
  • IDs
  • Exam certificates
  • Status enquiries (voters roll, credit enquiries)
  • Limiting computer access/regular password changes
  • Regular audit trails

44
Lessons to be learned
  • Third party suppliers
  • Regular audits
  • Processes / Procedures
  • Staffing policies
  • Seasonal Staff, urgency
  • Upon identifying internal staff fraud, decide
    early in the process which route to take
  • Criminal / Police
  • Civil / Employment law

45
Controls
  • Do your staff know where to go if they have
    suspicions ?
  • Have you got controls in place to identify and
    deal with suspicions of fraud ?
  • Are they adequate, up to date, reviewed ?
  • Are staff aware of potential consequences if
    caught committing fraud
  • Are they applied ?

46
  • Sharing Intelligence

47
Experian Fraud solutions
  • Product solutions
  • Hunter
  • Authenticate
  • Detect
  • Detect Credit Score
  • Fraud Bureau
  • Backgroundcheck.com
Write a Comment
User Comments (0)
About PowerShow.com