Fraud Presentation Norway Anne Green
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Fraud Presentation Norway Anne Green

  • 1,106 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,106
On Slideshare
1,106
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Fraud Presentation Norway Anne Green Fraud Consultant 0044 (0) 7813 855872 [email_address]
  • 2. Background
    • BA (hons) Law/Social Science combined studies
    • Member Institute of Credit Management (MICM)
    • Member International Association for Financial Crimes Investigators(IAFCI)
    • Five years as a Private Investigator
    • Six Years in Credit Management/ Civil Litigation
    • Thirteen Years HSBC Bank
    • Last two years on attachment to the Dedicated Cheque and Plastic Crime Unit (DCPCU)
  • 3. Fraud In an International Perspective The UN estimates that between $590 billion and $1.5 trillion per year is laundered globally by arms and human traffickers, drug dealers and other criminals Global fraud losses are expected to reach $15.5 billion dollars by the end of 2005 Meridien Identity theft annual losses are estimated at $5-8 billion; some estimates as high as $19.8 billion (US alone) Financial Insights, Celent, Javelin 30% of consumers would close all accounts and move their business to another financial institution if their personal information was compromised EDS
  • 4. Fraud in an International Perspective
    • $67.2 billion: FBI estimates of what US businesses lose annually because of computer related crime Source USA Today
    • On-line banking fraud up 90% 2004 –2005) APACS
    • An incidence of card fraud takes place on average every 9 seconds in the UK APACS
    • Insurance fraud in the UK costs an estimated £2 billion per year
    CIFAS CIFAS Meridien
  • 5. Fraud Awareness
    • Fraud is happening
    • Many companies think this its not hitting them
    • Think they have adequate controls
    • They don’t
    • It is costing them
    • They don’t know how much
  • 6. Organised Financial Crime
    • Financial services based on trust
    • People, families known
    • Local Knowledge
    • No longer Opportunist white collar crime
    • Removal of borders
    • EU Membership
    • Economic Migrants
  • 7. Organised Financial Crime
    • Importation of foreign criminals for fraud
    • Cross-border nature of this crime
    • Networks of corrupted staff
    • Cellular working
    • Technical sophistication
    • Criminal gangs working internationally
    • Global patterns, the scams travel
  • 8. Fraudsters Profile
    • Who predicts fraud?
    • The fraudsters, what are they doing?
  • 9. So it’s growing
    • Fraud against financial institutions is increasing
      • Frequency
      • Average value of fraud
    • Not just Banks
      • Criminals target public & private sectors indiscriminately
      • Look for weak links
      • Find weaknesses in the system & the people
    • Most fraudsters are not opportunists – they are linked to
    • serious and organised criminal groups
    • Finding the links can be difficult
  • 10. Real size of the problem
    • Real size of the problem unknown
    • Many go undetected
    • Many institutions `bury’ fraud in their bad debt numbers
      • Because they don’t know
      • Or because they can’t be certain
      • Collections staff are generally not fraud experts
    • All we know for sure is:
      • It’s bigger than we think!
  • 11. In simple terms
    • Theft
    • Deception
    • Dishonestly obtaining and retaining credit
  • 12. Fraud Methods Traditional
    • Application Fraud
    • Account Takeover
    • 3 rd Party Fraud
    • Clearing Cycle Fraud
    • 419’s
    • Telemarketing
    • Insurance Claims
    • Money Laundering
  • 13. Current Trends
    • Identity Theft
    • Account takeover
    • Cybercrime
    • Phishing
    • Hacking
    • 1 st Party Fraud
    • Data compromise
    • Internal/staff Fraud
    • Bust out/credit manipulation
  • 14. Cybercrime
    • Criminal economy that’s robs US businesses of $67.2b
    • FBI & US Secret Service work on disruptions
    • Typical cost of goods and services in Forums:-
    • - $1,000 to $5,000 Trojan program that can transfer funds between online accounts
    • - $500 credit card number with pin
    • - $80 to $300 change of billing data, to include account number, address, social security number, DOB
    • - $150 driver licence
    • - $150 Birth certificate
    • - $100 social security card
    • - $7 to $25 credit card with security code and expiry date
    • - $7 paypal account logon and password
            • USA Today
  • 15. Application Fraud
    • Application fraud involves criminal using stolen or false documents to open credit accounts
    • Criminals may obtain details from public sources
        • Telephone directory
        • Newspapers
        • Internet
        • Electoral register
    • Criminals will pay for data
        • Internal staff fraud an increasing threat
        • Corrupt staff
        • Example, bank clerk using false documents to open 60 accounts
  • 16. Application Fraud
    • Prosecutions for individuals making fraudulent applications for credit are rare
    • Credit reference agencies place great trust in Voters Roll
    • Council departments do not verify identity
    • Can change your name at any time
      • Form completed, taken to Solicitor £5 fixed fee, sworn on oath
      • No identity checks undertaken
      • Form can be used to have passport amended
  • 17. Application Fraud Alternately they may try to steal documents such as utility bills and bank statements to build a personal profile
    • They may use counterfeited documents for identification purposes
        • Driving licences
        • Passports
        • ID Cards
    • All readily available over the internet cheaply
        • A convincing driving licence in any name for $33
    • Total loss through application fraud over $24million in 2004 in the UK alone
  • 18. Spoof web Site
    • Web sites set up to obtain details
        • Know Cases
        • Credit Records
        • Cheap Car Insurance
        • Internet Service Transaction Supplier
    • Be wary of sites selling goods/services at unbelievable prices, the old adage `if it seems too good to be true it probably is
  • 19. Identity Theft/Impersonation
    • Identity theft fastest growing financial crime
    • Home Office figures state costing UK economy £1.7bn
  • 20. An attractive crime
    • Relatively low risk
    • Offers high returns
    • Easily attempted
    • Frequently regarded as victimless crime
    • Many organisations have weak defences
  • 21. Identification
    • A variety of documents are used as evidence of identity and will vary between countries. No harmonisation amongst EU Countries
    • UK
    • Driving Licence
    • Passport
    • Birth certificate
    • National insurance Number
    • NHS Card
    • USA
    • Social Security Number (SSN’s) used universally for credit applications
    • Photo driving Licence
  • 22. Identification
    • Netherlands
    • No unique Identifier – antipathy towards ID historical resonance from world war 11
    • Uses Verification of Identity System (VIS) lost/stolen documents Dutch Police
    • Six Million records including deceased file, also includes other country documents Passport
      • Database can be accessed by public & Private sectors
      • 3million checks to data base made each year
      • Specific offence for identity, e.g.. Forging a driving licence 5 years
      • Strict controls for changing names ‘reason’
      • Can change forename by disposition in front of a Judge
  • 23. Identification
      • Belgium
      • Compulsory Identity Cards
      • 10 million Belgium's must notify their address to police
      • Check made to home address to confirm
      • SIS card for social security purposes
      • France
      • 60 Million Citizens hold Identity cards, but not compulsory
  • 24. Identification
    • Passport presented for formal proof of ID
    • ID valid for 10 years but numbering not continuous
    • Legal constraints on Public/private sharing of data
    • SPAIN
    • Compulsory ID Card Issued by local police at age 14
    • 46 million cards valid for ten years
    • Must be carried at all times
    • Contains, name, address, photo, nationality, signature,place, DOB, parents name
    • Also used as a travel document
  • 25. Identification
    • Germany
    • 82 million Citizens obliged to carry Photo ID
    • Passport for claiming benefits
    • Passport for driving licence or offences
    • Home addresses registered with local civic authorities
    • Processes used in the issuing and checking of documents used as evidence of identity are not secure
  • 26. Identification
    • Denmark
    • All 5 Million Citizens have a unique ID number
    • -linked to centralised civil registration System
    • -holds data on name, address, place of birth, kinship, marital status, spouse details
    • System introduced in 1968
    • Id number used almost entire public administration, including tax, banks and insurers
    • Citizens legally advised to inform government when they move house
    • Between 1968 and 1995 individuals were issued with a card bearing their name, ID number, dob, but no photo on card
    • Stopped as ineffective and expensive
  • 27. Identification The Problem
    • Identification Legacy systems
    • Pre computers
    • No world experts on document validation
    • Fake/genuine documents easily bought
    • Demographic changes
  • 28. Account Opening
    • New accounts, essential
    • - Authentication of people
    • - Validation of documents
    • - Verification of data
    • - Cross matching for data irregularities
    • Fraudsters know to make multiple requests on assumption one will pass
    • Willing to sit on accounts for years before attack
  • 29. Data Protection
    • Data protection Act set up to protect privacy of individuals
    • Fraudsters exploiting the DPA to their advantage
    • Organisations unwilling or unable to share fraud outcome data
    • Cross border/Cross EU communities interpretation or understanding of DPA
  • 30. Organised Criminal
    • Will cross organisations
    • Different sectors
    • Countries
    • Understand fraud detection systems, hot lists
    • Company policies and procedures
  • 31. Internal Staff Fraud
    • Weakness within any organisation
    • THE PEOPLE
  • 32. Internal Staff Fraud
    • As measures are put in place to combat fraud like Chip N Pin
    • Fraudsters moving with the times to exploit weaknesses and look for new opportunities, they need help from within!
        • Account takeover
        • Data compromise
        • Genuine Plastics/Bank accounts
        • ID Fraud / Improvisation
        • CNP Fraud
        • Bust out/credit manipulation
    • New technology utilised to transfer data
        • Mobile phones
        • Key catcher
        • Portable data storage devices (e.g: Pen)
  • 33. Methodologies
    • Staff recruited whilst at night-clubs, bars,cafes close to financial institutions premises
    • Generally young and impressionable
    • Easy target / weaknesses
    • Low paid jobs – call centre, data inputting
    • Unmotivated, lack of loyalty, bravado
    • Motive for employees to supplement income
  • 34.
    • Case Studies
  • 35. Operation Horizon
    • High performance sales staff at a high street bank
    • Opened 1,200 accounts over nine months period
    • Losses c.£3m
    • Had accepted false ID’s and documents
    • Used same on all accounts
    • Audits on accounts would have highlighted same details used
  • 36. Operation Ecru
    • Eight bank staff members identified
    • Unknown/unconnected to each other
    • Recruited in the street and offered £1,000 a time for account information
    • Targeting “high status” accounts
    • Changed address then opened up card facilities
    • Fraudulent CHAPS payments to transfer money from premier account to card account
    • Attack on bank bears hallmarks of organised level two criminal group with access to bank procedures, personal information and stolen/counterfeit documents
  • 37. Operation Ecru
    • CHAPS (Clocks) password changed daily
    • Used stolen bank CHAPS forms. Faxed over to CHAPS, altered to reflect a recognisable fax number
    • Post-arrest, `how to defraud the banks’ book recovered on suspect
    • One staff member had Rolex watch and drove top range Mercedes. Previously sacked from another bank
    • Also found Dun Bradstreet.com company searches showing directors home address and bank details
  • 38. Operation Rhea
    • Referral from high street bank
    • Premier accounts compromised and fraudulent transfers made to student accounts
    • Students recruited to accept bill payments into their accounts
    • On receipt of funds, taken shopping to obtain goods/cash
    • Common link on premier a/accounts (point of compromise) identified by bank as a major insurance company
  • 39. Operation Rhea
    • Insurance company holding bank details to send insurance credits
    • Originally problems in insurance company’s audit trails – no system in place to see who had viewed accounts
    • Fix put into place and staff member arrested
    • Evidence that data from most of the high streets banks had been compromised
    • Student turned victims as payments reversed off a/accounts so left with the debt
  • 40. Easy Policing
    • Assumption or fact, most internal fraud in call centres
    • Temporary staff
    • Systems in place to detect
    • High volumes found/low value
    • Other areas, procurement, acquisitions high value
    • Technology in criminal fraternity, greater than found in most organisations
    • If not looking, will not find
  • 41. Who’s at risk ?
    • Any organisation
    • Fraudsters know no boundaries
    • Despite best practice (audit, compliance etc), fraudsters have the motivation, incentive and time to look for weaknesses in your systems
  • 42. Warning signs
    • Lifestyle
      • Living beyond means
      • Obvious sighs of wealth
    • Exceptional performer
    • Experienced staff, not wanting job changes or promotions
    • Excessive (unpaid) sick time with no explanation
    • Complaints (customer / external)
    • Increase in losses
  • 43. Lessons to be learned
    • Customer sign up procedures more rigorous than staff recruitment ?
    • Know your customer vs. know your staff
    • Thoroughly check CV’s
    • Identify discrepancies
    • ID’s
    • Exam certificates
    • Status enquiries (voters roll, credit enquiries)
    • Limiting computer access/regular password changes
    • Regular audit trails
  • 44. Lessons to be learned
    • Third party suppliers
      • Regular audits
      • Processes / Procedures
      • Staffing policies
      • Seasonal Staff, urgency
    • Upon identifying internal staff fraud, decide early in the process which route to take
      • Criminal / Police
      • Civil / Employment law
  • 45. Controls
    • Do your staff know where to go if they have suspicions ?
    • Have you got controls in place to identify and deal with suspicions of fraud ?
    • Are they adequate, up to date, reviewed ?
    • Are staff aware of potential consequences if caught committing fraud
    • Are they applied ?
  • 46.
    • Sharing Intelligence
  • 47. Experian Fraud solutions
    • Product solutions
      • Hunter
      • Authenticate
      • Detect
      • Detect Credit Score
      • Fraud Bureau
      • Backgroundcheck.com