Your SlideShare is downloading. ×
Fraud Presentation Norway Anne Green
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Fraud Presentation Norway Anne Green

800
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
800
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Fraud Presentation Norway Anne Green Fraud Consultant 0044 (0) 7813 855872 [email_address]
  • 2. Background
    • BA (hons) Law/Social Science combined studies
    • Member Institute of Credit Management (MICM)
    • Member International Association for Financial Crimes Investigators(IAFCI)
    • Five years as a Private Investigator
    • Six Years in Credit Management/ Civil Litigation
    • Thirteen Years HSBC Bank
    • Last two years on attachment to the Dedicated Cheque and Plastic Crime Unit (DCPCU)
  • 3. Fraud In an International Perspective The UN estimates that between $590 billion and $1.5 trillion per year is laundered globally by arms and human traffickers, drug dealers and other criminals Global fraud losses are expected to reach $15.5 billion dollars by the end of 2005 Meridien Identity theft annual losses are estimated at $5-8 billion; some estimates as high as $19.8 billion (US alone) Financial Insights, Celent, Javelin 30% of consumers would close all accounts and move their business to another financial institution if their personal information was compromised EDS
  • 4. Fraud in an International Perspective
    • $67.2 billion: FBI estimates of what US businesses lose annually because of computer related crime Source USA Today
    • On-line banking fraud up 90% 2004 –2005) APACS
    • An incidence of card fraud takes place on average every 9 seconds in the UK APACS
    • Insurance fraud in the UK costs an estimated £2 billion per year
    CIFAS CIFAS Meridien
  • 5. Fraud Awareness
    • Fraud is happening
    • Many companies think this its not hitting them
    • Think they have adequate controls
    • They don’t
    • It is costing them
    • They don’t know how much
  • 6. Organised Financial Crime
    • Financial services based on trust
    • People, families known
    • Local Knowledge
    • No longer Opportunist white collar crime
    • Removal of borders
    • EU Membership
    • Economic Migrants
  • 7. Organised Financial Crime
    • Importation of foreign criminals for fraud
    • Cross-border nature of this crime
    • Networks of corrupted staff
    • Cellular working
    • Technical sophistication
    • Criminal gangs working internationally
    • Global patterns, the scams travel
  • 8. Fraudsters Profile
    • Who predicts fraud?
    • The fraudsters, what are they doing?
  • 9. So it’s growing
    • Fraud against financial institutions is increasing
      • Frequency
      • Average value of fraud
    • Not just Banks
      • Criminals target public & private sectors indiscriminately
      • Look for weak links
      • Find weaknesses in the system & the people
    • Most fraudsters are not opportunists – they are linked to
    • serious and organised criminal groups
    • Finding the links can be difficult
  • 10. Real size of the problem
    • Real size of the problem unknown
    • Many go undetected
    • Many institutions `bury’ fraud in their bad debt numbers
      • Because they don’t know
      • Or because they can’t be certain
      • Collections staff are generally not fraud experts
    • All we know for sure is:
      • It’s bigger than we think!
  • 11. In simple terms
    • Theft
    • Deception
    • Dishonestly obtaining and retaining credit
  • 12. Fraud Methods Traditional
    • Application Fraud
    • Account Takeover
    • 3 rd Party Fraud
    • Clearing Cycle Fraud
    • 419’s
    • Telemarketing
    • Insurance Claims
    • Money Laundering
  • 13. Current Trends
    • Identity Theft
    • Account takeover
    • Cybercrime
    • Phishing
    • Hacking
    • 1 st Party Fraud
    • Data compromise
    • Internal/staff Fraud
    • Bust out/credit manipulation
  • 14. Cybercrime
    • Criminal economy that’s robs US businesses of $67.2b
    • FBI & US Secret Service work on disruptions
    • Typical cost of goods and services in Forums:-
    • - $1,000 to $5,000 Trojan program that can transfer funds between online accounts
    • - $500 credit card number with pin
    • - $80 to $300 change of billing data, to include account number, address, social security number, DOB
    • - $150 driver licence
    • - $150 Birth certificate
    • - $100 social security card
    • - $7 to $25 credit card with security code and expiry date
    • - $7 paypal account logon and password
            • USA Today
  • 15. Application Fraud
    • Application fraud involves criminal using stolen or false documents to open credit accounts
    • Criminals may obtain details from public sources
        • Telephone directory
        • Newspapers
        • Internet
        • Electoral register
    • Criminals will pay for data
        • Internal staff fraud an increasing threat
        • Corrupt staff
        • Example, bank clerk using false documents to open 60 accounts
  • 16. Application Fraud
    • Prosecutions for individuals making fraudulent applications for credit are rare
    • Credit reference agencies place great trust in Voters Roll
    • Council departments do not verify identity
    • Can change your name at any time
      • Form completed, taken to Solicitor £5 fixed fee, sworn on oath
      • No identity checks undertaken
      • Form can be used to have passport amended
  • 17. Application Fraud Alternately they may try to steal documents such as utility bills and bank statements to build a personal profile
    • They may use counterfeited documents for identification purposes
        • Driving licences
        • Passports
        • ID Cards
    • All readily available over the internet cheaply
        • A convincing driving licence in any name for $33
    • Total loss through application fraud over $24million in 2004 in the UK alone
  • 18. Spoof web Site
    • Web sites set up to obtain details
        • Know Cases
        • Credit Records
        • Cheap Car Insurance
        • Internet Service Transaction Supplier
    • Be wary of sites selling goods/services at unbelievable prices, the old adage `if it seems too good to be true it probably is
  • 19. Identity Theft/Impersonation
    • Identity theft fastest growing financial crime
    • Home Office figures state costing UK economy £1.7bn
  • 20. An attractive crime
    • Relatively low risk
    • Offers high returns
    • Easily attempted
    • Frequently regarded as victimless crime
    • Many organisations have weak defences
  • 21. Identification
    • A variety of documents are used as evidence of identity and will vary between countries. No harmonisation amongst EU Countries
    • UK
    • Driving Licence
    • Passport
    • Birth certificate
    • National insurance Number
    • NHS Card
    • USA
    • Social Security Number (SSN’s) used universally for credit applications
    • Photo driving Licence
  • 22. Identification
    • Netherlands
    • No unique Identifier – antipathy towards ID historical resonance from world war 11
    • Uses Verification of Identity System (VIS) lost/stolen documents Dutch Police
    • Six Million records including deceased file, also includes other country documents Passport
      • Database can be accessed by public & Private sectors
      • 3million checks to data base made each year
      • Specific offence for identity, e.g.. Forging a driving licence 5 years
      • Strict controls for changing names ‘reason’
      • Can change forename by disposition in front of a Judge
  • 23. Identification
      • Belgium
      • Compulsory Identity Cards
      • 10 million Belgium's must notify their address to police
      • Check made to home address to confirm
      • SIS card for social security purposes
      • France
      • 60 Million Citizens hold Identity cards, but not compulsory
  • 24. Identification
    • Passport presented for formal proof of ID
    • ID valid for 10 years but numbering not continuous
    • Legal constraints on Public/private sharing of data
    • SPAIN
    • Compulsory ID Card Issued by local police at age 14
    • 46 million cards valid for ten years
    • Must be carried at all times
    • Contains, name, address, photo, nationality, signature,place, DOB, parents name
    • Also used as a travel document
  • 25. Identification
    • Germany
    • 82 million Citizens obliged to carry Photo ID
    • Passport for claiming benefits
    • Passport for driving licence or offences
    • Home addresses registered with local civic authorities
    • Processes used in the issuing and checking of documents used as evidence of identity are not secure
  • 26. Identification
    • Denmark
    • All 5 Million Citizens have a unique ID number
    • -linked to centralised civil registration System
    • -holds data on name, address, place of birth, kinship, marital status, spouse details
    • System introduced in 1968
    • Id number used almost entire public administration, including tax, banks and insurers
    • Citizens legally advised to inform government when they move house
    • Between 1968 and 1995 individuals were issued with a card bearing their name, ID number, dob, but no photo on card
    • Stopped as ineffective and expensive
  • 27. Identification The Problem
    • Identification Legacy systems
    • Pre computers
    • No world experts on document validation
    • Fake/genuine documents easily bought
    • Demographic changes
  • 28. Account Opening
    • New accounts, essential
    • - Authentication of people
    • - Validation of documents
    • - Verification of data
    • - Cross matching for data irregularities
    • Fraudsters know to make multiple requests on assumption one will pass
    • Willing to sit on accounts for years before attack
  • 29. Data Protection
    • Data protection Act set up to protect privacy of individuals
    • Fraudsters exploiting the DPA to their advantage
    • Organisations unwilling or unable to share fraud outcome data
    • Cross border/Cross EU communities interpretation or understanding of DPA
  • 30. Organised Criminal
    • Will cross organisations
    • Different sectors
    • Countries
    • Understand fraud detection systems, hot lists
    • Company policies and procedures
  • 31. Internal Staff Fraud
    • Weakness within any organisation
    • THE PEOPLE
  • 32. Internal Staff Fraud
    • As measures are put in place to combat fraud like Chip N Pin
    • Fraudsters moving with the times to exploit weaknesses and look for new opportunities, they need help from within!
        • Account takeover
        • Data compromise
        • Genuine Plastics/Bank accounts
        • ID Fraud / Improvisation
        • CNP Fraud
        • Bust out/credit manipulation
    • New technology utilised to transfer data
        • Mobile phones
        • Key catcher
        • Portable data storage devices (e.g: Pen)
  • 33. Methodologies
    • Staff recruited whilst at night-clubs, bars,cafes close to financial institutions premises
    • Generally young and impressionable
    • Easy target / weaknesses
    • Low paid jobs – call centre, data inputting
    • Unmotivated, lack of loyalty, bravado
    • Motive for employees to supplement income
  • 34.
    • Case Studies
  • 35. Operation Horizon
    • High performance sales staff at a high street bank
    • Opened 1,200 accounts over nine months period
    • Losses c.£3m
    • Had accepted false ID’s and documents
    • Used same on all accounts
    • Audits on accounts would have highlighted same details used
  • 36. Operation Ecru
    • Eight bank staff members identified
    • Unknown/unconnected to each other
    • Recruited in the street and offered £1,000 a time for account information
    • Targeting “high status” accounts
    • Changed address then opened up card facilities
    • Fraudulent CHAPS payments to transfer money from premier account to card account
    • Attack on bank bears hallmarks of organised level two criminal group with access to bank procedures, personal information and stolen/counterfeit documents
  • 37. Operation Ecru
    • CHAPS (Clocks) password changed daily
    • Used stolen bank CHAPS forms. Faxed over to CHAPS, altered to reflect a recognisable fax number
    • Post-arrest, `how to defraud the banks’ book recovered on suspect
    • One staff member had Rolex watch and drove top range Mercedes. Previously sacked from another bank
    • Also found Dun Bradstreet.com company searches showing directors home address and bank details
  • 38. Operation Rhea
    • Referral from high street bank
    • Premier accounts compromised and fraudulent transfers made to student accounts
    • Students recruited to accept bill payments into their accounts
    • On receipt of funds, taken shopping to obtain goods/cash
    • Common link on premier a/accounts (point of compromise) identified by bank as a major insurance company
  • 39. Operation Rhea
    • Insurance company holding bank details to send insurance credits
    • Originally problems in insurance company’s audit trails – no system in place to see who had viewed accounts
    • Fix put into place and staff member arrested
    • Evidence that data from most of the high streets banks had been compromised
    • Student turned victims as payments reversed off a/accounts so left with the debt
  • 40. Easy Policing
    • Assumption or fact, most internal fraud in call centres
    • Temporary staff
    • Systems in place to detect
    • High volumes found/low value
    • Other areas, procurement, acquisitions high value
    • Technology in criminal fraternity, greater than found in most organisations
    • If not looking, will not find
  • 41. Who’s at risk ?
    • Any organisation
    • Fraudsters know no boundaries
    • Despite best practice (audit, compliance etc), fraudsters have the motivation, incentive and time to look for weaknesses in your systems
  • 42. Warning signs
    • Lifestyle
      • Living beyond means
      • Obvious sighs of wealth
    • Exceptional performer
    • Experienced staff, not wanting job changes or promotions
    • Excessive (unpaid) sick time with no explanation
    • Complaints (customer / external)
    • Increase in losses
  • 43. Lessons to be learned
    • Customer sign up procedures more rigorous than staff recruitment ?
    • Know your customer vs. know your staff
    • Thoroughly check CV’s
    • Identify discrepancies
    • ID’s
    • Exam certificates
    • Status enquiries (voters roll, credit enquiries)
    • Limiting computer access/regular password changes
    • Regular audit trails
  • 44. Lessons to be learned
    • Third party suppliers
      • Regular audits
      • Processes / Procedures
      • Staffing policies
      • Seasonal Staff, urgency
    • Upon identifying internal staff fraud, decide early in the process which route to take
      • Criminal / Police
      • Civil / Employment law
  • 45. Controls
    • Do your staff know where to go if they have suspicions ?
    • Have you got controls in place to identify and deal with suspicions of fraud ?
    • Are they adequate, up to date, reviewed ?
    • Are staff aware of potential consequences if caught committing fraud
    • Are they applied ?
  • 46.
    • Sharing Intelligence
  • 47. Experian Fraud solutions
    • Product solutions
      • Hunter
      • Authenticate
      • Detect
      • Detect Credit Score
      • Fraud Bureau
      • Backgroundcheck.com