Not all fraud increases in an economic downturn
Red Bank, March 2 - There have been a number of recent articles outlining how the economic downturn will result in increased fraud, which I believe have inaccurately portrayed the real fraud risks in an economic downturn. I am currently compiling a definitive article on the topic for broader release (internal fraud, friendly fraud, first and third party fraud, organized fraud) but would offer some counter arguments for feedback to some of the assumptions and predictions that are being presented in the press today.
In a recent article from The Wall Street Journal entitled "Small Businesses Face More Fraud in Downturn" the author makes the case that in an economic downturn there is a higher incidence of employee fraud. This actually is not entirely true, while there may be more attempts, the number of successful fraud cases decreases. In terms of underwriting risk, employee or internal fraud is more likely in times of boom than in bust. Why? Because employers aren't typically paying as close attention to the books and as long as cash flow is good the focus is on closing business.
What we are seeing in the press is how these fraud cases tend to be more exposed in bust times. Consider the recent investment ponzi scams that have come to light with Madoff and Stanford, these are not fraud scams that were perpetrated in a bust economy, they happened in the boom, and came to light in the bust. In times of economic downturns businesses are sharpening their pencils and digging into costs, expenses and cash flow and this tends to uncover internal fraud that may have been overlooked.
In another article found on Security Watch and written by Fortify Software the author theorizes that online fraud will increase by 33% in 2009 because fraudsters are being impacted by the ongoing economic credit crunch and will be selling card data for less money. In short their premise is that the fraudsters in the card reselling segment are experiencing higher competition for card data and are having to push more inventory to get the same financial yield. They cite the economic recession for the reduction in average cost for a stolen identity(card, cvv and expriration date). These identities have dropped from $15.00 18 months ago to $2.00 last October. While I can understand making a correlation to increased fraud due to increased and cheaper supplies of card data, I don't really buy the idea that this correlates to the economic rescission. The card data reselling market has become competitive, and the availability of compromised data is high, which means there is higher supply than demand today. I am not an economist, but I would be more inclined to believe that price points on compromised cards are falling due to simple supply and demand over the idea that the downturn in the economy is hurting the sales of card resellers.
Showing posts with label Fraudsters. Show all posts
Showing posts with label Fraudsters. Show all posts
Thursday, March 19, 2009
Legislation in the works that could affect Future Trends in Fraud
New legislation may provide fraudsters with legal loopholes
Red Bank, Feb. 19/The FraudBlog Newsletter/ - The current economic crisis is affecting all of us, but could it also be creating new loopholes for fraudsters to exploit? You may be surprised to learn that some recent discussions could have a very tangible impact on fraud trends down the road.
According to the USA Today Article entitled "Job credit checks called unfair" by Thomas Frank on 2-13-2009, five states are considering laws that would restrict credit checks by employers. Amid the financial crisis U.S. states and government officials are calling to stop employers from unfairly screening out employees who can't pass a credit check. For many industries that have jobs with access to money this is a necessary step to lower risk from employees with access to money such as tellers, cashiers and finance officers. According to the Society for Human Resource Management about 43% of U.S. employers currently check job applicants for overdue payments on anything from mortgages and rent to credit cards and student loans. While there is no correlation of employee performance to bad credit, there is implicit risk of employees with financial problems potentially being more susceptible to committing some form of internal fraud if they have the access to financial resources. How real is this issue? If you recall our August 2008 newsletter, we reported 5 cases of employee fraud in that month alone, with 4 of those cases being embezzlement through the use of a company credit card (all cases were over $100,000 in losses) and one case of an employee perpetrated data breach.
Senator Chris Dodd is pushing legislation in the CARD ACT to change when application information can be posted into a consumer's credit file. His argument is based on his belief that the policies of credit card issuers to post information on application attempts, instead of account activations, causes card issuers to change the consumers risk exposure thus producing higher fees and rates charged to the consumer. Dodd stated, "Too many families are starting to rely upon on short-term, high-interest credit card financing to meet basic needs".
The most critical aspect of his plan is that the bill would prohibit providing information about newly opened accounts before they are activated by customers. If this policy were implemented it could create an increase in credit card fraud applications. For example, a fraudster could open 10 credit card accounts, but waits to activate them until they receive all of the cards. The second through the tenth issuer would have no idea the fraudster had already opened the other accounts when they processed these applications. This could lead to significant increases in Identity Theft per case losses.
Red Bank, Feb. 19/The FraudBlog Newsletter/ - The current economic crisis is affecting all of us, but could it also be creating new loopholes for fraudsters to exploit? You may be surprised to learn that some recent discussions could have a very tangible impact on fraud trends down the road.
According to the USA Today Article entitled "Job credit checks called unfair" by Thomas Frank on 2-13-2009, five states are considering laws that would restrict credit checks by employers. Amid the financial crisis U.S. states and government officials are calling to stop employers from unfairly screening out employees who can't pass a credit check. For many industries that have jobs with access to money this is a necessary step to lower risk from employees with access to money such as tellers, cashiers and finance officers. According to the Society for Human Resource Management about 43% of U.S. employers currently check job applicants for overdue payments on anything from mortgages and rent to credit cards and student loans. While there is no correlation of employee performance to bad credit, there is implicit risk of employees with financial problems potentially being more susceptible to committing some form of internal fraud if they have the access to financial resources. How real is this issue? If you recall our August 2008 newsletter, we reported 5 cases of employee fraud in that month alone, with 4 of those cases being embezzlement through the use of a company credit card (all cases were over $100,000 in losses) and one case of an employee perpetrated data breach.
Senator Chris Dodd is pushing legislation in the CARD ACT to change when application information can be posted into a consumer's credit file. His argument is based on his belief that the policies of credit card issuers to post information on application attempts, instead of account activations, causes card issuers to change the consumers risk exposure thus producing higher fees and rates charged to the consumer. Dodd stated, "Too many families are starting to rely upon on short-term, high-interest credit card financing to meet basic needs".
The most critical aspect of his plan is that the bill would prohibit providing information about newly opened accounts before they are activated by customers. If this policy were implemented it could create an increase in credit card fraud applications. For example, a fraudster could open 10 credit card accounts, but waits to activate them until they receive all of the cards. The second through the tenth issuer would have no idea the fraudster had already opened the other accounts when they processed these applications. This could lead to significant increases in Identity Theft per case losses.
I got you once, and I will get you again!
"If a fraudster or fraud ring can successfully perpetrate fraud, you can pretty much assume they will continue to do so until you stop them." D.Montague
Red Bank, Oct. 30 2008/The FraudBlog Newsletter/- While the article, "The Hackers Mindset - I did nothing Wrong" by Jon Swartz of USA Today is not new news, it can provide good insight into the makeup of a cybercriminal. It focuses primarily on the TJX hackers and provides the typical definition of a cybercriminal as being young, male and very computer savvy. However typical, I found the background story on Gonzales having been caught before so engrossing I decided to test the profile myself.
So I thought I would take a look at a couple of other major cyber crime cases. In the past 60 days there have been three very public and big cyber crime cases. In these cases the cybercriminal was young, all under 30, male and they were very computer savvy. (Albert Gonzales - TJX Breach, Ehud Tenenbaum - Direct Cash Management Breach, Vladimir Tsastsin- EstDomain)
In all three of these cases the cybercriminal had been caught doing this before. In 2 of the 3 cases, Gonzales and Ehud Tenenbaum these individuals were actually given lighter sentences for their first transgression by working with law enforcement after being caught.
In all of these cases when the cybercriminal was later presented with a weakness in a business's fraud controls or security measures they exploited them. Regardless of the fact that they had been caught before, they believed they wouldn't get caught again. In all three cases they had escalated the scope and level of their schemes.
Lesson learned, they don't learn their lesson.
Red Bank, Oct. 30 2008/The FraudBlog Newsletter/- While the article, "The Hackers Mindset - I did nothing Wrong" by Jon Swartz of USA Today is not new news, it can provide good insight into the makeup of a cybercriminal. It focuses primarily on the TJX hackers and provides the typical definition of a cybercriminal as being young, male and very computer savvy. However typical, I found the background story on Gonzales having been caught before so engrossing I decided to test the profile myself.
So I thought I would take a look at a couple of other major cyber crime cases. In the past 60 days there have been three very public and big cyber crime cases. In these cases the cybercriminal was young, all under 30, male and they were very computer savvy. (Albert Gonzales - TJX Breach, Ehud Tenenbaum - Direct Cash Management Breach, Vladimir Tsastsin- EstDomain)
In all three of these cases the cybercriminal had been caught doing this before. In 2 of the 3 cases, Gonzales and Ehud Tenenbaum these individuals were actually given lighter sentences for their first transgression by working with law enforcement after being caught.
In all of these cases when the cybercriminal was later presented with a weakness in a business's fraud controls or security measures they exploited them. Regardless of the fact that they had been caught before, they believed they wouldn't get caught again. In all three cases they had escalated the scope and level of their schemes.
Lesson learned, they don't learn their lesson.
Use your ATM PIN only at ATMs or you'll pay the price!
Always save your PIN for ATM transactions only!
Red Bank, Sept. 1 2008/The FraudBlog Newsletter/- Every time I speak publicly, or when I tell people what I do for a living, I get asked this question. My answer has always been to use your credit card or your debit card, as a credit card, but save your pin for ATM transactions only. For us in the business we generally understand our rights and level of protection, but I would imagine few of us really understand the actual legal rights and limits for each payment type.
If fraudsters strike, you often have stronger protection with credit cards than with debit cards. With credit cards, under federal law, you're liable for no more than $50 if fraud occurs, though most issuers don't hold you liable for even that much. With debit cards, your maximum exposure is $50 if you report it within 48 hours. Report it after two days, and you could be liable for up to $500. Take longer than 60 days, and you could be responsible for the entire dollar amount of fraud.
Red Bank, Sept. 1 2008/The FraudBlog Newsletter/- Every time I speak publicly, or when I tell people what I do for a living, I get asked this question. My answer has always been to use your credit card or your debit card, as a credit card, but save your pin for ATM transactions only. For us in the business we generally understand our rights and level of protection, but I would imagine few of us really understand the actual legal rights and limits for each payment type.
If fraudsters strike, you often have stronger protection with credit cards than with debit cards. With credit cards, under federal law, you're liable for no more than $50 if fraud occurs, though most issuers don't hold you liable for even that much. With debit cards, your maximum exposure is $50 if you report it within 48 hours. Report it after two days, and you could be liable for up to $500. Take longer than 60 days, and you could be responsible for the entire dollar amount of fraud.
When the Fraudster is Someone you Trust
Friendly fraud taken to new heights.
Red Bank, Aug. 15 2008/The FraudBlog Newsletter/- The number of articles related to internal fraud have been rising considerably over the past couple of months. If you are like most fraud managers, your focus has been on stopping the fraudster from coming in the door, and not paying attention to the fraudster lurking inside. It can be easy to overlook how easy it is for employees to copy down customer credit card information, to help a friend exploit a weakness in the companies systems or to directly steal from the company.
While I don't believe the individuals involved in these cases were criminals targeting these companies, I do believe they serve as a good example to putting in checks and balances to keep honest people honest...
To illustrate my point I have taken quotes from a recent case. These quotes were taken from the article "Former Sailor Gets 2 years for fraud with Navy Credit Card" by Austin Wright in the Virginia Post on August 10, 2008.
"I know that I'm a good person. I know that I made a bad decision," Gibbs said in court. "I'm aware of all my consequences.""Her supervisors encouraged this type of behavior," defense attorney David Price said in court. He elaborated after the sentencing that no one monitored what Gibbs and others were purchasing with the government-issued cards."For this to go on for as long as it did and for the amount of money that was involved - there's no excuse," Price said. "There are other people who didn't do their jobs right." Other cases in the news:
Customer Service Representative - An Alaska Airlines call center employee misused credit card data between August 2006 and June of 2008. When processing reservation changes, the employee allegedly diverted payments into her own personal bank account instead of the airline's. The fraud affects about 1,500 customers.
Receptionist - An Illinois Eye Center receptionist used patient information to obtain credit cards and then had the bills mailed to her home. Gast said the theft occurred from August until December of last year. Some of the victims didn't know their names had been used.
Mail Man - four counts of mail theft and one count of defrauding the U.S. Postal Service by using an agency credit card for personal use.
Administrative Assistant - charged more than $240,000 in personal expenses last year on a corporate credit card belonging to a pharmaceutical research and development company, a subsidiary of Johnson & Johnson. Federal prosecutors said she used the card to pay for a 1968 Ford Mustang and 1969 Chevrolet Camaro and to restore those vehicles. She also used company funds to pay for cosmetic surgery and a cruise vacation, a granite kitchen countertop, a residential air-conditioning unit and American Express gift cards..
Candidate for Sheriff - a candidate for the position of Navajo County sheriff, was arrested July 22 on charges of theft of a credit card and fraudulent use of a credit card, both felonies.
Bank Clerk - The clerk allegedly played a role in a conspiracy to embezzle funds from Sperry Marine Federal Credit Union by using other names to take out loans from the credit union.
Neighbor - Buellton California residents 47-year-old Karen Peterson and 49-year-old Debra Mangino are accused of stealing their one-time neighbor's mail and activating a credit card in his name.
Purchasing Agent - Navy sailor uses military credit card to steal hundreds of thousands of dollars from the government. Defense and prosecution lawyers agreed this could have been prevented through minimal oversight. From 2006 to 2007, she used the card to buy 162 notebook computers, 65 big-screen televisions and 22 digital cameras, items she and an unnamed co-conspirator sold for cash.
Father - A New York man says he used his son's Social Security number to obtain credit cards and loans from several banks, and from a firm that gave him loans to buy two cars. The crimes occurred between 1997 and 2005.
Credit Card Fraud Officer - A former senior Sussex Police officer who used his force credit card to buy goods for himself has been ordered to pay nearly £100,000. Sorority Sister - Danielle Sue All, 29, is believed to have charged more than $2,000 on a Purdue University sorority adviser's card reported missing Aug. 5.
Secret Service Informant - charged with breaking into the computer systems of nine of the nation's largest retail companies and stealing more than 40 million credit and debit card numbers.
Red Bank, Aug. 15 2008/The FraudBlog Newsletter/- The number of articles related to internal fraud have been rising considerably over the past couple of months. If you are like most fraud managers, your focus has been on stopping the fraudster from coming in the door, and not paying attention to the fraudster lurking inside. It can be easy to overlook how easy it is for employees to copy down customer credit card information, to help a friend exploit a weakness in the companies systems or to directly steal from the company.
While I don't believe the individuals involved in these cases were criminals targeting these companies, I do believe they serve as a good example to putting in checks and balances to keep honest people honest...
To illustrate my point I have taken quotes from a recent case. These quotes were taken from the article "Former Sailor Gets 2 years for fraud with Navy Credit Card" by Austin Wright in the Virginia Post on August 10, 2008.
"I know that I'm a good person. I know that I made a bad decision," Gibbs said in court. "I'm aware of all my consequences.""Her supervisors encouraged this type of behavior," defense attorney David Price said in court. He elaborated after the sentencing that no one monitored what Gibbs and others were purchasing with the government-issued cards."For this to go on for as long as it did and for the amount of money that was involved - there's no excuse," Price said. "There are other people who didn't do their jobs right." Other cases in the news:
Customer Service Representative - An Alaska Airlines call center employee misused credit card data between August 2006 and June of 2008. When processing reservation changes, the employee allegedly diverted payments into her own personal bank account instead of the airline's. The fraud affects about 1,500 customers.
Receptionist - An Illinois Eye Center receptionist used patient information to obtain credit cards and then had the bills mailed to her home. Gast said the theft occurred from August until December of last year. Some of the victims didn't know their names had been used.
Mail Man - four counts of mail theft and one count of defrauding the U.S. Postal Service by using an agency credit card for personal use.
Administrative Assistant - charged more than $240,000 in personal expenses last year on a corporate credit card belonging to a pharmaceutical research and development company, a subsidiary of Johnson & Johnson. Federal prosecutors said she used the card to pay for a 1968 Ford Mustang and 1969 Chevrolet Camaro and to restore those vehicles. She also used company funds to pay for cosmetic surgery and a cruise vacation, a granite kitchen countertop, a residential air-conditioning unit and American Express gift cards..
Candidate for Sheriff - a candidate for the position of Navajo County sheriff, was arrested July 22 on charges of theft of a credit card and fraudulent use of a credit card, both felonies.
Bank Clerk - The clerk allegedly played a role in a conspiracy to embezzle funds from Sperry Marine Federal Credit Union by using other names to take out loans from the credit union.
Neighbor - Buellton California residents 47-year-old Karen Peterson and 49-year-old Debra Mangino are accused of stealing their one-time neighbor's mail and activating a credit card in his name.
Purchasing Agent - Navy sailor uses military credit card to steal hundreds of thousands of dollars from the government. Defense and prosecution lawyers agreed this could have been prevented through minimal oversight. From 2006 to 2007, she used the card to buy 162 notebook computers, 65 big-screen televisions and 22 digital cameras, items she and an unnamed co-conspirator sold for cash.
Father - A New York man says he used his son's Social Security number to obtain credit cards and loans from several banks, and from a firm that gave him loans to buy two cars. The crimes occurred between 1997 and 2005.
Credit Card Fraud Officer - A former senior Sussex Police officer who used his force credit card to buy goods for himself has been ordered to pay nearly £100,000. Sorority Sister - Danielle Sue All, 29, is believed to have charged more than $2,000 on a Purdue University sorority adviser's card reported missing Aug. 5.
Secret Service Informant - charged with breaking into the computer systems of nine of the nation's largest retail companies and stealing more than 40 million credit and debit card numbers.
Wednesday, April 30, 2008
Common Fraud Schemes
I have been working with merchants for years, and I am still amazed at the creativity fraudsters come up with to defraud merchants. These people aren’t stupid, uneducated thugs. They are educated, crafty and patient.
If there is one thing I have learned from my experiences, I know that even if you wanted to, it is not realistic to think you can stop all fraud. There are just too many ways to create a perfect one-use identity. The resources, time, money and people I would have to put into place to catch these fraudsters just don’t make sense.
But the good news is you don’t have to catch the perfect one-use criminal. The majority of fraudsters out there are still using the basic scams to de-fraud merchants because there are still too many businesses that aren’t doing anything to stop them.
The purpose of this section is to give you an understanding of some of the general schemes that are out there. With this understanding you can look at your businesses and craft strategies to prevent fraud that most closely represents the type of fraud scheme your site sees.
If there is one thing I have learned from my experiences, I know that even if you wanted to, it is not realistic to think you can stop all fraud. There are just too many ways to create a perfect one-use identity. The resources, time, money and people I would have to put into place to catch these fraudsters just don’t make sense.
But the good news is you don’t have to catch the perfect one-use criminal. The majority of fraudsters out there are still using the basic scams to de-fraud merchants because there are still too many businesses that aren’t doing anything to stop them.
The purpose of this section is to give you an understanding of some of the general schemes that are out there. With this understanding you can look at your businesses and craft strategies to prevent fraud that most closely represents the type of fraud scheme your site sees.
Subscribe to:
Posts (Atom)
