August 02, 2005

''I've been in the business 25 years, and I've never seen anything like this," says Brian McGinley, senior vice president and loss management director for Charlotte, N.C.-based Wachovia ($507 billion in assets), of today's banking fraud environment. "The biggest thing on our mind is the protection of customer information. We need to protect the customer information from the multitude of schemes that are out there - phishing, pharming, online banking fraud, false ATM fronts, false ATM card readers."

As fraud schemes become more sophisticated, banks need to examine a wider array of data to identify fraud trends. That means investing in more-sophisticated technology systems, adding personnel and employing additional fraud-fighting processes, according to McGinley.

Yet, increased dedication of banks' resources does little if customers don't take the appropriate precautions, McGinley warns. To educate consumers about fraud issues, in July, Wachovia launched an online fraud prevention newsletter - which is available both to the bank's customers and non-customers alike - and began offering an online quiz to test how well consumers are protecting their identities. The bank also offers tips and advice on how consumers can protect themselves against fraud, such as installing the latest security patches.

Additionally, Wachovia has enhanced its fraud prevention systems to improve its ability to compile and analyze fraud data, McGinley relates. This enables bank security officials to react to emerging fraud schemes more quickly and write and revise automated fraud-detection rules based on the most current trends, which are constantly changing.

Fast-Moving Fraud

"The most interesting part [about bank fraud] is the criminals' continuing ability to find any holes to create bank fraud," says Tom Lekan, senior vice president and chief security officer for Cleveland-based KeyBank ($90 billion in assets). Once one security hole is closed, criminals quickly adapt and move to others, he explains.

For example, phishing is starting to wane. Though the scheme continues to receive many of the headlines (see related article, page 13), the banking industry is adopting strategies and techniques to defend against the practice, including consumer education and new payment card security, according to Lekan.

Most of the phishing losses have been tied to debit cards, Lekan relates. Once phishers obtain customers' PINs and passwords, they create a white magnetic stripe card to use at ATMs to drain the consumers' accounts. Card issuers largely have rendered "cloned" cards unusable and thwarted that type of fraud by adding coded information to the magnetic stripes of cards that is unknown to consumers, thus preventing them from inadvertently revealing it. In response, Lekan notes, many perpetrators have moved on to defrauding third-party payment providers, which, despite pressure from several banking groups, currently aren't regulated.

Criminals Aren't Reinventing the Wheel

That's not to say that older fraud schemes have gone away. Check fraud continues to be one of the biggest fraud problems the industry faces, despite the decline in the number of paper checks, according to Lekan and James Penn, vice president of marketing for Union Bank of California ($50 billion in assets) in San Francisco. "There's always been a certain amount of kiting at the branch level," Penn says.

In addition to kiting, scams that have been around for many more years than e-mail - such as the so-called "Nigerian banking scam," which asks recipients to provide bank account information in exchange for a portion of revenues to be deposited into their accounts, and the Canadian lottery scam, which promises to pay lottery prizes to recipients as long as the "winner" pays taxes to a third party - continue to haunt unsuspecting bank customers.

Like Wachovia, one of Union Bank's first lines of defense against these older fraud methods -as well as some of the newer ones - is customer education. The bank quickly alerts customers to fraud schemes and has adopted an emergency response plan that takes pre-defined actions any time fraud trends are detected. Penn credits this emergency response plan for helping to shut down a recent sophisticated, international phishing attack within a couple of hours.

Mortgage Fraud Makes a Comeback

One form of fraud that is experiencing a resurgence is mortgage fraud, which has heated up along with housing prices, according to Charles Freeman, chief credit officer for Long Beach Bank, the subprime origination arm of Seattle-based Washington Mutual ($319.7 billion in assets).

Flipping - buying a home, possibly fixing it up and quickly selling it - is helping some real estate investors make plenty of cash and fueling late-night infomercials on profiting from no-downpayment deals. But the hot real estate market also means there's increased profit in illegal flipping, which involves multiple exchanges of a property at ever-escalating prices among fraudsters working together. The illegal flippers leave with the money after the last flip. While a good appraisal should stop a home from being exchanged at an above-market price, often an appraiser or real estate agent is involved in the flipping scheme, Freeman notes.

To prevent illegal flipping, Long Beach Bank relies on technologies that enable it to track more comprehensive data than it has in the past. HistoryPro, from C&S Marketing (Sacramento, Calif.) provides the lender with sales history information for up to three years for the subject property and sales comparables for surrounding properties. The software also measures the collateral risk inherent in individual residential properties in varying market conditions. Multiple sales of the same property in a short time span, though not necessarily fraudulent, receive extra attention, Freeman notes. "This helps us hone in on [illegal] flips," he says.