11:37 AM
Connect Directly

How Fraud Rings Evade Detection And What Banks Can Do To Stop Them

As last week’s big card fraud bust revealed, fraud rings are becoming more sophisticated in how they avoid detection.

Law enforcement officials apprehended 18 individuals last week in one of the biggest card fraud schemes ever uncovered - the group stole more than $200 million by some estimates. News reports said that the group had been operating for almost ten years across more than 20 stats and sending money all over the world to accounts in India, Pakistan and elsewhere. One might wonder how the fraud ring could have operated for so long undetected, especially since they used very common tactics to conduct their fraud.

“This particular instance of fraud followed a regular pattern,” says Ben Knieff, head of product marketing at NICE Actimize, which provides anti-fraud and anti-money laundering solutions. “They steal an identity or create a false identity… Then they cultivate a line of credit over six, nine, or twelve months, utilizing it like a very good customer. Then they bust out.” By bust out Knieff means that they max out the credit line and then pay with a counterfeit check.

[See Related: Cyber Fraud Is Going Global, FBI Sting Reveals]

In order to not get caught many fraud groups hire mules - people they pay to open the lines of credit for them, Knieff says. They usually target vulnerable people looking for some extra money such as college students or the homeless. The mule then opens a credit line in their name or with a fake identity. That means that the fraud gets traced back to the mule instead of the fraudster, which means it can take a while for credit providers and law enforcement to realize that there is a full blown fraud scheme at work rather than a few individual instances of fraud, Knieff explains. And if attacks are made against different institutions by the same group it can also be difficult to connect the dots and trace the attacks back to the original source, he adds.

Stopping such fraud rings takes multiple approaches working collectively. “A lot of pieces need to work together. There’s no one silver bullet,” Knieff comments. Most credit issuers are already doing many of the things necessary to stymie fraud attacks such as a Know Your Customers policy, crosschecking their data with credit bureaus and heavily monitoring client activity after a new credit line is opened or an existing one is increased, according to Knieff. But the next step for issuers is to be continually evaluating those policies and procedures and be vigilant for new fraud patterns as criminals constantly adjust their techniques.

Regulations have also helped in fighting larger fraud schemes that target multiple institutions. “There’s been some helpful recent changes following Dodd-Frank that make it easier to share information with law enforcement,” Knieff says. “Bank A and Bank B could have the same criminal attacking them but they don’t know it. Now law enforcement can request information without a subpoena, identify the fraud ring and then get a subpoena to follow up [on the investigation]. It helps law enforcement and financial institutions work together.” Without such regulatory procedures in place to facilitate the sharing of fraud information it might not have even been possible 10 years ago to catch a fraud ring like the one brought down last week, Knieff suggests.

But the fight against fraud is constantly evolving and although the new regulations help, Kieff expects fraud rings to adapt by diversifying their operations. Instead of one group conducting a fraud scheme from start to finish, larger criminal organizations will start breaking down into smaller groups that specialize in one aspect of fraud. “One group may specialize in stealing identities and selling those; another group specializes in recruiting mules and selling them; then another group actually uses the mules to commit fraud,” Knieff explains. This will make fraud operations more loosely connected and more difficult to detect, he says. Those working to counter fraudsters will have to adapt to this new model. “Everyone is working hard on this [fighting fraud], but it’s never done,” Knieff adds.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Travis Rawley
Travis Rawley,
User Rank: Apprentice
2/25/2013 | 5:05:50 PM
re: How Fraud Rings Evade Detection And What Banks Can Do To Stop Them
Are there any tools or companies that can enable fraud detection for an HR manager so that fraud risks can be detected before hiring? For example, how would I determine how to evaluate this eVerifile offering ?
User Rank: Apprentice
2/16/2013 | 2:34:52 AM
re: How Fraud Rings Evade Detection And What Banks Can Do To Stop Them
Forrester gives advice on vendors that support the challenge with cross channel, enterprise fraud attacks, learn more :
User Rank: Apprentice
2/15/2013 | 9:13:55 PM
re: How Fraud Rings Evade Detection And What Banks Can Do To Stop Them
Interesting that credit abuse and bust out fraud is becoming more publicized even though it has been around for a while; however the financial stakes are getting larger. Not only do cross channel Analytics play a key role in detection and prevention, but real time behavioral Analytics are the secret to early warnings.
User Rank: Apprentice
2/15/2013 | 5:19:32 PM
re: How Fraud Rings Evade Detection And What Banks Can Do To Stop Them
I second Bryan Yurcan's comment: big data, along with high-powered analytics and link analysis, provides a way to deliver fraud red flags faster. Interesting to see the horizontalization of the criminal supply chain: "Instead of one group conducting a fraud scheme from start to finish,
larger criminal organizations will start breaking down into smaller
groups that specialize in one aspect of fraud."
User Rank: Author
2/14/2013 | 5:44:44 PM
re: How Fraud Rings Evade Detection And What Banks Can Do To Stop Them
Obviously using data analytics effectively can help in know your customer and fraud detection efforts, this is another area where "big data" management comes heavily into play.-
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.