Law enforcement officials apprehended 18 individuals last week in one of the biggest card fraud schemes ever uncovered - the group stole more than $200 million by some estimates. News reports said that the group had been operating for almost ten years across more than 20 stats and sending money all over the world to accounts in India, Pakistan and elsewhere. One might wonder how the fraud ring could have operated for so long undetected, especially since they used very common tactics to conduct their fraud.
“This particular instance of fraud followed a regular pattern,” says Ben Knieff, head of product marketing at NICE Actimize, which provides anti-fraud and anti-money laundering solutions. “They steal an identity or create a false identity… Then they cultivate a line of credit over six, nine, or twelve months, utilizing it like a very good customer. Then they bust out.” By bust out Knieff means that they max out the credit line and then pay with a counterfeit check.
In order to not get caught many fraud groups hire mules - people they pay to open the lines of credit for them, Knieff says. They usually target vulnerable people looking for some extra money such as college students or the homeless. The mule then opens a credit line in their name or with a fake identity. That means that the fraud gets traced back to the mule instead of the fraudster, which means it can take a while for credit providers and law enforcement to realize that there is a full blown fraud scheme at work rather than a few individual instances of fraud, Knieff explains. And if attacks are made against different institutions by the same group it can also be difficult to connect the dots and trace the attacks back to the original source, he adds.
Stopping such fraud rings takes multiple approaches working collectively. “A lot of pieces need to work together. There’s no one silver bullet,” Knieff comments. Most credit issuers are already doing many of the things necessary to stymie fraud attacks such as a Know Your Customers policy, crosschecking their data with credit bureaus and heavily monitoring client activity after a new credit line is opened or an existing one is increased, according to Knieff. But the next step for issuers is to be continually evaluating those policies and procedures and be vigilant for new fraud patterns as criminals constantly adjust their techniques.
Regulations have also helped in fighting larger fraud schemes that target multiple institutions. “There’s been some helpful recent changes following Dodd-Frank that make it easier to share information with law enforcement,” Knieff says. “Bank A and Bank B could have the same criminal attacking them but they don’t know it. Now law enforcement can request information without a subpoena, identify the fraud ring and then get a subpoena to follow up [on the investigation]. It helps law enforcement and financial institutions work together.” Without such regulatory procedures in place to facilitate the sharing of fraud information it might not have even been possible 10 years ago to catch a fraud ring like the one brought down last week, Knieff suggests.
But the fight against fraud is constantly evolving and although the new regulations help, Kieff expects fraud rings to adapt by diversifying their operations. Instead of one group conducting a fraud scheme from start to finish, larger criminal organizations will start breaking down into smaller groups that specialize in one aspect of fraud. “One group may specialize in stealing identities and selling those; another group specializes in recruiting mules and selling them; then another group actually uses the mules to commit fraud,” Knieff explains. This will make fraud operations more loosely connected and more difficult to detect, he says. Those working to counter fraudsters will have to adapt to this new model. “Everyone is working hard on this [fighting fraud], but it’s never done,” Knieff adds.