What You Can Learn from a Massive International Credit Card Fraud

Based on federal law enforcement estimates, a credit card fraud scheme that stretched around the globe and involved more than 25,000 cards generated at least $200 million in losses.

The fraud scheme involved the following steps:

Step 1: Fraudsters created thousands of fake identities and opened bank accounts using the identities.

Step 2: Fake companies were created in order to submit information to credit agencies regarding the creditworthiness of each fake identity.

Step 3: Credit cards were applied for using the fake identities, which appeared to be creditworthy. Loans were obtained using the “high” credit scores.

Step 4: Legitimate “complicit” businesses colluded in “sham” transactions in which the merchant received proceeds from a “sale” that they subsequently split with the fraudsters.

Step 5: Fraudsters deposit the proceeds from the fraud in previously established bank accounts. They withdrew large sums of cash as well as wired funds overseas.

Not surprisingly, the fraudsters defaulted on the outstanding loans and pocketed almost the entire balance as profit from the fraud that ultimately funded their extravagant lifestyles.

What can you learn from the fraud to help protect your bank?

1. Know your customers. It has never been more important. The scheme described in this article depended on the creation of bank accounts to receive the proceeds from each fraudulent transaction. Ensure that new account opening staff members comply with your institution’s new account processes by implementing surprise compliance audits. Not only is a robust new account process necessary to ensure compliance with banking regulations, it may also stop fraudsters in their tracks.

2. Ensure that your bank or credit union gathers the latest fraud intelligence. As fraud evolves, so too must your institution’s approach to prevention and detection of suspect activity. Consider developing a centralized database of fraud schemes at other banks to use in staff training and development of your institution’s fraud defenses. Review each case for potential failure points and consider the likelihood of a similar event occurring at your institution. Consider including such information as support for business cases that seek to secure additional investment in people, processes and technology to fight fraud.

3. Bridge the gap between back office functions. Depending on the size of your institution, the anti-money laundering and fraud functions may reside in separate departments. Often, activity that is indicative of money laundering comes to the attention of the fraud department and vice versa. Ensure that a process exists to share such information with the primary department responsible for monitoring such activity.

4. Prepare for increased banking regulation. Currently, banks that transmit funds at the request of their customers know little about the destination of the funds beyond what is required to initiate and complete the transaction. Given the size and scope of a fraud scheme, as well as the fraudsters’ ability to move funds around the globe with relative ease, regulators may soon consider requiring banks to gather and share information regarding the identity fund recipients — both domestically and internationally.

Fraudsters understand the inherent weaknesses in the U.S. financial system. As the case described in this article shows, they also have the expertise to exploit those gaps in people, processes and technology for considerable personal gain. The threat is real, and as technology advances, so too does the fraudster’s ability to perpetrate fraud with catastrophic consequences.

For more information on how we can help your community bank, please contact Sonny MacArthur at smacarthur@pkm.com or 404-420-5631.