4 minute read
Earlier this year, I was presenting at the IAFCI (International Association of Financial Crimes Investigators) regional Bank Fraud Group in Chicago. One of the presenters before me, from consumer credit giant Synchrony Bank, polled the audience of around 180 credit union and bank fraud investigators and asked them “how many of you are seeing an increase in the number of in-branch, in-person fraud cases?”
About 60% of the audience put their hands up.
This kind of old-fashioned in-person identity theft is on the rise. After fraudsters grew more sophisticated during the pandemic, the run-on effect has been that, in the post-pandemic world, the vastly improved “fraud tools” marketplace that developed during the pandemic makes it easier to commit these crimes.
The trend is frustrating banks and the government as they try to find strategies to counter this “new-old” threat.
ID theft expanded tremendously during the pandemic as the US Federal and State governments distributed over $5 trillion in relief to businesses and households through stimulus checks, enhanced unemployment benefits, low-income household aid, and forgivable loans.
It was what has been coined as the “big money grab”. And, boy oh boy, did criminals want a piece of it. They developed the skills needed to create fake identities – or to steal existing ones - so they could fraudulently file for government aid programs.
And it worked. Organized fraud rings stole $300 billion in pandemic relief, according to the FBI. This represents the largest fraud scheme in history.
The incredible amount of money stolen has emboldened fraudsters to utilize the same tools in new and innovative ways – by going back to old fashioned fraud!
To pull off an “old-school” take-over of an account, criminals posing as the owner need the owner’s account number and a fake form of ID.
These types of resources are readily available on many different illicit trading sites. On such source is Telegram, a cloud-based encrypted instant messaging platform that is a favored forum to sell stolen and forged documents. Think of Telegram as a newer and more user-friendly replacement for the DarkWeb, where sites like Silkroad, Versuss, Empire Market and Torrez were notoriously brazen in their operation of marketplaces for the sale and dissemination of stolen personal data, forgeries, and other tools needed to commit fraud.
I recently spent several hours touring Telegram, contacting vendors, inquiring about products and otherwise learning about how it works. (NOTE! I do NOT recommend that “just anyone” do this without some proper safeguards in place.)
What I found was a vibrant, international selection of vendors prepared to sell driver licenses, passport cards, social security cards, US Work Permits, forged credit cards with legitimate account details (including the chip), bank account details, personnel files on potential ID targets - including passwords, historical residence information (to fool KBA, or “knowledge based” authentication questions), matching bank account information, birthdates, social security numbers and other important information.
I chose three separate vendors – one from the Philippines, and two from China - and ordered identical sample fake ID documents from them, just to see what would happen. I paid, on average, around $35 per document, and I ordered current “Real ID” type documents from California, Florida and Nevada.
Above is one of the documents, received in under two weeks, from the Philippines vendor. The two Chinese vendors’ documents have yet to arrive. Once they do, I intend to put them through the full analysis, testing numerous US based ID Verification services to see how well (or, poorly) they perform. That will be my next blog!
Forged passports are also a growing concern. The FBI warned banks earlier this year to be extra diligent with passports, because, as "a less familiar form of government-issued identification," they are more likely to evade detection.
In keeping with information we have been hearing from banks and credit unions, I found a very large subset of vendors offering “genuine” checks for sale. That is, they are selling actual blank checks from live, active accounts. These checks can come from home or car robberies, but most commonly, stolen checks are obtained by mail theft.
Again, this plays into the “old school” nature of the evolution (devolution??) of fraud. Sophisticated online attacks have declined while paper-based in-person fraud increases.
The security of checks is becoming a large concern to the financial services community. According to the Financial Crimes Enforcement Network (FinCEN), suspicious activity reports (SARs) for check fraud at depository institutions, reports increased by more than 200% between 2018 and 2022, with 2022 data just crossing the 500K mark with check fraud SARs. The most recent 2023 data from FinCEN shows an increase to 528K check fraud SARs for the year.
What can any bank do against the potent combination of a good fake ID document combined with a stolen check or an excellent copy of a genuine check?
This is the challenge facing banks and credit unions right now.
One very troubling trend is the willingness of fraudsters to conduct a one-off bust out fraud. For example, go to a branch with a fake ID and a fake check made out to the name of the fake identity. Open a new account and wait for the bank to release the initial funds – sometimes as much as $500. Then, cash out the $500 and disappear.
This type of short-term, low value activity is particularly hard for an organization to focus on. AI and other automated tools simply don’t do the job.
The more problematic trend, however, has been the in-person account take-over (ATO). This is when a person comes in with a fake ID matching the name and other personal details of an existing bank client, and they obtain access to the client’s accounts. This trend not only affects financial institutions, but cuts across industries where the ability to access a person’s account grants access to potential value. Think: cellular phone carriers, credit cards, medical insurance, and more.
This is why, here at FraudFighter, we always focus on verifying documents DURING the transaction. If the ID document can be authenticated as genuine, then most of the risk in that transaction has been defrayed.
Fraudsters look for a weak link. And, once they find one, they exploit it by sharing the information with their crime group. So, if one bank has strong cybersecurity but poor in-person security, they’ll attack through that vulnerable vector. Then, the bank will see the same vulnerability compromised over and over by organized rings until it is fixed.