As a bank examiner for the Tennessee Department of Financial Institutions and a Certified Fraud Examiner since 1995, I have always wanted to attend classes at the Association’s CFE Academy in Austin, Texas. I perform standard safety and soundness evaluations and specialty examinations for financial institution information systems. Due to my responsibility as a commissioned bank examiner for the state, I can never know too much about fraud. So, last February when I was notified that my department was sending me to the CFE Academy on March 22-23 to learn about computer fraud, I was delighted.
The Academy was conducted at the Hyatt Regency on Town Lake and both the accommodations and the instruction were first rate. The Association hosted a welcome reception on the evening prior to the Academy. At the reception, Association personnel were available to answer questions about other training courses and Member services, and the value of sharing information and experiences with other CFEs and seminar attendees could not be discounted.
Our first training session began promptly at 8 the next morning. Our instructor was fellow CFE Walt Manning, director of The Techno-Crime Institute in Plano, Texas. Manning is a 20-year veteran of the Dallas Police Department, and has a bachelor of arts degree from the University of Dallas and a Master Police Officer Certification from the Texas Commission for Law Enforcement Standards and Education. He also was instrumental in developing the conceptual design of a telecommunications crimes course for federal agents at the Federal Law Enforcement Training Center (FLETC) in Glynco, Ga.
During the introduction Manning painted a broad picture of the varied and complex world of high-tech crime, which broadened my understanding of what constituted computer fraud. Like many people I thought computer crime or high-tech crime meant hacking into computer systems to steal information or money. Manning told us that we needed to expand our vision and realize that advanced technology can be used to either commit or further every conceivable type of criminal activity. Murder is as old as Cain and Abel, but computers have been used in recent years to perpetrate homicide. Technology also has been used to stalk victims or carry out terrorism in cyberspace. Organized crime groups are forming "cyber-cartels" at an alarming pace. From a legal standpoint our laws and regulations are being far outpaced by technology.
Telecommunications are critical to modern-day business, but few organizations realize the potential for fraud associated with this technology. Private Branch Exchanges (PBXs), voice mail, cellular telephones, automated attendants, and even pagers can expose organizations to significant losses, which have been estimated from $500 million to as much as $3 billion per year.1 Losses due to PBX fraud, perhaps the most prolific category of telecommunications fraud, have been as great as $1 million for a single victim.
After learning about the potential for fraud through PBX systems, I’ve amended my job responsibilities to include reviewing the configuration and security measures in place for financial institution phone systems and informing management of their responsibility for securing those systems. Most PBX fraud occurs through remote access features, such as "800" numbers, direct inward system access (DISA), auto attendants, and voice mail.
On Tuesday morning, Manning charged right into Internet fraud, which included privacy issues and gathering computer evidence. Fifteen years ago hacking and viruses would have been non-issues for many small banks and other financial institutions. Today, however, I’ve found that even several small-town community financial institutions have web sites, and many offer Internet banking services.