Starting Out

Anatomy Of A Bank Fraud

Please sign in to save this to your favorites.
Written by: Rachel Vamos Colin May, CFE Mark F. Zimbelman, Ph.D., CPA
Date: November 1, 2008
read time: 7 mins
Financial Institution Fraud Fraud Schemes

Bank fraud involves the use of fraudulent means to obtain something of value from a financial institution. There are numerous types of bank fraud including identity theft, account takeover, loan fraud, wire transfer fraud, and check fraud. In this issue, an experienced bank fraud investigator, Rachael Vamos, CFE, describes a case study involving these types of bank fraud that led to the bank suffering a loss of nearly $200,000. She also discusses how the bank instituted several policies to prevent these frauds. This column is adapted from a paper Rachael completed for her graduate fraud examination course at Stevenson University near Baltimore, Md. She's the fraud manager at a Maryland financial institution.

BUILDING THE FOUNDATION: IDENTITY THEFT AND ACCOUNT TAKEOVER 

It was late October when an account holder, let's call him Jim, was out of the country on vacation. That's when a fraud perpetrator took over his account and identity by possibly finding his bank statement in the trash or by stealing the information from Jim's workplace -- a local university. 
 
The fraudster found that Jim didn't have an online banking account so the fraudster visited the bank's Web site and submitted an application on Oct. 24, and the bank approved it two days later. The bank then accepted the fraudster's answers to the online "challenge questions" (for example, "What is the name of your pet?"), which gave the fraudster access. The fraudster now could view Jim's balances; his transaction history including cleared checks; and the balances in his savings, checking, and money market accounts, plus a home equity line of credit of $100,000. 
 
On Oct. 27, the perpetrator called the bank and requested that the phone number on the account be changed. The fraudster had now officially committed identity theft by assuming Jim's identification to change the account's contact information and therefore be able to conduct online transactions and verify requests via the new phone number. 
 
IN THE MONEY: LOAN FRAUD AND WIRE TRANSFER FRAUD 
Two days later, on Oct. 29, the fraudster transferred online $99,900 from the line of credit to the savings account. On Oct. 31, a request for an international wire transfer of $98,950 was faxed to the Electronic Funds Transfer (EFT) department. The request included Jim's signature, which matched his signature on file, and a copy of his driver's license. (As the bank's investigator on this case, I later assumed that the fraudster had gotten Jim's signature off one of Jim's cleared checks posted online.) 
 
The EFT representative followed procedures to complete a callback verification of the request to the phone number listed on the account. Of course, the rep reached the fraudster, not Jim, who readily OK'd the request. 
 
According to the EFT representative's notes, the fraudster verified all the necessary information including date of birth, Social Security number, address, amount, last transaction, and phone number. The fraudster probably created a fake driver's license containing Jim's information and faxed it to the EFT department. The EFT representative was only looking to verify the basic information and to see if the signature matched. The bank approved the wire request and sent the funds to another Canadian bank. The fraudster received $98,950 of Jim's money within one week of illegally requesting it via Jim's online account. 
 
BUILDING HIGHER: CHECK FRAUD AND MORE WIRE TRANSFER FRAUD 
On Nov. 7, a check for $99,000 was mailed to the bank as a payment on the line of credit. The bank posted the payment and the available credit was back to the original $100,000. The bank didn't hold the check even though it was from a different party and drawn off a bank in a different state. The bank employee who processed the deposit wasn't suspicious because Jim was a long-time customer, and it appeared that he was paying a loan. 
 
On that same day, a transfer of $99,800 was made from the line of credit to the savings account. On Nov. 8, another international wire request in the amount of $98,850 was faxed to the EFT department. The bank followed the same call-back verification process, and the fraudster was able to provide the necessary information. The bank approved the wire request and sent the funds again to Canada. 
 
On Nov. 13, another check in the amount of $99,000, drawn off the same account as the previous payment, was mailed to pay down the line of credit. The bank didn't hold the check, and the available credit was again $100,000. On the same day, another transfer was made from the line of credit to the savings account in the amount of $98,800. At the same time, a transfer for $2,000 was made from the money market account to the savings account. 
 
NOT SO FAST: THE BANK REACTS 
A third wire request for $99,995 faxed to the EFT department raised suspicion. 
 
The fraudster, posing as Jim, called the bank to ask about the unsent wire request. I explained that verification was necessary before the wire could be processed. After the call, I couldn't contact Jim via the previous phone number listed on the account. 
 
I obtained Jim's direct phone number and e-mail address via the university's Web site. I sent an e-mail and called Jim's office to listen to his voice-mail recording. The voice on the message didn't sound like the person who had called in requesting information on the third wire request. I concluded that the account had been hijacked and that the wire request activity was probably fraudulent. The bank couldn't recall any of the wires it sent with the money. (After a financial institution approves and sends a wire it's nearly impossible to retrieve the funds.) 
 
The investigator then attempted to verify the two checks that had been deposited to the line of credit by contacting the bank on which they were drawn. The bank verified that the deposited checks were reported as stolen by their account holder and would be returned unpaid. Jim's account was then locked with a no-transactions code, and all inquiries about the account were routed to the Corporate Security Department. The bank left a voice mail for Jim and mailed him a certified letter. However, Jim was still on vacation. 
 
Finally, two weeks after the third wire request, Jim called the bank. When I met with this 62-year-old university professor, it was clear Jim had no idea what had taken place on his account. After the bank verified the fraudulent activity, it contacted law enforcement and told its insurance company about the $198,700 loss. The bank reimbursed Jim and restored his full line of credit. The fraudster was never caught. 
 
REACTIVE AND PROACTIVE APPROACHES TO BANK FRAUD 
The bank's investigation was completely reactive. The bank approved two fraudulent wires and sent them to Canada before it notified the investigator of suspicious activity. The bank couldn't recall the wires, and the checks used to pay the line of credit were stolen and returned unpaid. The bank advised Jim to obtain a copy of his credit report to ensure no other fraudulent activity had occurred. 
 
A proactive approach might have prevented much of the loss. The bank's auditing department regularly reviews each department's policies and procedures to look for potential issues. However, auditors use their discretion in determining the risks to investigate. Often, auditors aren't aware of a department's risk issues and so might overlook a critical control weakness. 
 
One proactive approach to this bank fraud includes training the EFT staff about loan and wire fraud. Also, the bank's verification procedures should have been more thorough; the insurance company refused to pay this claim because the bank didn't call back the person on a "secure telephone number." 
 
A secure telephone number, in this case, would've been one that Jim had provided when he opened the account or that he would've changed in person and that the bank would've verified by calling the previous phone number on record. Also, the bank would've obtained that secure telephone number at least 30 days prior to a significant transaction. The fraudster changed the telephone number on Jim's account only two days prior to the faxed instruction. 
 
A proactive bank doesn't accept wire requests via fax unless it arranges this service when the customer opens the account. The bank would only offer this service to individuals who authorize faxed wire requests and previously had provided a secure telephone number for verification. 
 
Also, banks shouldn't allow customers to arrange for online banking through the banks' Web sites (though most banks provide this convenience). Customers should have to open their online accounts in person at the banks and then answer three to five challenge questions that they subsequently would have to answer each time they open their accounts online. 
 
Banks also should purchase software that alerts them to suspicious activity through active, real-time account monitoring. They can customize the monitoring depending on current fraud trends. If such a system had been in place, the online banking set-up, phone number change, and wire requests would've appeared as alerts for the fraud department. The security department would've investigated the situation and attempted to contact Jim. If it couldn't have contacted him to verify the activity, then it wouldn't have sent the wire. 
 
FRAUDSTERS WORKING HARDER 
Now with the proper proactive measures in place, the financial institution hasn't experienced any other wire transfer fraud. The hardest part about fraud fighting is that the liable victim, in this case the bank, will always have to take the first hit. In other words, until you know the type of fraud it is you can't effectively fight it. Fraudsters make wire-transfer fraud, ID theft, and other crimes their full-time jobs. Unfortunately, criminals spend far more time researching and developing scams than do individuals or businesses trying to protect themselves. 
 
Colin May, CFE, is a forensic financial investigator with a government agency (the views in Starting Out are his own) in Baltimore, Md.   
 
Mark F. Zimbelman, Ph.D., CPA, Educator Associate Member, is an associate professor of accounting and Selvoy J. Boyer Fellow at Brigham Young University in Provo, Utah.    

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.

Ad

Begin Your Free 30-Day Trial

Unlock full access to Fraud Magazine and explore in-depth articles on the latest trends in fraud prevention and detection.

Learn More Already a member? Sign In

You May Also Like