$200 Million Card Fraud Scheme Alleged

18 Charged in Global Case that Reveals Cross-Channel Gaps

By , February 12, 2013.
$200 Million Card Fraud Scheme Alleged

Arrests in connection with an alleged $200 million global credit card fraud ring offer an important reminder about gaps in cross-channel and cross-account fraud detection, says one anti-money-laundering expert.

See Also: Secure E-Banking: Consumer-Friendly Strong Authentication

Banking institutions must practice more due diligence when it comes to account activity monitoring - and greater reliance on big data would help, the expert advises.

On Feb. 5, federal authorities arrested 13 individuals allegedly connected to one of the biggest payment card schemes ever uncovered by the Department of Justice. The defendants' alleged criminal enterprise - built on synthetic, or fake, identities and fraudulent credit histories - crossed numerous state and international borders, investigators say.

The scheme involved the creation of false identities used to create fraudulent credit profiles, falsified information to establish creditworthiness with the credit bureaus and large loans that were never repaid by the fraudsters, according to court records that were recently unsealed.

The defendants have been accused of moving millions of dollars through accounts under their control, as well as wiring millions of dollars overseas. An investigative analysis of 169 bank accounts allegedly used by the defendants, their "sham" companies and/or complicit businesses identified $60 million in proceeds that had flowed through the numerous accounts, with most of those funds being withdrawn in cash, investigators say.

Additionally, those charged allegedly wired millions of dollars to Pakistan, India, the United Arab Emirates, Canada, Romania, China and Japan, authorities say. Due to the massive scope of the case, which involved more than 25,000 fraudulent credit cards, loss calculations are ongoing. Final figures may grow beyond the confirmed losses of more than $200 million.

Cybercrime experts from the Federal Bureau of Investigation have been investigating the case for 18 months. Several other individuals allegedly connected to the scheme were arrested earlier. So far, 18 individuals have been charged with bank fraud and face up to 30 years in prison and a $1 million fine.

Difficult to Trace

Micah Willbrand, director of AML market planning for LexisNexis' financial services division, says the two-year alleged scheme, which involved opening numerous business bank accounts, establishing high-scoring credit reports and moving funds to accounts in high-risk international markets, should have raised flags sooner. Unfortunately, international schemes are often the most difficult to trace, he says.

Bank Secrecy Act and AML regulations do not require banks to identify or scrutinize the recipient of funds associated with high-risk transactions, Willbrand says. "Laws and regulations today only require that the bank have KYC [know the customer] in place for the sender, not the receiver of money," he says.

And financial institutions have been reluctant, until recently, to push the envelope. Jurisdictional challenges related to international transactions would require banks to do a lot more leg work to verify the authenticity, risk and identity of a recipient to parallel the due diligence and KYC controls they have in place for senders, Willbrand says.

But card fraud schemes demonstrate why it's imperative to have KYC controls in place for both senders and recipients, he adds.

"With FACTA [Fair and Accurate Credit Transactions Act], all countries are realizing we need to know more about who's receiving the money. We need to be more transparent about how money is moving around the world, and that is something everyone is coming around to."

Moving Money

Authorities charge that the defendants and their conspirators in this case allegedly created more than 7,000 false identities and fraudulently obtained tens of thousands of credit cards they used to purchase lavish goods and stockpile large sums of cash.

The enterprise allegedly maintained more than 1,800 so-called "drop addresses," including houses, apartments and post office boxes, used as the mailing addresses for the synthetic identities. These IDs were used to create dozens of sham companies that did little or no legitimate business, investigators allege. Through those sham companies, the defendants and their co-conspirators purchased credit card terminals used to run up charges on fraudulent credit cards, authorities charge.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE U.S. Data Breach Notification Law Unlikely in 2014

Despite President Obama's urgent call to lawmakers to enact a national data breach notification...

Latest Tweets and Mentions

ARTICLE U.S. Data Breach Notification Law Unlikely in 2014

Despite President Obama's urgent call to lawmakers to enact a national data breach notification...

The ISMG Network