10 Faces of Fraud for 2010

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

"The more things change, the more things stay the same." This old saying holds true when it comes to the different types of fraud hitting financial institutions.

In 2009, institutions were hit from every angle with fraud schemes -- some were old, and some were new variations. Here is a roundup of the 10 predominant types of fraud that institutions and their customers can expect to see in 2010, according to industry experts.

1. ACH and Wire Transfer Fraud
The attacks against small and medium businesses in the ACH channel in 2009 were a wake-up call to institutions for the New Year. Businesses and institutions alike suffer when fraudsters penetrate and pilfer accounts via hacking into electronic transactions.

"It started in earnest in 2009 and will only get worse in 2010 until banks put effective controls and fraud detection in place," says Gartner analyst Avivah Litan. "It is hard to tune fraud detection systems to detect this fraud in a timely manner -- especially wire fraud, since the data in a wire transfer instruction is not structured," she says. But good fraud detection systems can catch most of this activity.

2. Attacks on Institution Networks
The level of protection provided transaction processing networks is often overlooked by institutions when it comes to servers outside of the "protected networks," says Mike Urban, Fraud Director at Fair Isaac, the provider of FICO credit scoring.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

"I've seen this particularly with vendor-managed servers where their security standards may not be at the level practiced by the institution where they are deployed, including password management and patch management," Urban says. Identifying and managing all devices on corporate networks and protected transactional networks are critical to reducing the attack surface and eliminating weak links, he stresses.

3. ATM Skimming
There have been multiple stories this year in the U.S. about ATM skimming crimes. Experts say this particular form of fraud will continue to grow, as criminals are targeting U.S. financial institutions with technologies shared from Eastern Europe. "We should also expect that other ATM frauds such as card or cash trapping and lower quality skimming devices will continue to be a problem," notes Fair Isaac's Urban. Criminals will also keep pressure on older point of sale (POS) terminals that are not PCI compliant, he adds.

4. Credit Account 'Bust-Outs'
The bad economy has given rise to many types of fraud in the past couple of years, but credit "bust-outs" have been around for some time. This fraud type made the list earlier this year, but Debra Geister, Director, Fraud Prevention & Compliance Solutions at Lexis-Nexis, says the trend is still very much active in any bank she's talking with now. "By definition, credit bust-out schemes are a combination of a credit and fraud problem, although many organizations are not always sure where the losses sit -- or who might be the party responsible," Geister says.

Fair Isaac's Urban sees this as "first-party fraud," where criminals create accounts and build credibility as a customer with a financial institution, and then "bust out" the accounts once they are fully leveraged. And it may spill over to financially pressured consumers, "who may get caught up in this type fraud with high unemployment and benefits starting to run out," Urban says.

5. Variations on Phishing Schemes
There have been many phishing attacks against financial institutions in 2009, so much that the Anti Phishing Working Group cites a 600 percent increase in overall phishing attacks over 2008. But there are more insidious types of attacks hitting institutions and their customers now, say experts.

Fair Isaac's Urban says businesses will be targeted with spear phishing and hacking efforts to compromise online banking credentials. Why they're targeting businesses, he says, is because "Criminals can then target those accounts and initiate money transfers via wires or ACH to steal large sums of money at once or over time." Business checks will also be targeted in counterfeit check scams, he adds.

There is a increased level of sophistication being seen in the phishing attacks, says Ori Eisen, former worldwide fraud director for American Express, now head of 41st Parameter, a fraud solution company. Eisen sees increased sophistication in phishing and use of SMShing attacks, similar to the text phishing attacks that have been circulating around the country, hitting banks and credit unions.