Feds Bust $2 Million Fraud Scam

Bank Insiders Key to Alleged ID Theft Scheme
Feds Bust $2 Million Fraud Scam
U.S. federal authorities have indicted 55 suspects for their alleged involvement in an identity-theft and financial crime ring that used insiders at banks, a non-profit institution, a high-end car dealership and a real-estate management company to steal personally identifiable information from more than 200 individuals and organizations.

According to charges filed by the Manhattan District Attorney, stolen names, dates of birth, addresses, Social Security numbers and financial information were used through a variety of schemes to defraud victims and financial institutions. Between May 2010 and September 2011, the New York crime ring is accused of stealing more than $2 million from JPMorgan Chase Bank, TD Bank, Citibank, Discover and American Express. The charges include conspiracy to commit grand larceny, grand larceny, criminal possession of stolen property, identity theft and criminal possession of a forged instrument.

The 18-month investigation, which relied on court-ordered eavesdropping, physical surveillance, computer forensics and analysis of credit card, banking and phone records, remains open.

"Today's indictment reveals another tool of organized identity thieves - insiders who betray their employers and prey on clients," said Manhattan District Attorney Cyrus R. Vance in a statement about the case. "These insiders used their positions to gain access to client data, and then sold that data to make money for themselves and their accomplices."

Recruiters in the conspiracy are accused of trafficking and buying stolen information. They allegedly relied on collusive accountholders, who provided valid bank accounts that could be used to deposit counterfeit checks and conduct fraudulent money transfers.

At Chase, the ring allegedly used the bank to verify account and balance information, and then ordered credit reports about legitimate accountholders. With personal information contained in the credit reports, the fraudsters gained information to answer security questions so they could open additional accounts and credit cards in the victims' names.

That same personal information was allegedly used to take over Chase credit card accounts. Stolen credit cards have been linked to purchases made at numerous Manhattan stores, including Louis Vuitton, Gucci, Yves Saint Laurent, and Salvatore Ferragamo.

Focus on Insiders

The case highlights growing concerns about insider collusion. Last month, in a similar insider case, a Massachusetts-based investor-services firm sought legal against one of its former employees for illegally copying proprietary company documents to a USB drive. [See Insider Fraud Suit: Example for Others.]

See Also: Close the Gapz in Your Security Strategy

Kathyann Pace, a former internal risk management auditor at Computershare, which provides investment services to more than 2,700 corporate clients and 15 million shareholders in the United States, was accused of copying information from her corporate laptop and transferring it to a personal laptop, violating the Computer Fraud and Abuse Act. Pace now faces civil charges.

Mike Braatz, senior vice president and general manager of bank fraud for Memento, a fraud-management software services provider, says the industry is making progress, where catching and thwarting insider fraud is concerned. "Five years ago, the financial industry didn't really want to talk about insider fraud," he says. "Now, it seems every day we're hearing about busted schemes, arrests and convictions."

But, as this most recent Chase scheme proves, fraudsters continue to innovate. "Financial institutions need to continue their investment in training, technology and internal fraud controls," Braatz says. "Their investments in fraud defenses need to be at least as innovative as the fraudsters." Improve Background Screening

Deeper background checks of potential new hires, especially those who will have access to customer information, is recommended. Including questions during interviews about possible insider-fraud scenarios could make a difference. "This would allow the banks to gauge applicant responses to fraud and ethics-related questions, as well as put the applicant on notice that the bank is paying attention to the possibility of insider-enabled schemes," Braatz says. "As a deterrent, some financial institutions make it a practice to regularly remind employees that their activities are being monitored."

That practice could be extended and added to the interviewing and screening process.

Banking institutions also should remember that fraudsters usually target entry-level, staff. "These types of employees - tellers, customer service agents, etc. - make good targets, because they're often lower on the pay scale," Braatz says. "They're often entry-level positions, so it's easier to plant accomplices in these positions since the financial institutions are used to hiring people with little relevant or previous work experience."

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.