TRENDING:

Prison Sentence for Insider Crimes

6 Years for Employee Who Obtained Loans for Family, Friends Tracy Kitten (FraudBlogger) • September 15, 2011    
Prison Sentence for Insider Crimes
Insiders often pose the greatest and most costly threat financial institutions face, as a loan fraud case in Maryland demonstrates.

On Sept. 7, the U.S. Attorney for the District of Maryland issued a statement about the six-year sentence handed down to Latesha Brown.

Brown pleaded guilty to a bank fraud conspiracy and identity theft scheme she orchestrated while employed with multiple credit unions.

Brown exploited her employee access to personal information about members that she later used to falsify loan applications for family and friends. She has been ordered by the court to pay $124,000 for restitution.

The story sounds all too familiar.

Also on Sept. 7, Gary Foster, a former vice president in Citigroup Inc.'s treasury finance department, pleaded guilty to the role he played in a bank fraud scheme that allowed him to embezzle of more than $22 million from Citigroup and its customers. [See Citi Case Exposes Insider Risks.]

According to the U.S. Attorney's Office for the Eastern District of New York, the charges against Foster stemmed from fraud he committed between September 2003 and June 2011.

Given the current state of the economy, Julie McNelley, a financial fraud analyst at Aite, says insider compromises are likely to escalate.

"In the wake of the financial crisis, financial institutions face severely constrained budgets," she says. "While the reputation risk and potential for hard-dollar losses associated with insider fraud has many FIs concerned, it can be hard to make a business case for the technology that can help uncover the patterns, particularly if the institution has no understanding of the scope of the issue."

Under the Radar

It's a bit of a chicken-and-egg scenario, McNelley says. It's difficult for an institution to justify investments in detection technology until a costly insider breach occurs.

In the Brown case, like the Foster case, the fraud went undetected for years. From September 2004 to August 2010, Brown's conspiracy involved fraudulent loans that were based on stolen identities. In her roles with various credit unions, she used her privileges to then accept and submit forged birth certificates and pay stubs, as well as false driver's licenses, employment letters and vehicle invoices, ultimately verifying herself the legitimacy of the fraudulent loans she provided.

Brown's scheme involved misappropriated Social Security numbers and stolen notary stamp seals. She then processed falsified loan applications in a deficient manner and assisted her co-conspirators with quick access to ill-gotten loan funds as a way to avoid detection.

From March 26, 2007 until Aug 5, 2010, Brown, often used stolen identities to even apply for jobs and membership at credit unions. In total, she sought employment at 33 credit unions and applied for membership at 29, often reapplying to the same institution multiple times using new false identities.

Her scam, though widespread, is not so complicated. Yet Brown, like so many others was able to fly under the radar for several years.

Back to Basics

Internal fraud detection does not have to be overly technical or expensive. Basic precautionary steps could thwart most breaches and scams, experts say.

Erin Morasch, an internal audit manager for fraud-loss prevention at San Francisco-based Patelco Credit Union, $3.75 billion in assets, says more division between departments and duties, as well as firm policies regarding job employment, might have helped pick up on suspicious activity in the Brown case sooner.

"Screening criteria should include credit, debit and criminal history," Morasch says, "to determine if fraud factors or criminal history is or are present. If fraud or a criminal background is present, a hiring offer shouldn't be made."

When it comes to confirming the authenticity of members and borrowers, however, the checks and balances are more complicated, but not unmanageable. "For us, screening new-member applicants for membership through a debit bureau saves us from a lot of loan fraud," Morasch says.

Passing a debit bureau screening to qualify for an account is an extra layer of scrutiny that helps Patelco weed out potentially bad borrowers. The credit union also has more than one department review membership applicants, and those who review the applicants are trained to pick out high-risk applications. "If the membership applicant concurrently applies for a loan, she is subject to greater scrutiny and authentication," Morasch says.

Just that added layer of scrutiny may have foiled Brown's scheme years and several credit unions sooner.

"Paying attention to data discrepancies, ID theft alerts, ghost borrowers, those who have no credit or debit history, all serve to reduce our exposure, post-opening, of the new account," Morasch says.

The more eyes and departments a banking institution has reviewing individual and risky loan applications, the less likely fraud will get overlooked.

"There are multiple operational and lending departments involved, and, because of that, our process may act as a deterrent for insider fraud," Morasch says. "On the lending side, we have the relatively standard proviso that the person who processes the loan cannot fund it - a counter-party has to be involved if the loan is funded. And if problems come to light or blow-up, or if we think there's too much smoke in the air, we're going to investigate to determine the extent of our potential problem, establish any patterns, like applicant geo-location, branch locations, car dealerships, and really scrutinize the problem. If there was insider fraud, all that attention and post-mortem review, hopefully, would serve to choke off any further abuse."

Previous
POS Breach Spans 2 Years
Next
The Problems with Regulatory Reform

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.



Around the Network

What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
Are We Facing a Massive Cybersecurity Threat?
Are We Facing a Massive Cybersecurity Threat?
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.