Feds Bust $2 Million Fraud ScamBank Insiders Key to Alleged ID Theft Scheme
According to charges filed by the Manhattan District Attorney, stolen names, dates of birth, addresses, Social Security numbers and financial information were used through a variety of schemes to defraud victims and financial institutions. Between May 2010 and September 2011, the New York crime ring is accused of stealing more than $2 million from JPMorgan Chase Bank, TD Bank, Citibank, Discover and American Express. The charges include conspiracy to commit grand larceny, grand larceny, criminal possession of stolen property, identity theft and criminal possession of a forged instrument.
The 18-month investigation, which relied on court-ordered eavesdropping, physical surveillance, computer forensics and analysis of credit card, banking and phone records, remains open.
"Today's indictment reveals another tool of organized identity thieves - insiders who betray their employers and prey on clients," said Manhattan District Attorney Cyrus R. Vance in a statement about the case. "These insiders used their positions to gain access to client data, and then sold that data to make money for themselves and their accomplices."
Recruiters in the conspiracy are accused of trafficking and buying stolen information. They allegedly relied on collusive accountholders, who provided valid bank accounts that could be used to deposit counterfeit checks and conduct fraudulent money transfers.
At Chase, the ring allegedly used the bank to verify account and balance information, and then ordered credit reports about legitimate accountholders. With personal information contained in the credit reports, the fraudsters gained information to answer security questions so they could open additional accounts and credit cards in the victims' names.
That same personal information was allegedly used to take over Chase credit card accounts. Stolen credit cards have been linked to purchases made at numerous Manhattan stores, including Louis Vuitton, Gucci, Yves Saint Laurent, and Salvatore Ferragamo.
Focus on Insiders
The case highlights growing concerns about insider collusion. Last month, in a similar insider case, a Massachusetts-based investor-services firm sought legal against one of its former employees for illegally copying proprietary company documents to a USB drive. [See Insider Fraud Suit: Example for Others.]
See Also: 2020 Cyberthreat Defense Report
Kathyann Pace, a former internal risk management auditor at Computershare, which provides investment services to more than 2,700 corporate clients and 15 million shareholders in the United States, was accused of copying information from her corporate laptop and transferring it to a personal laptop, violating the Computer Fraud and Abuse Act. Pace now faces civil charges.
Mike Braatz, senior vice president and general manager of bank fraud for Memento, a fraud-management software services provider, says the industry is making progress, where catching and thwarting insider fraud is concerned. "Five years ago, the financial industry didn't really want to talk about insider fraud," he says. "Now, it seems every day we're hearing about busted schemes, arrests and convictions."
But, as this most recent Chase scheme proves, fraudsters continue to innovate. "Financial institutions need to continue their investment in training, technology and internal fraud controls," Braatz says. "Their investments in fraud defenses need to be at least as innovative as the fraudsters." Improve Background Screening
Deeper background checks of potential new hires, especially those who will have access to customer information, is recommended. Including questions during interviews about possible insider-fraud scenarios could make a difference. "This would allow the banks to gauge applicant responses to fraud and ethics-related questions, as well as put the applicant on notice that the bank is paying attention to the possibility of insider-enabled schemes," Braatz says. "As a deterrent, some financial institutions make it a practice to regularly remind employees that their activities are being monitored."
That practice could be extended and added to the interviewing and screening process.
Banking institutions also should remember that fraudsters usually target entry-level, staff. "These types of employees - tellers, customer service agents, etc. - make good targets, because they're often lower on the pay scale," Braatz says. "They're often entry-level positions, so it's easier to plant accomplices in these positions since the financial institutions are used to hiring people with little relevant or previous work experience."