Frank on Fraud

Category: Fraud Reporting

  • Fallback Fraud is Falling Fast in 2018

    Fallback Fraud is Falling Fast in 2018

    In 2017, Fallback fraud was the fastest growing fraud type for card issuers in the United States. In 2018, Card issuers improved their fraud strategies and monitoring and have been able to curtail this fast growing type of fraud.

    FallBack Fraud Spiked After Chip Implementation in the US

    According to Auriemma, card issuers reported that 20% of their counterfeit card fraud losses occurred when merchants “fell back” to the magnetic strip rather than the Chip to complete a face to face transaction.

    Fallback fraud might be new to the US, but card issuers from around the world experienced the same problem when they first implemented Chip Cards in their region.

    2 factors lead to a dramatic increase in fraud last year.

    #1 – Fraudsters Moved To the ATM –  ATM fraud created a big headache for card issuers last year.   Since not all ATM machines were Chip enabled, many card issuer elected to let their customers use the magnetic strip as well as the Chip card.  This ended up biting back at them as fraudsters figured out which card issuers had not turned off the fallback option and they took large losses.

    #2 – Fraudsters Disabling Chip –  Fraudsters also figured out if they disabled the CHIP they were often able to bypass fraud controls and fall back to the magnetic strip transaction – one which made the issuer liable for the losses.

    1 out of 5 counterfeit credit card transactions in 2017 completed with the magnetic strip with Chip Cards

    The combination of these 2 factors spiked fallback and counterfeit fraud even as the total percent of fallback transactions fell to less than 2% of the total number of authorizations. This had issuers scrambling to respond.

    Fallback is Falling in 2018

    Banks enabled better monitoring and improved their strategies throughout 2017.  Some banks simply turned off the Fallback capability and decline except in the most urgent cases and others used their Falcon and authorization strategies to better target and decline suspicious transactions.

    In addition to better monitoring, many banks began to improve their software and terminal configurations on their ATM machines to ensure that fraudsters were not targeting their terminals that were not chip compliant.

    The strategy worked. and the result was a significant decline and fallback in counterfeit transactions due to Fallback fraud.  In 2018, fallback losses have fallen to just 11% (down from 20% in 2017).  That’s a 45% decrease in fallback fraud.

    The reduction in fallback fraud clearly show a multi-pronged approach to solving fraud is important.

    Keep fighting the good fight!

  • Synthetic Identity Fraud in Cards to Hit $1.2 Billion Soon

    Synthetic Identity Fraud in Cards to Hit $1.2 Billion Soon

    Card fraud is getting a boost, thanks to criminals that have shifted their focus from counterfeiting plastics to counterfeiting identities.

    Aite published analysis that suggest that synthetic identity fraud is growing at a rate of about 20% every year on card portfolios.  By 2020 it is expected that card issuers will lose about $1.2 billion due to synthetic identities.

    This is an interesting chart that shows the trajectory of growth each and every year.

  • Has Auto Loan Fraud Replaced Car Theft In The US?

    Has Auto Loan Fraud Replaced Car Theft In The US?

    Thefts of cars have gone on a decades-long decline here in the United States. In 2003, there were more than 433 car thefts per 100,000 people. Today, the number of thefts has dropped to 215.  That is a reduction in car thefts by over 50%!

    FBI Crime Reports for Auto Theft

    When it comes to car theft, our cars are safer and more protected than ever.   Investments made to reduce car thefts are paying off big time.  Car manufacturers invested so much in technology to deter auto theft that it worked.  Engine immobilizers, LoJack, Keyless Entry, and a host of other advancements have virtually wiped out car theft across the US.

    In fact, the only cars being stolen these days are older cars that don’t have the advanced technology.  In fact, the most stolen car in the US is the 1997 Honda Accord.

    I’ve always said, crooks are clever but they are the laziest people out there.  They will always gravitate towards the easiest payoff.  Thanks to the 1997 Honda Accords reliability it is one of the older cars that still function that does not have any of the new anti-theft technology.

     

    As Car Thefts Plummet, Theft By Auto Finance Has Increased

    So have the crooks given up on cars?  Not a chance.  They have just found far easier ways to get ahold of cars than breaking windows and jimmying the locks.

    It’s called auto finance fraud.  Crooks have discovered that they can go to any car dealership and armed with the right data, they can walk out with the keys to a brand new car. And it’s a big problem, increasing to over $6 billion in loans originated with misrepresentation each and every year.  But it hasn’t always been this bad.

    Auto lending fraud loss estimates have been climbing every year since 2009.  As car thefts have declined, crooks have simply found an easier way to get the keys to cars.

    What is Driving the Increase in Auto Finance Fraud?

    The increase in auto finance fraud illustrates the “snake under the rug” principle of fraud.  You can try to push down on the snake under the rug in one place, but it will simply move to another.

    As car manufacturers invested heavily in anti-theft technology, crooks simply found an easier way – finance the cars.   There has not nearly been the same investment in technology in auto finance as there has been in anti-theft.

    And for fraudsters looking for a quick payoff, financing new cars is a no-brainer.  Take for example how much fraudsters can get by financing a car here in the US and then shipping the cars over to foreign countries for sale.

    New Technologies Emerging

    One of the ways of reducing the problem of auto finance fraud is putting bigger hurdles in front of the fraudsters to make it more difficult for them to perpetuate their crimes.  As we have seen, fraudsters are lazy and will gravitate towards the weakest link in the chain.

    At PointPredictive we are applying AI to solve the problem by analyzing millions of applications and dealer activity to precisely identify which applications contain misrepresentations.  So whether it is the identity, the income, the employment or misrepresentations about any of the information supplied – the AI can alert the lender to the fraudulent activity.

    New technology can solve this problem and reverse the trend!  Thanks for reading.

  • Kids Are Twice As Likely to Be Fraud Victims Than Adults

    Kids Are Twice As Likely to Be Fraud Victims Than Adults

    Here is something to make your bold boil.  Toddlers and kids are under attack by fraudsters. About 1 in every 50 kids is subject to becoming victimized by fraudsters in this day and age.

    Your son, daughter, grandson or granddaughter are the #1 target of these fraudsters because their social security numbers are cleaner and easier to steal than adults.

    More than 1 million children — about 1 in 50 kids— were victims of identity theft or fraud in 2017, according to a new report from Javelin Strategy & Research. 2/3rds of those affected kids were age 7 or younger.

    At the economic impact is devastating.  Last year the industry tracked over $2.6 billion in losses to fraud against children.

    Breached Data Reveals Kids Are At Higher Risk

    According to studies, kids are at higher risk than adults when data is breached.  When hackers sell the breached data, it is the kids’ data that often sell first and for the most money.

    In breached data, only 19% of adults social security numbers are sold compared to 39% of children’s.

    Parents and Family Members are Often to Blame

    But it’s not always criminals that are stealing and using kids social security numbers. 33% of the time, Javelin discovered that the children are victims by someone known to them.

    The biggest threat to your kids is often someone close to them.

    What Can You Do?

    There is a simple remedy to the problem and something that you can do to protect your kids.  Freeze your kid’s credit files.  Congress is trying to pass legislation to make freezes on you and your kid’s bureaus free.

    Freeze their credit report, it might make a world of difference.

     

  • Bad Bots Are Taking Over the World

    Bad Bots Are Taking Over the World

    2018 was the year that Bots went mainstream.  According to a new report by Distil Networks, Bot activity accounts for 42% of all internet activity.    And what’s worse, is that close to half of that activity is by malicious “bad” bots.

    Bad Bots are taking over the world.  1 in every 5 hits to your website could be coming from evil robots.

    8 Things Bad Bots Do

    Every business online is regularly bombarded by bad bots on their website.  And those bots never sleep.  What do these bad bots do on your sites?  They steal information, try to penetrate your security and commit fraud against you.

    Here are the 8 most popular and damaging bad bots last year:

    1. Account Takeover – They test stolen credentials on your login pages.
    2. Account Creation – They create fraudulent accounts to create spam messages or exploit promotions.
    3. Credit Card Fraud – They test fraudulent cards to identify holes and steal merchandise/
    4. Denial of Service – They slow your website down by repeatedly hitting your site, thousands of times a second.
    5. Denial of Inventory – They hold items in shopping carts so that your inventory is depleted and you can’t sell to other customers.
    6. Gift Card Balance Checking – They steal money from gift cards.
    7. Price Scraping  – Bad Bots programmed by your competitors with scrape your prices.
    8. Content Scraping – They scrape your content off  your site

    Bad Bots Are Smarter, And Look More Human Now

    There is a new type of bot in town and they look more human than ever.  They’re called Advanced Persistent Bots (APB) and they look more human because of how they act.

    • Cycle IP’s – They cycle through random IP addresses so that you can’t detect them.
    • Anonymous Proxies –  They enter through anonymous proxies
    • Change Identities – They change their identities with each transaction
    • Mimic Human Behavior – They move slower, make more random transactions.

    These Advanced Persistent Bots have learned how to bypass your fraud controls!

    Bad Bots Love To Target Gambling, E-commerce, and Financial Services Industries

    The bad bots target industries where the money is, Gambling, e-commerce and financial services top the list.

    Gambling Bots – Aggregators scrape competitors sites to find betting lines. They do it so much that it causes a denial of service and pushes consumers to their own site.

    Airline Bots –  Airline bots are scraping for the best deals and looking to undercut competitors.  I guess you could say these bots are searching for the best deals for you.

    E-commerce – Bad bots run rampant on e-commerce sites testing fraudulent cards, attempting account takeover, price scraping – you name it and the bots are on it.

    Account Takeover Attacks By Bad Bots Increase After Breaches

    Bad bots are increasingly being used to test out new breached credentials.  Distil Networks analyzed bad bot activity across sites before and after major breaches and made a startling discovery – bot activity significantly increased after the breach.

    The typical website sees account takeover attacks happen on average 2-3 times per month. But immediately following a breach, the increase in the number of account takeover attacks is 3 times the norm.

    How To Keep Bad Bots From Hitting You With Theft and Fraud

    Distil Networks recommends 9 things you can do to stop these bad bots in their tracks

    • Block Outdated Browsers and Agents  – If you see someone accessing your site from a browser from 1999, it’s probably a bot and not a real person. Go ahead and block it.
    • Block Proxy or Hosting Services –  If you see someone accessing from Digital Ocean, OVH Hosting, Amazon.com, Choopa LLC or Gigenet, it’s probably a bad bot.
    • Protect Bad Bot Access Points – Be sure to protect exposed APIs and mobile apps—not just your website—and share blocking information between systems wherever possible.
    • Evaluate Traffic Sources – Evaluate traffic sources with high bounce rates, it’s probably a bad bot.
    • Investigate Traffic Spikes – If you see a big spike in traffic, it is likely a bot hitting your site.
    • Monitor Failed Logins – Brute force failed logins are a key red flag that bots are hitting your system trying to find a door in.
    • Monitor Increased Failed Validation of Gift Cards -An increase in failures, or even traffic, to gift card validation pages can be a signal that bots such as GiftGhostBot are attempting to steal gift card balances.
    • Watch Public Data Breaches – They often precede large-scale bot attacks as those new credentials are being tested.
    • Evaluate a Bot Mitigation System – Such as those offered by Distil Networks.

    Thanks for reading the blog.  Watch out for those Bad Bots. They are taking over the world.

  • 6 Reasons Why P2P Fraud is A Big Big Deal

    6 Reasons Why P2P Fraud is A Big Big Deal

    Person to Person Payments (P2P) is blazing hot!   It is without a doubt the hottest trend in banking as apps like Venmo and Zelle boast millions of new users monthly.

    But it also happens to be the hottest fraud trend as well, as cybercriminals and scammers rush in to take advantage of instant payoff as they steal from banks and consumers.

    As these P2P payment volumes soar, so does the fraud.   This year, P2P fraud losses will be at their highest level ever as these apps become more ubiquitous.

    It’s a problem that  Maryann Miller, Fraud Executive at Actimize, has warned banks about for years.

    As payment speeds increase, fraud increases.  It’s just that simple.”, Maryann indicated, “You can’t underestimate how quickly and completely fraudsters will attack real-time payments.  They are not just going to attack the payment product itself, but everything else in the environment including registration, authentication, loading bank information or any loophole they can find. When they find it, they’ll hit it continuously until discovered.  Product managers need to be vigilant when they launch these products

    I tend to agree with Maryann. You have to consider the consequences of fraud any time you launch a new product – particularly when that product is instant payments!

    Here are 6 reasons why I think P2P fraud is a big deal and how banks can get serious about stopping the risk.

    #1 Reason –  Because Fraud Rates Are High

    Losses from P2P payments like Venmo and Zelle have higher rates of third-party fraud than most other fraud types.  Fraud rates can range from as low as 10 basis points to 100 basis points or more.

    When compared to credit card average fraud rates, that is between 5-8 times higher.  

    #2 Reason- Because The Volume of P2P is Growing Rapidly

    P2P payments are outpacing just about every other payment method available.  They are growing so fast in fact that many people project they will eliminate cash!  Hopefully they will at least eliminate the check.  Then we could all cheer loudly.

    Take a look at the supercharged growth of Venmo which has increased 900% over the last 2 years.  It’s a massive success no matter how you look at it.

    #3 Reason- Because High Volume and High Fraud Rates = Big Losses

    When you couple the high volumes of P2P with the high fraud rates of fraud on those payments, banks can expect to lose a billion of dollars in losses each year.   Yes, you read that correctly – billions with a “B”

    If we assume a conservative 35 basis points of loss on P2P payments, annual losses from P2P payments will close in on 1 Billion Dollars.  Keep in mind that this does not include money consumers lose from scams which is a whole other category of losses.

    #4 Reason –  Because Fraudsters Like it More than ACH or Wire.

    P2P fraud will only grow because it is ideal for a fraudster.  They can get their cash instantly to anyone, anywhere.   Unlike ACH which might take a day and unlike Wire Transfers which are often manually reviewed or require multiple verifications to complete.

    P2P fraud is the ideal way for fraudsters to get paid so they are going to stick with it for a long time.

    #5 Reason – Because Fraudsters Can Monetize Breached Information

    It always comes back to cash money.  Follow the cash money and you find the fraud. P2P payment options are breathing new life into monetizing breached data.  When card issuers implemented Chip Card, it reduced one source of revenue for fraudsters – trafficking skimmed card details.

    Now those fraudsters are trafficking stolen credentials, passwords and all the other identifying keys that can be used to penetrate consumers banking account information.  And that information is fueling a huge increase in account takeover in 2017.   Javelin reported that Account Takeover losses have reached historic highs after the implementation of Chip in the US.

     Account takeover tripled over the past year, reaching a four-year high. Total ATO losses reached $5.1 billion, a 120 percent increase from 2016.  Javelin Research

    #6 Reason -Because Consumers and Banks Are Still Trying to Figure it All Out

    Zelle has been a fantastic success story for banks. Banks were able to provide instant P2P services to all of their customers and thanks to Zelle they could be assured that most people they were sending money too were also on the Zelle network.

    This provided a nearly instant rollout to tens and millions of banking customers overnight.  That also created its own headaches as you can imagine.

    As an example, many consumers may not even be aware that Zelle is enabled on their bank accounts or how they should use it.  Those unsavvy customers are prime victims for scammers who may convince them to send Zelle transfers after passing a bad check to the customer that will bounce.  Or still, others may convince customers to accept a Zelle payment made from a fraudulent account as payment.  Once they receive the merchandise, the Zelle payment is reversed and the customer is left holding the bag.

    Banks, on the other hand, are trying to figure it out as well.  And its a race against time.  Banks have to figure out very quickly how to identify and stop a tsunami of fraud attacks in seconds.  And that is not an easy thing to do.

    How Banks  Can Bolster Their Defenses Against P2P Fraud

    I asked Maryann to give me a few recommendations for banks that want to bolster their defenses.

    She recommended some simple things banks can do to limit their exposure:

    1.  Use Daily Limits and Transaction Limits – Don’t go out the gate with high limits.  Start with low limits and increase them gradually as you learn the new payment schemes and customer patterns.
    2. Use Fraud Scores – Never underestimate the value of predictive scores in identifying patterns of fraud that are sometimes invisible to the human eye.  If you try to manage this fraud with rules only your going to have a rough time.
    3. Hold Suspect Payments Until They Can Be Verified – You have to have some interdiction with instant payments, otherwise, you’re going to get smoked by the fraudsters.  Build in a pause button on high-risk payments until a fraud investigator can review those payments.
    4. Educate Customers – Educate customers of how their new P2P apps work. Tell them when to use it and when not to use it.  Tell the customer what to in the event that their payment is delayed or stopped.  It’s going to take awhile for customers to come up to speed.
    5. Evaluate Your Authentication Approach– Look at how you are authenticating customers at each channel such as online and customer service center.  A fraudster is working 24/7 to penetrate the system so you have to have good controls up front.
    6. Leverage Digital Identity – Leverage digital identity (device ID, behavioral biometrics) in your authentication strategy but also use those data elements in your fraud score to better identify the trends and patterns in your high-risk monitoring.
    7. Establish Specialist Teams –  You need fraud specialist to monitor, block and release holds on high-risk transactions.  They should be specialist in identifying account takeover, phishing, and potential customer scams so you can reduce the impact on everyone.

    Some great ideas there.  Thanks for Reading!

  • Mortgage Fraud in China Is Out of Control

    Mortgage Fraud in China Is Out of Control

    There is a property binge in China and people are so afraid of missing out on the gold rush that they are lying on their applications.

    Since 2012, property prices have been on a tear as the economy has improved and the government has offered incentives to help people get into homes.

    They lowered down payment requirements in certain cities and cut the taxes to buy homes.

    That has fueled speculators, investors and anxious buyers who all are vying for the same properties.

    The prices just keep going up and the statistics are mind-boggling.

    • China home prices have more than tripled from 2000 to 2015
    • In 2016 home prices rose 12.4% on average
    • Some estimates say house prices have doubled in major cities in the past two years
    • 33 cities have price appreciation of over 45% in 2016 alone.

    50% of Property Sales Have Some Type of Fraud

    In China, mortgage fraud is not called fraud or even misrepresentation – instead, they refer to it as “repackaging” to make it look good.

    Income Fraud is Rampant

    In China, banks allow buyers to extend their debt to income ratios to over 50%.  This creates massive affordability issues and many borrowers make less than in income than their mortgage payments.

    As a result, borrowers misrepresent their income by 300% or more and produce fraudulent income certificates from their “employers” to support the exaggerated income.

    Banks rarely check income documents even when they are provided in the loan documents.

    Multiple Contracts Fraud To Hide Fraudulent Down Payments

    In China, borrowers must put down 30% of the purchase price to get a loan with a bank.  This has resulted in multiple mortgage contract fraud where the seller and buyer draw up multiple closing contracts – a real one and fake one to fool the bank.

    Fraudulent Appraisals and Coaching from Real Estate Agents.

    Anxious to keep the bubble going as they make record profits, industry insiders are helping borrowers game the system.

    Appraisers and real estate agents report that industry insiders are regularly gaming the system by inflating the values of the homes, coaching borrowers on how to manipulate their income and helping the buyers and sellers draw up multiple contracts.

    A property investor surnamed Fu, who declined to give his full name because he was admitting criminal behavior, told Reuters that 20,000 yuan (about $3,000) in a traditional red gift envelope was enough for a valuation company to inflate the price of the apartment he wanted to buy in Shenzhen by 40 percent.   Reuters

    Everyones Doing It

    Property real estate agents indicate that everyone is doing it.  In interviews with 12 real estate agents all had admitted to helping borrowers commit fraud.  Another indicated that 50% of mortgage deals involve fraud.

    When everyone is doing it, it’s hard to arrest everyone.

    It Resembles the Housing Crisis in the US

    For many, the Chinese housing market and fraud bubble resemble the mortgage crisis that began here in the US in 2007.    From 1999 through 2007 the US housing prices increased dramatically.

    That 8-year cycle seems very similar to what is currently happening in China now.  As housing prices in the US increased lenders loosened their standards, appraisers fraudulently inflated values, and both mortgage brokers and borrowers just about lied on everything on their applications.

    It Will Crumble Soon

    There are indications that the bubble will burst soon.  The overheated market is not sustainable and with so many of the deals involving fraud, the crash will have a devistating impact on the economy.

    Borrowers are essentially using banks money to speculate on the housing market.  That is gambling and that never works out.

    Thanks for Reading!

  • Shifting Sands – Fraud Report Reveals Changing Landscape

    Shifting Sands – Fraud Report Reveals Changing Landscape

    Idology,  an Identity Verification Company, has released their 5th Annual Fraud Report which reveals the shifting landscape of fraud over the past year.

    Like sand, fraud is always changing, always moving to the path of least resistance.  And that was even truer this year as fraudsters escalated the cat and mouse game with more data breaches countered by higher investment in fraud technologies by providers than ever before.

    The report was based on a survey of fraud practitioners from across industries and companies.  Their collective insights were captured in their latest report which you can find here – Report.

    Here are the 4 biggest changes in fraud for 2017.

    #1 – Most Fraud Experts Say Fraud is Rising in 2017

    67% of fraud experts believe fraud is rising in 2017.  While that may not sound too surprising given what we all know, it is over 60% higher than last year where many experts believed fraud losses were flat for the year.

    The trend of rising fraud is real people.

    #2  First Party Fraud and Synthetic Identity Are Biggest Pain Points

    Fraud experts believe that they are least capable of dealing with the new flood of first-party fraud and synthetic identity cases.  In fact, when surveyed, 58% of the companies were “very worried” or “extremely worried” about the problem of synthetic identity.

    And they should be.  I wrote last month about the rising tide of companies masquerading as credit repair specialist, that were actually acting as synthetic identity farms.

    #3 – Mobile Fraud is On the Rise

    Until recently, mobile fraud seemed like something to worry about in the future.  Mobile phones were relatively safe as fraudsters and hackers focused on perpetrating their schemes mostly through peoples desktop computers.

    But that has changed in 2017.   54% of companies advised that they have experienced increases in mobile fraud this year.  Device cloning is the most common tactic used to perpetuate the fraud schemes that are on the rise.

    #4  The Emergence of Social Engineering as a Significant Threat

    Fraudsters are going after call center employees in a big way.  They are contacting call centers and using social engineering techniques to con employees into changing addresses, changing passwords, revealing PIN numbers or sending new cards or checks to fraudulent mail drops.

    40% of businesses are reporting increases in social engineering fraud through the call centers.

    Data breaches and social media often give criminals all the information they need to make a social engineering attack successful. Social engineering relies heavily on human interaction, and in the case of contact centers typically involves manipulating a well-meaning customer service rep into breaking normal security procedures. In fact, 69% of organizations reported that social engineering was a technique frequently used by fraudsters in attacks on contact centers.  Idology

    Thanks for reading and hope you have  Great Thanksgiving!

  • Study Shows Lenders Have Highest Cost of Fraud

    Study Shows Lenders Have Highest Cost of Fraud

    The lending industry has a higher cost of fraud than any other industry; that includes auto lenders, mortgage lenders, digital lenders and bank lenders.

    In their 2017 True Cost of Fraud study, LexisNexis interviewed 1,196 executives across hundreds of e-commerce merchants, banks and lenders and determined that lenders spent $2.82 in cost, fees, and interest for every dollar of fraud loss incurred.

    Digital Lenders are the hardest hit and incur costs of close to $3.07 for every dollar in fraud.

    Cost of Fraud Goes Beyond Losses

    For every $1 of fraud costs an organization experience between $2.82  to $3.07 dollars– that means that fraud costs them more than roughly 2 1⁄2 times the actual loss itself.

    Those cost beyond fraud include; the cost of tools, the cost of fraud personnel, the cost of fraud detection, recovery, reporting, and investigations.

    If one made the mistake to think that lowering the cost of fighting fraud would lower their overall fraud budget, they would be sadly mistaken.  LexisNexis further determined that those companies that spent more on fraud and layered more tools to fight fraud a variety of ways had overall lower losses and cost that did not spend the money.

    An ounce of prevention is worth a pound of cure.

    Fraud Attempts are High In Lending

    Digital Lending has the highest fraud attempts of almost any of the fraud channels.  In fact, LexisNexis determined that approximately 36% of lending applications were fraudulent.

    Lending firms which layer solutions,  experience fewer issues and cost of fraud.

    Retailers, eCommerce merchants, and financial services & lending firms which layer solutions by identity and fraud transaction solutions experience fewer issues and cost of fraud.

    • They detect more fraud and have few successful attempts
    • They have fewer manual reviews
    • Their overall cost of fraud is less as they have far fewer losses.

     

  • Mortgage Fraud Hits 82 Basis Points of Fraud Loss

    Mortgage Fraud Hits 82 Basis Points of Fraud Loss

    CoreLogic released their latest Mortgage Fraud estimate and determined that a whopping 82 basis points of applications contain some indication of fraud.

    That’s surprising, considering just how diligent mortgage lenders are in verifying and scrutinizing just about every piece of information that a borrower files to get a mortgage.

    How come borrowers continue to lie on their mortgage applications even when lenders are likely to discover it?

    The biggest drivers of the increase in fraud according to CoreLogic where misrepresentations related to occupancy, income and transaction fraud.

    With home values soaring, more borrowers are trying to finance investment properties by claiming that they are owner-occupied.   As values of the homes increase, investors will flood the market trying to capitalize on flipping and other schemes.

    And it doesn’t appear that the increase in fraud due to soaring home values is going to slow anytime soon.  Bridget Berg, a highly respected expert in Mortgage Fraud expert advises that Home Equity Fraud may be the next shoe to drop.

    This past year we saw a relatively large increase in the CoreLogic National Mortgage Application Fraud Index,” said Bridget Berg, principal for fraud solutions at CoreLogic. “If the factors that influenced the increase continue, including a shift to purchase transactions and growing wholesale-channel origination activity, it is likely that mortgage application fraud risk will continue to rise as well. Fraud on cash-out refinance transactions and home equity loans may become more of a factor in the coming years as home values and equity rise.”

    Why is Mortgage Fraud So Hard to Detect?

    Mortgage Fraud is notoriously difficult to detect.  With advances in technology and the payoff for fraud being so high, fraudsters and unscrupulous borrowers are able to perpetuate their schemes under the radar.

    Bridget Berg wrote an interesting article which originally appeared here – 5 Reasons Why Mortgage Fraud is So Hard to Detect.

    Mortgage fraud is a relatively rare event.

    Less than 1 percent of mortgage applications have material misrepresentations.   That makes finding the fraud hard.   But even though it is rare, it is costly and lenders can lose hundreds of thousands of dollars everytime it does.

    Many mortgage frauds are undetected

    In a strong economy with home prices appreciating, borrowers who committed fraud-for-property can probably stay current on their loans.   As homes appreciate the borrowers can take out home equity loans to improve the property to increase the value or take out cash to continue to make the monthly payments that they could not afford in the first place.

    Mortgage fraud is Cyclical

    Bridget Berg indicates that falsified down payment sources, inflated income, and straw buyers were some of the more common issues leading up to the housing crisis. In the aftermath of millions of foreclosures, fraudsters shifted to loss mitigation fraud, such as short sale schemes, REO bid rigging, and loan modification scams. Fraud moves with the market and current opportunity.

    No one likes to air their dirty laundry

    When fraud is an “inside job,” financial institutions are very cautious about disseminating information about operational fraud issues.   Because of this egregious frauds may go unreported and that leads to further losses down the line.

    The lag between fraud activity and its discovery can be lengthy

    Other types of consumer fraud tend to be “fast-moving.” Stolen credit cards are almost always used immediately. Check kiting is usually discovered in a matter of days. Since most mortgage fraud is “first party fraud” it may go unreported for months and even years.  This lag in discovery means that mortgage lenders can be slow to respond to the latest fraud schemes until years later.

    The Gap Between Activity and Reporting in Mortgage is Large

  • ATM Compromises And Debit Card Fraud Are Spiking

    ATM Compromises And Debit Card Fraud Are Spiking

    EMV is almost fully rolled out here in the US but that doesn’t appear to be helping Debit Cards much – at least at ATM machines.

    Fico this week reported  Compromises of ATMs and point-of-sale (POS) devices in the US rose 21 percent in the first six months of 2017, compared to the same period in 2016.

    This spells bad news for banks as Debit Cards became the primary targets of fraudsters.  FICO reports that due to those ATM compromises, there were close to 40% more debit cards compromised.

    The rate of fraud pattern changes has accelerated in the last 24 months, requiring us to continuously adapt our predictive analytics to stay on top of this criminal behavior,” said TJ Horan, vice president, who oversees FICO’s fraud solutions.

    To curb the rise in fraud, FICO has built new Artificial Intelligence features into their platform to detect exactly this type of fraud.

    7 Ways to Protect Yourself From ATM Fraud

    FICO offered 7 ways that you can protect yourself from ATM Fraud.  These are pretty good recommendations

    1. If an ATM looks odd, or your card doesn’t enter the machine smoothly, consider going somewhere else for your cash.
    2. Never approach an ATM if anyone is lingering nearby. Never engage in conversations with others around an ATM. Remain in your automobile until other ATM users have left the ATM.
    3. If your plastic card is captured inside of an ATM, call your card issuer immediately to report it. Sometimes you may think that your card was captured by the ATM when in reality it was later retrieved by a criminal who staged its capture. Either way, you will need to arrange for a replacement card as soon as possible.
    4. Ask your card issuer for a new card number if you suspect that your payment card may have been compromised at a merchant, restaurant or ATM. It’s important to change both your card number and your PIN whenever you experience a potential theft of your personal information.
    5. Check your card transactions frequently, using online banking and your monthly statement.
    6. Ask your card provider if they offer account alert technology that will deliver SMS text communications or emails to you in the event that fraudulent activity is suspected on your payment card.
    7. Update your address and cell phone information for every card you have, so that you can be reached if there is ever a critical situation that requires your immediate attention.

    Thanks for Reading!

  • Card Not Present Fraud Reaches 78% in Australia

    Card Not Present Fraud Reaches 78% in Australia

    The Australian Payments Net reports that online credit card fraud has doubled in the space of just six years.

    Card not present fraud has soared to over $471 in Australia last year accounting for 78% of the $534 Million that occurred.

    This is not the first year that online fraud has been on the rise.  CNP fraud in Australia has been increasing year over year since 2006 and it is driving the overall growth rate of Australian card fraud higher each year.

    Chip Cards Have Pushed Fraud Online

    The growth in online fraud follows a trend that most of the rest of the world is experiencing as well – the push online.

    Since EMV cards were issued in Australia in 2006, it has made counterfeiting infinitely harder for criminals so they have pushed their fraud schemes to target online merchants which cannot leverage the technology which proves a card is real.

    Ghost Terminals Drive Counterfeit Up Slightly

    The trend of counterfeit has decreased in Australia but the emergence of Ghost Terminals have caused increases in skimming fraud.

    Ghost Terminals are POS devices that appear to be legitimate. When the consumer slides their card through the terminal however it is not connected to the network and it is used to skim details from the consumers card.

    Card Fraud is Lower Than Others But Still High

    Australian issuers have managed to keep fraud rates lower than other regions in the world but losses are still creeping up.

    Card fraud rates crept past 7 basis points in 2016 and appear to be heading towards 8 basis points for 2017 which puts them on par with US issuers who are just beginning to experience drops in fraud due to the implementation of EMV cards.

    Thanks for reading, Have a Great Day!

  • Scams Fueling Higher Check Fraud Rates For Banks

    Scams Fueling Higher Check Fraud Rates For Banks

    Check use is declining.  Each year, use of checks declines about 5% and last year, that number fell to about 17 billion checks here in the US.

    By comparison, Americans use their debit cards now about 70 billion times a year – about 4 times as often as they write checks. In fact, Checks are the only non-cash form of payment that is in a free-fall.

    With Check use declining, many have assumed check fraud will fall and become negligible.  But that hasn’t happened. In fact, annual check fraud losses have been relatively flat over the last 10 years- even while valid check use has tumbled.

    Annual Check Fraud Losses

    Check fraud still remains one of the highest losses for banks each month. The ABA estimates that approximately $7 Billion in forged, counterfeit and lost and stolen checks were processed through banks in 2015.

    In 2003, Check Fraud was estimated to be $5 billion dollars when the number of checks written was over 40 billion – which is over twice the number of checks written last year.

    So why has the rate of fraud grown so rapidly in a period when check use has declined so dramatically?

    Check fraud losses remain one of the key pain points for banks even has check use declines.

    Scams are Fueling Check Fraud, Even While Use Declines

    To understand why check fraud has risen, you need to look no further than scams.  Scams against Americans have risen dramatically as more people join the digital revolution.    If you want to read about the Top Scams you can do that here.

    And nothing lets the fraudsters scam consumers better than fake money orders, fake cashiers checks, fake personal checks and fake corporate or business checks.  They use checks to scam billions from Americans each year.

    Long Float Times Enable Scammers to Take Advantage

    Checks can take days to clear a bank.  And during that time that it takes a check to settle, scammers can defraud consumers for thousands of dollars.

    You see, most of the scams work like this, where scammers con consumers to deposit checks into their accounts and then withdraw money for them.

    • Scammer Contacts Consumer with Offer Too Good to Be True –  Scammers will contact a consumer with an offer too good to be true.  (Big lottery win, a dream job of working from home making thousands of dollars a week, an offer to buy something for a sweet price).
    • The Scammer Sends A Check –  After the scammer gets the consumer to take the bait, they send a check – often a cashiers check or certified check.
    • The Consumer Deposits the Check – The consumer deposits the check into their account and it seemingly clears for them to use (because the scammers keep the amounts low enough that banks often let the checks clear without collecting funds)
    • The Scammer Ask for Money Back –   The scammer then makes up some complex story of why they need some money back from the check.  The consumer sends wire transfers of gift cards to the scammer.
    • The Check Bounces –  The check inevitably bounces and the consumer is left with thousands of dollars in overdrafts and fines on their checking account.

    This scam repeats itself over and over again through a variety of fraud schemes;  Ebay buyer scams, Lotto Scams, Secret Shopper Scams, Romance Scams and many others.   The proliferation of these scams and growth in their frequency means that we can continue to expect high check fraud losses for many years to come.

    Banks Have Not Invested Nearly Enough in Check Fraud Solutions

    Year after year check fraud solutions become increasingly antiquated as banks fail to make investments to improve those systems.   Banks are hesitant to make investments in an area that they see a limited runway of time.  As check use declines, Banks feel that their exposure will reduce over time.

    But that is not the case, in fact on a rate basis, check fraud is increasing as check use declines. Fraudsters and scammers take advantage of this failure to invest in modern solutions and bilk consumers and the banks themselves out of billions of dollars.

    At some point it will become important to banks to evaluate their check fraud strategies and make investments in new technologies, models and solutions that an help better detect these losses which force millions of consumers to lose money each year.

    I hope you enjoyed the article, would love to hear your thoughts.

  • Synthetic Identity Fraud Rate Doubles

    Synthetic Identity Fraud Rate Doubles

    A new study by ID Analytics finds that a special form of identity theft called “Synthetic Identity Fraud” has doubled in size since 2011.

    In a press release today, IDAnalytics announced that since the randomization of social security numbers (SSNs) in 2011, the number of new SSNs appearing on applications within their ID Network more than doubled.

    The randomization of SSN’s made it harder for banks, lenders and finance companies to verify that an SSN was issued around the time of the borrower’s birth.   Since randomization essentially made these algorithms and flags meaningless, the fraudsters took advantage.

    It’s another case of fraudsters changing behavior to adjust to new rules designed to prevent fraud in the first place.

    ID Analytics Identified 3 Types of Synthetic Identities

    ID Analytics identified 3 primary types of synthetic identities in their study.

    • Traditional Synthetics: One of the earliest forms of synthetic fraud. Fraudsters create these synthetic identities using valid information taken from multiple real consumer victims – most importantly a real, stolen SSN – and combine the information to create a single fake identity. For example, the synthetic might have a real, “shippable” address and a valid SSN, but the SSN, name, and date of birth combination do not match with any one person.
    • Manipulated Synthetics: Synthetic identities based on the applicant’s real identity where only the SSN is changed. These are used by individuals to avoid their past history and gain access to credit. They are true consumers, rather than career criminals, but still, pose a risk to lenders.
    • Manufactured Synthetics: A new form of synthetic fraud that remains unsolved. These are synthetic identities composed of invalid information including SSNs which fraudsters choose from the same range of numbers the SSA now uses to randomly issue SSNs, making them impossible to identify as invalid with current techniques. The personally identifiable information (PII) used to create the account does not belong to any known consumers. Fraudsters cultivate the identities, developing credit histories over time—initially appearing as new-to-credit consumers. They can operate for years undetected before they max out their credit lines and disappear without a trace.

    Features of Synthetic Identity Within The Network

    ID Analytics reviewed the patterns of synthetic identities and compared it to traditional identity theft with a social security number and found some marked differences.

    Synthetic identities tended to not have any other matching PII information, they did not appear on traditional credit bureaus and the applicants appeared to be much younger.

    Download the WhitePaper

    I downloaded and read the entire white paper.  I found it fascinating with some compelling analysis of this growing fraud trend.   I consider ID Analytics the leader in the industry in this space and they offer the most insight into these types of trends and patterns in identity fraud.

    You can download the whitepaper here – Changing Pattern of Synthetic Identity Fraud.

  • Are CyberAttacks as Harmful as Hurricanes?

    Are CyberAttacks as Harmful as Hurricanes?

    In 2012, one of the deadliest and most destructive hurricanes hit the Atlantic coast -Hurricane Sandy.  Hurricane Sandy caused widespread destruction in both lives and its financial impact.

    But man made disasters, may cause more damage than natural ones.

    In a recent press release, Lloyds of London estimated that a global cyber attack could result in losses between $58 billion and $108 million which puts their destructive force on par with hurricanes such as Sandy or even Hurricane Katrina.

    Insurers struggle to understand the financial impact of cyber threats because there simply is not much history there.   Since Lloyds of London provides billions of dollars in cybersecurity insurance, they undertook this study to determine how much they could be on the hook for if there was a global cyber attack.

    “Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Lloyd’s of London Chief Executive Inga Beale told Reuters.

    The Two Most Likely Global Cyber Attacks

    There are 2 cyber attacks that Lloyds predicts will likely occur:

    • Cloud service outages and disruption: In this scenario, Hacktivist target cloud storage companies to protest the environmental impact of those businesses.  In this event, the extremely targeted cyber attacks can impact millions of consumers and business and cause $58 billion or more in damages
    • Human error causes zero-day to fall into the wrong hands: In the second scenario, human error results in zero day documentation finding it’s way into bad actors hands.  They use the data to impact 45% of the population’s use of key mission critical systems. Cyence calculated that a cyber scenario of this scale could cause estimated losses totaling $28.7 billion.

    Wanna Cry Caused $8 Billion in Damage Alone

    Last month, over 100 countries were targeted in one of the first global cyber attacks in history – an ominous sign of things to come.

    At the end of the day, the Wanna Cry virus didn’t get the criminals much but it certainly did cause major damage to hardware, software and lost time.

    The estimate of this relatively short-term attack was estimated at $8 billion.  We are entering a new realm of global cyber attacks where Lloyds analysis is certainly in the ball park.

    Up to 50% of Damage Will Not Be Insured Which Could Be Devastating to Companies

    Think that the insurance companies will have to eat all of the losses caused by a cyber attack? Think again.

    Up to 50% of companies don’t have enough cyber insurance to cover themselves from all the economic damage of a global cyber attack.

    Lloyds analysis indicates that most companies may be grossly under-insured in the area of their cyber insurance policies which places them at extreme risk.

  • Top 10 Fraud Scams for 2017 By Losses

    Top 10 Fraud Scams for 2017 By Losses

    The 2016 Internet Crimes Report has just been released and it provides eye-opening analysis of how you might become a victim of fraud.

    Each year the FBI compiles statistics on all internet crimes reported by Americans and creates the Internet Crimes Report.  It is the best indication of how Americans are being conned by crooks, thieves, and liars.

    As you can see, Americans are being ripped off more now, than ever before.  This is yet another proof point that fraud is continuing it’s epic rise upward as the world becomes more connected on the internet.

    #1 Fraud- CEO Email Compromise

    Losses – $360 Million (Fastest Growing Fraud)

    CEO Email Compromise is a scam targeting businesses but also consumers as well. These sophisticated scams are carried out by fraudsters compromising executives email accounts through social engineering and then requesting fraudulent wire transfers to foreign companies.

    You can read this story here about Leoni AG who was scammed out of $44 million dollars through this scheme.

    #2 – Romance Fraud

    Losses – $219 Million

    What people won’t do for love.  And fraudsters know it.  Groups operating out of Nigeria and other foreign countries are scamming Americans of hundreds of millions of dollars.  You can read a story about Amy – She was scammed by a clever fraudster out of Nigeria and lost $300,000 life savings.  She met him on Match.com.

    If you answer yes to these questions from RomanceScams.org, you might be a victim.

    #3 – Non-Payment or Non-Delivery of Merchandise

    Losses – $138 Million

    Internet auction sites like Ebay are fueling the rise of non-payment or non-delivery of goods.   Unsuspecting buyers are sellers are often conned into paying money or shipping goods while the other party are just clever scammers.

    Facebook marketplace launched last year and already is taken off as a hotbed of fraud and scams. And thanks to all the new payment options that make getting and receiving money nearly instantaneously.  This type of fraud is only guaranteed to grow exponentially over the next few years.

    #4 Investment Fraud Scams

    Losses – $123 Million

    If something is too good to be true, it often is.  Scammy get rich quick schemes are alive and well on the internet and reeking havoc with good honest Americans.  Read Steve’s story of how this kind elderly man lost over $200,000 to investment scammers on the internet.

    # 5 – Corporate Data Breach

    Losses – $95 Million

    Corporate Data Breaches have also reached their worst point in history.   There were 1,792 data breaches totaling over 1.4 Billion records.  That was an 86% increase over 2015 and it helped to fuel the rising tide of fraud in all categories.

    # 6 – Advance Fee Scams

    Losses – $60 Million

    If you have ever received a fax, a letter or email advising that you might receive a windfall of money if you pay “taxes” or an “application fee” you have likely been a victim of advance fee fraud.  By promising something too good to be true to the victim in return for a relatively small amount of money, fraudsters were able to collect over $60 million in stolen funds from American consumers.

    # 7 – Personal Data Breach

    Losses – $59 Million 

    Consumers were just as likely to become victims as data breaches as corporations.  In fact, many times consumers are even more likely as they have less protections over their personal data which may reside on DropBox or Google Drive with flimsy passwords.

    # 8 – Identity Theft

    Losses – $58 Million

    The FBI numbers appear to susbtantially underestimate this type of fraud which by all indications is growing each and every year as data breaches become more and more commonplace.

    # 9 – Civil Matters

    Losses – $57 Million

    If you think you cannot be scammed by someone you love or a family member, think again. One of the top reported matters to the FBI is being scammed by a relative or family member.  In many cases, these matters cannot be pursued criminally so the FBI refers to them as “Civil Matters.”

    # 10 – 419 Scam

    Losses – $56 Million

    The 419 scam is another variant of advance fee scams but is referred to as the 419 scam as it often originates out of Nigeria.  This type of scam has been around for years and yet it still manages to work.  Thousands of Americans still get scammed by these fraudsters out of Nigeria.

    Well, there are your Top 10 Fraud Scams for 2017.  Thanks for Reading!

  • UK Fraud Reports Hit Highest Levels Recorded

    UK Fraud Reports Hit Highest Levels Recorded

    Fraud is not going down anytime soon. In fact, fraud seems to be increasing year over year across all regions and most fraud types.

    CIFAS just released their Fraud Report for 2017 which you can find here – CIFAS Fraud 2017 Report.

    Fraud is up another 1.2%, over an already historic level of fraud reported fraud last year. Are the fraudsters winning the War on Fraud?

    The CIFAS findings are significant and reliable because the data is compiled from over 350,000 fraud reports originating from hundreds of banks.  CIFAS collects data into two big data sets – The National Fraud Database and an Internal Fraud Database which is the worlds only dedicated internal fraud database of its kind.

    66% of Fraud is now Online

    Most fraud is originating over the internet in the UK and it remains the fastest growing segment. Interestingly 88% of identity theft cases are originating online.

    But not all fast rising frauds are occurring only. For “Facilities Fraud” which we call Account Takeover here in the US, fraudsters appear to use a more old fashioned route and use social engineering to con call center employees to giving them carte blanche to other people’s accounts.

    And it appears to be working as Facility Fraud increased another 45% in 2016.   The rise in account takeover appears to be fueling a rise in mules and mule accounts which are used to siphon out funds from legitimate customers accounts.

    Asset Conversion Fraud is on the Rise

    Asset conversion is not a very large fraud with less than 400 reports total.   Asset Conversion Fraud is the unlawful sale of an asset subject to a credit agreement – for example, a car bought on finance and sold on before it has been paid off.

    Asset conversion fraud increased by close to 50% in the UK last year and it is a fraud to keep your eye on. We watch auto fraud carefully here in the US which has been steadily climbing for awhile.

    Internal Fraud Is Decreasing

    CIFAS is reporting lower levels of internal fraud this year.   With the exception of Employment Application Fraud, reported fraud was lower in every segment.

    While this is good news, it’s hard to tell if internal fraud is in fact decreasing or if the reports are decreasing.  CIFAS requires members to advise that they would be willing to prosecute before they can place an employee name on their negative file.

    Discovery of internal fraud cases however might be helped thanks to better control and monitoring programs.

    CIFAS reports that close to 50% of internal fraud cases in the UK are being proactively detected by internal control and audit functions.

  • Auto Loan Fraud – 1 in 5 May Contain Fraud

    Auto Loan Fraud – 1 in 5 May Contain Fraud

    UBS published a new study which indicates that an astounding 1 in 5 borrowers admitted that their auto loan applications could contain inaccuracies.  This spells bad news for lenders that rely on application information to be factual in order to approve loans.  In fact, UBS was so concerned that they indicated that “something is going on under the hood, it’s not just smoke and mirrors anymore.”

    Unless a lender can validate information against borrowers paystubs or IRS records, if a borrower claims to make $25,000 a year on their application,   they can do little else but take the borrowers word at face value.

    But shady fraudsters can often manipulate pay-stubs to make them look genuine and fool lenders.    This high rate of potentially fraudulent activity on loan applications creates a big dilemma for lenders.

    1 in 5 is Far Higher Than Other Data Points

    Most data out there suggests that auto lending misrepresentation might be far less than 1 in 5, in fact, it might be closer to 1 in 100 or 1 in 200 depending upon a given lender’s portfolio.

    The difference could mean that many borrowers that lie are actually motivated to keep the car and continue making payments.  “Fraud for Car” is a common term that applies to these folks.  Their intention is not to defraud a dealer or lender, but rather just to get the car.

    The problem is that consumers may not realize that lenders and dealers have guidelines which can actually protect them from over-extending themselves and getting into a car they simply cannot afford.  If a borrower fudges their income, they may be piling on too much debt that they might not be able to pay back.

    You Can’t Use Credit Risk Tools to Fight Fraud

    As PointPredictive and UBS rightly points out in the study there tends to be an over-reliance on credit scores and certain borrowers may have found ways to game those credit scores.

    The study found that average credit scores in the US have been steadily rising, however, loan terms and programs have been growing increasingly risky.  They felt that there has been an over-reliance on the credit score alone in determining risk.  Mitigating factors may have more than eroded the benefit that increasing average credit scores provided the auto lending industry.

    “Everything but credit scores have been eased in lender underwriting,” Mish said. “Loan terms are stretched out, interest rates are aggressive, but there may be an over-reliance on credit scores, and that’s the danger.”

    We pointed out this fact months ago in I detailed it on FrankonFraud in this post – Can You Fight Fraud with Credit Scores?

    $6 Billion in Fraud for 2017

    And fraud losses are rising.  As the market begins to turn, fraud is becoming a bigger concern.  And for good reason.  PointPredictive estimates auto lending fraud will hit $6 billion in 2017.

    But those loss estimates were based on far fewer than 1 in 5 loans containing inaccuracies or misrepresentations.  If those numbers are correct, fraud could be substantially higher.

    If you want to read the full article – check it out here – UBS Study

  • Auto Lending Fraud Loss Trends

    Auto Lending Fraud Loss Trends

    Auto lending fraud has been getting more attention recently as losses begin to mount for some lenders.  As losses mount, lenders are beginning to look beyond credit risk strategies into fraud strategies which can target high-risk losses such as early payment default which can be caused by misrepresentation on the original application.

    Known Fraud and Unknown Fraud

    PointPredictive analyzed the trends of auto lending fraud growth over the last 10 years.

    Known Fraud – Some fraud is identified either before an auto loan is originated or shortly afterward when a borrower notifies the lender of identity theft or a lender discovers the fraud in their collections process

    Known fraud is more common than you might expect and is present on approximately 0.30% (30 basis points) of originated application volume.

    Unknown Fraud – Some fraud is never identified – not during the application process and not even after a loan has been funded and defaults. This fraud, in most cases, results in early or first payment default where the borrower never makes a payment on their loan after they walk out of the dealership.

    Data and investigative analysis of early payment default loans indicate that between 40% and 70% of those loans have significant misrepresentation on the original loan application which led to the financial loss.

    Losses are Reaching Highest Point in 10 Years in 2017

    Auto Lending fraud losses are reaching their highest point in the last 10 years.  The drive to higher fraud seems to be caused by several factors

    1. More active fraud ring activity with new schemes such as leveraging synthetic identities
    2. An increase in overall lending volumes and auto sales over the last year.
    3. An increase in lending volumes to higher risk, non-prime borrowers.
    4. An increase in fraud misrepresentations linked to early payment default as some dealers try to push bad loans to lenders.

    This graph indicates the trend of auto lending fraud losses in the last 10 years according to data analysis.

    It’s easy to see why lenders are concerned, fraud risks appear to be increasing steadily over the time period and reaching levels even higher than 2007 and 2008.

    Thanks for reading!

  • Facebook is Putting 33% of British At Risk of Fraud

    Facebook is Putting 33% of British At Risk of Fraud

    New research by  Equifax has found that 33% of people in the UK put their full name and date of birth on their social media profile page, and fraudsters are able to use that information to connect that information to the address.

    And why is this important?  Well, to put it simply, you only need 3 pieces of information to apply for a credit card, get a mortgage, or buy a new car – name, address and date of birth. Those are the primary elements that banks use to pull a credit check on you.

    Facebook has become a repository of publically available information that fraudsters are using to be able to commit identity theft by applying for credit in your name. Before  Facebook, it was substantially harder to get details such as a consumer’s date of birth, and so the fraudsters had a much harder time of it.

    The date of birth is a crucial part of identification as it’s the only detail that never changes. And once it’s posted online, it’s out there.  John Marsden Equifax

    Millennial’s Share Too Much

    The problem is substantially worse for young people.  Everyone loves waking up on their birthday and seeing all their friends post them a nice Birthday message.  To make sure people know your birthday so you can get those nice messages, Facebook makes you show your birthday.

    And Millenials apparently love those birthday messages more than most because over 50% of them share their date of birth on Facebook.  This places them at higher risk of identity theft.

    Protect Yourself

    How do you protect yourself.  It’s pretty simple.  Check your privacy settings.  Don’t share information with anyone outside your network and don’t share your date of birth on Facebook for crying out loud.

    Thanks for reading!

     

  • What The Swift Response to Fraud Tools Can Teach Us

    What The Swift Response to Fraud Tools Can Teach Us

    I read some good news this week. Swift announced the launch of a new payment screening service that will help small banks defend against fraud attempts on their network.  The service will place a red alert flag on Swift payment messages that contain signals of fraud and out of pattern behavior.

    The massive $1 Billion fraud attempt against Bank of Bangladesh where hackers made off with 81 million dollars in a few hours revealed weaknesses in the network.  Fraudsters were able to infiltrate the network and send out hundreds of fraudulent request for payment transfers.  The massive scheme was only revealed after someone noticed that one of the names in a transfer request was misspelled.  The fraud attack was a big wake-up call to Swift.

    But not initially.  At first, Swift pushed back and advised that member banks were responsible for their own security.  Even though they had visibility into the entire network, and that could prove useful, in detecting massively connected fraud schemes like the Bank of Bangladesh incident, they pushed it back to banks.

    Too Little, Too Late

    It was the biggest bank heist in history.  And it only will take Swift 2 years to put a fraud screening service in place to respond to it.    That is too little, too late.  But it also draws into focus, a fundamental flaw in the way companies approach fraud risk.  Most companies fail to invest in controls before fraud happens, only after.  And in many cases, they do so far too late.

    While Swift is now implementing better fraud controls, there are 3 big issues I see:

    1. They pushed responsibility for fraud control to others. (that never works)
    2. They didn’t respond fast enough to fraud (2 years to implement fraud controls)
    3. They didn’t realize small banks needed more help with security (they overestimated their customers, and underestimated the fraudsters)

    Swift could have learned much from both Visa and Mastercard who have been actively providing tools, consulting and transaction based alerts for 20 years to protect their big and small customers alike.

    New Security Controls Still Put Onus on Members

    Swift’s new security controls are in effect as of now.  The security controls require banks to set up multiple tiers of protection.  They will hire a team of auditors to go out to the field to make sure that banks are compliant.

    The See-Saw Effect

    Fraud experts, consultants, and analyst see it time and time again.   Organizations bury their heads in the sand and ignore the warnings of fraud that will come.

    “We have no losses.” the CEO says, “why would I invest in a fraud tool?  That would be a waste of money.”

    Then a big fraud case occurs, and the company sets up a high priority project and spends millions on fraud tools.  After the fraud risk subsides, the company believes they have fraud under control, and they stop investing.

    And the vicious cycle repeats itself.  This is called the See-Saw Effect.  Periods of rapid increases in fraud, followed by investment, followed by no investment, followed by rapid increases in fraud.  Up and down. Up and down. Up and down.

    The Only Cure is Institutional Memory

    As a consultant, I get to work with many banks.  In fact, I have been to the same banks over and over.  Sometimes, I find myself helping them solve the same problem I had tried to help them solve 10 years earlier.

    In many cases, companies forget their fraud woes of the past and fall into the same trap of non-investment in fraud tools, people, and processes during the good times.  They get lulled into a false sense of security and then they get hammered in fraud.

    The only cure for the see-saw effect is institutional memory and commitment to vigilance. Companies that remember their fraud pains of the past and pre-invest in fraud tools are better off.  Companies that spend money on tools they know will protect them even when the ROI is low can win.  There is always an ROI for that fraud tool you want.   You can simply wait for the ROI to become 100:1 when your losses are soaring, or you can invest when the ROI is modest and prevent that future fraud and all of the headache.

    Thanks for reading!