Here is a cool little informative video about why the social security is woefully ineffective in stopping fraud and identity theft.

I created this handy little Auto Loan Fraud Infographic to explain how auto lending fraud works and why criminals are so interested in it.

Why do fraudsters love committing fraud?  Because not only can they get the car for free, they can ship it to Asia and sell it 3 or 4 times the value that it is worth in the US.

Table of Auto Flip Prices for cars shipped to Asia (From Auto Finance News Article)

Auto Lending Fraud is a fraud dominated by systematic dealer fraud, fraud rings and early payment default.

With 2016 auto lending originations soaring to historically high levels, the downstream impacts are now revealing themselves in higher fraud losses. PointPredictive estimates the annual value of auto loan originations that contain some element of misrepresentation may be as high as $6 billion in 2017, which is twice as much as 2016 estimates.

Known and Unknown Fraud

Visa announced this week that counterfeit fraud is down 52% for 2016 at merchants that have deployed their Chip Card terminals.    The rapid adoption of Chip-enabled terminals at US merchants continued at an astonishing clip with over 1 million new merchants installing the terminals.

That raises the figure to over 1.8 million merchants accepting Chip cards that processed close to 1 billion Chip Card transactions.

That is great news and shows the power of Chip card in reducing counterfeit losses.  But it does raise questions.  For example, why is fraud only down 52% at merchants that have deployed Chip terminals?   I would have thought it would be far greater since it promised to virtually wipe out card-present counterfeit fraud.

Card Not Present However, Doubled

Counterfeit fraud is down.  That is the good news.  But the bad news is that dollar for dollar it looks like it all shifted to online fraud.

Online retailers are reporting massive increases in fraud rates for card not present transactions.

The Global Fraud Index published by Forter  shows a massive uptick in the level of online fraud losses.

From 2015 to 2016, fraudsters have been working overtime racking up more fraud attempts on a rate basis than we have seen for many years.  The Global Fraud Index shows a whopping 386% increase in dollars at risk per $100 of sales.

It’s a big game of whack a mole and you can drive fraud down in one place but it will just appear somewhere else.

First American released their latest Application Defect Index and their conclusion is that Mortgage Fraud Risk has increased 10% in the last year.

These results are remarkably consistent with CoreLogic’s Fraud Analysis which suggested that mortgage fraud had increased by 15% – I wrote about that here – CoreLogic Fraud Index.  CoreLogic believes that the fraud rate of mortgage applications is currently running at 70 basis points which given the lower application volumes would equate to about 10 billion in mortgage fraud expected for 2017.

Mark Fleming, Chief Economist for First American, points out that the defect analysis is primarily increasing due to a purchase-dominated market.  He also concludes though that the trend toward – Day 1 Certainty and use of automated verification tools will likely bring down the level of risk over 2017.

This month, the Loan Application Defect Index moved modestly higher on increases in risk for purchase and refinance applications, in combination with the continuing shift toward a purchase-dominated market,” said Mark Fleming, chief economist at First American. “One month’s change doesn’t necessarily signal a trend, but it bears watching to see if defect risk rises again next month. However, the prospect of rising loan application defect risk may be countered in 2017 by the market’s continued adoption of validation tools early in the loan application process, which create more certainty in application data.”

Mortgage Hot Spots

In addition to analyzing the trends of fraud, First American has identified hot spots in the country with the highest rate of application fraud risk.

Those can be seen here in these charts provided by First American – Loan Defect Analysis.

Mortgage Fraud Risk Reducing Since 2011

One of the more interesting insights from the report is just how much lower defect rates are since 2011.

The index clearly shows that fraud risk has reduced about 20% since 20111.  Remember the peak risk was in 2008 when the mortgage market meltdown occurred.  Fraud has reduced some 50% since that time.

CoreLogic released their latest mortgage application fraud index and they report that the mortgage index increased to 122 for the fourth quarter of 2016.

The trend shows increasing risk for the year overall; up from a National Index value of 115 for Q4 2015, and 108 for Q3 2016.

That’s a pretty significant increase.  Experts are projecting that the fraud index will continue to increase due to increased purchase vs refinance volumes that are expected this year.

Purchase transactions have inherently more risk since the borrowers often times have no history of payments or occupancy in a particular property that lender can rely on.

This is the second time in less than a week that mortgage fraud is raising alarm bells.  Earlier this week, Equifax reported that Canadian Mortgage Fraud was up nearly 52% as home values there increase to historically high levels.

Top Risk Areas of The Country For Mortgage Fraud 

CoreLogic detected higher risk activity from the following locations here in the US.  You will note Syracuse had a huge spike in application fraud risks which occurred based on a large reverse occupancy fraud scheme in the area.

The Consumerist today reported that Western Union will pay over half a billion dollars for not doing enough to stop wire fraud globally.  And they were fined primarily because they never listened to their fraud investigators years ago.

I have written in the past that Wire Fraud is the scourge of all fraud against consumers and over $50 billion of it occurs each and every year.

Whether it is lotto scams, fake rentals, fraudulent e-Bay orders, elderly abuse or romance scams, Western Union is almost always the choice of fraudsters payment.  They can receive money, anywhere in the world and be out the door in seconds.

Worse yet, Western Union in many cases is being accused of having complicit employees or turning a blind eye to fraud.

Well today, federal authorities slapped an enormous fine of $585 million on Western Union and they admit that their policies — and some of their agents — aided and abetted wire fraud.

Wow.

The Charges Span from 2004 to 2012

The charges were brought by the Justice Department, the Federal Trade Commission, and the Treasury Department’s Financial Crimes Enforcement Network (FinCEN).

They span activity at Western Union from 2004 through 2012 and occurred globally in US, Mexico, Peru, UK, China and other countries.

Authorities slammed Western Union for money laundering, failing to do due diligence on foreign agents, failure to terminate high-risk locations and failure to implement appropriate fraud policies.

To give you an idea, Western Union filed 2,000 suspicious activity reports from a single location in China without shutting the location down.

A large portion of the $585 million dollar fine will be used to reimburse victims of fraud.  If you, or anybody you know, was a victim of fraud where Western Union was used between 2004 and 2012, you can file a claim with the justice department to get reimbursed.  Just go this site here – Justice Department Claims.

Western Union Failed to Listen to Their Fraud Investigators

Western Union investigators had made a recommendation as far back as 2004 to shut down any high-risk location that 15 or more suspicious activity reports.  They felt that if a location had that many SAR’s they were too risky and either they were being attacked by money launderers or money mules or they were complicit in the activity.

Well, the investigators had identified the location in China as very risky and requested that executives shut it down but the decision was made to continue the relationship.  Western Union failed to adhere to their 15 SAR report policy.

Another example of how not listening to your fraud investigators can get you into a whole lot of trouble!

Western Union could have avoided today’s messy settlement (and the substantial financial penalty) if it had just listened to its own security people more than a decade ago. In 2004, the company’s Corporate Security Department proposed global guidelines would have automatically suspended any agent involved in 15 fraud reports within a six-month period. Those guidelines were not adopted at the time.

Failure to Implement Most Basic Controls

It appears that according to the charges that Western Union was not implementing even the most basic controls to detect, investigate and terminate systematic fraud.

Western Union of course downplays the problem saying they have all their fraud issues fixed.  Sure they have.

Thanks for Reading! I hate to see when companies don’t listen to their fraud investigators.

Keeper Security has performed an analysis of compromised hacked data and made some startling conclusions. American’s use really dumb passwords with alarming regularity.  In fact, 17% of accounts are protected with the stupidest password of all ‘123456″.  It’s hard to believe that 1 in 5 accounts in the US are protected with something so simple.

The analysis conducted on information from 10 million breached accounts showed that the following passwords were most commonly found in the dataset.

KeeperSecurity made the following conclusions about these dumb passwords:

• The list of most-frequently used passwords has changed little over the past few years.. That means that user education has limits. While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.

• Four of the top 10 passwords on the list – and seven of the top 15 – are six characters or shorter. This is stunning in light of the fact that, as we’ve reported, today’s brute-force cracking software and hardware can unscramble those passwords in seconds. Website operators that permit such flimsy protection are either reckless or lazy.

• The presence of passwords like “1q2w3e4r” and “123qwe” indicates that some users attempt to use unpredictable patterns to secure passwords, but their efforts are weak at best. Dictionary-based password crackers know to look for sequential key variations. At best, it sets them back only a few seconds.

• Email providers don’t appear to be working all that hard to prevent the use of their services for spam. Security expert Graham Cluley believes that the presence of seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” on the list indicates that bots use these codes over and over when they set up dummy accounts on public email services for spam and phishing attacks. Email providers could do everyone a favor by flagging this kind of repetition and reporting the guilty parties.

I Fell Victim to Dumb Passwords

2 years ago I fell victim to dumb passwords and had to delete 2 websites because of it.  I had a team out of India do a couple of blogs for me I forgot to change the default login’s they setup for me on my wordpress accounts:

• UserName – Admin
• Password – Admin123

Anybody familiar with brute force attacks will tell you that the combination of that username and password are probably the first combinations the BotNets will try.

2 of my websites were so compromised that I could not even clean them and I ended up deleting the sites costing me hundreds of hours of work and thousands of dollars.

I learned the hard way that dumb passwords have bad consequences.

50% of Consumers Re-Use Passwords Across Their Online Accounts

50% of consumers use the same password on their Facebook accounts, that they do on their Linkedin accounts and other services such as Uber, Amazon and Netflix.

This is a real bad idea.  A horrible idea actually, which puts consumers at heightened risk of identity theft, banking fraud and online fraud.  How bad of an idea is it?  I would suggest you read this excellent article by Naked Security that analyzes the risk that consumers take on when they engage in this practice.

If you are using any of the passwords on America’s Dumbest Password list I suggest you change it.