Detecting and preventing fraud in the financial services sector can be a daunting task. There are threats internally, externally, domestically and internationally. But by knowing and understanding your enemy, you can ensure you have policies and procedures in place to help mitigate these risks.
According to the International Compliance Association, there are seven different groups of individuals who commit financial crime.
- Organised criminals committing large scale frauds
- Corrupt heads of state
- Business leaders manipulating or misreporting financial data
- Employees residing within an organisation
- Customers, contractors or someone with no connection to the company
- External fraudsters who may be colluding with an employee
- Individual fraudsters
Increasing use of technology in the last 10 years has bought together business and consumer landscapes and led to an increase in cybercrime. Sadly the potentially devastating results of cybercrime are not seen until it’s too late, as they are largely unseen acts and operate under the radar of most organisations.
Not a week goes by at the moment, without another data breach or hack into some poor organisation’s systems; be it Sony, Ashley Madison or Talk Talk. Fraudsters will sell this data and personal information on the dark web and it can be even more profitable in some cases than the illegal drug trade. For example, criminals may steal medical information, create a fake ID to buy medical equipment, which they will then resell later on. Credit card information can be sold on from $.50 – $20 a pop. Some of these underground organisations can have a reach of up to 80,000 people and bring in millions of dollars by turning stolen account information into useable money.
There is a move now towards ‘crimeware-as-a-service’, where wannabe fraudsters who lack the technical knowledge, can rent an entire infrastructure to run an online scam. For example, to create a phishing page to mimic a website and setting up a mass email which will link to the fake website, will cost around $150. If the fraudsters catch just 100 people from this, they can net $10,000 by selling this data on. Kaspersky Lab Experts have found that these criminals can bring in profits that are up to 20 times greater than the initial outlay costs for the attacks.
Another way to profit from their activities is to use these stolen cards to buy gift vouchers and then sell them on at 50% of their face value. They could even sell hotel or train tickets for 10% of the asking price. In fact the airline industry states that fraudulent tickets are costing $1 billion annually.
One of the largest attacks that has been detected by Kaspersky Lab has found £650 million has been stolen over two years from Financial Institutions worldwide using the Carbanak Attack. This is being run by cyber criminals from Russia, Ukraine and China and goes through the following processes:
- They gain entry through the employees computer by ‘spear phishing’ and introduce the malware called Carbanak
- The criminals then send authentic emails that recipients click on which infects the institutions systems with malware
- They then jump into the internal network and record what happens on the screens of staff who service cash transfer systems
- The criminals then mimic the staff activity to transfer cash out into their bank accounts
The gangs take from two to four months from malware infection to stealing the money and can turn over up to $10 million each raid to remain under the radar.
But it’s not all bad news. National Cyber Crime Strike Week was in March 2015 and the National Crime Agency co-ordinated a UK wide action which lead to 57 arrested in 25 operations, including data theft, and cyber-enabled fraud. This included a 20 year old arrested on suspicion of a £15,000 phishing attack.
Fraud and financial crime is a huge challenge facing not just financial institutions but all organisations whether they are large multinationals or a small one-man band. To help tackle this threat head on, it is important to ensure your organisation has strong policies and procedures in place to proactively determine if you’re being attacked. Motivate your employees to fight fraud with a mixture of culture, education and fraud prevention at all levels of seniority.
Michelle Parkes is a Director of the Fraud Women’s Network which was set up to bring together women involved in all aspects of fraud prevention, detection, investigation and prosecution.Michelle set up Parkes Marketing in 2014 and helps small and medium sized businesses to manage their entire marketing mix, from strategy to content generation and tactical execution.