Compromised credentials from a data breach or malware are frequently exploited by financial criminals to perpetrate new account fraud.
The agency [FBI] used to learn about a new, large-scale data breach every two or three weeks. “Now, it is close to every two to three days.” James Trainor, Acting Assistant Director of the FBI Cyber Division shared this disturbing trend with attendees at an event titled Partnerships & Policies to Fight Cybercrime in Washington, DC this past March. This shocking assessment grows even more catastrophic when you factor in that compromised credentials from a data breach are often exploited by financial criminals in their tradecraft as a key enabler to perpetrate new account fraud.
Losses from New Account Fraud and Account Takeover Projected to Increase Significantly from $5B in 2014 to $8B in 2018.
The projected shift in the financial crime landscape associated with the rollout of EMV in the US is one of the key reasons why industry analyst Javelin Strategy & Research is forecasting a 60% increase in new account fraud and account takeover over the next four years. Javelin’s 2015 Data Breach Fraud Impact Report projects that losses from new account fraud and account takeover will skyrocket from $5 billion in 2014 to $8 billion in 2018.
New Account Fraud: Some High-Level Basics
The following highlights are some typical characterizations of this financial crime that are commonly cited in industry literature.
- New account fraud is generally defined as fraud that occurs within the first 90 days after an account is open; the accounts are often opened solely to commit fraud.
- Savvy financial criminals frequently wait more than 30 days before making the first deposit, or they will make small deposits and withdrawals in the first month to establish a pattern.
- Perpetrators sometimes make their deposits on a Friday or Saturday prior to a banking holiday to give them a longer period to withdraw the funds before the deposited items are returned.
- Some new account frauds are initiated after a financial criminal obtains the name, Social Security number (SSN) and/or date of birth of an identity theft victim.
- Checks deposited into a fraudulent new account are often stolen and forged, counterfeit, or drawn on fraudulent accounts at other financial institutions. As soon as the funds are available, they are withdrawn, and within a few days, the deposited items are returned unpaid to the bank of first deposit.
- Sophisticated financial criminals sometimes pose as business professionals. They will present the proper credentials and have the proper supporting documentation of lease agreements, licenses, etc.
- Some financial institutions allow customers to open accounts without meeting an employee of the FI. This practice gives a financial criminal the advantage of greater anonymity and as a result, many fraudulent new accounts are opened through online banking, telephone banking, or mail.
15 Red Flags for New Account Fraud (Source: ACFE)
Since banks need to exercise constant vigilance to be on guard against this growing financial crime threat, I thought it was well worthwhile to share some red flag indicators for new account fraud that have been compiled by the Association of Certified Fraud Examiners (ACFE).
- The Name Provided by an Applicant Does Not Match that Returned by the Credit Bureau Search of the SSN
- The Applicant Is 25 Years of Age or Older and Has a Newly Issued SSN
- Since most individuals enter the work force before the age of 25, a number should probably have been issued earlier.
- The Applicant Is Older than 25 and Has an Established SSN, but the Name and Address Information Was Established Within the Previous Six Months
- Individuals who have a number issued will normally develop credit and identification information shortly after it is issued. In this scenario, the SSN was issued—probably to a newborn—but has had no activity to date.
- Two Different Names With Different Addresses Appear Under the Same SSN
- Normally one of the names will have an established address and historical information, and the fictitious individual will have only recent information. The true holder might reside in the original state of issue, while the fictitious holder might have an address in the state of application. In this scenario, the applicant simply used the established SSN of another person.
- Primary Identification Was Issued Within the Previous 60 Days
- Financial criminals assuming the identity of a true citizen have to obtain legitimate identification within their state residence. The identification is normally obtained through the local Department of Motor Vehicles (DMV) and has a recent issue date. Unless the applicant has recently moved to the area from another state, his/her ID should be older than 60 days.
- Opening Deposit Is a Small Cash Deposit
- Many fraudulent new accounts are opened with a cash deposit of under $500, normally in the range of $50 to $250. The purpose of using cash is to avoid having to use true negotiable instruments to open the account. Some criminals will not risk using counterfeit or forged items to open a new account. Banks usually place holds on new accounts to provide ample time for the check to clear before the new customer is allowed to draw funds against the deposits. No holds are placed on cash and fewer questions are asked of customers presenting small cash deposits.
- Use of Mail Drop Address
- Private companies will rent mail drops for a few dollars a month and can refuse to provide the name of the individual who paid for the box. Almost any individual can rent a drop box without undergoing background verification. These establishments provide their customers with a valid street and city address and a box number at which to receive mail.
- The Applicant’s Home or Business Address Is Not in the Same Geographical Region as the Financial Institution
- Many individuals who open fraudulent accounts do so at branch offices outside of their immediate geographical location.
- The Address on the Presented Identification Is Different from the Home Address Provided
- Many financial criminals will obtain identification in the true identity of an unsuspecting individual. The victim’s and the fraudster’s information will be the same on formal documents; the only difference will be the photograph. To avoid documentation being forwarded to the victim’s residence, the fraudster will provide a different address.
- Identification Cards for Non-Drivers
- State motor vehicle agencies issue cards that look like driver’s licenses but are only identification cards. Financial criminals are attracted to non-driver ID cards because they are easy to obtain.
- Applicant Is Older than 25 Years and Without Previous Financial Institution History
- People who open new accounts are often in the process of moving and using checks from their old accounts as initial deposits. Most individuals will have a history at a financial institution because electronic banking, ATMs, direct deposit, and similar services are used by most working individuals.
- Overly Friendly Applicant
- Many applicants will attempt to establish a quick and active rapport with the financial institution’s new account person to make the application process run smoothly. The employee responsible for opening and overseeing new accounts should learn to recognize acts of attempted deception.
- Dress and/or Actions Inconsistent or Inappropriate for the Customer’s Stated Age, Occupation or Income Level
- New Account Requesting Immediate Cash Withdrawal Upon Deposit
- Request for Large Quantity of Temporary Checks