Fraud Case Studies
Fraudsters are often counterintuitive. 73% of fraud cases actually made their first loan payment, concealing the crime for a period of time to make the most of the opportunity later. Secondly, 63% of cases took out less than the maximum loan amount they were approved for, a behavior highly indicative of the “safe-cracking” pattern of coordinated fraudsters.
Case study #1
Our first case study is of a coordinated identity fraud attack that was conducted against a financial institution in the UK.
Amount observed a sharp increase in first payment defaults month-over-month. An investigation uncovered a coordinated fraud attack that affected more than 500 accounts.
Fraud ring tactics
Some of the interesting tactics we discovered upon investigation echo the same safe-cracking behaviors outlined previously:
- 95% of these fraudulent accounts claimed to make £2,500 monthly net income, falling just below a threshold in the partner’s policy that would have required additional diligence.
- This fraud ring passed KBA at a rate of 98% versus the normal population which passes at a rate of 80%, rendering this authentication tool useless.
- The fraudsters eluded device fingerprinting flags by swapping their PC card and wiping their cookies repeatedly.
- The coup-de-gras involved sophisticated fake bank statements that contained overlaid modifying text upon legitimate bank statements to make it appear that the applicant owned the bank account.
This fraud case study shows that old risk screening tools (device fingerprinting and KBA) proved to be insufficient in isolating the fraud. We also learned that it was critical to have the type of sophistication in document screening processes that could detect fraudulent modifications of original documents imperceptible to the human eye. Finally, we learned that it was extremely important to invest in velocity based alerting that could begin to flag some of the commonalities of these coordinated cases (loan amount, passwords, etc.).
Case study #2
Our second case study showcases a coordinated multi-layer identity fraud attack that was conducted against a leading bank.
Amount received a tip on two accounts and leveraged this intel to identify several hundred additional fraudulent accounts that didn’t initially appear to be suspicious at a money center bank.
Fraud ring tactics
The tactics we discovered upon investigation show a highly complex layered fraud that utilized multiple tactics:
- Virtual machines to make it appear they were applying from a different location.
- Voice over Internet Protocol (VOIP) to impersonate customers and newly created emails.
- All accounts were making payments and were able to contact the bank to freeze assets on accounts.
- Accounts were funded due to fraudulent internal bank documents.
Fraud rings are becoming increasingly sophisticated, complex, and organized, and relaxed fraud checks for opening deposit accounts have become a gateway for future fraud. Qualitative insights must be combined with quantitative analysis to identify highly sophisticated fraud attacks.