This fraudsters’ forum was used as a core infrastructure of criminal activity, allowing criminals to buy and sell personal information for Identity Fraud, stolen credit card and debit card numbers, and counterfeited documents. Criminals also shared information on how to commit fraud and where the most vulnerable financial institutions are.
After DarkMarket as brought down, FBI investigators learned of the magnitude of criminal activity carried out through the site, discovering that one member had bought personal data worth €325,000 during a period of only 6 weeks.
As significant time and effort are required in order to efficiently and effectively commit fraud (collecting information on victim organizations and on the people whose identity will be violated, setting up multiple addresses and phone lines, obtaining documentation and forged proof of income and employment), fraudsters do their best to invest smartly.
A very popular method is “Slow Bust-Out Fraud”, where a group of fraudsters collaborate and establish a “legitimate” company – registered in the court but owned by a non-existent person’s identity to avoid being tracked down - based on proof of income and the fake company image (including registry in the court, yellow pages, updated website and business hours, apparent availability of a secretary and HR manager for confirmation). Multiple “well paid” people open accounts and/or apply for reasonable limit credit cards.
To make the fraud more effective, those cards will be used moderately for a short period of time and will be always paid on time, while the fraudsters await their prey to fall into a well-orchestrated trap.
The fraudster’s real gain will not be realized through the use of credit cards but from the Cross Sell – once the institution offers additional financial products – it’s time for a “bust out”. Credit limits and overdraft will be fully drawn, cash loans will never be repaid, and the fraudsters will reap the profits. They will then move onto their next victim.
The existence of underground market places such as DarkMarket, CardersMarket and many other notorious platforms provides a fertile ground for professional fraudsters. But this is not surprising - where there is demand there is always supply. As financial institutions invest in education, training and sophisticated tools, so do they - in a multi-billion underground industry of fraud and corruption it was only a matter of time until such “service providers” were able to flourish.
But it’s not only organized fraudster groups who are committing fraud. Those who commit fraud can be segregated in two major groups – organized (known also to perform hard fraud) where orchestrated fraud operations are carried out by a group of professional fraudsters, and opportunistic (known also as soft fraud) where an individual is attempting to overcome credit policies in order to obtain financing such as faking proof of employment, or by increasing their salary, or not revealing potentially negative information (such as bad credit address etc.).
For many years criminal psychologists have been researching the drive, thoughts, intentions and motivation of certain people who tip over the edge and commit crime, thus becoming criminals. White collar crime in particular has been the topic of many studies.
In tough economic times, fraud rate increases, come to light and receive greater attention and priority from management, accompanied by the need to decrease losses and increase performance.
The fact is that fraud increases can be attributed to many factors. In the case of soft fraud it can be associated with different stimuli that increase the temptation to commit fraud and may push a normative person into crime – triggers such as strained finances, job loss, fear of losing their home, and pride or the inability to support the family can easily do the job.
Different factors drive different people to the dark world of crime. The misleading concept of pure greed is not always the cause. We must understand the fundamental need of humankind to survive. Adding to this the lack of legislation, poor prosecution rates and social association of fraud as a victimless crime, the outcome is a reduction in the fear of “Crime and Punishment” to rock bottom.
The recent economic slowdown has affected many financial institutions, and many have limited their product offerings, reducing the number of granted credit lines in order to limit potential risks.
Many bank executives consider this economic crisis as a nightmare for all banking institutions, which is difficult to argue with. Others see these times as an opportunity to transform their current operations (credit, anti-fraud and collection) in order to achieve market best practice.
There are no better times than times of crisis to reevaluate counter fraud operations, strategies and methods – completing tasks we could not focus on before, tasks such as undertaking an external anti-fraud assessment, re-analyzing historical fraud cases to identify gaps in our defenses, re-structuring the detection strategy, re-writing or updating manuals and procedures, conducting exhaustive training of anti-fraud analysts, and many other tasks that can now be planned and carried out without the stress of a non-stop demanding production environment that requires the full attention of all available personnel.
It should be noted that this is just the first step in a roadmap to excellence. Fraudsters advance and become more and more sophisticated, as the fraud business is highly profitable and estimated to generate annual worldwide revenues amounting billions of Euros. They invest in better technology to skim cards, forge and print documents and share knowledge on how to commit fraud, to overcome traditional underwriting methods and avoid detection.
One of the biggest weaknesses of traditional underwriting is the underwriter himself. While it is possible to understand the fine lines connecting two pieces of data, a person is powerless when it comes to processing and understanding relationships found in mass data.
High risk addresses and phone numbers are found again and again to be key indicators of fraud. If this information is used smartly it can serve not only as an item to blacklist, but can serve also as a basis for positive matching. By creating a fraud detection strategy able to execute a complex matching scheme and analysis on different data items on a current application against the ones stored in the database of historical applications, we can reach a better, more informed decision.
If we look at the example of phone numbers and addresses, by matching the address or phone number attributed to the employer in the current application against different addresses and phone numbers stored on the historical database, a specialized fraud detection system can give us an indication of whether the employer name produces a positive or a negative match.
While an underwriter can gather information over the phone and make connections of seemingly unrelated data, in a specific case, a tuned sophisticated Application Fraud detection system can understand that 2 different addresses are located within 200 meters of each other and the seemingly unrelated applicants are using the same telephone number – conclusions that the human mind cannot reach and the eye cannot capture when a significant data load is being processed.
By combining fraud indicators as described above in a structured fraud detection strategy, financial institutions can gain a winning advantage, achieving a higher fraud detection rate and lowering unnecessary collection efforts that are performed on bad debt that was wrongly classified and should actually be considered as a fraud loss.
The fraud detection strategy should not be considered as a stepbrother to other origination processes. This is a complimentary effort aimed at focusing on different aspects of underwriting, then the credit analysis process.
The aim of fraud detection is to detect misleading or wrongly stated information. By doing so it enables both the credit analyst and the collection agent to perform better – dedicating their time to worthy applications, “old school” underwriting is no longer a method financial institutions can relay on and the starting point for achieving best practice in anti fraud operations requires a centralized approach for analysis, shred knowledge base and advanced tools.
The anti-fraud team can provide precious information to other operational departments, by detecting an application using specific fraudulent data, either detected in a new application or as feedback from collection, the anti-fraud team can warn about other applications where the same pattern was used – allowing the collection team to focus their efforts, thus reducing workload, and saving time and money.
Anti-fraud measures and strategies are constantly changing. For every defense measure there is a countermeasure of attack followed by another barrier of defense. Both the good and the bad are constantly maneuvering to outwit and flank their opponent in a “Sun Tzu” strategic dance.
Written by CRIF Decision Solutions anti-fraud experts.
