“Fraud as a service” is a growing business in which criminals commit fraud by offering tools, services and infrastructure for a fee. Often found on the dark web, in recent years this model has become prominent on social media channels as well, turning unwitting as well as witting participants into “money mules” who help traffic money to criminals through bank accounts.

Although financial losses due to fraud schemes for individuals over the age of 60 have increased from $500 million in 2018 to almost $3.5 billion in 2023, victims are not limited to the senior demographic.

Schemes on social media channels such as TikTok and Instagram trend toward younger demographics, offering too-good-to-be-true get-rich-quick opportunities in which the victim transfers money from their own account to the criminal’s account with the promise of getting more money in return.

With a rise in synthetic identity fraud, even infants and toddlers can be targets of money mule scams. For this scam, criminals create bank accounts using fake names, addresses, burner phone numbers and social security numbers stolen from people often too young to have a credit history. This allows fraudsters to establish credit and open deposit accounts, while appearing as a legitimate individual and bank customer.

“Criminals creating synthetic identities are playing the long game,” says Jim Hitchcock, VP for fraud mitigation at American Bankers Association, “They’ll just ride it out as long as they can without any loss. As long as no one discovers it, they might continue to let it buffer, or, if it’s not used for credit, they will open a deposit account that can sit dormant until they’re ready to use it.”

In an ABA webinar, Anne Entwistle, senior trial attorney for the Department of Justice Consumer Protection Branch, cited explosive growth in transnational crime organizations targeting U.S. consumers as one reason for the uptick in romance, lottery fraud and government imposter scams.

Because these transactions appear as authorized push payments, they are often accepted as legitimate and are not flagged as fraudulent.

“We often don’t know that a transaction is fraudulent until the customer reports it,” Jim Hitchcock adds., “Money from these transactions moves back out of the accounts quickly. We generally have a 72-hour window before that money leaves the account for good – and that window is shrinking.”

“If a consumer suspects they have been the victim of a scam in which money is moved out of their account and they are not in any physical distress or harm, they should notify their bank first,” Hitchcock adds. “For more extreme circumstances in which someone unwittingly became a money mule, consumers and bankers should report it to the FBI Internet Crime Complaint Center. But that 72-hour window is key.”

Red flags that signal fraud

While individual banks, alone, cannot solve the issue of financial scams and fraudulent transactions, understanding what to look for is one step toward thwarting potential criminal activity.

Stagnant accounts with sudden deposits or withdrawals could be an indication of use of synthetic identities.

Velocity of funds or an unusual amount of money leaving an account often mean fraud. A noticeable increase in the number of transactions or an unusual amount of money leaving an account, especially through peer-to-peer money transfer apps such as Zelle or Venmo, could suggest fraudulent activity on the account.

While much of the focus to date has been on monitoring activity from the sending back, “We believe we can discover a lot from the bank at the receiving end too,” Hitchcock explained.

Protecting the bank and its customers

One of the most effective ways of protecting customers from fraudulent transactions is to slow down the process.

Take the time to name match the name on both the sender and receiver end. Not only does this help ensure the legitimacy of the transaction, but it also creates a bottleneck for the money to hop to another account before fraud can be discovered.

When possible, create alerts based on frequency of transactions in a given time period or for specific dollar amounts that may indicate a fraudulent transaction.

Share information with other banks. The Patriot Act gives banks safe harbor to share information on money laundering and terrorist financing.

“If I tell a bank this is happening to them, it’s happening to the bank next to them too,” Hitchcock says. “Always put competition aside when it comes to fraud and cyberattacks.”

This is especially important in cases of business email compromises, a type of phishing attack in which criminals gain access to work email accounts with the intention of stealing data or tricking someone into transferring money. These types of attacks generally target multiple banks at once, which means that strange activity at one bank is likely happening at another. Sharing that information enables banks to proactively look for suspicious transactions and stop them in their tracks.

“The bigger the gap in a notification of a fraud, the less likely we are to stop the money from moving,” Hitchcock adds.

To make the communication process easier, ABA’s Fraud Contact Directory enables banks to connect with other institutions to resolve warranty breach claims for checks as well as claims for unauthorized and/or fraudulent transfers for wires, ACH, RTP, or FedNow.

Banks also can access ABA resources and training to assist in educating employees and customers about scams. The more individuals know, the easier it will be to spot the warning signs and prevent fraud.

For consumer education ABA’s Safe Banking for Seniors offers bankers free resources designed to educate older people and their loved ones about how to protect their financial assets and identities. ABA’s Banks Never Ask That and Practice Safe Checks campaigns have been updated with new content.

The bottom line is that bank fraud is a global problem with a regional solution. The more educated that bankers and customers are at the local level, the better bankers and customers will be able to spot a scam before becoming a victim.

Beth Tancredi is a frequent contributor to ABA Banking Journal.

Full Article

FinCEN Warns of Fraud Schemes That Abuse Its Name, Insignia, and Authorities for Financial Gain

December 18, 2024

WASHINGTON—The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an alert today to raise awareness of fraud schemes abusing FinCEN’s name, insignia, and authorities for financial gain. These FinCEN-specific fraud schemes include scams that exploit beneficial ownership information reporting; misuse FinCEN’s Money Services Business Registration tool; or involve the impersonation of, or misrepresent affiliation with, FinCEN and its employees.

“We are very concerned about reports of scammers using FinCEN’s name to perpetrate fraud schemes against the public for financial gain,” said FinCEN Director Andrea Gacki. “We urge the public to be vigilant in identifying and avoiding these schemes and to be extremely cautious when dealing with unsolicited correspondence. FinCEN and its employees will never threaten a member of the public by email, call, or text, or demand immediate payment for any reason.”

The alert provides guidance to the public on how to identify and avoid these scams and provides typologies and red flag indicators to help financial institutions detect, prevent, and report potential suspicious activity to FinCEN. Combating fraud is one of FinCEN’s Anti-Money Laundering and Countering the Financing of Terrorism National Priorities.

The public is reminded that any solicitations from individuals or entities abusing FinCEN’s name, insignia, or authorities, or impersonating a FinCEN employee should be reported to Treasury’s Office of Inspector General and the Federal Trade Commission. Victims of cyber-enabled government imposter scams should file a complaint with the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center and file a report with their nearest FBI field office. Anyone with knowledge of fraud schemes involving victims who are age 60 or older can call the U.S. Department of Justice’s National Elder Fraud Hotline at 833-FRAUD-11 or 833-372-8311.

Questions regarding the contents of this alert should be sent to the FinCEN Regulatory Support Section by submitting an inquiry at www.fincen.gov/contact.

The full alert is available online at FIN-2024-Alert005.

Full Article

The use of the FDIC logo at teller windows, on bank doors and in other places — not to mention the disclosure of “Member FDIC” in advertising — is a staple of how banks present the deposit insurance guarantee to their customers and the public. On May 1, these practices will receive a major update, and banks need to figure out how to comply.

The rule changes how banks display the FDIC logo online, on apps and at branches and ATMs. It also bars the logo’s use in advertising and marketing that misrepresent deposit insurance coverage. The ambiguity in the rule’s language is a headache for banks as they work on implementation, according to Ashtyn Landen, senior director of prudential regulation at ABA.

“One of the confusing terms was ‘continuously,’” Landen says. “What does it mean to have the FDIC sign continuously on your website? Does that mean when you scroll, the sign follows you down the screen? Does it mean it pops up in different places?”

Take advantage of FDIC resources

Despite the time crunch and lack of clarity, industry experts say banks must do everything they can to proactively prepare for implementation.

Landen suggests rereading the rule, looking at the FDIC’s questions and answers, and attending the agency’s webinar series about rule requirements. At these webinars, the FDIC will “discuss additional questions regarding the rule” and could “clear up any confusion around what exactly is required for the website and mobile apps,” she says.

The session on May 30 reviewed subparts A and B, including the major requirements and objectives, and answered common questions. The second, on July 31, discussed requirements and offered details on FDIC signage on websites — including when signage is not required — and examples of violations. (Visit the FDIC’s site to view the earlier presentation slide decks and for updates.)

Not one size fits all

Questions about integrating the new rule will differ depending on the bank, according to Leslie Callaway, senior director for compliance, outreach and development at ABA and the team lead for ABA’s members-only Compliance Hotline.

“The bigger banks are looking at this and have been since day one. Smaller banks that don’t have the resources are struggling a little bit more. It really depends on the size of the bank [and] the resources they have,” she says. “There’s a lot of rules around ATMs, so how many ATMs do you have? How many new ATMs are you going to have? There’s a lot of moving parts.”

Since implementation challenges will vary, it’s important for banks to communicate with their examiner for help with the changes and to ensure readiness for May 1, says Therese Kieffer, specialized consulting manager at Wolters Kluwer.

“Where you’ve got the non-deposit product that you’re also offering in your branch and you want to put it up on digital display, it might be worthwhile having a conversation with your examiner as to what they would recommend [in terms of appropriate disclosure] in that kind of situation,” Kieffer says. “You might want to run some of your drafts of your mobile app page or some of your designs past your examiner.”