Thursday, 28 May 2009

A new form of credit card fraud

CHIP and PIN, Visa and MasterCard SecureCode and PCI-DSS for the safe storage of customer credit card data, are just some of the tactics deployed in the ongoing battle against credit card fraud.

All of these measures have had mixed success and while they may have helped reduce card present fraud, card-not-present fraud is on the increase particularly in online shopping and cross-border transactions.

A new form of credit card fraud called "first-party fraud" is also emerging and experts say it could cost banks and other card issuers up to $21 billion in losses this year. Instead of fraudsters stealing customer credit card details or trading credit card numbers in underground communities, "first-party fraud" involves people using false income and financial declarations to apply for a credit card, which they intend to use and never repay.

Banks typically treat these applications as bad debts and only discover much further down the line that instead they may be dealing with fraud. Lafferty Group estimates that "first-party fraud" losses this year were $15 billion for the US, $2.5 billion for Asia-Pacific, and $2.2 billion for Western Europe.

Increased focus on AML as banks look to recoup losses

Financial crime is likely to dominate banks' IT spending in the months to come, experts say, as banks look to recoup millions lost to fraud every year.

I was at an event recently held by business process management vendor, Pegasystems, on the topic of financial crime and the message from most speakers at the event was that financial crime and anti-money laundering (AML) had moved up the banking agenda. According to Daniel Mayo of analyst firm, Datamonitor, 37% of banks expect anti-money laundering (AML) will drive IT project spending in 2009.

Yet, questions remain about the effectiveness of AML in detecting terrorist financing and the quality of Suspicious Activity Reports generated by banks pertaining to proceeds from crime, including fraud, AML and terror financing.

Like it or not, banks are at the coalface of fighting fraud and while the Serious Fraud Office in the UK says it is going to rely more on market intelligence and whistle blowers to unearth fraud, a lot of the onus for detection of fraud is still on the banks.
Reetu Khosla, director of financial crime solutions at Pegasystems, says the regulators want to see banks take a more enterprise-wide, multiple-siloed view of fraud across all lines of business. "Regulators are saying not only should firms be looking at fraud, anti-money laundering and KYC, they should also be looking at these aspects across all lines of business," says Khosla. Banks will also need to be able to gather information from disparate systems and analyse it in such a way that links can be made between seemingly unrelated events.
Banks attending Pega's breakfast briefing on financial crime were interested in learning whether banks could follow the example of the insurance industry which has collaborated on setting up a database enabling insurers to share claim information. The database has helped insurers successfully reduce fraud. However, banks sharing customer information may open up a can of worms in terms of data privacy issues, and banks still see financial crime as a competitive issue, particularly in terms of how long it takes them to resolve alerts and transactions held up by false positives.

False positives remains a major issue for banks, given that banks are required to demonstrate sufficient due diligence around investigating alerts. "When it comes to financial crime alerts, most firms are faced with a high volume of false positives and a low volume of true hits," says Khosla. "However, the regulators point out that the risk of not evaluating each alert at some level is extremely high.

Friday, 22 May 2009

Regulators are taking fraud more seriously

The Financial Services Authority (FSA) appears to be upping the ante when it comes to insider trading by seeking to prosecute two City lawyers who are accused of illegally trading shares based on non-public information.

A corporate partner of US law firm Dorsey & Whitney and a former partner at Will & Emery are both being prosecuted for trading shares related to the takeover of Neutec Pharma by Swiss conglomerate Novartis.

Police have also arrested two men over a suspected fund management fraud worth more than £50 million after the FSA earlier froze the operations of three firms - Business Consulting International, John Anderson Consulting and Kenneth Peacock Consulting - which are alleged to have mishandled millions in investors' money.

Criminal lawyers have also warned that the Serious Fraud Office is also taking the issue of corporate bribery and corruption more seriously and we understand that legislation is pending regarding the seizing of corporate assets in bribery and corruption cases.

Friday, 8 May 2009

Disrupting fraud as it happens

When the director of the UK's Serious Fraud Office (SFO) Richard Alderman comes out all guns blazing saying that his office is becoming more proactive, intelligence-led and plans on making better use of powers at its disposal, one cannot help but think, shouldn't you haven't been doing that all along anyway?

Much of the burden for detecting, policing and enforcing anti-fraud measures has historically fallen on the shoulders of banks, other financial service providers and individual victims. But with the Securities & Exchange Commission (SEC) in the US and many other regulatory bodies and government agencies caught napping in the wake of the $50 billion Madoff scandal, they are eager to challenge the publicly held notion that they are essentially 'toothless tigers'.

At the Sweet & Maxwell conference on the changing face of fraud trials, Alderman stated that the SFO was moving towards becoming an "intelligence-led organisation", assessing where the fraud risks are during this economic downturn and working with other agencies to disrupt fraud as it happens. That means the SFO is going to have to capture reliable and sophisticated intelligence if it is to stop fraud before it even happens and I am curious to know how they are going to do that.
The SFO has extended an olive branch to so-called City whistle blowers and says it is going to look more closely at hedge funds, but is that going to be enough to uncover major frauds? Take the alleged Bernard Madoff Ponzi scheme for example. There were plenty of whistle blowers warning the SEC that something was amiss, but on the whole they chose to ignore this information or did not investigate it thoroughly.
"We intend to take full advantage of all the powers that are available to us and that have been neglected by the SFO over the past years, but we also need to consider what further powers we need to make the SFO a more efficient organisation,” said Alderman. It begs the question why has the SFO neglected to use its powers and what has so fundamentally changed within the organisation that it is going to seize those powers now to keep fraudsters at bay?

Is this recognition finally that the powers that be are finally taking fraud more seriously and that the onus for detecting, policing and preventing fraud is no longer the onus of banks and individuals but intelligence-led policing? I'm not sure we can all breathe a collective sigh of relief just yet.