Wednesday, 24 June 2009

Government stimulus money vulnerable to fraudsters

Governments have ploughed billions of dollars into stimulus packages to breathe new life into flagging economies, however, they could be handing fraudsters an "unintentional" meal ticket, according to the latest Kroll Global Fraud Report.

Of the $5 trillion in stimulus funding various governments have doled out, Kroll estimates that as much as $500 billion could be lost to fraudsters as the investment amount and the highly complex procurement processes involved mean these kinds of "big-budget capital projects" are often targets for corruption. 

"The unprecedented amount of financial support that governments have pledged to help stabilise their economies leaves the door wide open to fraudsters," said Richard Abbey, managing director, Kroll's Financial Investigations practice. "It’s a once-in-a-generation opportunity for those engaging in corrupt practices to cut themselves a large slice of the pie and it’s important that governments and businesses alike are aware of the risk and are prepared to counteract them.”
Kroll says focusing on the "middlemen" who are entrusted with large sums of money is essential if this type of crime is to be prevented. That means procurement processes need to be highly transparent. Resources must also be made available to "root out" corruption and Kroll advises that salaries should be appropriate to discourage employees from committing fraud. 

So can we be sure that government stimulus and taxpayers' money has ended up in the right hands? And will the processes around how this money is assigned and spent be transparent to the public?

Tuesday, 16 June 2009

FBI knew of Stanford, according to Vanity Fair

According to Vanity Fair magazine, Sir Allen Stanford, who the SEC alleges ran a Ponzi scheme, was on the FBI's radar for a number of years since he was investigated for money laundering back in 1989.

The article in the July issue of Vanity Fair, quotes a former FBI agent who claims that there were a series of interagency investigations into Stanford, but none of them resulted in any legal action.

The article also claims that there were various "red flags" within Stanford International including a 70-year-old compliance officer.

Wednesday, 10 June 2009

First-party fraud largely goes unreported

Losses from first-party credit card fraud are bigger than those from third-party fraud, and although it represents 10% to 20% of bad debt, first-party fraud often goes unreported.

First-party fraud is a new threat to the banking industry and is more difficult to detect than third-party fraud as banks often write it off as bad debt, when in fact fraudsters have given inaccurate financial and personal details in order to obtain a credit card or loan without ever intending to pay it off.

At a recent webinar held by analyst firm Lafferty Group, Martin Warwick, principal consultant, solutions management, at decision-management software vendor, FICO, said first-party fraud is different from third-party fraud in that the account for a loan or credit card is set up using a "synthetic" or false identity. The application also contains false or "misrepresented" financial information. Banks continue to write it off as bad debt, he says, because of challenges around proving intent.

Warwick says first-party card fraud can be detected during the application process and the "transactional life" of the account. Things to look out for are:

  • First payment defaults on cards
  • Cases where the customer is massively over their credit limit
  • Customer ends up as a no trace
  • Or if less than 5% of the loan is repaid.
Stand-alone scorecards and customer profiling applications can be used at the time of applying for a card or loan to detect whether an individual is likely to commit first-party fraud. However, Warwick says a holistic approach needs to be taken as first-party fraud can start with current accounts and quickly spread to other banking accounts and channels such as loans, mortgages and insurance. Both qualitative and quantitative measures need to be used to distinguish first-party fraud from bad debt.

Friday, 5 June 2009

SEC on the war path?

When the tide goes out, it is amazing what you can find washed up on the beach. The latest jetsam to be found on US shores is Countrywide Financial's former chief executive officer, Angelo R. Mozilo who has been charged by the Securities & Exchange Commission (SEC) with securities fraud and insider trading.

Countrywide Financial, a mortgage provider in the US, was one of the victims of the recent credit crisis and was eventually bought by Bank of America. The Federal Bureau of Investigation has launched investigations into the collapse of a number of high profile credit crunch victims including AIG, Lehman's and Fannie Mae and Freddie Mac.

Focusing on cases it says are at the "root of the financial crisis", the SEC alleges that Mozilo misled investors about its "high-risk" lending practices, and claims he described Countrywide's loan products as "toxic" and "poison". The SEC is also querying profits Mozilo earned on selling shares in Countrywide.

Lawyers believe this is the first of many such suits the SEC is likely to bring in the wake of the financial crisis as it looks to restore its reputation which was tarnished by its failure to uncover the Bernard Madoff Ponzi scheme.

Wednesday, 3 June 2009

Bank sues auditor over losses resulting from card data breach

An interesting test case involving a US bank suing an auditor, which it claims was negligent in certifying a payment processing company, is believed to be the first case of its kind and could set a precedent for other cases to follow.

Merchant acquiring bank, Merrick Bank, based in Utah is suing auditor, Savvis Inc., claiming that it lost $16 million as a result of fraud, fines and other costs related to a 2004 data breach at payments processing provider, CardSystems, which resulted in hackers stealing 263,000 card numbers.

Merrick says its losses stemmed from having to pay Visa and MasterCard to reimburse their issuers from the breach-related fraud, as well as other costs including legal fees. Prior to the data breach, Savvis, had carried out an audit of CardSystems. Merchant Bank now claims that report was "false and misleading" and that Savvis "failed to use reasonable care and competence in representing that CardSystems was CISP-compliant when it fact it was not.”

The Cardholder Information Security Program (CISP) preceded the PCI-DSS standard for securely storing card data. One of the basic requirements of card data security is that the data should be encrypted.