Tag Archive for: Financial Crimes

Posts

,

Business Impersonation New Account Fraud Targets Wisconsin Banks

By Dave Oldenburg

With mail theft at an all-time high, bad actors continue to cash in on check fraud. Organized criminals take mail from blue USPS collection boxes, or businesses that have unsecured mailboxes, looking for checks, which are used to deposit to fraudulent accounts and withdraw available funds quickly.

After the checks are stolen, fraudsters “impersonate” the business listed as the payee by fraudulently registering the business with the Wisconsin Department of Financial Institutions. The fraudulent registration is used as documentation to open a new account.

This type of fraud continues to gain traction because legitimate high-dollar checks are pilfered and deposited into an account without having to alter checks — a strategy designed to throw off suspicion.

Common Tactics

  • The fraudster may park or is dropped off near the branch to avoid vehicle identification.
  • The person opening the account may provide two forms of identification (later determined to be counterfeit) such as an out-of-state driver’s license and a passport identification card.
  • The person will furnish a copy of a utility, cable, or mobile phone bill that lists a local address.
  • The person opening the account may not deposit the stolen check right away to avoid scrutiny.

Possible Red Flags

  • Internet research shows that the business operates out of state.
  • Internet research cannot support a connection to Wisconsin.
  • The registered agent’s address is outside the geographical area where the business operates.
  • Recent and/or multiple business registrations for the same person are listed with the Wisconsin Department of Financial Institutions. Based on the number of stolen checks in their possession, fraudsters may register multiple businesses around the same time.
  • The name of the business differs slightly from the payee listed on the check or is a variation of a larger, well-known corporation.
  • The signer seems rushed or provides vague information about their business.

Best Practices and Procedures to Prevent Losses

  • Consider additional due diligence on new business deposit accounts that were recently registered. A quick Google search will often reveal that the business operates out of state and has no affiliation with the registered agent, or the address they provided.
  • Double check for signs of fake or altered identification.

Because there are variations of business impersonation new account fraud, it is best to follow your institution’s best practices and procedures regarding suspicious activity.

 

Oldenburg is vice president – director of financial investigations at Tri City National Bank, West Allis, and member of the 2023–2024 WBA Financial Crimes Committee

/by
Person writing check
,

Executive Letter: Check Fraud Resources

By Rose Oswald Poels

Check fraud remains a top issue and expense for WBA members. Often when needing to work through the process of collecting on a fraudulent check, it can be difficult to determine the correct party or department to work with at another financial institution involved in the particular check negotiation chain. I have heard of banks having to wait several weeks, or even months, to get a response from another when trying to resolve a fraudulent check matter. I have also heard from bankers of the frustration of not knowing what the other bank may need for research purposes or if a particular affidavit is required, such as an affidavit of forgery.

To help with this problem, the American Bankers Association (ABA) has created an online directory to assist banks in handling check fraud claims more efficiently. The directory lists contact information for banks that need to file a check warranty breach claim with another financial institution. It is searchable by bank name, city, state, or FDIC number, so banks can find the right contact at the institution to help resolve a warranty breach claim. The directory is available to ABA members and non-members.

To access the directory, banks will need to provide their detailed contact information and any documentation requirements for submitting a claim. As I understand the process, ABA will verify all submissions before uploading information to the directory. The process may take 5–10 business days, after which ABA will email the bank to let the bank know it has been added to the directory. I encourage banks to participate to maximize the utility of the resource.

To further assist banks with other resources, various affidavits have been created and/or shared by the WBA Financial Crimes Committee and may be found in the Security/Financial Crimes folder within the WBA Best Practices Library.

The WBA Best Practices Library is password protected; should you need the password, please contact WBA Legal at wbalegal@wisbank.com.

Information about the ABA Check Fraud Claim Directory may be found at: aba.com/banking-topics/risk-management/fraud/check-fraud.

If you have other suggestions or needs for resources to help your team mitigate check fraud, please let me know.

/by
,

Fraud Report: Felony Lane Gang Activity Continues to Target Wisconsin Banks

By the WBA Financial Crimes Committee

A group of organized criminals, referred to as the Felony Lane Gang, uses the Fort Lauderdale-area as a home base to plan their attacks on unsuspecting banks. The group travels across the U.S., stealing items from unattended vehicles parked in areas such as state or county parks, sporting events, parking structures, and more. The Felony Lane Gang looks to steal checks and identification belonging to victims like driver’s licenses, credit, and debit cards. Once gathered, the group cashes numerous fraudulent transit checks by posing as a valued customer of your bank.

The Felony Lane Gang received their name because they often target the far drive-up lane to make positive identification more difficult.

Felony Lane Gang Tactics

  • Late model vehicles are driven (usually rented) bearing stolen Wisconsin plates.
  • Criminal actors (often female) will dress the part — using wigs and other means to resemble the picture displayed in the stolen identification.
  • The Felony Lane Gang will typically supply two forms of identification to lure front-line staff into a false sense of security.

Once the Felony Lane Gang is successful in cashing the first check, other branches are quickly targeted.

Possible Red Flags

  • The actor presenting the check appears anxious, rushed, overly chatty, or name drops.
  • The branch location appears out of the area in comparison to the customer’s address on file.
  • A second form of identification provided (a debit or credit card issued by your bank) has been previously closed or hot carded.
  • The actor cannot accurately answer additional security verification questions.

Best Practices

Depending on your branch footprint and overall risk tolerance, consider adopting best practices such as:

  • Adding an electronic notation or warning flag to a relationship profile when a customer reports that their identification was stolen. This serves as a fraud warning prior to Felony Lane Gang activity occurring.
  • Compare the likeness of the person conducting the transaction to the identification presented for inconsistencies.
  • Adopt step up identification procedures for transactions that exceed a certain dollar amount.
  • If the customer is not “personally known” to you or other branch staff, use out-of-wallet identification methods — such as employer information, last direct deposit date, etc.

It is important to note that although the Felony Lane Gang typically uses drive up lanes to commit fraud, bolder groups are going inside the branch as well.

When in doubt, follow your bank’s procedures on suspicious transaction activity to minimize losses.

/by
,

Fake Check Scams Posing as IRA Proceeds

By Dave Oldenburg

Financial institutions have reported incidents where a new or seasoned customer is instructed to open an IRA account, with a fake check, disguised as a rollover. Criminals who orchestrate these crimes hope that front lines staff will be fooled into believing that IRA accounts are not typically associated with fraud. Unfortunately, this type of fake check scam has gained traction and has the potential to inflict substantial losses when not detected early. Although some account holders are aware that they are negotiating a fake check, others do not realize that they are being manipulated as part of a relationship or similar fraud scheme.

How Does the Scam Work?

Similar to other fake check schemes, the purpose is to falsely inflate the balance of an account and withdraw funds as quickly as possible. Funds are often transferred internally, followed by outgoing wires, BillPay, or other electronic payment methods, before the check is returned unpaid.

How Do I Spot a Fake IRA Check Scheme?

It is important to note that criminals generally use accurate information from compromised accounts such as a bank’s ABA, account number, and approximate check range to create and distribute the checks. Some may go further and use convincing check stock, bearing a quality signature of an authorized signer to increase the likelihood that the check will be negotiated.

With that in mind, it’s important to recognize common red flag indicators associated with this type of fraud:

  • The check is made payable to an individual. As a rule of thumb, legitimate Traditional and Roth IRA rollover checks are generally made payable to the financial institution, for benefit of (FBO) the account holder
  • The check doesn’t appear to be drawn on a qualified retirement plan. Many fake checks are drawn on a law firm, cashier’s check or what appears to be a general business operating account.
  • The check is sent directly to the branch by an unknown third party with instructions to deposit the check into a new or existing IRA
  • A memo line with vague instructions to deposit the check into an IRA account
  • The customer seems concerned when funds will be made available
  • The account holder wants to disburse funds shortly after the account was opened

When in doubt, it’s best not to accept the check and follow your bank’s procedures on suspicious account activity.

Oldenburg is a fraud officer, Bank First, Manitowoc and member of the WBA Financial Crimes Committee.

/by

Legal Q&A: Procedures for Information Sharing

How your bank can prevent financial crimes

By Scott Birrenkott

Q: What Tools are Available to Banks to Help Deter Financial Crimes?

A: Part of Bank Secrecy Act (BSA) regulations establish procedures for information sharing to deter money laundering and terrorist activity.

As financial institutions continue to monitor Office of Foreign Assets Control (OFAC) lists regarding sanctions and other restrictions, don’t forget to monitor for information sharing requests through Section 314 of the USA PATRIOT Act. Pursuant to section 314(a) law enforcement agencies may request that the Financial Crimes Enforcement Network (FinCEN) solicit, on its behalf, certain information from financial institutions.

Upon receiving an information request, a financial institution must conduct a one-time search of its records to identify accounts or transactions of a named suspect. Generally, financial institutions must search records for current accounts, accounts maintained during the preceding 12 months, and transactions conducted outside of an account by or on behalf
of a named suspect during the preceding six months. If a financial institution identifies any account or transaction, it must report to FinCEN that it has a match. No details should be provided to FinCEN other than the fact that the financial institution has a match. A negative response is not required. Unless otherwise provided, the search and response must be conducted within 14 days.

Financial institutions should also consider that FinCEN issued an alert on March 7 to be vigilant against efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine. The advisory warns of evasion attempts and that “sanctioned Russian and Belarusian actors may seek to evade sanctions through various means, including through non-sanctioned Russian and Belarusian financial institutions and financial institutions in third countries.”

FinCEN also provides several red flag indicators to watch for attempted evasions. Select red flag indicators include for transactions initiated from IP addresses located in Russia, Belarus, or other sanctioned jurisdictions, transactions connected to convertible virtual currency (CVC) addresses listed on OFAC lists of specially designated nationals and blocked persons, and customer use of a CVC exchanger or foreign-located money service businesses in a high-risk jurisdiction.

/by
,

Signs of Business Check Cashing Fraud to Watch Out For

Dave Oldenburg

By Dave Oldenburg, fraud officer, Bank First, Watertown and member of the WBA Financial Crimes Committee

Business check cashing fraud, dubbed “operation homeless” by law enforcement, continues to impact our industry. Furthermore, it can negatively affect customer perception when fraudulent “on-us” checks are cashed at your bank.

Although there are many kinds of check fraud schemes, business check cashing fraud begins when a customer’s legitimate business checks are taken from commercial mailboxes. Often times, the compromise occurs when a customer’s outgoing mail or the recipient’s mailbox is breached. These mailboxes are often unsecured — making them an ideal target to steal checks. Once the checks are stolen, the ringleader produces quality counterfeit checks that closely resemble the features of legitimate checks. In this type of fraud, the intent is to cash as many checks as possible at numerous bank branches — sometimes pocketing tens of thousands in just one day.

The ringleader creates the checks, but recruits individuals (mules) to cash the checks if they have current and valid identification. In turn, the mules receive a small portion each time a check is paid out. In an organized fashion, these criminals travel around the state with counterfeit items, drawn on many accounts from different banks.

Fortunately, there are ways to stop fraud in its tracks. Here are some suggested “best practices” for front-line staff:

  • Compare the check to recently cleared checks as well as the signature card on file.
  • Looks for signs of traced, forged, or scanned signatures that appear irregular.
  • The current check range on recently cleared items may be considered — however a counterfeit check is often in the current range.
  • Look for recently issued identification (sometimes mules will obtain identification for the sole purpose of committing check fraud).
  • Refuse to cash the check when presented with worn or damaged identification that omits information.
  • Refuse identification that doesn’t appear to match the individual presenting the check.

Be aware of some common “red flags” that may be indicators of business check cashing fraud such as:

  • The branch location is “out of the way” from the non-customer’s address listed on the check or listed on the identification presented.
  • The person presenting the check came to the branch on foot or was dropped off.
  • The person presenting the check appears anxious, rushed, or overly chatty or name drops.
  • The person is in contact with someone on their mobile phone while the transaction is being performed.

To help mitigate your institution’s risk of loss, it is recommended that checks presented by non-customers be handled with additional scrutiny. Most importantly, if the maker of the check does not have positive pay services, consider adopting procedures where an authorized signer is contacted to validate checks over a certain dollar amount.

/by
Wisconsin Bankers Association logo

questions@wisbank.com

608-441-1200

4721 S Biltmore Ln.
Madison, WI 53718

Get our Newsletter!
Subscribe