Preventing Fraud from Top to Bottom | Information Security Summit 2014

An estimated 5% of annual corporate revenues are lost each year to fraud, represented in part by computer fraud. Protection against this threat requires a strong, proactive and comprehensive, entity-wide set of policies, procedures and controls. Anti-fraud measures should include strong manual and automated controls which are designed, implemented, tested and monitored to prevent and detect fraud on a timely basis. This presentation aims to explain how organizations can integrate anti-fraud initiatives into their daily activities to:

  • Develop a system of manual and automated, preventative and detective anti-fraud internal controls
  • Proactively monitor, identify, assess and manage fraud risks
  • Creating an anti-fraud culture and fraud awareness program
  • Respond to incidents involving fraud

Recent indictments reveal debit card fraud techniques

On May 9, 2013, Federal prosecutors issued indictments against eight individuals for hacking and theft.  The case revealed the methods used by hackers to gain access to debit card numbers that were ultimately used to withdraw $45 million.

Hackers gained unauthorized access to credit card processing companies and conducted what hackers term “unlimited operation”.  Unlimited operation is an attack where debit cards account balances and withdrawal limits are removed.  In this case, attackers performed unlimited operation on several prepaid MasterCard debit cards and then distributed the card numbers and pins to groups around the world.  These groups recoded gift cards and hotel entry cards with the stolen card numbers and then coordinated withdrawals from ATMs.

We have spoken of the increase in the coordination of cyber-attacks many times, and this is an excellent example.  In a little over two hours on December 22, 2012, the criminals were able to withdraw $400,000 from 140 ATMs across New York City.  A series of thefts in February resulted in the theft of almost $2.4 million in 10 hours, and the group is accused of stealing a total of $45 million by following this procedure for different card issuers and locations.

The banks involved in this case might have prevented the theft by monitoring for anomalous behavior such as the excessive use of a card number or the modifications required in unlimited operation attacks.  Anomalous behavior monitoring is valuable no matter where the next attack comes from, and it is useful in other industries as well.

Pyramid Scheme

Pyramid Schemes: Building lies on hopes and dreams

A pyramid scheme is much like the old chain letters people received when the post office was the en vogue form of communication.

The way this scheme works is simple and very identifiable. One person begins at the top of the pyramid and recruits a few other people to “invest” some amount of money, say $100, into the initial investor. These new recruits go out and recruit more people, who recruit more people thus promulgating the scam further. The fraud comes in when people close to the bottom of the pyramid cannot recruit enough people to pay off those who are a level above them, thus losing money.

Pyramid schemes do not have to be about money either.  One neighborhood friend sent us a letter asking us to send out letters to six friends who would all send her child books, then those six would send out letters to their friends to send our child a book so that we would get 36 books but only send out one to the person who sent the letter to her.  We, of course, did not participate.

There are many types of pyramid schemes that have similar motives and results: invest in order to see a profit, but there is nothing tangible to invest in. Other similar schemes are called, Ponzi schemes, chain letters, and multilevel marketing.

Despite the name, money mules are not good

The life of a money mule begins simply enough. An email arrives, often unsolicited, that asks whether or not you would like to change careers, receive copious amounts of money, and work unsupervised. Who wouldn’t want that? The job ads might call this position a payment processing manager, fund manager, transaction processing agent, or some other legitimate sounding name. Those who accept the position are instructed to transfer funds from one account to another, in the meantime gaining a percentage on the amount transferred. It seems like an easy job with more than adequate compensation so what’s the catch?

If you read the fine print you will see that this is just a basic money-laundering scheme. These money transfers the person engages in are illegal since the funds transferred are stolen. Those who participate could be fined or jailed. In the best case scenario, participating in such a scheme, even unknowingly, could result in a freezing of the victim’s account, while investigations go on.

There is another variation you should be aware of. Instead of transferring money over the wire some scams may ask you to deposit checks and then wire money elsewhere. The check will arrive in the mail and you go to cash it taking your promised percentage. The problem happens when the check bounces and the bank deducts the money from your account along with a fine after you have already wired the money elsewhere.

Fraud Alert: Oscar’s Exotic Fish

Last month my fish tank sprung a leak. I have a 75 gallon bow front aquarium so it made quite a mess. I managed to save most of the fish; praise the Lord! When the water settled and my floor was mopped, I began looking for a fish tank that would not break a seal like that. I decided to get an acrylic aquarium without seals to break. The only mistake I made was in my choice of stores. Oscar’s Exotic Fish had the lowest price on the net but the worst service. I ordered my aquarium on November 22 but by December 17, my aquarium still had not arrived. My fish had been living in a quarantine tank for weeks and I was seriously concerned for their health. In the mean time, I received my credit card bill to find that Oscar had billed me three times for an aquarium that never arrived. I tried contacting Oscar right away. First I emailed him and then called him. I called him every day for a few days without a response. I finally called my credit card and disputed the three payments. I will not tolerate that kind of service. Oscar, you should be ashamed of yourself.

So how does the story end? I ordered a different tank from Truly the Best and I am currently waiting for it to arrive. I emailed them before placing the order and they verified that it will arrive in 14 to 21 days. It is quite a beauty of a tank. It is a 90 gallon SeaClear System 2. It is all acrylic and it has a built in wet/dry biological filtration system built into the back of the aquarium. The tank has a 350gph submersible pump so it is very quiet and the bio balls should keep the tank water very clean. I will put my 200W compact lighting on top of it. I am so excited.

Fishtank9 Fishtank8 Fishtank7 Fishtank6 Fishtank5 Fishtank4 Fishtank3 Fishtank2 Fishtank1

[Edit] The tank arrived last week and I got it all conditioned. The fish were moved over yesterday. Here are some pictures. The tank looks great and the fish love it.