Financial Crimes &
Fraud Schemes
Affecting Financial
Institutions
Detective Mark D. Solomon
Greenwich Police Department
CT Financial Crimes Task Force
IAFCI CT Chapter President
America Under Attack
Network Intrusions
POS Compromises
Skimming
Phishing/Vishing/Smishing
Account / Email Takeovers
False Applications/Openings
Card Crackin’ / Crackin’ Cards
Kiting
Understanding the Problem Identity Theft Statistics
• 16.6 Million people experienced ID Theft in 2012
• $24.7 Billion in losses from Identity Theft in 2012
• 85% of ID Theft cases involved the fraudulent use of existing account information, such as credit card or bank account information.
• 45% of the victims were notified of the incident by their Financial Institution
ID Theft Statistics & Law Enforcement
• Fewer than 1 in 10 victims reported identity theft to a law enforcement agency
• Only 5% of ID Theft cases reported to law enforcement end in the arrest of the suspect
• Once every three seconds—how often an identity is stolen
Network Intrusions 2014 Trustwave Global Security Report
71% of intrusions were not detected by the victim.
On average, it took 87 days for an intrusion to be detected.
Self Detection can shorten timeline from detection to containment from 14 to 1 days.
CONNECTICUT FINANCIAL CRIMES TASK
FORCE
(203) 782-7333
U.S. Secret Service (24 Hrs.)
(203) 865-2449
Where is the Data Going? The “Underground” of the Internet
The Criminal’s Version of E-bay
www. carder.su. “The E-bay of ID Theft and financial fraud”
Common Characteristics ATM Skimming Operations
Mostly Eastern European groups.
Normally will work in groups (2-3). Counter-surveillance and lookouts
Inspectors
Traditional Devices are being removed between 1-24 hours. recording storage space limitations (PIN Capturing Device)
Suspects may target the same ATM machine on multiple days.
Suspects prefer targeting ATMs after banking hours but at high traffic times (5-10pm Weekdays, After 1pm on Weekends)
Common Characteristics ATM Skimming Operations
Suspects prefer weekends (especially holiday weekends).
Suspects may remain in proximity to the ATM throughout skimming incident.
May use counter surveillance tactics to identify law enforcement.
Groups are Transnational (U.S. was probably not their first stop)
ATM SKIMMING HARDWARE The Evolution of Hardware
Traditionally (2) pieces of hardware are required to commit ATM Skimming:
ATM Skimming Device (AKA Skimmer)
Pin Capturing Device
Modern Day ATM Skimming
Operations
Sample ATM Skimmers
Key Identifier of Skimming Device
Micro Video Recorders: Concealed within object that appears to be part of
the ATM machine and/or its surroundings
Pin-Hole Micro Video Recorders
- Powered by batteries (cell phones)
- Limited video recording space
(1-6 hrs) (8-24 hrs)
Traditional PIN Capturing Devices: “The Micro Video Recorder”
Pinhole for camera
Receipt PIN Capturing Device and Skimmer
Components of Norwalk, CT Device
Nokia Cell Phone Battery
Camera devices
Alternate Location of Skimming Devices: ATM Lobby Door Skimmers
September 2009 – Connecticut
Instead of placing the Skimming Device directly on the ATM machine, skimmers can be placed at the ATM Lobby Door Access Device.
(A PIN Capturing Device is still required to be placed on or in close proximity to the ATM machine’s PIN Pad)
Increase in door skimming is a direct result of Anti-skimming measures being in-acted by ATM manufacturers.
Lobby Door Skimming ATM Lobby
Door Skimmer location
All-In-One Skimming Devices
Chip Reader Pin-hole camera
- An All-In-One Skimming Device contains both the skimmer
and PIN Capturing Device within a single unit.
- The key identifiers of the device is the Pin Hole Camera
located somewhere on the frame and the exposed card
reader chip at the mouth of the device.
2014 Trends Devices Designed to defeat ATM Skim technology
Ultra Thin Skimmers
Skimming of softer targets
US Post Office Automated Vending Machines (AVMs)
Automated Ticket Vending Machines
Privately Operated ATM locations
Hotel lobby/Supermarkets/Highway Rest Stop ATMs
Point of Sale Terminal (POS) skimming at merchant locations
Ultra-Thin Insert Skimmers
Photos provided by NCR
Ultra-Thin Insert Skimmers
Photos provided by NCR
Softer Target Deployment
Internal / External Gas Pump Skimming
Prevention & Detection Multiple Inspections (Log Sheet)
First arrive
Middle of Day
Last Person to Leave
Report All Active Devices to Local LE Without bringing attention (Counter-surveillance)
Safely monitor location until police surveillance is initiated
Immediately contact person controlling video surveillance and attempt to identify installation suspects.
Card Crackin’ / Crackin’ Cards Got it’s name from Chicago area.
Ringleader recruits multiple subjects to open new accounts or turn over existing debit card and PIN number to organization.
Other individuals deposit counterfeit checks into the account.
Suspects withdraw funds from the account using the forfeited Debit Card and PIN number before the FI is aware the check is counterfeit.
Accountholder reports debit card and PIN stolen after the fraud.
Accountholder receives portion of the stolen proceeds.
Combating Cyber Criminal Activity & Fraud “EPIC”
Education
Prevention, & Security
Intelligence Sharing
Capture and Prosecution
Education The Banking Industry
Education of the frontline employee: Understanding The various threats our financial
institutions may face. ATM Skimming
Cracking Cards
Check Fraud/Counterfeit Checks/Kiting
Understanding the various threats our customers may
fall victim to (“Having a Conversation with you
customer”): Foreign Lottery
Work From Home
Date. CON
Family Member in Distress
Prevention & Security
Identify your weakness and vulnerabilities at your financial institutions and make improvements.
Physical Security (ATMS/POS/Door
Readers/Cameras) Vulnerabilities to:
Network Intrusions Ransom-ware Phishing Attacks
Global Communication
To Combat
Global Organizations
The Value of Intelligence Sharing
Intelligence Sharing is the most critical tool in combating fraud & cyber criminal activity.
Law Enforcement Financial Institutions
Timely notification of fraud & the filing of SARS
Timely notification of a POC
Law Enforcement
Other FI’s
Visa/MasterCard
Resources to Bring LE & FI’s Together
CFT Training
IAFCI (www.iafci.org) International Association of Financial Crimes Investigators
CRIMEDEX (www.crimedex.com)
ATM Skimming Intelligence Network ([email protected])
External Fraud Meetings
Get to Know Your local LE Investigators!
Knowledge Is Key….Ask Questions