SYS-CON MEDIA Authors: Gilad Parann-Nissany, RealWire News Distribution

Related Topics: Security

Security: Blog Post

Fraud Detection, Financial Industry and E-Commerce | Part 3

Graph databases to the rescue

(Today, Part 3: anatomy of collusion-based first party bank fraud, a.k.a. how fraudsters work together to defraud a bank. Do not try this at home!!)

While the exact details behind each first-party fraud collusion vary from operation to operation, the pattern below illustrates how fraud rings commonly operate:

  1. A group of two or more people organize into a fraud ring
  2. The ring shares a subset of legitimate contact information, for example phone numbers and addresses, combining them to create a number of synthetic identities
  3. Ring members open accounts using these synthetic identities
  4. New accounts are added to the original ones: unsecured credit lines, credit cards, overdraft protection, personal loans, etc.
  5. The accounts are used normally, with regular purchases and timely payments
  6. Banks increase the revolving credit lines over time, due to the observed responsible credit behavior
  7. One day the ring "busts out", coordinating their activity, maxing out all of their credit lines, and disappearing
  8. Sometimes fraudsters will go a step further and bring all of their balances to zero using fake checks immediately before the prior step, doubling the damage
  9. Collections processes ensue, but agents are never able to reach the fraudster
  10. The uncollectible debt is written off

In order to illustrate this scenario, let's take a (small) ring of 2 people colluding to create synthetic identities:

  • Tony Bee lives at 123 NW 1st street, San Francisco, CA 94101 (his real address) and gets a prepaid phone at 415-123-4567
  • Paul Favre lives at 987 SW 1st Ave, San Francisco, CA 94102 (his real address) and gets a prepaid phone at 415-987-6543

Sharing only phone number and address (2 pieces of data), they can combine these to create 22= 4 synthetic identities with fake names as described in Diagram 1 below.

Diagram 1: 2 people sharing 2 pieces of data and creating 4 synthetic identities

Diagram 1 shows the resulting fraud ring, with 4-5 accounts for each synthetic identity, totaling 18 total accounts. Assuming an average of $4K in credit exposure per account, the bank's loss could be as high as $72K.

As in the process outlined above, the phone numbers are dropped after the bust-out, and when the investigators come to these addresses, both Tony Bee and Paul Fabre (the fraudsters, who really live there) deny ever knowing John Smith, Frank Vero, Mike Grat or Vincent Pourcent.

Pretty lethal, right?  Next time, let's see what we can do to catch these guys in real-time.

More Stories By Gorka Sadowski

Gorka is a natural born entrepreneur with a deep understanding of Technology, IT Security and how these create value in the Marketplace. He is today offering innovative European startups the opportunity to benefit from the Silicon Valley ecosystem accelerators. Gorka spent the last 20 years initiating, building and growing businesses that provide technology solutions to the Industry. From General Manager Spain, Italy and Portugal for LogLogic, defining Next Generation Log Management and Security Forensics, to Director Unisys France, bringing Cloud Security service offerings to the market, from Director of Emerging Technologies at NetScreen, defining Next Generation Firewall, to Director of Performance Engineering at INS, removing WAN and Internet bottlenecks, Gorka has always been involved in innovative Technology and IT Security solutions, creating successful Business Units within established Groups and helping launch breakthrough startups such as KOLA Kids OnLine America, a social network for safe computing for children, SourceFire, a leading network security solution provider, or Ibixis, a boutique European business accelerator.