18 December 2014

PAYING ATTENTION

Ian Benn - FIS Payment Solutions EMEA

7Posts 19,428Views 2Comments

The Anti Social Network

20 September 2011  |  3243 views  |  1

Now that the volume of cash circulating through society is falling, bank robbery is no longer the blue-collar career it used to be. These days, it seems that career criminals have two options: diversify or invest in an education. An eight- inch knuckle span and a lack of discernable neck are no longer enough to make it in the world of bank robbery.  These days, a successful blagger’s kit bag contains software development tools, not just hammers and crowbars.

That is probably why jewellery stores are the new target of the armed criminal.  Clearly, there are significant commercial disadvantages in trying to sell distinctive jewellery rather than non-sequential notes, but there is simply no longer enough cash in a bank branch to make it a viable target.

Interestingly, this dichotomy is starting to change the dynamics of crime. Whereas electronic crime seems to be getting ever more sophisticated, the number of stories of incompetent robberies seems to be growing steadily. Witness the guys in the U.S. who saved money on stocking masks by disguising themselves through drawing on their own faces with a ballpoint pen, or the jewellery store thieves in Northampton, brought down by Anne Timpson, an angry grandmother with a fully loaded handbag and a heart full of right-thinking-citizen anger.

And with bigger returns, lower penalties, less chance of capture and far less personal risk, it is unlikely that Mr. Big will swap his laptop for a souped up Granada and a sawn-off shotgun any time soon.

But the surprise in all this is the way that the criminal world has created its own social networks – forums where ideas, tips, tricks, tools and even ill-gotten gains can be swapped, shared and traded.

In a recent FIS study, our Fraud Operations Team, which also looks after warranty risks for cheques and engages with police authorities, identified a number of illicit Web sites. One was an innocent looking Ghost Hunter’s Forum site where suitably spooky news could be shared between the credulous and the time-rich. A couple of levels down in one of the discussion threads, however, things get altogether more paranormal. But this was not a place where things go bump in the night. Instead it was a rich seam of consumer data for sale. Here you could buy the usual stuff; credit card details etc, but there was much more on offer and with a highly-structured commercial proposition:

  • Credit card numbers with CVV numbers (the three digit code on the back) with or without Verified By Visa passwords
  • Bank account numbers with full names, sort codes, internet banking passwords and dates of birth

What really struck our team was the pricing structure. Not only was there a volume discount structure, but they provided tiered pricing based on average account balance. In other words, if you want the bank account details for someone with an average balance of $5,000, it will cost a lot more than one with an average of $500. And don’t worry if the stolen account details don’t work – simply notify the seller and they will give you another substitute at no extra cost!

It seems that marketing strategists have hit the world of the scammer. In the future, I wonder if they will offer a loyalty scheme based on stealing air miles on behalf of frequent customers too ...

There is a serious point behind this conjecture. The fact is cyber criminals are happy to work together for a common no-good. All over the internet there are places where information is shared about tips and tricks, weak points, good institutions to target etc: the Anti-Social Network.

Why? Analogue-based bank robbers never tipped fellow blaggers off about the weak hinges on the safe doors at Barclays on Walthamstow High St. My theory (and it is only a theory) is that the world of the cyber criminal is populated by both the hard-headed career thieves, often highly organised and disciplined, and the more misty-eyed romanticists, “doing it to strike a blow for the people.” After all if nobody is physically harmed, it is not a real crime is it?

This Anti-Social Network principle creates a multiplying effect on the threat to banks and other targets.  In the recent past, if a smart criminal were to find a gap in the security protocols at a bank, he could use it to drain out as much money as possible before disappearing undetected, leaving the bank nursing losses, but with time to get things fixed before the next attack.

But today, there is every likelihood that that same loophole will be exploited by the criminal, then posted into the Anti-Social Network so that more criminals can come and try their luck. Suddenly the scope for losses to spiral out of control is infinitely greater.

Suddenly the stakes have got a lot higher.

TagsSecurityPayments

Comments: (1)

A Finextra member | 23 September, 2011, 09:47

The public has always viewed bank robbing with rose tinted spectacles - they think it is robbing the rich for the poor etc.  They forget the reality that this is all our money and banks are just supposed to guard it.  Now the target is us all, individually, and so we are much less flippant about that.  So in defence, the Social Network can fight back against the Anti-Social network, keeping us all warned about new scams doing the rounds, friends that had issues, what not to do etc.  Banks should be able to leverage that channel too. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Ian

Spotting a Desert Orchid between the payments weeds

25 November 2013  |  1119 views  |  0  |  Recommends 0 TagsPayments

Shoplifting for Beginners

12 March 2012  |  2243 views  |  1  |  Recommends 0 TagsPaymentsRetail banking

Why Cyber Monday proves things are not so bad after all

14 December 2011  |  3200 views  |  1  |  Recommends 0 TagsPaymentsRetail banking

Is privacy a dying luxury?

01 November 2011  |  2750 views  |  1  |  Recommends 0 TagsCardsPaymentsGroupInnovation in Financial Services

Paying for candles in the dark

10 October 2011  |  2489 views  |  4  |  Recommends 0 TagsOnline bankingPayments

Ian's profile

job title Managing Director
location London
member since 2011
Summary profile See full profile »
I lead the Payment Solutions business portfolio for FIS in EMEA. This includes card systems, merchant services, switching, fraud services and traditional business process outsourcing.

Ian's expertise

What Ian reads
Ian writes about
Ian's blog archive
2013 (1)2012 (1)2011 (5)

Who is commenting on Ian's posts