20 September 2017
Uri Rivner

The Joy of Fraud Fighting

Uri Rivner - BioCatch

78Posts 361,574Views 36Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Riders On The Storm

26 May 2009  |  3665 views  |  0

There’s so many things going in favor of online fraudsters these days – so much back wind they can use to accelerate their evil business – that it seems like there was never a better time to take up to crime. Provided, of course, that you have a weak moral fiber.

Let me list a couple of things: 

  • Trojans are so easy to run and operate. The State-of-the-art has never been within reach of so many non-technical fraudsters.
  • Trojans also come cheap. Just a single fraudulent online banking transfer will cover your cost for buying the latest Trojan on the market.
  • Trojans can defeat any single authentication technology thrown at them. A little bit like germs that eventually become immune to antibiotics. By the way, the trick is to use multiple lines of defense and combine visible with invisible techniques.
  • Infection is getting really out of hand. We talk about x10 infection rates compared to just a year ago. Mostly this is due to drive by downloads. If you want a good example for that, check out www.Paulmccartney.com – and have a look at their security statement from 01.05.2009 (first of May for those of you not used to British dates).

But these are just the technological advancements. It wouldn’t have been so bad if the economy was OK. But now that there’s a storm outside, the impact of these advancement is far worse. Fraudsters learned how to ride the storm. 

There are several ways to use the economic hardships to scale up your fraud operation. Some say it’s a good time to find insiders within a call center of a bank or a retailer. I think the main opportunity the fraudsters use is different: work-from-home ads.

In order to empty a victim’s account you need a “mule”. Someone that will – unknowingly – collaborate with you. Before the economic crisis it wasn’t that difficult to find mules: you just sent emails explaining you’re a European charity looking for a local manager in Australia that will receive “donator money” and wire it to the needy in East Europe. Or that you’re a foreigner who can’t open an account in the UK, but you have lots of business and many customers willing to pay; so you’re looking for a regional financial officer to take care of these payments: customers will pay via money transfers, and the financial officer will walk to the international wire agency branch to send the cash out of the country. Many people responded to these scams and became part of a criminal fraud operation.

Hey, I even got such email myself – see attached image.

I’m still considering working for AutoPay – the extra salary is amazing, I meet all the qualifications, and I can squeeze a couple of hours of working from home in my schedule, I reckon. Maybe I can even do it from the office.

OK, enough fun. Where was I? Oh. I was making the point that even before Credit Crunch, it wasn’t difficult to find mules willing to work for the fraudsters. 

But now with the economic crisis, things have gotten much worse. People actively search online job websites for these ‘work from home, earn lots of money’ ads. People that lost their job, or had to cut their salary, or small businesses that collapsed.

So thousands of innocent people apply, give all their information, and wait for an opening. The fraudster just uses each mule in turn, and picks the next one standing in line. They also improve their “front end” – today’s scams look much better than AutoPay.

This allows the criminals to scale up their cash-out operation. So now they have great scalability in both stealing the data, and using it.

eCommerce fraud is also easier these days. Merchants are reluctant to reject good business. They need every customer they can get and will think twice before declining transactions, especially in high-ticket items.

Another way to ride the economic crisis is new account opening. If – through identity theft – you collected enough information to pose as a legitimate person, preferably someone with great credit history, no card issuer will refuse letting you open an account. They’ll be crazy to turn you down in these troubled times. They’ll also offer you amazing benefits if you “move” from another issuer using a balance transfer.

Then all you have to do is use the credit and run.

And here’s another side effect of the economy: delinquency is now at record high figures. In the US, the top 5 card issuers had 5.4% delinquency in 2008. This means one out of twenty loans are never paid, and it’s not getting any better.

So now you have a collection team that handles a huge amount of credit defaults. They send the 6’5” goons to knock on people’s doors and convince them to pay their credit bills. But many of these “cardholders” are phantoms. They are fraudulent applications miss-classified as bad debt. And the bank loses in three ways: first by getting hit by the fraud, then by not having enough data on how much they lost – limiting their capability to mitigate future fraud, and third by hiring more goons to chase these ghost accounts.

To summarize all that: there’s a storm outside, and the bad guys are riding it really well.

Autopay Inc TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  3690 views  |  1 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  3026 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  22051 views  |  1 comments | recomends Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  3727 views  |  0 comments | recomends Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Uri's profile

job title Head of Cyber Strategy
location Tel Aviv
member since 2008
Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strategy at BioCatch and formerly Head of new technologies, identity protection, at RSA, the security division...

Uri's expertise

Member since 2008
78 posts36 comments
What Uri reads

Who's commenting on Uri's posts