Post on 11-Jan-2017
transcript
Catch Me If You Can: Tackling Financial
Fraud in the 21st Century
ECIIA Conference, Stockholm
6th of October, 2016
these are my views
they do not reflect the views and policies of my current
and former employers
the main purpose is to share ideas and
facilitate discussion
“Fraud control – in any profession – is a miserable business. Failure to detect fraud is bad news, and finding fraud is bad news, too”
Malcolm K. Sparrow, 1998
speaker’s bio
speaker’s bio
Banking sector in LithuaniaSource: Lithuanian Banking Association
Retail banks Branches Cash machines Employees8 298 1 367 9 274
bank crime
Bank Robberies in the Baltics
Robbery Statistics* 2008 2009 2010 2011 2012 2013Lithuania 20 3 0 0 0 0
Latvia 3 2 4 22 6 3Estonia 1 6 3 n.d. 4 0
*European Banking Federation
Bank robberies are on decline
Source: Svenska Bankföreningen
Bank robberies are on decline
Source: Nederlandse Vereniging van Banken
“Where did all the bank robbers go?”
Campbell, D., The Guardian, 2014
Source: ThreatGeek.com
Another Attack of Cyber Criminals!FEARS are growing for the UKs financial security after cyber thieves hacked into a major European bank's computer, stealing thousands of pounds in savings.
Online criminals have targeted a top European bank, stealing more than £400,000.
The attack, which took place at the beginning of the year, compromised more than 190 personal accounts.
The thieves used a Trojan programme to hide dangerous information inside innocuous-seeming software.
This intercepted data and allowed the criminals to transfer money without the bank or its customers becoming aware.
It appears most of the victims were from Turkey and Italy with some customers losing over €39,000
Details about which bank has been attacked have not been released, or whether any UK customers have had any money stolen.
This latest attack is sure to send shock waves through the banking sector as it proves how vulnerable modern day technology is to attack from criminals.
THE DAILY NEWSwww.dailynews.com THE WORLD’S FAVOURITE NEWSPAPER - Since 1879
#case study
the dynamics of telephone fraud
“It’s me, mother/grandmother! Help me!”
fraud
Not a perfect crime# limited gain# limited range of potential
victims# requires physical contact /
time# difficult to recruit couriers
“Hi, I’ve a job for you” fraud
“Hello, I’m a police investigator…” fraud
Online Banking Facility
Password Card
“Houston, we’ve a problem!”
# everyone’s a potential target# significantly increases fraudsters’ gains# no physical contact and requires less time# abundance of money mules
97 273 57 39 20
133,699 €
424,158 €
108,688 € 102,028 €
34,176 €
Telephone Fraud Statistics from SEB Bank
2012 2013 2014 2015 2016
Total486 victims802 749 Eur
Police Statistics 2012
of fraudulent phone calls originate in
Lithuanian prisons
(Source: Lietuvos Rytas, 15th of May, 2013) (Source: Respublika, 12th of March, 2012)
95% 816
804 046 EUR
357 225 EUR
7 884confiscated phones in prisons
cost of investigations
estimated loss
telephone fraud reports
Profile of a Victim# 95 per cent women # average age - 55 years old# average loss – 1 600 EUR# had heard about telephone fraud before# hardly ever see stolen funds# suffer loss of self esteem, because they
blame themselves for having been ‘so stupid’# the society labels victims as gullible or plain
stupid
Stupid cow!How on earthcould I fall for that!?
A fool and his money are soon parted!
Anyone can become a victim of fraud
Cross-border Crime
Variations of Telephone Fraud in Other Countries
The Fake President Fraud
Victim
Fraudster 1 Fraudster 2
challenges for law enforcement agencies
Dilemma of Contemporary Crime
“If a network of Nigerian scammers based in Amsterdam defrauds French, Australian and American credit-card holders, where does the crime occur?”
“Earning with the Fishes”, The Economist, 2014
Source: BBC
Godfather of “la fraude au president”
Source: Huffington Post, 2016
Law Enforcement Agencies# cross border investigations are
often lengthy and complicated# often lack forensic and technical
expertise, resources and motivation
# mutual legal agreements vs. speed of cross border bank transfers
# do not always understand banking products
# often engage in blame the victim behavior
challenges for the banking industry
Pssst…keep it shtum!
# Doesn‘t share fraud data# Doesn’t have the same fraud definitions# Doesn’t share data on known fraudsters# Rarely shares data on best practices# Lacks adequate
training/qualifications/resources for its counter fraud staff
# Finally, banking legislation doesn’t provide enough guidance on how banks should deal with fraud
Financial Services Industry
challenges for customers
Security = inconvenience
Well, it ain’t gonna happen to me!
“less than one percent of [Dropbox] user base of 500 million registered users had chosen to turn on 2-factor authentication for their accounts”Head of Security @Dropbox
Source: KrebsOnSecurity.com
So there’s never been a better time to … become a fraudster?
# No physical contact# Victimless crime# Defraud globally vs investigate locally# Abundance and availability of… # Recycling of old fraud types# Anonymity# Crime as a service
thank you for your
attention!