March 15, 2019
Financial Crime and Cyber Fraud Converge in Menacing Mashup
Posted January 4, 2018
A crackdown on international money laundering has confirmed fears about the convergence of cyber fraud and financial crime that threatens to hobble online fraud prevention efforts in 2018 and beyond.
According to reports, law enforcement agencies in 26 countries partnered with 257 banks and private-sector partners to launch a global dragnet from November 20-24. In less than one week, teams uncovered nearly $37 million in illicit money transfers, resulting in 159 arrests.
A welcome win for the good guys, to be sure. But it should also serve as a wake-up call for the financial services industry.
As it turns out, cyber fraudsters aren’t just boosting their technological firepower at breakneck speed. They’re also assimilating traditional financial crime tactics that will make it tougher than ever to slow them down.
Mergers and Acquisitions
In a recent post, we predicted that the convergence of cyber fraud and traditional financial crime will accelerate in 2018.
Given the findings from this recent sweep, we’re even more confident of our assessment, and believe this is more than just digital-era fraudsters adopting old-school approaches. It’s the merger of two worlds into one.
In fact, 90 percent of the 1,719 illegal transactions uncovered by this law enforcement action were linked to cybercrime, which is growing more networked and organized by the day.
During the past six years, cyberthieves have robbed financial institutions for what amounts to more than $35,000 every minute. This number is likely to grow in 2018 as fraudsters use automated bot attacks to apply for fraudulent loans or hijack existing accounts. Overall, cybercrime fueled by stolen identities acquired through data breaches and the dark web have contributed to global losses of $3 trillion—and counting.
Yet there’s also another factor at play. With our own data showing fraudulent account creations surging 240 percent last quarter compared to the same period in 2015, it’s clear cybercriminals are solving a key question: What do you do with assets once you’ve stolen them?
For our purposes here, think of cyber fraud as the outflow of illicit funds, and traditional financial crime, such as money laundering, as the inflow of illicit funds into other accounts.
Increasingly, these accounts are in other countries. This makes it much harder to track down the perpetrators and pilfered money, and far easier for swindlers to convert these “dirty” funds into “clean” assets that appear to have been acquired legally.
This typically involves three carefully coordinated steps:
- Placement: Pilfered funds are introduced into a legitimate financial system, often through “smurfing”—breaking funds into smaller amounts to avoid suspicion.
- Layering: Financial transactions are conducted to conceal the source of the money. Think real estate, gambling, strip clubs, fraudulent storefronts, ATMs and more.
- Integration: Criminals reap the wealth generated through these fraudulent transactions.
A Mule’s Errand
In 2018, look for more of these activities to be carried out by “money mules.”
Generally speaking, mules are individuals who accept funds into their own (or sometimes fraudulently created) bank accounts to withdraw or transfer the money to others.
According to authorities, November’s law enforcement action identified more than 800 people participating in organizing “money muling.”
Surprisingly, many of these mules are unwitting victims themselves, recruited through job ads targeting the unemployed. As Reuters reports, they are increasingly under the age of 21 or over 60, and are tasked with transferring proceeds acquired through account takeover, online auction fraud, phishing scams and more. They’re typically paid a small percentage of these proceeds for the effort.
Of course, ignorance is no defense, and mules can face stiff fines and prison time – that’s if they’re caught. These crimes are notoriously difficult to ferret out, and financial institutions can’t wait around for the next global anti-laundering campaign to come along. Indeed, they can face hefty fines and lawsuits for failing to effectively thwart them.
As a result, a growing number of organizations are turning to advanced, digital identity-based user verification and assessment solutions to fight back—and it appears to be paying off.
The Power of Now
Using the power of global shared intelligence, financial institutions are able to detect fraudsters using stolen identity credentials to open new accounts or to transfer illicit funds.
According to organizations that have deployed these solutions, they are now able to instantly pinpoint cybercriminals attempting to hide or transfer stolen funds—even if it’s the first time a fraudster is using a website or app.
This anonymized shared intelligence empowers businesses to band together in their on-going battle against fraud and financial crime. We’re even seeing the development of industry-specific consortiums, where businesses that share high-level trust can opt-in to share information about attacks and have a confidence level to decision on that information.
Let’s hope they’re on to something. As it stands, authorities in some countries are reporting a 50-percent increase in money muling activity in just the past 12 months. Which means our 2018 predictions about the merging of cyber- and traditional financial crime may actually prove too conservative.
Not exactly the way most financial institutions had hoped to ring in the new year.
To learn more about how digital identity-based authentication solutions can protect against money laundering, muling and other financial crime, click here.