Stolen Millions Could these ID fraud artists have hit your bank? by John Burnett, BOL Guru
Identity fraud has clearly grown beyond anyone's definition of "cottage industry," to a frightening monster that constantly conjures up new ways to separate banks and bank customers from their money. Yet it's surprising just how often old scams keep reappearing. In the cases described below we've highlighted a grab-bag of scams and attempted to point out how the "perps" used weaknesses of the targets or "system" to victimize individuals and financial institutions.
As you read these summaries, make a mental note of how well - or poorly - your bank would have faced the challenges these criminals presented. Then think of ways you might strengthen your defenses against identity fraud.
In April 2004, Leslie Charles Cohen, a Canadian citizen residing in Goodyear, Arizona, was found guilty of Bank Fraud, making false statements to a bank, misuse of a social security number, and ID fraud by a federal jury in Phoenix.
Cohen used the extended float on Canadian checks in numerous kiting schemes. He deposited over $500,000 in worthless checks and bilked Arizona banks of over $150,000. He used phony social security numbers and dates of birth to conceal his identity, and opened multiple accounts at the same Arizona banks!
Cohen faces the possibility of 30 years in jail and fines of up to $1 million each on the bank fraud counts; up to five years and $250,000 in fines for the social security number counts; and up to 15 years and $250,000 on each of the ID fraud counts.
Lessons learned?
Cohen's scheme worked because he exploited the prolonged clearing time required for checks drawn in Canada. The banks involved failed to recognize that none of the allowable holds available in Regulation CC would have stopped this fraud. Instead, they could have used a simpler stop-loss strategy to dissuade Cohen from even attempting his fraud - accepting the checks only for collection.
Apparently Cohen also managed to use multiple identities within the same bank to open more than one account. We don't know all the facts, but one wonders whether software designed to alert the bank to multiple accounts at common addresses might have tripped Cohen up. It's also apparent that Cohen used bogus social security numbers. The banks involved may not have had adequate tools designed to flag name/social security number mismatches. Such tools are readily available from the major credit bureaus and from other vendors.
Would a strong CIP have helped?
Cohen ran his scam in the years just prior to the advent of mandatory Customer Identification Programs under section 326 of the USA PATRIOT Act. If Cohen were making his attempts today, are there aspects of the scam that a strong CIP might have thwarted?
Cohen used phony social security numbers and dates of birth, along with fictitious names, to open multiple accounts with the same banks. It's possible that routine use of third-party non-documentary verification systems would have flagged mismatched social security number and name combinations or social security numbers that had not yet been reported as issued. If Cohen had used non-existent street addresses, they might have been identified. If he had given a private mailbox service's street address, some systems would have flagged it as a problem.
In January 2004, John Clancy pleaded guilty to federal ID fraud in connection with his misuse of the identity of a deceased high-school classmate. His scheme fell apart when the Franklin Savings Bank in Bristol, NH, reported to police a loss sustained when Clancy used the phony ID to open an account with bad checks. When he was apprehended, Clancy admitted using the same identity to open accounts with eight other banks and seven other businesses.
Lessons learned?
Although the Franklin Savings loss was only $3,000, the bank's pursuit of Clancy's alter ego uncovered at least 15 other fraudulent accounts. No information is provided on how much Clancy managed to wring out of his scheme, but this case illustrates the value that can result from pursuing even small losses rather than burying them in the name of expediency or image.
In May 2004, Chak Tam of Queens, NY, pleaded guilty to credit card and bank fraud, both involving forms of ID theft.
In 2002, Chak Tam and three others used fraudulent identities to open bank accounts and obtain loans and lines of credit. Chak Tam admitted supplying the phony ID documents supporting the scheme.
Lessons learned?
We have no idea of how sophisticated the ring's bogus IDs were. We can wonder whether ID scanning devices currently available would have detected the spurious identities. Or whether there might have been a pattern of common addresses involved that might have been uncovered by available database scanning tools.
In May 2004, Kenneth Moore was sentenced to 43 months in jail plus $210,000 in restitution in a rather unique identity theft scheme. Moore installed alarm systems in his victims' homes as a rogue representative of an apparently legitimate company. He used personal ID information obtained in connection with those installations to open several credit card accounts in the victims' names, redirecting statements on those accounts to his business address. He ran up balances on each of the accounts, and used some of the accounts to make down-payments on vehicles and boats.
One of Moore's victims spoke at the sentencing hearing, saying that Moore's conduct had ruined his credit history and caused him an incredible amount of aggravation and stress. He characterized himself as someone who had always paid his credit card bills on time and in full and had never before even paid interest on any credit card debt. According to the victim, in describing being a victim of identity theft, "You might think you understand what it is to have this happen to you from watching TV, but you have absolutely no idea until you have actually been through it yourself."
Lessons learned?
Moore exploited a weakness in most credit card application processes. There is often no face-to-face meeting of the applicant and the credit grantor. None of the credit card issuers cited in the case apparently found a problem with the fact that a mailing address for the accounts differed from that revealed in the credit bureau reports that should have been pulled at the time of application.
Ms. Lee is facing a probable 33 months in jail and restitution of about $50,000 resulting from a guilty plea to identity theft and bank fraud charges.
Lee assumed the identities of two different District of Columbia women and set up bank accounts at two district branches of banks. She proceeded to cash checks against the fraudulent accounts at various branches of those banks.
Lessons learned?
Lee used phony IDs as the basis of her scheme. If her bogus IDs were detected by the banks involved, Lee would have been stopped in her tracks. It's also likely that Lee used an address on the fraudulent accounts that failed to agree with the addresses of the innocent victims.
This lowlife opened Citibank and other credit card accounts in his father's name and then obtained second cards in his own name. He ran up over $7,000 at Citibank and a total of $39,000 in debt in his father's name before the senior Bentley became aware of the accounts.
Lessons learned?
Once again we see the difficulty presented when credit applications are accepted without knowing the person involved. The $7,000 sum is small change to a bank the size of Citibank, but we doubt that Bentley's father has the same perspective.
A $10 million counterfeit check and phony ID scheme reached 22 states from Florida before 7 individuals were apprehended and pleaded guilty to a 117-count indictment, announced the U.S. Attorney for the Northern District of Florida on July 2, 2004.
Those indicted created counterfeit checks on legitimate companies, making them payable to a combination of fictitious and actual persons. The identity of the actual persons was stolen and used in the conspiracy.
The checks were cashed at the institutions on which they appear to have been drawn.
At least 19 aliases were used in the scam, which bilked the banks of almost $10 million.
Lessons learned?
None of the alleged payees of the checks involved had accounts at the drawee banks. It appears that none of the banks involved had systems designed to flag out of sequence check numbers, although that allegation is not made in the press release concerning the indictment. Apparently, none of the alleged drawers used any form of positive pay system to prevent fraud.
This review of recent ID fraud cases wouldn't be complete without one with a Nigerian connection.
In February 2004 a Dallas federal jury convicted Prince Christian Okolie, a Nigerian national living in Dallas, on five of six counts on various identity theft crimes. Okolie was convicted in absentia, having fled the courthouse after telling his attorney he was going to use the telephone.
Trial testimony revealed that Okolie had used legitimate identification articles, such as dates of birth, social security numbers and drivers' license numbers, from persons throughout the U.S., to open fraudulent bank accounts in Dallas. He then used these accounts to negotiate stolen checks that had been altered or counterfeited to be payable to these aliases. He then withdrew the funds using cashier's checks.
Lessons learned?
Okolie's frauds apparently occurred prior to the effective date of the mandatory CIP programs in 2003. The press release does not indicate the quality of the identification used by Okolie in running his scam. If routine identification checks had been done at the time these accounts were opened, it's possible that address and age discrepancies would have tripped Okolie up, but that is speculation.
Summary
Each of the cases above includes at least one aspect in which the vulnerabilities of "the system" banks use to detect or deter identity fraud are exploited. While it is unlikely that banks will ever shut the door completely on such scams, knowledge of how these frauds are perpetrated should provide ideas for banks to use in tightening up the process.
Copyright, 2004, Bankers Online. First published on BankersOnline.com July 21, 2004.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
