Months ago, we wrote about crooks fraudulently impersonating Ford Motor Credit to access credit reports from Experian. It turns out that was only the tip of the iceberg.
On November 25, 2002, the U.S. Attorney's office for the Southern District of New York unsealed complaints in what may be the largest identity theft ever. At least 30,000 individuals will have some credit report clean-up to do because of a ring of identity thieves who have racked up bogus charges of at least $2.7 million. To provide the stolen identity data, a crooked help desk employee of a telecommunications company netted approximately $60 per identity. As a result, the individuals whose identities were stolen will face a time-consuming battle to identify and eliminate fraudulent accounts.
Philip Cummings was an employee of Teledata Communications, Inc. (TCI), a New York company which provided software to client companies to enable them to access consumer credit reports from the credit reporting agencies. As a Help Desk employee of TCI, Cummings had access to the confidential user names and passwords of clients that were necessary to access for the clients to access consumer reports.
Cummings was contacted by an individual who persuaded him to provide credit report data for a fee. Initially, he would obtain credit reports on individuals whose names and social security numbers were provided to him by the co-conspirator. His first "assignment" was on behalf of approximately twenty individuals of Nigerian descent. As time went on, the scheme evolved, with Cummings providing a laptop computer pre-programmed with the necessary codes to access credit reports to his partner in crime, then providing new codes, as necessary, when the old ones ceased to work.
One of the codes which was used in an unauthorized fashion to access consumer reports belonged to Ford Motor Credit. Approximately 15,000 unauthorized credit reports were downloaded illegally from Experian using that code. The fraud was subsequently discovered by some of the victims and was revealed in the press months ago, although there was no public indication at that time regarding how the identity of the thieves or the method they used to obtain the access codes.
Experian found that the reports fraudulently obtained with the Ford Motor Credit code were typically obtained in large batches. Upon performing further research, it also determined that similarly large and unauthorized requests for reports (approximately 6,000 in all) were made using the access code of a Florida branch of Washington Mutual Bank and a related company, Washington Mutual Finance Company in Tennessee.
Credit reports were also obtained illegally through TransUnion and Experian. In each instance, legitimate access codes were used in order to make it appear the reports were being obtained by a valid business for a permissible purpose.
U.S. Attorney James Corney indicated that as a result of the fraud, "Bank accounts of victims were depleted. Addresses were changed on accounts. New checks were ordered. New ATM cards were ordered. New credit cards were ordered. New lines of credit were opened and quickly drained."
One factor that helped tip off authorities to the crime was the fact that the finance company discovered (and reported) it had been billed by another credit reporting agency, Equifax, for approximately 1,100 credit reports it had never ordered.
Bottom line: Insiders remain the biggest threat to information security. Make sure you are taking appropriate precautions to screen prospective employees, and that you continually assess access rights, monitoring levels, and vulnerability of employees to greed and/or coercion. In addition, reconcile your bills for credit reports to ensure you are only being billed for reports you know were legitimately pulled by your employees. Be alert to even subtle increases in the numbers of reports ordered. Don't wait for the CIP rules to become final before you rethink your customer identity verification processes. Examine what measures you have in place to guard against ID thieves depleting bank accounts, changing addresses on accounts, ordering new checks, ATM cards, credit cards, opening new lines of credit. Remind your customers to carefully check their statements. Encourage them to order copies of their own credit reports at least once a year.
More details about the fraud are found in the complaints just unsealed by prosecutors.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
