Catch Me If You Can: Tackling Financial

Fraud in the 21st Century

ECIIA Conference, Stockholm

6th of October, 2016

these are my views

they do not reflect the views and policies of my current

and former employers

the main purpose is to share ideas and

facilitate discussion

“Fraud control – in any profession – is a miserable business. Failure to detect fraud is bad news, and finding fraud is bad news, too”

Malcolm K. Sparrow, 1998

speaker’s bio

speaker’s bio

Banking sector in LithuaniaSource: Lithuanian Banking Association

Retail banks Branches Cash machines Employees8 298 1 367 9 274

bank crime

Bank Robberies in the Baltics

Robbery Statistics* 2008 2009 2010 2011 2012 2013Lithuania 20 3 0 0 0 0

Latvia 3 2 4 22 6 3Estonia 1 6 3 n.d. 4 0

*European Banking Federation

Bank robberies are on decline

Source: Svenska Bankföreningen

Bank robberies are on decline

Source: Nederlandse Vereniging van Banken

“Where did all the bank robbers go?”

Campbell, D., The Guardian, 2014

Source: ThreatGeek.com

Another Attack of Cyber Criminals!FEARS are growing for the UKs financial security after cyber thieves hacked into a major European bank's computer, stealing thousands of pounds in savings.

Online criminals have targeted a top European bank, stealing more than £400,000.

The attack, which took place at the beginning of the year, compromised more than 190 personal accounts.

The thieves used a Trojan programme to hide dangerous information inside innocuous-seeming software.

This intercepted data and allowed the criminals to transfer money without the bank or its customers becoming aware.

It appears most of the victims were from Turkey and Italy with some customers losing over €39,000

Details about which bank has been attacked have not been released, or whether any UK customers have had any money stolen.

This latest attack is sure to send shock waves through the banking sector as it proves how vulnerable modern day technology is to attack from criminals.

THE DAILY NEWSwww.dailynews.com THE WORLD’S FAVOURITE NEWSPAPER - Since 1879

#case study

the dynamics of telephone fraud

“It’s me, mother/grandmother! Help me!”

fraud

Not a perfect crime# limited gain# limited range of potential

victims# requires physical contact /

time# difficult to recruit couriers

“Hi, I’ve a job for you” fraud

“Hello, I’m a police investigator…” fraud

Online Banking Facility

Password Card

“Houston, we’ve a problem!”

# everyone’s a potential target# significantly increases fraudsters’ gains# no physical contact and requires less time# abundance of money mules

97 273 57 39 20

133,699 €

424,158 €

108,688 € 102,028 €

34,176 €

Telephone Fraud Statistics from SEB Bank

2012 2013 2014 2015 2016

Total486 victims802 749 Eur

Police Statistics 2012

of fraudulent phone calls originate in

Lithuanian prisons

(Source: Lietuvos Rytas, 15th of May, 2013) (Source: Respublika, 12th of March, 2012)

95% 816

804 046 EUR

357 225 EUR

7 884confiscated phones in prisons

cost of investigations

estimated loss

telephone fraud reports

Profile of a Victim# 95 per cent women # average age - 55 years old# average loss – 1 600 EUR# had heard about telephone fraud before# hardly ever see stolen funds# suffer loss of self esteem, because they

blame themselves for having been ‘so stupid’# the society labels victims as gullible or plain

stupid

Stupid cow!How on earthcould I fall for that!?

A fool and his money are soon parted!

Anyone can become a victim of fraud

Cross-border Crime

Variations of Telephone Fraud in Other Countries

The Fake President Fraud

Victim

Fraudster 1 Fraudster 2

challenges for law enforcement agencies

Dilemma of Contemporary Crime

“If a network of Nigerian scammers based in Amsterdam defrauds French, Australian and American credit-card holders, where does the crime occur?”

“Earning with the Fishes”, The Economist, 2014

Source: BBC

Godfather of “la fraude au president”

Source: Huffington Post, 2016

Law Enforcement Agencies# cross border investigations are

often lengthy and complicated# often lack forensic and technical

expertise, resources and motivation

# mutual legal agreements vs. speed of cross border bank transfers

# do not always understand banking products

# often engage in blame the victim behavior

challenges for the banking industry

Pssst…keep it shtum!

# Doesn‘t share fraud data# Doesn’t have the same fraud definitions# Doesn’t share data on known fraudsters# Rarely shares data on best practices# Lacks adequate

training/qualifications/resources for its counter fraud staff

# Finally, banking legislation doesn’t provide enough guidance on how banks should deal with fraud

Financial Services Industry

challenges for customers

Security = inconvenience

Well, it ain’t gonna happen to me!

“less than one percent of [Dropbox] user base of 500 million registered users had chosen to turn on 2-factor authentication for their accounts”Head of Security @Dropbox

Source: KrebsOnSecurity.com

So there’s never been a better time to … become a fraudster?

# No physical contact# Victimless crime# Defraud globally vs investigate locally# Abundance and availability of… # Recycling of old fraud types# Anonymity# Crime as a service

thank you for your

attention!