Across the globe there is an increase in the proportion of fraud attributable to organized crime; in India, the trend is no different. While the majority of fraud across the Indian financial services sector is still soft fraud — typically, credit-hungry individuals manipulating application data in order to qualify for credit — there are signs that career criminals are moving in, attracted by the high level of rewards and the low risk of prosecution.
The KPMG India Fraud Survey Report 2008 showed that more than 80% of respondents recognize fraud is a problem and almost 70% believe it will increase over the next two years. The financial services and real estate sectors were seen as the most at risk and 60% of respondents believed their organizations did not have the understanding or effective internal controls to counter the threat posed by fraud.
What can we learn from global trends? The dramatic rise in identity fraud globally over the last few years is driven by its shift from being predominantly opportunistic into the realm of organized crime. Small-time identity fraudsters remain but the bulk of identity fraud today is carried out by a few hundred sophisticated criminal gangs running identity fraud rings involving a complex network of middlemen, techies, hackers and runners, often recruited and managed via the Internet.
In India, organized crime syndicates are typically smaller, creating the sophisticated infrastructure to support the use of fraudulent identities to apply for a whole range of secured and unsecured credit, but account for a growing proportion of fraud. A particular speciality appears to be around employment details, ranging from false employment documentation to the setting up of false premises.
The growth of the Internet has meant data is more easily available. It has also made it possible for fraudsters to operate across international borders. Techies, often engaged as anonymous freelancers, hack into a target IT system or develop trojans, worms and phishing scams to access personal information. Alternatively, gangs obtain data from corrupt individuals within a targeted organization. The City of London Police reported last year that 30% of all fraud reported to them involved internal staff. Crime syndicates recognize the advantages of having an insider and, increasingly, organized fraud involves the collusion of employees, agents and other usually trusted professionals. A recent manifestation of this in India, following similar trends in the US and UK, is the involvement of crooked property developers, lawyers and estate agents in fraudulent mortgage scams.
Once the data is processed, gangs will operate local runners in different countries to undertake the risky business of skimming cards, obtaining cash on “stolen” cards, making credit applications or collecting illegitimately obtained merchandise. Naïve, expendable and operating at the bottom of the chain, they are the mules of the identity fraud world, the easiest to spot and the most likely to be arrested and prosecuted. To minimize chances of being uncovered, gangs structure their operations in a complex manner, layering external relationships and utilizing the anonymity of the Internet to remain remote. Even if a runner is caught, he is unlikely to know anything about who he works for and there are plenty more desperate individuals willing to take his place.
Gangs deliberately operate across international borders. An Italian-based gangster might arrange to steal data on US citizens via a Russian techie. He could then place postal redirects, divert telephone numbers and add secondary identities to an account, and arrange for cards to be dispatched to UK mailboxes for a UK runner to collect and obtain cash and high value goods anywhere in the world. Even if the gangs were identified, bringing those who are ultimately responsible to justice is a massive jurisdictional nightmare. Even at a local level, investigation of identity fraud is expensive and requires highly trained law enforcement, financial services and information technology experts to dedicate significant time and effort. An undercover operation to follow the identity fraud chain necessitates leaving the runners in place while intelligence is gathered to get closer to those ultimately responsible. This leaves financial organizations open to further financial losses and reputational damaged, making it an option few are willing to take.
Financial crime is rarely high on any police agenda, despite the recognition that it funds other illicit activities. International borders, confusion over where the crime is committed, the remoteness of the gangs from those at the sharp end and the anonymity of communications over the Internet make policing identity fraud almost impossible and gangs continue to operate with impunity.
Identity fraud rates continue to rise and, with the authorities unable to get to the roots of the problem, it is up to those who suffer the actual losses — the financial services sector — to act to prevent frauds at the point of application and throughout the account life cycle.
Fraud is a non-competitive issue and the industry needs to work together to combat it. Initiatives such as those being taken by the Indian Banks’ Association to try and increase data sharing are critical. These will allow the organizations being targeted to have the widest possible set of data to find patterns and links to prevent fraudulent applications, compromised accounts and breached data assets. They will also increase fraud awareness, helping to ensure that those responsible for preventing fraud are up-to-date with the latest fraud trends and developments and, therefore, better prepared to combat this growing global problem.
Paul Smith is a product director with Experian International’s fraud and identity solutions business. Comments are welcome at firstname.lastname@example.org