May 2010
Moderator: Welcome to the Federal Reserve Bank of Atlanta's Payments Spotlight podcast. Today, we're joined by Shirley Inscoe, director of financial services solutions at Memento, a provider of enterprise fraud management software. Prior to joining Memento, Shirley spent 29 years in the banking industry, where she held various senior positions in payment strategy and enterprise fraud. Shirley recently coauthored a book on insider fraud titled Insidious: How Trusted Employees Steal Millions and Why It's So Hard For Banks To Stop Them. Today, she will be speaking about payments fraud and the economic crisis. Shirley, thank you for joining us.
Shirley Inscoe: Thank you, Jennifer, for the opportunity to be here.
Moderator: Shirley, although payments fraud is a concern in good times and bad, there is a heightened alert in an economic downturn, when many people are financially stressed. Have you seen any evidence that payments fraud has increased during this recent economic crisis?
Inscoe: Yes, Jennifer. I'm hearing from bankers far and wide that many types of payments fraud are really on the rise. The American Bankers Association issued their deposit account fraud report in late 2009 based on 2008 data, and in it we learned that, number one, check fraud losses increased to over $1 billion for the first time in history for that year. And also, participating banks reported experiencing significant increases in debit card fraud as well as fraud attempts using other remote channels. The other thing that I am hearing from bankers far and wide is that internal fraud is just on a huge upswing and that they are experiencing many instances of that.
Moderator: So are there certain types of payments fraud that are more common when individuals are experiencing financial difficulties?
Inscoe: Two types of payments fraud that readily come to mind are kiting, whether that is done via check or ACH. Many consumers and businesses in this tough economy are experiencing cash-flow difficulties, and so often they may try to kite just a little bit with the intention of certainly making things right. Particularly a small business that's having trouble making payroll, for example, may kite deliberately thinking that they have a large payment coming in from something that they've sold. And then when that sale falls through and the money doesn't come in they can't make that good with the bank, they may continue that kiting and it may continue to grow. I am hearing that banks are experiencing a big uptick in kiting.
And the other type of fraud is internal fraud. Employees who are in dire circumstances—perhaps who are about to lose their homes or whose spouses have lost their jobs and they can't make their bill payments—are desperate. And sometimes those employees will cross the line that they would have never crossed and commit fraud, which is very out of character for them.
Moderator: Shirley, the book that you coauthored on insider fraud explores the problem of bank employees who steal from their employers. What are some ways that employees are committing this fraud?
Inscoe: Jennifer, there is such a variety of ways that employees commit fraud. When we hear about banking and internal fraud, people automatically seem to think of the branch network. And they think about tellers and CSRs, branch managers, and it's true that often those folks—because they have exposure to cash and the general ledger, customer data, and a variety of other systems—there are often fraud problems in the branch network. But there are many other ways that employees of financial institutions commit fraud, and many other types of employees.
For example, in operations, they have access to general ledgers, and they often commit fraud. They also have access to a lot of customer data. In the telephone bank, customer data is readily available so that they can assist customers, and that's a big area where customer data leakage can happen. I've seen cases where people in telephone banking issue a large number of debit cards that were never ordered by customers and things of that nature.
When you think about lenders there are also many opportunities for fraud in that area, whether it be mortgage fraud, making fictitious loans, or loan lapping. And then I'm hearing in many cases of situations where people are also lapping certificates of deposit, which is a relatively new kind of fraud that I have learned about recently. And last, I would say in the ACH and wire areas certainly, there are opportunities for collusion there, for falsifying and submitting additional activity that was not customer authorized, and for working with outsiders to enable account takeovers, for example.
Moderator: Well, as I am sure you know, the FBI and other agencies have reported numerous cases of gangs being involved in fraudulent bank activity. What role, if any, has organized crime had in cases of insider bank fraud?
Inscoe: Well, first, Jennifer, I would just like to say that gangs, whether they are internal to the United States or operating externally to the United States and targeting financial institutions here, have had a huge impact in recent years on fraud in general. But specifically talking about insider bank fraud, there are three primary ways that they create havoc for banks.
The first is that they will intentionally hire members of their gang into the financial institution in targeted areas. That may be into human resources, where they can hire additional fraudsters in. It may be in telephone banking where they have access to customer data and the ability to open new accounts, issue debit cards etc. It may be in operations, where they have access to a lot of customer information via the system or via customer statements. And I could go on and on with other examples.
One of the key ones I shouldn't omit is in loss prevention. These gangs really want to know when financial institutions change their parameters on loss prevention systems or when they change there policies so that they can adapt and continue to be successful with their fraud attempt.
A second way is through threatening employees. There literally are cases where employees are threatened if they don't cooperate with these gangs. And that can be in terms of a child who they claim they've kidnapped from school, an elderly parent who's home alone, or many other ways they can threaten employees. So it's important for banks to have a program and for employees to be educated about what to do if they are threatened.
And then the last way is through bribery. There are many situations where employees are bribed and offered payment if they, for example, will not place a hold on a certain check deposit or if they will falsify data to approve a loan.
Moderator: Shirley, one of the positions you held in your 29-year banking career was in enterprise fraud management. Based on your experience, what are the key countermeasures that banks can employ to fight cross-channel payments fraud?
Inscoe: That is such a key question, Jennifer. It is so important for financial institutions to look at the entire customer relationship across payment silos, not just to examine each payment silo in isolation. When you're looking for cross-channel fraud, the data that the bank has is very powerful, and using that data is inherent in being successful. So, as you're looking across that customer relationship, it's important not just to look at the financial transactions—although obviously they are very important—but to have a contextual view of the activity on the account. For example, it's important to look at maintenance activity: Has there been a change of address? Has there been a change of the cell phone number? Has there been a new debit card ordered or new checks ordered before activity happens? That is critically important to have that full view of everything happening to the customer's accounts and relationship.
And then, last, I would say it's important to use a variety of analytics and not just to depend on one or two types of analytics because, depending on what kind of fraud you're trying to detect, you need different types of analytics to be successful.
Moderator: Shirley, thanks for sharing your insights with us today.
Inscoe: Jennifer, thank you for inviting me to do this. It's been a pleasure.
Moderator: This concludes our Payments Spotlight podcast on payments fraud and the economic crisis. Again, we've been speaking today with Shirley Inscoe, director of financial services solutions at Memento. You can find more information about the Retail Payments Risk Forum by visiting our Web site at frbatlanta.org/rprf. Thanks for listening and please return for more podcasts. If you have comments or questions, please send us an e-mail at podcast@frbatlanta.org.