Operations

Fraud Across the Pond

As in the U.S., financial institutions worldwide face expanding global fraud and payment schemes.

November 01, 2010
/ PRINT / ShareShare / Text Size +

Terrorist funding

In terms of terrorist funding outfits, there have been many masking-of-payment-transaction scams occurring in the UK in the form of ATM scams and the installation of machines whose only purpose is to steal information.

For example, when major petroleum companies started franchising their petrol stations, some Sri Lankan nationals became very interested, taking over a vast majority of these stations and using them to mask terrorist funding activities.

Their reach is far and wide, covering many major cities and even gas stations in local villages. It was an unclear mix of legal and illegal immigrants, all of the same ethnic origin, who operated as a network of teams moving swiftly across the UK—working one day in Leeds, moving to Manchester the next day, and ending up at one of the many gas stations around Greater London.

These groups, who by the time they were discovered had become legal employees, deployed a huge payment terminal scam. In most cases, the station owner was involved in the scam or was forced to join in.

This criminal organization is comprised of different teams working together. The first group consists of technicians altering the point-of-sale terminals, a second group takes care of the installation within the gas stations, and a third group focuses on using the obtained data.

Some of the engineers are highly skilled and are brought to the UK for the sole purpose of hacking in order to capture account information by using Wi-Fi scanners and using cracking programs to download transaction data when the systems aren’t protected by high-level encryption software.

On a large scale, terminals are opened, bypassing security measures installed by vendors, and equipped with extra hardware. Once that’s done, they’re being re-installed on the premises with additional recording devices hidden in ceilings that capture both magnetic stripe as well as personal identification number (PIN) data.

Due to numerous transactions at rigged allocations, significant amounts of data become available. Analyzing unauthorized use of this stolen data shows a unique spending pattern.

Instead of going for a quick win and hitting different countries with massive ATM attacks, the use was spread out with more transactions at a lower value.

This way, criminals were able to stay out of banks’ monitoring radar and could continue making undetected illegal transactions for longer lengths of time.

Eventually, however, the authorities caught on to these spending approaches and began arresting these small groups all over Europe. To some extent, a more in-depth investigation was carried out to identify the money flow. Disturbingly, it became clear that the end users were Tamil freedom fighters in Sri Lanka.

This criminal confidence scheme emphasizes and identifies interesting vulnerabilities within the payment and retail chain, and shows how organized crime groups with less exposure can cause substantial damage.

This scam makes it crystal clear for the UK payment card, retail, and banking industries that procedures, compliance, and back-up plans need to be closely redefined and fine-tuned. And it certainly shows these industries must be prepared for the unexpected.

Enormous amounts of untraceable funds are passing overhead on a daily basis. Criminal entities don’t like to be closely examined, and in most cases have a dubious background or spider web setup, hopping different countries and involving “mules” as front persons.

That way it doesn’t appear strange to find individuals appearing in different cities, using ATMs for lengthy periods retrieving money and flying around the region emptying ATMs with anonymous, reloadable cards.

With the increasing mobile commerce possibilities related to telecom issues, there will be bigger challenges to safeguard payment transactions, especially because there will also be an increase in the high-tech solutions available that could be used to defraud systems.

It will take some time to fully understand the different modus operandi criminals use. But end-to-end encryption of data, as well as secure payment platforms, will be a must if we don’t want to see it escalate.

PAUL BUELENS is head of project management, fraud and compliance, for EastNets, a global provider of compliance and payment solutions.

Post a comment to this story

heroes

What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive