By Beth Tancredi
“Fraud as a service” is a growing business in which criminals commit fraud by offering tools, services and infrastructure for a fee. Often found on the dark web, in recent years this model has become prominent on social media channels as well, turning unwitting as well as witting participants into “money mules” who help traffic money to criminals through bank accounts.
Although financial losses due to fraud schemes for individuals over the age of 60 have increased from $500 million in 2018 to almost $3.5 billion in 2023, victims are not limited to the senior demographic.
Schemes on social media channels such as TikTok and Instagram trend toward younger demographics, offering too-good-to-be-true get-rich-quick opportunities in which the victim transfers money from their own account to the criminal’s account with the promise of getting more money in return.
With a rise in synthetic identity fraud, even infants and toddlers can be targets of money mule scams. For this scam, criminals create bank accounts using fake names, addresses, burner phone numbers and social security numbers stolen from people often too young to have a credit history. This allows fraudsters to establish credit and open deposit accounts, while appearing as a legitimate individual and bank customer.
“Criminals creating synthetic identities are playing the long game,” says Jim Hitchcock, VP for fraud mitigation at American Bankers Association, “They’ll just ride it out as long as they can without any loss. As long as no one discovers it, they might continue to let it buffer, or, if it’s not used for credit, they will open a deposit account that can sit dormant until they’re ready to use it.”
In an ABA webinar, Anne Entwistle, senior trial attorney for the Department of Justice Consumer Protection Branch, cited explosive growth in transnational crime organizations targeting U.S. consumers as one reason for the uptick in romance, lottery fraud and government imposter scams.
Because these transactions appear as authorized push payments, they are often accepted as legitimate and are not flagged as fraudulent.
“We often don’t know that a transaction is fraudulent until the customer reports it,” Jim Hitchcock adds., “Money from these transactions moves back out of the accounts quickly. We generally have a 72-hour window before that money leaves the account for good – and that window is shrinking.”
“If a consumer suspects they have been the victim of a scam in which money is moved out of their account and they are not in any physical distress or harm, they should notify their bank first,” Hitchcock adds. “For more extreme circumstances in which someone unwittingly became a money mule, consumers and bankers should report it to the FBI Internet Crime Complaint Center. But that 72-hour window is key.”
Red flags that signal fraud
While individual banks, alone, cannot solve the issue of financial scams and fraudulent transactions, understanding what to look for is one step toward thwarting potential criminal activity.
Stagnant accounts with sudden deposits or withdrawals could be an indication of use of synthetic identities.
Velocity of funds or an unusual amount of money leaving an account often mean fraud. A noticeable increase in the number of transactions or an unusual amount of money leaving an account, especially through peer-to-peer money transfer apps such as Zelle or Venmo, could suggest fraudulent activity on the account.
While much of the focus to date has been on monitoring activity from the sending back, “We believe we can discover a lot from the bank at the receiving end too,” Hitchcock explained.
Protecting the bank and its customers
One of the most effective ways of protecting customers from fraudulent transactions is to slow down the process.
Take the time to name match the name on both the sender and receiver end. Not only does this help ensure the legitimacy of the transaction, but it also creates a bottleneck for the money to hop to another account before fraud can be discovered.
When possible, create alerts based on frequency of transactions in a given time period or for specific dollar amounts that may indicate a fraudulent transaction.
Share information with other banks. The Patriot Act gives banks safe harbor to share information on money laundering and terrorist financing.
“If I tell a bank this is happening to them, it’s happening to the bank next to them too,” Hitchcock says. “Always put competition aside when it comes to fraud and cyberattacks.”
This is especially important in cases of business email compromises, a type of phishing attack in which criminals gain access to work email accounts with the intention of stealing data or tricking someone into transferring money. These types of attacks generally target multiple banks at once, which means that strange activity at one bank is likely happening at another. Sharing that information enables banks to proactively look for suspicious transactions and stop them in their tracks.
“The bigger the gap in a notification of a fraud, the less likely we are to stop the money from moving,” Hitchcock adds.
To make the communication process easier, ABA’s Fraud Contact Directory enables banks to connect with other institutions to resolve warranty breach claims for checks as well as claims for unauthorized and/or fraudulent transfers for wires, ACH, RTP, or FedNow.
Banks also can access ABA resources and training to assist in educating employees and customers about scams. The more individuals know, the easier it will be to spot the warning signs and prevent fraud.
For consumer education ABA’s Safe Banking for Seniors offers bankers free resources designed to educate older people and their loved ones about how to protect their financial assets and identities. ABA’s Banks Never Ask That and Practice Safe Checks campaigns have been updated with new content.
The bottom line is that bank fraud is a global problem with a regional solution. The more educated that bankers and customers are at the local level, the better bankers and customers will be able to spot a scam before becoming a victim.
Beth Tancredi is a frequent contributor to ABA Banking Journal.