By Jon Matonis
Tuesday, February 26, 2013
In what was described as a sprawling criminal enterprise
stretching across dozens of states and numerous countries, fabricated
identities were used to obtain credit cards and doctor credit reports to
borrow large amounts of money. At the heart of the alleged scheme were
the merchant processor accounts used to accept and process the cards
with stolen identities, authorities announced on Feb. 5. ATM withdrawals
involve video surveillance and direct purchasing of merchandise doesn't
yield cash. So the fraud ring allegedly used merchant accounts, mostly
those of jewelry stores, since it is easier to obtain cash in a bank account using a fictitious sales transaction.
some instances, sham companies were created and then those businesses
established the direct relationship with the merchant processor and
purchased the credit card terminals, the FBI said. Involving 25,000
fraudulent credit cards, 7,000 fake identities, and 1,800 "drop
addresses," the conspirators allegedly wired millions overseas to
Pakistan, India, the United Arab Emirates, Canada, Romania, China, and
For the duration of the probe, account information was known about the senders of international wire transfers, but not much was known about the recipients.
That is why experts are now pointing to this alleged scheme as justification for the expansion of Bank Secrecy Act and anti-money laundering regulations to include the identification and scrutiny of the recipients of funds associated with high-risk transactions.
Willbrand, director of AML and compliance for LexisNexis' North
American Financial Services Markets, told a trade publication, "Laws and
regulations today only require that the bank have KYC [know your
customer] in place for the sender, not the receiver of money."
card fraud schemes demonstrate why it's imperative to have KYC controls
in place for both senders and recipients," he adds. As a result of the
Foreign Account Tax Compliance Act, "all countries are realizing we need
to know more about who's receiving the money. We need to be more
transparent about how money is moving around the world, and that is
something everyone is coming around to."
That is a very
optimistic assumption, especially since considerable resistance already
exists regarding global standardization of information-sharing.
Ultimately, compliance would require a lot more legwork and due
diligence on the part of banks, and financial institutions have been
reluctant to move in this direction. If banks were required to replicate
the current KYC controls for recipients as well as senders, the
jurisdictional challenges would be complicated and expensive.
Willbrand justifies the investment cost in a subtle Risk.net
advertorial “article”: "The implementation of FATCA will guide
financial institutions … globally by providing them with a reference on
what verification is required of their customers and the level of due
diligence required from them based on their asset transfers. FATCA will,
therefore, enable FIs everywhere to create a standardised customer
onboarding process that will clearly define risk tolerances and accepted
practices for engaging with customers."
Expanding KYC guidelines
to include the recipient of funds would require a massive uniform
international process that is continually monitored and updated.
Additionally, the cross-border sharing of customer information could
realistically lead to equally determined calls for reciprocity on the
part of U.S. financial institutions. U.S. banks that act on behalf of
the recipients of international funds could find themselves swarmed with
overseas requests for KYC information prior to any funds transfer.
Willbrand, it's a Big Data problem of not enough domestic and
international information available to detect anomalies and potential
risks earlier. Automated third-party systems are more efficient than the
manual review systems in place at some banks today. Willbrand says,
"Data about identities is not combined internationally. The only way to
get an accurate profile is by cross-checking public records with utility
bills and bank accounts around the world."
Willbrand's call for
expansion of money transfer surveillance powers represents an overreach
that merely attacks the symptom of the problem. Privacy and data
security rules vary, and sometimes conflict, in the many jurisdictions
around the world. Big Data might be the answer, but it should be Big
Data at the front end, during the credit card account opening process
and the determination of spending limits – not Big Data that extends
privacy violations worldwide.