Online Fraud: How One State is Fighting Back
Oklahoma Banking Agency Tackles Scams through Awareness, Outreach
The Oklahoma Bankers Association (OBA) may be the only state banking association with a fraud division. Headed by former law enforcement officer Elaine Dodd, the division's objective is to help institutions fight and investigate fraud. Dodd has more than 20 years of experience in law enforcement and joined the OBA six years ago as vice president of the fraud division.
Dodd says the recent alerts are on target. "I just got off the phone on a wire fraud case," she says. "We here in Oklahoma have had two ACH batch frauds we know of in the past two weeks and another huge wire fraud just weeks ago."
And those are just the ones on her radar, Dodd adds. In one recent case, a school district suffered a loss of more than $35,000. A second incident of ACH fraud at the same school district for $40,000 was stopped at the bank. A recent wire fraud involving "hundreds of thousands" of dollars hit another Oklahoma bank, Dodd explains.
"Multiply that number significantly on ones that are handled without us knowing," she says. "I have asked in a recent fraud alert to our bankers that they keep us advised to help them with law enforcement contacts and to keep an awareness of the topic."
Fighting Fraud
Last week Dodd's division held its regular fraud council meeting. The meeting had 20 bankers from across the state attending. "ACH fraud and wire fraud made it into the top three of our top 10 risk list," she says. As to what actions banks are taking when these frauds occur, Dodd says "Oklahoma banks are often taking the loss (when it is not discovered in time to be recovered and we find that is the case probably half the time) even when the customer would/should be liable on some of the ACH batch cases."
Institutions can limit exposure to these types of fraud, says Dodd. For ACH batch fraud it requires a three-pronged approach:
Customer Awareness -- "Start at the initial point of compromise, it resides with your customer (malware or virus on their computer). The first step should be education of your customers who make ACH batch payments." They need to be aware of the hazards of clicking on hyperlinks in emails from unknown sources and of pop-up boxes purporting to be from your financial institution. For this reason, staff should never open emails from anyone they do not know. Antivirus software alone is no protection in many instances. "Many of our banks are now doing training at the retail customer level to acquaint them with frauds of which they need to be aware. They should also understand that these crimes are not a rarity and are occurring with regularity right here in Oklahoma," Dodd notes.
ACH Monitoring -- Banks, as the originating deposit financial institution, should make every effort to protect ACH batches. Implementing a higher level of multi-factor authentication is a positive step. "Explore with software vendors reports that would show activity out of the norm for ACH customers (customer usually has batches on 1st and 15th and you receive one on the 8th)," she says. Increase communication and verification with those customers regarding batches, creating your own version of positive pay on these transactions. It's all complemented with an enhanced version of Know Your Customer.
Scam Alerts -- On the flip side of this scam, "If you are the receiving bank on this type of transaction, education once again is a large part of the response. Your customers think they have landed the perfect internet job and may not be inclined to be suspicious," Dodd says. Education could include customer/community education events such as the ones OBA is hosting across Oklahoma; statement stuffers; on-hold messages and brochures in the bank regarding work at home scams. "If your customer receives a large wire that is out of the norm (usually just under $10,000) and asks to withdraw funds immediately in cash, be politely 'nosy.'" If they mention working at home, wiring through Western Union or Money Gram, or sending the funds out of the country, you should inform them that there is a probability that they are involved in a scam, she explains. "There is also a possibility that they could be prosecuted as a principal to a money laundering fraud since that is already happening in many states." Share with them websites where these types of scams are detailed, Dodd advises.
Prevention is Key
Dodd says the following measures can help prevent fraud on wire transactions. "Pay attention to your wire processes," she says. "Hackers in many countries overseas have become more sophisticated and pose a threat to your bank daily." She urges institutions to be sure that all necessary precautions are in place, that those policies are being followed, and that "you constantly train and retrain your employees. Losses in this arena can also be huge."
Dodd says what institutions should be telling their SMB customers about fraud prevention isn't complicated, but should be taken seriously. "We recommend retailer training and have done that for bank customers across the state, reinforcing the serious need for increased security on their part and the level of losses if they fail to do so," she notes. Specifically, Dodd trains retailers on keyloggers, social engineering, and stresses increased awareness and communication with their institutions. Closer monitoring of business accounts at every level is recommended.
"As a financial institution you should be telling your SMB customers if they find that they have been hit with this and funds have gone out to banks across the U.S, they will also learn that the fraudsters have become sophisticated enough to focus the transactions in large banks," Dodd says. "This may make it more difficult to find that person who can help to recover the funds."
Which is when networking becomes important to recovering the funds taken. Dodd recommends institutions contact their state banking association, and access to Fraud-Net and the International Association of Financial Crimes Investigators (IAFCI) can often help to expedite the process. Dodd gauges her state's fraud rates as probably about the same as other states. "But because of our strong networking and communication of events, I think we catch it faster."
