Desperate Times,

Desperate Measures
Strategies for preventing and detecting economic-hardship
fraud at your financial institution

By Karen Postma
TMG Card Risk Senior Manager

An overwhelming financial problem

can push a normally law-abiding
person toward a criminal solution even
in the best of economic times. However,
during a down economy, the sheer
number of people experiencing these
burdens puts the risk of economic-
hardship fraud faced by a financial
institution at dangerous levels.

Card Processing . Payment Solutions . Prepaid Cards . Customized Solutions . Consulting Services
PA G E 2

Amid one of the lowest employment rates in U.S. history, American financial institutions
(FIs) today face the threat of economic-hardship fraud from two potentially criminal groups:
cardholders and employees.

Card-Carrying Members of the First-Time Criminals Club

FIs invest a great deal of time and effort attempting to keep their cardholders safe from
card fraudsters, and rightly so. What many do not consider, however, is the possibility of a
cardholder and a fraudster being one and the same.

Even cardholders in good standing can fall victim to the temptations of today’s card-fraud
schemes – particularly if their card-issuing FI is not properly set up to detect the scams.

Three popular forms of cardholder-initiated fraud are payment kiting, false account set-up
and friendly perpetrator fraud.

Payment Kiting – The cardholder makes a large payment with insufficient or false funds
(typically a bad check). He then withdraws the funds from an ATM before the issuer detects
the fraud.

False Account Set-Up – A fraudster uses a false or stolen identity to open a new account.
Or more sophisticated yet, an applicant uses a legitimate identity but opens the account
specifically with the intent to commit fraud.

Friendly Perpetrator Fraud – A cardholder reports his legitimate transactions as fraud to

receive compensation. Or, he shares his card and/or PIN with a friend, who then acts as the
thief, “stealing” money on the cardholder’s behalf. The cardholder reports this transaction as
fraudulent and is reimbursed – both by his friend and by the issuer – for the “fraud.”

Fortunately, there are fraud strategies an FI can establish to help guard against these
sneak attacks.

Even cardholders 1) Place tighter restrictions on payment processes. For example,

in good standing
can fall victim to the
temptations of today’s
card-fraud schemes.
set limits for the number or amounts of payments that can be
may be made within 30 days.
2) Set available funds limits allowing time for a payment to be
verified before a cardholder can request a cash advance.

The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com
PA G E 3

3) Configure your system to queue large payments originating from accounts held
at other FIs.

4) Place tighter restrictions on account opening procedures, even for current

customers. Fully examine credit scores, verify residency or at a minimum, a tie to
the community.

6) Watch for critical non-monetary transactions, such as the addition of authorized

users or a change of address followed by a request for new plastic.

The Fraud’s Coming from Inside the Branch

Even the most
Most FIs like to think the best of their employees. Credit union
well-managed
and community bank executives work hard to keep their staffs
satisfied, educated and rewarded for hard work. But even the most workforce can
well-managed workforce can hold a bad seed. hold a bad seed.

FI personnel forced to call the authorities on a longtime, once-loyal employee are often
shocked by the circumstances. Regardless of the motivation behind his crime – perhaps he
grew disgruntled; maybe he simply succumbed to the siren call of easy money – a criminal
employee often blindsides an FI, particularly one focused on external threats.

Risks posed by outside fraudsters require significant time and financial investment, which
when combined with an innate trust of one’s employees, leaves little drive for internal
control efforts. Ironically, however, fraud committed by internal sources are often much more
costly than that perpetrated by outside criminals.

Three common forms of insider fraud are identity theft, stolen plastics and account crediting.

Identity Theft – Your employees, if given unlimited access to cardholder identity

information, are sitting on a virtual goldmine. Fraud rings are standing by to compensate
them well for stolen downloads of your cardholder data.

Stolen Plastics – This occurs even when plastic inventory is not kept at the branch.
Whether brought back by a cardholder or the postal service, a returned credit card is simple
for an employee to access, activate and use for his own purchases.

The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com
PA G E 4

Account Crediting – Customer service representatives raise limits, apply credits or make
adjustments to the transactions on their own accounts or those of friends, family members
or even a persuasive acquaintance.

First and foremost, FI managers must understand that a happy employee is less apt to give
in to the temptations that surround him each day. Practicing good management skills that
ensure employees are treated fairly is the first in a series of steps FIs can take to minimize the
risk of employee fraud.

Others include:

1) Tracking employee access. Know who is downloading cardholder data, when they
are accessing it and why they need it. In addition, limit the data to which your
service representatives have access. Rarely do they need an entire social security
number or CV2 number, for instance.

2) Create a diligent destroy process for excess, outdated or returned plastic, and
be sure to keep restrictions tight for an account’s first 30 days to avoid fraud
originating from an intercepted card.

3) Track the number and amount of credits typically applied to your accounts on
a daily basis. Compare all future activity to this base, configuring your system to
populate a report with any credits exceeding normal levels.

4) Continue with background checks for new employees.

5) Establish multiple layers of security. While you may have limited the identity
data available to service representatives, systems should be in place to continue
monitoring these employees’ behavior and work history.

While a turbulent economy certainly does not provide an excuse for cardholder- and
employee fraud, it definitely gives us in the fraud industry a red flag. When people are under
stress – particularly financial in nature – they are often pressured into uncharacteristic acts
that make them difficult to detect.

But with the right mixture of education and preventative measures, your FI can be ready for
these attacks, both in good times and in bad.

The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com
PA G E 5

ABOUT KAREN POSTMA

Karen has been involved in the payment card industry for more than 12 years and has been with TMG
since 2006. Her responsibilities include compromised accounts, fraud detection and dispute management.
She has recently worked to bring TMG’s Fraud Detection department in-house, allowing increased flexibility
and customization for TMG’s clients. Karen is a member of the First Data Risk Council, which reviews fraud
trends, new technologies and regulations related to fraud and fraud prevention from a global perspective.

The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com