Natasha Vernier
Jun 4, 2021

Secret Crime Fighters, Episode 16

This week’s Secret Crime Fighter discovered a prolific fraud scheme, combining identity theft, counterfeit documents, fraud and money laundering. The typology is a classic application fraud scheme, with tactics exploiting both Covid relief measures and the nuances of ACH (Automated Clearing House) transfers in the US.

The Typology

Application Fraud

Our Secret Crime Fighter noticed an uptick in attempted applications with stolen identities and counterfeit or forged documents. The documents ran the gamut from identity cards, passports, proof of address documents and bank statements, the latter two requiring a particularly keen eye to detect potential discrepancies. Our Secret Crime Fighter observed a particular trend across driver licenses, where the photos often contained similar wood or wicker backgrounds and templated images, indicating that they may have been developed from a single service. While our Secret Crime Fighter was able to stop most of this activity directly at onboarding, they observed two primary tactics if the fraudsters were able to successfully obtain accounts.

The PPP Scam

In 2020, the US introduced a number of schemes to provide relief support to businesses impacted by COVID-19, the most prevalent being Payment Protection Program (PPP) loans. Most PPP lenders required that recipients have a business bank account to receive the funds, which sparked an increase in fraudulent applications for business bank accounts.

In this case, if the fraudsters were able to successfully obtain an account, they’d fraudulently apply for a PPP loan, giving their new business bank account details for deposit. Once they received the loan, the funds would be immediately withdrawn or transferred.

ACH Fraud and Laundering

In the US, the most common form of money transfers between accounts is via the Automated Clearing House (ACH). ACH transfers often take 2-7 business days, due to the fact that three separate institutions are involved (the originating financial institution, the receiving institution, and the ACH operator). As a result, the business account owner may not realise a transfer has been initiated right away. However, despite the slowness of the ACH transfer, there is only a limited time window for businesses to dispute a withdrawal. This type of fraud can be particularly appealing because fraudsters view this disconnect as an opportunity to steal and move funds before the business can detect and report it.

In this typology, the fraudsters obtained unauthorised access to an external bank account, linked that bank account as a transfer account using valid login credentials, and transferred funds from the external account into their new business account at our Secret Crime Fighters bank for immediate withdrawal.

Stopping the Typology

Our Secret Crime Fighter was able to detect and stop the majority of fraudsters from obtaining accounts, due to their robust onboarding controls. They use an identity verification provider who is able to detect discrepancies in documents as well as identify trends, such as the use of commonly used images. They also implemented controls around PPP loans, requiring a combination of account history and activity to make exploitation more difficult. Their team is also well trained on investigating wider risk signals such as high risk emails or location discrepancies with phone number or IP address, especially combined with attempted early deposits and withdrawals.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

Recent Posts

This week’s Secret Crime Fighter discovered a prolific fraud scheme, combining identity theft, counterfeit documents, fraud and money laundering. The typology is a classic application fraud scheme, with tactics exploiting both Covid relief measures and the nuances of ACH (Automated Clearing House) transfers in the US.

The Typology

Application Fraud

Our Secret Crime Fighter noticed an uptick in attempted applications with stolen identities and counterfeit or forged documents. The documents ran the gamut from identity cards, passports, proof of address documents and bank statements, the latter two requiring a particularly keen eye to detect potential discrepancies. Our Secret Crime Fighter observed a particular trend across driver licenses, where the photos often contained similar wood or wicker backgrounds and templated images, indicating that they may have been developed from a single service. While our Secret Crime Fighter was able to stop most of this activity directly at onboarding, they observed two primary tactics if the fraudsters were able to successfully obtain accounts.

The PPP Scam

In 2020, the US introduced a number of schemes to provide relief support to businesses impacted by COVID-19, the most prevalent being Payment Protection Program (PPP) loans. Most PPP lenders required that recipients have a business bank account to receive the funds, which sparked an increase in fraudulent applications for business bank accounts.

In this case, if the fraudsters were able to successfully obtain an account, they’d fraudulently apply for a PPP loan, giving their new business bank account details for deposit. Once they received the loan, the funds would be immediately withdrawn or transferred.

ACH Fraud and Laundering

In the US, the most common form of money transfers between accounts is via the Automated Clearing House (ACH). ACH transfers often take 2-7 business days, due to the fact that three separate institutions are involved (the originating financial institution, the receiving institution, and the ACH operator). As a result, the business account owner may not realise a transfer has been initiated right away. However, despite the slowness of the ACH transfer, there is only a limited time window for businesses to dispute a withdrawal. This type of fraud can be particularly appealing because fraudsters view this disconnect as an opportunity to steal and move funds before the business can detect and report it.

In this typology, the fraudsters obtained unauthorised access to an external bank account, linked that bank account as a transfer account using valid login credentials, and transferred funds from the external account into their new business account at our Secret Crime Fighters bank for immediate withdrawal.

Stopping the Typology

Our Secret Crime Fighter was able to detect and stop the majority of fraudsters from obtaining accounts, due to their robust onboarding controls. They use an identity verification provider who is able to detect discrepancies in documents as well as identify trends, such as the use of commonly used images. They also implemented controls around PPP loans, requiring a combination of account history and activity to make exploitation more difficult. Their team is also well trained on investigating wider risk signals such as high risk emails or location discrepancies with phone number or IP address, especially combined with attempted early deposits and withdrawals.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

There’s more to read!

Resources