Thanks to increasingly sophisticated technology and ongoing economic uncertainty, all types of fraud are flourishing today, including check fraud. The prevalence of mobile and wireless technologies and the increasing ease of access to high-quality printing and duplication technology are making it easier for criminals to steal credentials, alter check numbers and create counterfeit checks.
According to a December 2011 survey published by the American Bankers Association, 73 percent of banks reported check fraud losses in 2010, totalling approximately $893 million in losses.
Charles Andrews, director of security and investigations at TeleCheck, a division of First Data, says the key to staying on top of ever-shifting check fraud tactics and tracking down the criminals is maintaining strong relationships with not just internal risk assessors but also law-enforcement agencies across the country, including the Secret Service. His team's accomplishments were noted by the U.S. Marshals Service, which invited Andrews and his team to train its investigators on financial crime investigation tactics.
[Also read Fraud prevention: Improving internal controls]
Andrews joined the electronic check acceptance service four years ago, after 30 years in law enforcement, corporate security, business risk, and consulting. As a proponent of professional development, Andrews has joined his entire team in pursuing master's degrees at the University of Houston. He has received a lifetime achievement award from the International Society of Crime Prevention Specialists, has studied criminal justice at Sam Houston State University, and has board certifications from the Association of Certified Fraud Examiners and ASIS International.
We recently spoke with Andrews about the never-ending task of battling check fraud.
CSO: Can you describe how TeleCheck detects fraud?
Charles Andrews, TeleCheck: Potential cases come from many different directions--from victims, law-enforcement agencies and our own internal systems--and then we use different tools to determine which cases require investigation.
Through our service, we verify checks against a database of known good check writers that we've been building for over 40 years. As the check writer presents a check at the point of sale, we can see if they are a known good check writer and how the transaction scores based on hundreds of criteria that may indicate fraudulent activity. We flag transactions that appear risky for a decline or a follow-up.
That gives merchants a first line of defense at the point of sale, and then we use these transactions to improve our fraud-detecting algorithms on a daily basis.
CSO: What would a typical investigation look like?
Andrews: Once we encounter a situation where we believe a transaction may be fraudulent, that's where we may kick in with an investigation, working with law-enforcement agencies. Some of these cases are quite large and might involve organized groups that work the entire country, up and down the interstates, and we pursue those people by gathering evidence on their transactions and trying to identify who they are.
Our own systems provide us with information or clues on the person's patterns of behavior around the country or in a geographic area. We take all that information, combined with other open sources of information, and work with law enforcement to identify that person or organization in an attempt to make a criminal case against them.
Sometimes there are overlaps in which agencies we work with--if the criminal hits, say, in Georgia, then in New York, and then we see them working along the Eastern Seaboard. We can follow their behavior on a map and see patterns in the times these incidents are happening. Then we contact merchants to collect video images, receipts and a lot of other indicators.
It's key to have relationships with the law-enforcement agencies--we know who to call, and sometimes they're already working cases with the same types of indicators. We build an aggregated case, and if it goes across state lines, the federal agencies get involved, and we collaborate.
CSO: What is an example of a fraud indicator?
Andrews: There are literally hundreds of parameters, and they vary from merchant to merchant. We tune the parameters for each merchant according to the nature of their business and their fraud tolerance.
One red flag is a marked increase in the frequency of check writing. For example, if a particular check writer has a history of writing a check at the grocery store every week and paying the rent every month but is suddenly writing several checks in one day at electronics and jewelry stores, that change in behavior strongly suggests something is amiss. Or maybe the check transactions are occuring all in retail stores, all in banking or all in electronics.
CSO: How is your investigative team structured?
Andrews: The investigative team includes four investigators, bringing together on one team diverse experiences from retail, financial, investigations and our own in-house operations. This team is very collaborative, and the investigators contribute their own expertise to the cases we investigate.
CSO: Can you share any quantitative results about the program?
Andrews: We can't go into too much detail about our metrics, but our team has demonstrated a measurable increase in effectiveness, improving by more than 35 percent in all its metrics year over year.
CSO: How does the increase in the use of technology for committing fraud change the job of detecting and investigating these cases?
Andrews: The technology underlying financial services has evolved very rapidly, and the ways to perpetrate financial crime have evolved, so it's a moving target. Given the virtual world, the criminals' modus operandi is to stay mobile, since they know that staying mobile reduces their exposure and risk.
Mobile and wireless technologies have dramatically improved skimming technology, for example. Once a criminal has affixed a skimming device to an ATM or point-of-sale terminal, he no longer needs to retrieve the device to collect the stolen data; thanks to wireless technology, he can collect it from the safety of his car in the parking lot.
Also, rather than clustering fraudulent purchases in one location, where a rise in flagged transactions might be obvious, they try to make their fraudulent transactions less obvious by driving around a fairly wide area.
Consequently, we continually adapt and improve our technology, sometimes on a daily basis, to develop new ways to identify and mitigate their new tactics. We stay abreast of new fraud tactics through industry organizations, law enforcement, industry fraud investigators and fraud and security technology companies, and we use all the tools and technologies at our disposal to better understand fraudster behavior and identify how and where they might strike next.
CSO: How important are your relationships with law enforcement?
Andews: If someone is a victim of fraud--counterfeit checks, forgery, identity theft--who do they call? They might call their bank or credit card company, but they also call law enforcement. And if they're going to make a case, law agencies know to notify us so they can subpoena evidence. If it goes the other way, where we detect fraud, we need to know who to call--who has the right venue and the right jurisdiction. It's important that we understand how we can quickly work through the process and get law-enforcement agents the information they need to get the fraudster stopped or identified.
[Also read ACH fraud: Why criminals love this con]
We develop and maintain relationships with every law-enforcement agency and division in this country, from Interpol down. And what we do affects everybody financially, even people who are not part of our portfolio. The same fraudsters could be operating across multiple stores and institutions, so it's important for us to be able to contact any field office in the United States to immediately begin working on a case.
When we have close relationships with law enforcement and understand the parameters they work within, we can make sure we deliver the evidence--the transactions, quality images and patterns of behavior--that they need in a nice, tightly wrapped package, so they can build a good strong case. Because we're familiar with the various state and federal statutes and the needs of the pertinent law-enforcement agencies, we know what information is required to prosecute and, following appropriate process, we can share information in a manner that suits their needs, thereby enhancing the efficiency of their investigations.
CSO: Do you ever get involved in cases beyond check fraud?
Andrews: Most often, the information we collect is used for financial fraud crimes. But there are times where our data is able to support investigations that are not purely financial crimes. There was a case in which a kidnapper had taken a child to another state, and we were able to assist law enforcement in identifying and apprehending the kidnapper.