Keep the Lid on Wire Transfer Fraud
Cocheo, Steve, ABA Banking Journal
Wire transfer fraud defies easy statistical definition. No one-bank regulators, the Federal Bureau of Investigation, the insurance industry-keeps figures that clearly indicate the size of the problem. There are celebrated cases that make the papers periodically, plus rumors and anecdotes, but no hard numbers.
Despite the lack of hard data, the risks are there.
"When you look at places where money can leave a financial institution, money transfer risk is right at the top of the list, " says Deborah M. Jacob, senior vice-president and director of corporate security at Security Pacific Corp. "You can come in and rob a bank and get a few thousand dollars, but there are few places where a bank can lose so much as money transfer. "
"With wire transfers, frauds can basically transfer the whole bank through one transaction," echoes Stephen A. White, an electronic data processing review examiner based in the Washington office of FDIC. Sources of risk. Wire transfers depend on technology to take place, but overwhelmingly, qualified observers blame most wire fraud on people problems.
Often, according to Anthony Adamski, chief of the FBI's financial crimes unit, criminals who engineer wire frauds are either current bank employees or people who formerly worked in a bank and learned its security procedures.
"If you've got someone on the inside who's gone bad, you're had," says Robert Edwards, a security consultant. Edwards, president of Risks, Ltd., Keedysville, Md., says bankers watching for insiders often don't search broadly enough.
Many concern themselves solely with the wire room staff. Edwards thinks this is neither fair nor smart. He notes that a bank's audit department will "beat on the wire room staff for leaving the door unlocked" but will rarely criticize a lending officer or private banker for violating wire transfer procedures. Yet he says most wire problems that come to his finn's attention begin among bank officers.
Edwards says a common scenario is for a fraud artist to call an officer and ask for a wire transfer. Alternatively, the fraud may fax instructions to the officer. Edwards says the officer will often put through the transfer based solely on his belief that he recognized the customer's voice or on verification of the signature contained on the fax.
It's odd, Edwards continues, that a loan of, say, $50,000 typically takes two signatures to put through. By contrast, he continues, a $50,000 wire transfer takes only one.
It's also ridiculous to execute transfers solely based on faxed instructions, he says, because "a fax is a photocopier with a phone line attached. " There is no reason to assume that faxed instructions are legitimate. (See ABA BJ, June 1990, p. 52.)
Even if Audit did go after careless officers, this assumes only that the officer involved hasn't employed security procedures. It doesn't address the possibility that the officer may be involved in a fraud, according to Edwards.
Cost of carelessness. There are other risks. In some cases, an outsider may coerce a bank insider to cooperate in a fraud. These outsiders, says the FBI's Adamski, will prey on "any number of human frailties. "
The wire operation may have its own set of frailties, according to what FDIC's Steve White has observed. Some smaller banks, for example, don't require employees to call back parties representing themselves as customer employees. Doing so would verify that a legitimate transfer is being requested.
Some banks, White says, don't even have procedures for verifying that the employee calling the bank is authorized to order transfers-even if the person really works for the customer.
Part of the industry's problem, says White, is that wire transfers have become so routine that they are treated routinely-until something goes wrong. Nor are customers innocent, he says. White points out that they sometimes complain that a bank's security procedures make wire transfers too time-consuming. …