Why Dormant Financial Account Fraud Goes Undetected

dormant account fraud
Share Button

One of the most worrying kinds of fraud that financial institutions face today is related to dormant accounts. As background, accounts are classified as dormant when there is no financial activity for a long period of time (normally 12 or 18 months) and there is no communication with the account holder.

Because dormant accounts are almost unreachable by outside hackers, fraud in dormant accounts normally involves someone inside the financial institutions, and often a large sum of money. This kind of insider fraud is particularly disturbing.

How does the fraud take place?

The first step is that someone inside the bank purposely changes the status of the account from dormant to active. Though changing the status of dormant accounts needs to be documented, because it is an internal, non-financial transaction, it can go unnoticed if the proper paperwork isn’t filed as required. Once that’s done, the person within the bank makes an internal transfer to another account. The owner of the account receiving the funds is usually an accomplice, fully aware of the scheme and willing to play their part. The cashing phase of the fraud is completed when the accomplice and account holder makes a wire transfer to another bank, often located in another country.

Why does it go undetected?

The first, most obvious reason is that the dormant account holder has no contact with the bank and it can take years for them to realize that funds are missing. However, the bigger, more systemic reason is that banks don’t have enough controls and programs over internal transactions and non-financial actions. For instance, there are no flags raised when the status of an account is changed from dormant to active, and because money isn’t leaving the bank, internal transfers are not flagged for review.

In this case, the change in status and the internal transfer were precursors for the fraud to take place.

What can financial institutions do?

For starters, internal financial and non-financial activities need to be closely monitored. Banks have been relying on rule-based transaction monitoring for a very long time, but these systems are hardly effective. A rule-based monitoring system will flag every action if the rule is violated, creating a large volume of transactions that need to be monitored. Often times, managing a large number of alerts is a burden for financial institutions.

To combat this kind of fraud, banks must shift from a rule-based monitoring system to an intelligent, behavioral-based one. Intelligent transaction monitoring solutions have the ability to generate alerts that violate compound rules, including actions that don’t involve the transfer of funds.

As you have heard us say many times, fraud cannot be looked at in silos, and that’s the way many financial institutions operate today – as a result, mostly losing the battle against fraud. Things like internal transactions, dormant accounts, changes in account status, to name a few are monitored in a compartmentalized way, when, in reality, they have everything to do with each other. Fraud is never a one-step operation and FIs need to shift the way they protect their clients and brand from fraud if they want to remain in business.


Related Posts

Case Study: Transaction Security for a Non-Digital Organization In an increasingly digital age, both attacks and security are also increasingly digital. However, what about institutions that cannot digitize their transactions?
Customer Success Story: How Scanning the Dark Web Has Changed Elements Financial’s Security Scanning the dark web for stolen credentials isn’t necessarily on the radar of every financial institution – but it should be.

Leave a Reply

Your email address will not be published. Required fields are marked *