Why Dormant Financial Account Fraud Goes Undetected

dormant account fraud
Share Button

One of the most worrying kinds of fraud that financial institutions face today is related to dormant accounts. As background, accounts are classified as dormant when there is no financial activity for a long period of time (normally 12 or 18 months) and there is no communication with the account holder.

Because dormant accounts are almost unreachable by outside hackers, fraud in dormant accounts normally involves someone inside the financial institutions, and often a large sum of money. This kind of insider fraud is particularly disturbing.

How does the fraud take place?

The first step is that someone inside the bank purposely changes the status of the account from dormant to active. Though changing the status of dormant accounts needs to be documented, because it is an internal, non-financial transaction, it can go unnoticed if the proper paperwork isn’t filed as required. Once that’s done, the person within the bank makes an internal transfer to another account. The owner of the account receiving the funds is usually an accomplice, fully aware of the scheme and willing to play their part. The cashing phase of the fraud is completed when the accomplice and account holder makes a wire transfer to another bank, often located in another country.

Why does it go undetected?

The first, most obvious reason is that the dormant account holder has no contact with the bank and it can take years for them to realize that funds are missing. However, the bigger, more systemic reason is that banks don’t have enough controls and programs over internal transactions and non-financial actions. For instance, there are no flags raised when the status of an account is changed from dormant to active, and because money isn’t leaving the bank, internal transfers are not flagged for review.

In this case, the change in status and the internal transfer were precursors for the fraud to take place.

What can financial institutions do?

For starters, internal financial and non-financial activities need to be closely monitored. Banks have been relying on rule-based transaction monitoring for a very long time, but these systems are hardly effective. A rule-based monitoring system will flag every action if the rule is violated, creating a large volume of transactions that need to be monitored. Often times, managing a large number of alerts is a burden for financial institutions.

To combat this kind of fraud, banks must shift from a rule-based monitoring system to an intelligent, behavioral-based one. Intelligent transaction monitoring solutions have the ability to generate alerts that violate compound rules, including actions that don’t involve the transfer of funds.

As you have heard us say many times, fraud cannot be looked at in silos, and that’s the way many financial institutions operate today – as a result, mostly losing the battle against fraud. Things like internal transactions, dormant accounts, changes in account status, to name a few are monitored in a compartmentalized way, when, in reality, they have everything to do with each other. Fraud is never a one-step operation and FIs need to shift the way they protect their clients and brand from fraud if they want to remain in business.

 

Related Posts

Cyxtera Helps Global Bank Shut Down Malware Injection Attacks Cybercriminals are nothing if not persistent. A large financial institution with a global presence has been experiencing a series of sophisticated malware injection attacks – despite the steady failure rate, the cybercriminals behind the attack campaign continue to persist.
Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.

Leave a Reply

Your email address will not be published. Required fields are marked *