I would like you to think about threat of fraud which can be consequence of action of organized criminal groups: skimming, phishing, creating "mule" accounts and what is the most frequent cause of fraud - being thoughtless.
Please read an article about fraud prevention by financial institutions with usage of "Red Flags Rule".
http://www.business.ftc.gov/documents/bus23-fighting-identity-theft-red-flags-rule-how-guide-business
Think of following situations and finish sentences:
Imagine that you are looking for a job. You reply to an offer that you had received on your mailbox. You send CV with your adress, e-mail, date of birth, but they want you to give more details. Potential work is supposed to be well-paid so you instantly share with your bank account and sensitive data. Futhermore, in CV there is your photo.
Few weeks later you find out that ....
Suppose that you got this job. In your responsibilities is to work from home using your own bank account. You "only" have to immidiately transfer money that you have received to other account. Your salary is a percentage from transferred amount.
The next day after first transaction somebody is knocking to your door ....
You want to take money from ATM. The machine looks somehow strange cause it is little scratched and the keyboard is like protruding. You are in shopping center so you think that nothing could happen to this machine, there is always a lot of people and for sure are cameras. You take the money.
You've been a victim of ....
Have you ever lost your wallet? Did you block ID's number in your bank even if the wallet was returned to you the next day?
What can happen is ....
Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds? Do you see other mechanisms that can work?
....
1// of course not. because fraudsters use a lot of technical for pirate your cards. for example Reading the card implies alteration with an ATM by placing an additional card reader on the ATM card reader. Together with a hidden camera, it provides fraudsters details of your card and your PIN.
ReplyDeleteI never been victim for this kind of criminal, because I like the cash money and rare when, I use my cards.
2// I never lost my wallet, but only after I blocked my credit card number, because in one week I did three international transfer with my card.
ReplyDeleteThese transfers were from country of South America, am I right? Neither these countries nor USA have the liability shift.
Delete3// "Red Flag Rule" is one from other system used by institutions to manage with frauds.
ReplyDeletefor example on every time you use the ATM, the system send to you a new password in your phone for you can finish the transaction.
Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds? Do you see other mechanisms that can work?
ReplyDeleteWell there are other systems for detecting and preventing frauds. One of them use even neural networks but unfortunately I am not familiar enough with that solution. There are at least four commercial software in market and in my opinion lot of financial institutions will introduce such mechanism.
Have you ever lost your wallet?
I had a blessing in disguise that nothing happens. Banks did their job but acquiring documents like ID or Driving license ware tremendous.
Well, I have never met with such solution (neural networks) in financial institutions. It is hard to implement this in workflow so I believe it would cost a lot of money. Have you seen neural network in any bank?
Delete1. Few weeks later you find out that for example I took out a short-term loan from a bank.
ReplyDelete2. The next day after first transaction somebody is knocking to your door because I was accused of money laundering.
3. You've been a victim of crime called skimming or phishing which is that somebody copied data from ATM card, PIN to debit for example.
4. Have you ever lost your wallet? Did you block ID's number in your bank even if the wallet was returned to you the next day?
I lost my ATM card many times. Usually, when something like this happens I block ATM cards. I don`t wait till somebody turns it back.
Q: Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds? Do you see other mechanisms that can work?
ReplyDeleteIntroduction:
Before I answer the question I`d like discuss the Red Flag idea in order to understand the meaning of the whole paper. Having read the article I understand that Red Flag is a kind of suspicious activities, practices that might indicate possibilities of identity theft? All in all if somebody wants to many personal details inapplicable to the situation or If somebody identity papers look suspiciously we can say about Red Flags? Joanna, do I think correctly?
You are right, Red Flag Rule is one of the steps in anti-fraud workflow. If there is suspicious incident the system warns about it. We have may kinds of incidents, f.e. suspiciously identity papers or person with the same phone number have had stolen money before from other bank, etc.
Delete1. Few weeks later you find out that you have been a victim of a job scam. The advertisement has been fake but very attractive and for that reason you have paid “interview fee”. Money if gone of course and you cannot contact the person from the mail anymore.
ReplyDelete2. The next day after first transaction somebody is knocking to your door and you see the police officers telling you that they run an investigation related to money laundering. You have been identified as a part of the chain in this process.
3. You've been a victim of skimming, i.e. your card has been copied together with PIN. Within a few hours there will be a series of transactions in the other part of the world trying to empty your account.
4. Have you ever lost your wallet? Did you block ID's number in your bank even if the wallet was returned to you the next day?
Personally, I have never lost my wallet but have been in situations when I thought that I had done so. In these situations never blocked my cards though.
What can happen is that you might become a victim of identity theft with all its consequences.
Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds? Do you see other mechanisms that can work?
The “Red Flag Rule” is a general framework and guidelines for identify theft detection. It leaves the implementation method unspecified which makes it flexible. One the other hand, the requirement is to base it on the rules already identified for theft detection.
The other approach is to design a machine learning system which detects the probability of identity theft based on the existing data. With this approach we wouldn't be able to point out why exactly we suspect the crime in the particular situation and that might not be acceptable for regulators.
1. Actually I was thinking about the situation that somebody has shared data needed to create false identity. Do you know what could happen then?
DeleteQ: Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds?
ReplyDeleteAnswer:
Frankly speaking I am not familiar with fraud detection field but I think there are many of them. For example I googled Fraud Detection System SM from Fiserv. It is a "web-based security solution to analyse suspicious behaviour and reports suspicious activity before it escalates into fraud, identity theft or other crimes".
You can see it at https://www.fiserv.com/customer-channel-management/online-banking/fraud-detection-system.aspx.
Another example is Lynx - Fraud Detection System which can effectively detect in real time fraud in payment systems (ATM, internet banking, telephone
banking, branch office, etc.). Linx is created by the Institute of Knowledge Engineering (Madrit, Spain). You can read about it here http://www.iic.uam.es/pdf/En_Lynx.pdf. Joanna, is it an answer you expected?
This comment has been removed by the author.
ReplyDelete1.Few weeks later you find out that someone took out short-term loan on my personal data.
ReplyDelete2.The next day after first transaction somebody is knocking to your door it was the police and arrested me on suspicion of money laundering
3.You've been a victim of crime called skimming which is that somebody copied data from ATM card
4. Have you ever lost your wallet? Did you block ID's number in your bank even if the wallet was returned to you the next day?
Yes it happened to me a few times and always as soon as I realized that I lost my cards I was blocked them without waiting for that someone will return it to me.
Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds? Do you see other mechanisms that can work?
I do not think that it is the only system which institutions use to detect fraud. I'm think that there are also other ways to fight with the cheaters but there are secret and we don't no about them.
In my opinion the best way is to just be careful of to whom says what and what data is given in terms of money always we have to think twice
Yes, the way of handling with fraudsters is the secret of any one institution. But if you think about it, can you see any statistical/analitycal/econemetrical method?
Delete1. Few weeks later you find out that your identity was stolen and used illegaly.
ReplyDelete2. The next day after first transaction somebody is knocking to your door because you were unknowingly involved in money laundering.
3. You've been a victim of card skimming and fraud.
4. It's probably better to block them anyway even if it's a hassle to do it.
5. Why not Bitcoin? :) Then you're your own bank and you have everything under your own control for the good and the bad.
But seriously identity theft and fraud detection is a difficult task. I'm sure all the banks have their own mechanisms in place and it's best to keep them secret otherwise you're inviting people to find ways around them. In addition to that, there are so called KYC (Know Your Customer) laws that require businesses to verify who they're dealing with to prevent identity theft and other crimes. The government is involved in overseeing financial institutions and they have the power to impose regulations, give out recommendations to follow and issue licenses. The Reg Flag Rule is one of such regulations mandated by law and enforced in the US.
I googled what is Bitcoin becuse I have never heard about this. I'm curious if you have/use it?
DeleteNo, but I'm interested to see how it develops, even though at the same time I think it will ultimately fail.
DeleteThis comment has been removed by the author.
ReplyDeleteFew weeks later you find out that somebody made a massive withdrawal from my account or took a big debt using a faked ID containing my data.
ReplyDelete…
The next day after first transaction somebody is knocking to your door. It is police, with handcuffs, charging me with laundring money.
…
You've been a victim of a possible theft of mine secret data (credit card number, it’s chip identification and my PIN) that allows other to withdraw money from my account.
…
What can happen is stealing my identity and faking my ID, that could led to taking debt or performing malicious actions in my name.
…
“Red Flag Rule” is a process introduced within the organization. What could also work is introducing system that is “inter” organizational that is a database of events for recognition of potential frauds.
Thank you for comment, your idea of intercompany fraud database began to develop two/three years ago despite the cooperation between institutions lasts much longer.
DeleteThis comment has been removed by the author.
ReplyDeleteQ:/> Do you think that "Red Flag Rule" is the only system used by institutions to manage with frauds?
ReplyDeleteA:/> No. (But) This is a critical subject since we wouldn't wish our user experience is butchered because of some other 'Black Flag Rules'. This is the place where 'Apple Pay' (or something similar?) comes as an option. Sorry for not giving a reference link but recently NSA or FBI director was targeting Apple by saying something like 'Hey, a simple user doesn't need all those security measures..' Yet Russia* pays over 30 millions USD to the person(s) who can hack IPhone. (*related)
IMHO Apple is a nice example for a great user experience and personal data security (unless someone steal your ICloud passport though* ) *recent celebrity photos incident etc.
Q:/> Do you see other mechanisms that can work?
Hard to say anything specific but my 5 cents would be on bio chips.
Thank you for presenting and sharing the article.
ReplyDeleteI'll try to fill in the gaps:
1. Few weeks later you find out that ... you got the job! :) (ok, probably that your bank account balance reached zero).
2. The next day after first transaction somebody is knocking to your door ... and you get arrested and charged with money laundering.
3. You've been a victim of ... skimming.
4. What can happen is ... they used your card and cleared your bank account. This is especially easy with those cards that don't require pin code for purchase under a certain credit limit (PayPass).I've never lost my credit card yet, probably because I have it for only around 3 years, but I am prepared for such occurrence and will not hesitate to block it even if it was missing for a couple of hours.
As for "Red Flag Rule", I agree with most of the people that already commented. It is not enough but hopefully as Robert mentioned there are alternatives that can add to the security.