All posts by Jeramie Driessen

Every few months we hear in the news about a fraud ring that has been busted here in the U.S. or in another part of the world. In May, I read about a fraud ring based in Georgia and Louisiana that bought 13,000 stolen identities of children who were on the Louisiana Medicaid program and billed the government for services not rendered. This group defrauded the Medicaid program of more than $500,000.   This is just one of many stories that we hear about fraud rings, and given the rapidly changing economic environment, now is the time for businesses to think about how to protect against fraud rings. There are a number of challenges that organizations may have when it comes to sharing trends and collaborations, understanding the ways to tie fraud rings together, creating treatments for identifying fraud rings and ways to store and catalogue fraud ring experiences so they can be easily recognized.   The trouble with identifying fraud rings   It’s important to understand the challenges that organizations have because they see the fraud rings through their own internal lens. Here are a few of the top things businesses should work on:   Think like a fraudster. This will help businesses become more creative in their approach to fraud prevention. Facilitate internal collaboration. Share with in-organization partners. Sometimes this can be difficult due to organizational structure. Promote external collaboration. Intel-sharing groups are a great way for businesses to network within their industries and learn about the fraud that others are seeing. An organization that I’ve worked with in the past is the National Cyber Forensic and Training Alliance (NCFTA).   Putting the pieces together   How do businesses identify a fraud ring? There are three steps to get started. The first is reviewing and understanding the data. Fraudsters are lazy and want to replicate the process over and over again, and because of this there is always some piece of information that is repeated. It could be a name, an email address, device fingerprint, or similar.   The second step is tying the fraud ring together. This is done by creating rules to help identify the trends. Having rules in place to identify fraud rings allows businesses to easily pull stats together for their leadership.   Lastly, applying an acronym or name to the particular fraud ring and adding comments to the cases associated with a particular ring will help with post-investigation analysis.   Learning from the past   Before I became a consultant, I remember identifying a fraud ring that was submitting events with the same language pack and where the device fingerprint was staying consistent. Those events were being referred out for review and marked with the same note. At a post-mortem review, I was able to talk to the fraud ring we had seen, and it was easy to pull all events associated with this fraud ring because my team had marked the events with the same comments.   Another fraud ring example happened a few years ago. A client called me and said that they were under a fraud attack and this fraud ring was rotating the email handle. I reviewed the data and came up with a rule to catch this activity. Fraud rings will use email handle rotation to help them keep track of accounts that are opened or what emails they used in the past. By coupling the email handle rotation with an email verification service like Emailage, this insight could be very telling. I would assume that when fraud rings use email handle rotation these emails are new and have just been created.   These are just a few of the many fraud rings that I’ve encountered over the course of my career and I’m sure there will be a lot more in the years to come. The best advice I can give to anyone that reads this post is to understand the data that you are reviewing, look for anomalies within the data, ask questions and test your theories by running queries on the data that you’re reviewing. I would love to hear about the different fraud rings that you’ve encountered over your career.   Stay safe.   Contact us

Digital channels undoubtedly create convenient experiences for consumers. We have the luxury of applying for loans or creating investment accounts from the comfort of home. However, the same opportunities are available to fraudsters. Fraudsters continue to find creative and innovative ways to expose vulnerabilities across all types of businesses. They prey on inexperienced or low-bandwidth teams that have not invested in the appropriate fraud tools in the past. Despite the imminent fraud risk involved, both consumers and businesses continue to embrace digital channels. With 90 percent of consumers worldwide conducting personal banking online, how do we protect these digital platforms with finite resources? A leading digital financial services company was forced to address this question when they experienced a large-scale fraud attack. But they weren’t in this fight alone. Download the full case study to see how our risk analyst used FraudNet to prevent millions of dollars in fraudulent funding. Client: A leading digital financial services company that operates with zero in-person branches with more than 7,000 employees Challenge/Objective: In October 2018, fraudsters deployed a large-scale, scripted attack against a North American financial services company. The fraud team was extremely understaffed. The fraud team was unable to detect and respond to the attack quickly. The fraudulent account opening activities eventually blended into account takeovers. Resolution: Our risk analyst worked quickly to analyze the geolocation, velocity and device rules firing within FraudNet for Account Opening. By having these rules in place, FraudNet was able to flag and outsort thousands of suspicious applications. Despite being a small team, the fraud investigators were able to work efficiently within the FraudNet workbench and review the true, high-risk applications. Results: Thanks to our risk analyst’s quick remediation and the FraudNet proprietary device rules: 23,800 fraudulent applications were outsorted for review. An estimated $35.7 million in fraudulent funding was prevented.   However, the fight against fraud is ongoing. Our risk analyst continues to work closely with the fraud team to develop an effective strategy to prepare against future attacks.