5 Emerging New Fraud and Financial Crime Trends – Stories from the Front Lines
Fraud has a way of always staying one step ahead. Fraudsters are essentially the ultimate “early adopters”: not buying the newest tech but always willing to test out a new type of fraud or financial crime.
What are some of the newer frauds being played out in the due diligence and KYC spaces? As a public records industry expert who has spent the last 10 years working directly with customers using Thomson Reuters CLEAR, I’ve seen my share of fraud and suspicious activity. Below are a few examples that stand out.
1. Impersonating a company and the motivation behind it
Why would someone fraudulently claim to be the owner of a company? Answers can include setting up fraudulent accounts with merchant sites, payment software platforms, websites, or bank loans — to name a few. And of course, wanting to get government funds through the Paycheck Protection Program (PPP) or Economic Income Disaster Loans (EIDL).
I encountered a recent form of fraud involving a merchant attempting to set up accounts with fintechs and payment providers to be approved merchants. The person claiming to own the business does not verify having any connection to the business. Ironically, in each of the frauds encountered here, companies vetting the new “merchant” were adamant they provided tech solutions verifying the subject was legitimate and tied to the business.
2. Front business owners
Another type of fraud is when a company presents a “front” owner — someone who looks clean — and “hides” the true owner of the company; an egregious example comes to mind. A business owner running an online merchant site was vetted for Know Your Customer (KYC) by a payment provider.
CLEAR immediately flagged an unknown connection to a convicted narco-trafficker in the form of six shared addresses (including a current shared address) as well as two phones over a 15-year period. The hidden narco-trafficker found a front person for his business — one who would appear “clean” to businesses without technology.
3. Account takeover via duplicate card request and additional signors to accounts
Requesting a duplicate card or setting up another signor on a fraudulent account is an example of an “account takeover.” The fraudster has stolen all the subject’s data and has legitimate data to verify the account. However, the one piece the fraudster can’t verify is having the subject’s device. Both device and phone checks can verify the subject doesn’t match up to the personally identifiable information (PII) being presented.
Another way to stop similar types of fraud is to require a scan and verification of a state driver’s license; the scan confirms the document is tied to the subject. These types of step-up authentications make sense when riskier financial events are taking place.
4. Car loan bust outs
And of course, there’s the still-rampant synthetic identity fraud. For those unfamiliar with the term, synthetic identity is the process by which fraudsters create a fictitious identity using real and contrived personal information to defraud banks, retailers, government services, or individual consumers.
Unlike traditional identity theft, fraudsters do not assume the identity of an existing individual and run up debt on their behalf. Instead, they leverage gaps in various critical financial systems — such as the credit reporting system — or exploit lax KYC verification processes that enable the creation of synthetic identities. The fraudster will cultivate these identities by establishing and paying on small credit lines with the aim of eventually cashing out, which is also known as “busting out.”
Anecdotally, this fraud has played out in the car loan space — especially smaller car dealerships providing their in-house financing that lack the software to detect synthetics. I’ve encountered some creative fraudsters in this space. I recall a subject processed in CLEAR having 10 unique social security numbers (SSNs) and profiles. Another person had five SSNs and various addresses.
Software exists today to show the likelihood that PII will be manipulated; that software should be leveraged. At a minimum, it will provide insight on how to handle an account that looks synthetic.
5. Real estate money laundering
Money laundering finds many avenues and one of the easiest methods is purchasing real estate. In a recent study, $2.3 billion had been laundered in the last five years through real estate in the U.S.
This sum is tied to previously reported or adjudicated cases, meaning it doesn’t address the undetected amount. The biggest reason money laundering can go undetected stems from cash purchases made by shell companies with no insight into the “true” person(s) behind the transaction.
The Biden administration urges the Treasury Department to revoke regulatory exemptions for agents mandated to identify their “ultimate clients” or report suspicious activity, as required of banks and broker/dealers. Anonymous shell companies and complex corporate structures remain the most popular way to structure real estate — avoiding detection of the true owner.
We are still several years away from the Corporate Transparency Act, “set to take effect no later than January 1, 2023,” according to Carl A. Valenstein and Jose T. Robles, JR of Morgan Lewis and Bockius LLP. Its main goal is to expose the “true owners” behind shell corporations. Although we now have Geographic Targeting Orders (GTO) requiring title insurance companies to identify “true persons” behind shell companies, most markets in the U.S. have no such requirements.
These shell companies buy residential real estate for $300,000 or more with cash or virtual currency in certain big markets such as NYC, LA, Las Vegas, Miami, Dallas, Chicago, and Boston. Purchases made without title insurance — such as all-cash transactions — evade detection completely. Finally, brokers have no requirements to identify “true owners” of properties. Reviewing who is tied to recent, large real estate transactions reveals there are criminals who can be found.
The takeaway from these emerging trends is that fraudsters will always adapt to exploit the gaps in processes. The million-dollar question is, are you adapting your AML and KYC protocols at the same rate, or faster?