Does “sleeper fraud” lurk in your bank?
Confusing it with credit trouble may negate recovery—and worse
- |
- Written by Linda Straub Jones, Lexis Nexis
Nightmares, not pleasant dreams, await banks that don't catch up to "sleeper fraud."
There’s a problem with a segment of a credit card portfolio in the Collections Receivable area of your bank—and yet it may have nothing to do with credit issues.
Your collection department pegs an incoming account as an early-stage delinquent—the phone number has been disconnected; the address is undeliverable; or, if a payment was made a month or two ago, payments have started coming back as returned payments.
Someone in your collection group realized that this is an account holder who has been a good customer, perhaps for years—then all of a sudden, the balance in this account went from zero to the maximum credit limit.
So your group starts addressing this account as a “skip.” They cannot identify your contact as a card member, so they start working on it as a collections issue. The account gets diverted to a skip tracing unit, where people are responsible for identifying some point of contact for this type of cardholder.
Months go by. At some point the account is written off as bad debt.
In all likelihood, the problem has been misdiagnosed.
What is sleeper fraud?
In the scenario above, there are red flags indicating fraud:
• There have been changes to the account—changes of address and phone number that weren’t reported by the account holder.
• A credit card account in good standing, with a low or zero balance—maybe one that this customer has had for years—is suddenly maxed out. Before this happened, the card might have been inactive for a long time, months or even years.
The trouble is that to the financial institution, this sudden account activity is often undetectable as fraud—it lurks in the shadows, a different type of crime than banks are typically watching for.
And worse, the criminals responsible for these acts—whom we are calling “sleepers”—are often connected to international rings that may be funding terrorism. So, making the connection to the “sleeper cells” of the espionage world, we’ve dubbed this “sleeper fraud.”
Because the collections departments of financial institutions can’t categorize these accounts as fraudulent, there is a major financial impact to card issuers. Their collections team will be looking at this delinquent account, and ultimately it will become a “straight”—an account that goes from a current status all the way through the aging process without a single contact with the account holder, and is then written off.
What we’re seeing is that right now, 45% of these chargeoffs could be misclassified as deadbeats when in reality, they’re fraud.
Two methodologies for crooks
Sleeper fraud can be defined in two ways.
Sleeper fraud type 1. An account is opened at an early stage of the sleeper’s cycle. It may operate in a normal manner for months or even years, with no unusual transaction volume, and maintained in a current status, with regular payments. Because the fraudster has built a positive account relationship, traditional performance scores on the account may lead to increased credit lines and offers of pre-approved credit products.
Then, at some point, the fraudulent account is activated—in addition to a credit card, this may include a checking account or other direct deposit accounts.
In this type of fraud, the sleeper may act independently—but more often is connected to a sophisticated network.
Sleeper fraud type 2. In the second type of sleeper fraud, these networks might steal or purchase information related to a “real” cardholder with a history of responsible account management.
With Yahoo’s recent disclosure that there were additional, hitherto unreported account breaches in 2013 and 2014, it’s easy to understand where these crime rings obtain this type of information.
Sophisticated, state-sponsored fraud rings sell compromised data on the black market. In many cases not only do they get a name, email, and address, but also a phone number, a social security number, and possibly passwords.
They are then able to manipulate this consumer information to enable fraudulent purchases, while disallowing the lender (and collections, specifically) from making contact with the original account holder in an attempt to reconcile the account.
How severe is the problem?
We’ve studied sleeper fraud, producing a report, Waking Up From The Sleeper Fraud Nightmare. Last year alone there was a projected loss of $28.5 billion. Over the last five years, such data theft is estimated to be worth $114 billion—more than enough to underwrite the Department of Education’s entire budget of $70 billion.
In essence, in five years sleeper fraud has taken the equivalent of almost two years’ worth of education funding in the U.S. Or, looking at it from another angle, money stolen in bank robberies in 2010 totaled $43 million, according to the FBI—not even 0.15% of the losses from sleeper fraud this year.
It’s important to classify sleeper account takeovers as fraud, rather than as chargeoffs, for a number of reasons—combatting international terrorism-linked financial crime and financial losses to banks and their customers foremost among them.
Some financial institutions have already begun taking measures to address and combat sleeper fraud, but as the name implies, it’s been slow to come to the attention of most. First, lenders that have lost funds directly from the attacks have zero chance of any return on investment. In addition, bank reserves need to be sky-high to cover the losses.
Thus this type of crime is working to undermine the system on a much deeper level than simply putting stolen money into a thief’s pocket. Let’s say that for a large financial institution, fraud losses total $1 billion—that’s a billion dollars that can’t be put back into lines of business, such as mortgages.
Solutions begin in awareness
Banks have grown very good at stopping the bad guys at the front door, on in-person and online applications. This has been their focus for the last 25 years.
Now they’re dealing with crimes of a much more sophisticated and indirect nature. Here we’re describing good accounts that have been on the books for awhile, that, unbeknownst to either the cardholder or the bank, are hit by an organized group that has spent a lot of time and money compiling information on consumers so that they can use these accounts.
It’s time to pay heed to real nature of these losses and identify them for what they really are.
About the author
Linda Straub Jones is Director of Market Planning—Compliance, LexisNexis Risk Solutions, She can be reached at [email protected]
Tagged under Compliance, Risk Management, BSA/AML, Cyberfraud/ID Theft, Feature, Feature3,
