Bank fraud


Bank fraud is the use of potentially illegal means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently posing as a bank or other financial institution. In many instances, bank fraud is a criminal offence. While the specific elements of particular banking fraud laws vary depending on jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered a white-collar crime.

Types of bank fraud

Accounting fraud

In order to hide serious financial problems, some businesses have been known to use fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's assets, or state a profit when the company is operating at a loss. These tampered records are then used to seek investment in the company's bond or security issues or to make fraudulent loan applications in a final attempt to obtain more money to delay the inevitable collapse of an unprofitable or mismanaged firm.. Examples of accounting frauds: Enron and World Com and Ocala Funding. These companies "cooked the books" in order to appear as though they had profits each quarter, when in fact they were deeply in debt.

Demand draft fraud

fraud typically involves one or more corrupt bank employees. Firstly, such employees remove a few DD leaves or DD books from stock and write them like a regular DD. Since they are insiders, they know the coding and punching of a demand draft. Such fraudulent demand drafts are usually drawn payable at a distant city without debiting an account. The draft is cashed at the payable branch. The fraud is discovered only when the bank's head office does the branch-wise reconciliation, which normally take six months, by the time the money is gone
Remotely created check fraud
Remotely created checks are orders of payment created by the payee and authorized by the customer remotely, using a telephone or the internet by providing the required information including the MICR code from a valid check. They do not bear the signatures of the customers like ordinary cheques. Instead, they bear a legend statement "Authorized by Drawer". This type of instrument is usually used by credit card companies, utility companies, or telemarketers. The lack of signature makes them susceptible to fraud. The fraud is considered Demand Draft fraud in the US.

Uninsured deposits

A bank soliciting public deposits may be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. For instance, the unlicensed "Chase Trust Bank" of Washington D.C. appeared in 2002, bearing no affiliation to its seemingly apparent namesake; the real Chase Manhattan Bank is based in New York.
Accounting fraud has also been used to conceal other theft taking place within a company.

Bill discounting fraud

Essentially a confidence trick, a fraudster uses a company at their disposal to gain the bank's confidence, by posing as a genuine, profitable customer. To give the illusion of being a desired customer, the company regularly and repeatedly uses the bank to get payment from one or more of its customers. These payments are always made, as the customers in question are part of the fraud, actively paying any and all bills the bank attempts to collect. After the fraudster has gained the bank's trust, the company requests that the bank begin paying the company up front for bills it will collect from the customers later. Many banks will agree, but are not likely to go whole hog right away. So again, business continues as normal for the fraudulent company, its fraudulent customers, and the unwitting bank. As the bank grows more comfortable with the arrangement, it will trust the company more and more and be willing to give it larger and larger sums of money up front. Eventually, when the outstanding balance between the bank and the company is sufficiently large, the company and its customers disappear, taking the money the bank paid up front and leaving no-one to pay the bills issued by the bank.

Duplication or skimming of card information

This takes a number of forms, ranging from merchants copying clients' credit card numbers for use in later illegal activities or criminals using carbon copies from old mechanical card imprint machines to steal the info, to the use of tampered credit or debit card readers to copy the magnetic stripe from a payment card while a hidden camera captures the numbers on the face of the card.
Some fraudsters have attached fraudulent card stripe readers to publicly accessible ATMs, to gain unauthorised access to the contents of the magnetic stripe, as well as hidden cameras to illegally record users' authorisation codes. The data recorded by the cameras and fraudulent card stripe readers are subsequently used to produce duplicate cards that could then be used to make ATM withdrawals from the victims' accounts.

Cheque kiting

exploits a banking system known as "the float" wherein money is temporarily counted twice. When a cheque is deposited to an account at Bank X, the money is made available immediately in that account even though the corresponding amount of money is not immediately removed from the account at Bank Y at which the cheque is drawn. Thus both banks temporarily count the cheque amount as an asset until the cheque formally clears at Bank Y. The float serves a legitimate purpose in banking, but intentionally exploiting the float when funds at Bank Y are insufficient to cover the amount withdrawn from Bank X is a form of fraud.

Forged or fraudulent documents

Forged documents are often used to conceal other thefts; banks tend to count their money meticulously so every penny must be accounted for. A document claiming that a sum of money has been borrowed as a loan, withdrawn by an individual depositor or transferred or invested can therefore be valuable to someone who wishes to conceal the fact that the bank's money has in fact been stolen and is now gone.

Forgery and altered cheques

Fraudsters have altered cheques to change the name or the amount on the face of cheques, simple altering can change $100.00 into $100,000.00.
Instead of tampering with a real cheque, fraudsters may alternatively attempt to forge a depositor's signature on a blank cheque or even print their own cheques drawn on accounts owned by others, non-existent accounts, etc. They would subsequently cash the fraudulent cheque through another bank and withdraw the money before the banks realise that the cheque was a fraud.

Fraudulent loan applications

These take a number of forms varying from individuals using false information to hide a credit history filled with financial problems and unpaid loans to corporations using accounting fraud to overstate profits in order to make a risky loan appear to be a sound investment for the bank.

Fraudulent loans

One way to remove money from a bank is to take out a loan, which bankers are more than willing to encourage if they have good reason to believe that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank. This can also be seen as a component within mortgage fraud.

Empty ATM envelope deposits

A criminal overdraft can result due to the account holder making a worthless or misrepresented deposit at an automated teller machine in order to obtain more cash than present in the account or to prevent a check from being returned due to non-sufficient funds. United States banking law makes the first $100 immediately available and it may be possible for much more uncollected funds to be lost by the bank the following business day before this type of fraud is discovered. The crime could also be perpetrated against another person's account in an "account takeover" or with a counterfeit ATM card, or an account opened in another person's name as part of an identity theft scam. The emergence of ATM deposit technology that scans currency and checks without using an envelope may prevent this type of fraud in the future.

The fictitious 'bank inspector'

This is an old scam with a number of variants; the original scheme involved claiming to be a bank inspector, claiming that the bank suspects that one of its employees is stealing money and that to help catch the culprit the "bank inspector" needs the depositor to withdraw all of his or her money. At this point, the victim would be carrying a large amount of cash and can be targeted for the theft of these funds.
Other variants included claiming to be a prospective business partner with "the opportunity of a lifetime" then asking for access to cash "to prove that you trust me" or even claiming to be a new immigrant who carries all their money in cash for fear that the banks will steal it from them – if told by others that they keep their money in banks, they then ask the depositor to withdraw it to prove the bank hasn't stolen it.
Impersonation of officials has more recently become a way of stealing personal information for use in theft of identity frauds.

Identity theft or Impersonation

Identity theft has become an increasing problem; the scam operates by obtaining information about an individual, then using the information to apply for identity cards, accounts and credit in that person's name. Often little more than name, parents' name, date and place of birth are sufficient to obtain a birth certificate; each document obtained then is used as identification in order to obtain more identity documents. Government-issued standard identification numbers such as "social security numbers" are also valuable to the fraudster.
Information may be obtained from insiders, by fraudulent offers for employment or investments or by sending forged bank or taxation correspondence. Some fictitious tax forms which purported to have been sent by banks to clients in 2002 were:
The actual origin of these forms is neither the bank nor the taxman – they are sent by potential identity thieves and W-8888 doesn't exist, W-9095 is also fictitious and W-8BEN is real but may have been tampered to add intrusive additional questions. The original forms on which these fakes were based are intended to collect information for income tax on income from deposits and investment.
In some cases, a name/SIN pair is needed to impersonate a citizen while working as an illegal immigrant but often the identity thieves are using the bogus identity documents in the commission of other crimes or even to hide from prosecution for past crimes. The use of a stolen identity for other frauds such as gaining access to bank accounts, credit cards, loans and fraudulent social benefit or tax refund claims is not uncommon.
Unsurprisingly, the perpetrators of such fraud have been known to take out loans and disappear with the cash.

Money laundering

The term "money laundering" dates back to the days of Al Capone; Money laundering has since been used to describe any scheme by which the true origin of funds is hidden or concealed.
Money laundering is the process by which large amounts of illegally obtained money is given the appearance of having originated from a legitimate source.

Payment card fraud

is widespread as a means of stealing from banks, merchants and clients.

Booster cheques

A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in order to "bust out" or raise the amount of available credit on otherwise-legitimate credit cards. The amount of the cheque is credited to the card account by the bank as soon as the payment is made, even though the cheque has not yet cleared. Before the bad cheque is discovered, the perpetrator goes on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is reached. The original cheque then bounces, but by then it is already too late.

Stolen payment cards

Often, the first indication that a victim's wallet has been stolen is a phone call from a credit card issuer asking if the person has gone on a spending spree; the simplest form of this theft involves stealing the card itself and charging a number of high-ticket items to it in the first few minutes or hours before it is reported as stolen.
A variant of this is to copy just the credit card numbers in order to use the numbers in online frauds.

Phishing or Internet fraud

, also known as Internet fraud, operates by sending forged e-mail, impersonating an online bank, auction or payment site; the e-mail directs the user to a forged web site which is designed to look like the login to the legitimate site but which claims that the user must update personal info. The information thus stolen is then used in other frauds, such as theft of identity or online auction fraud.
A number of malicious "Trojan horse" programmes have also been used to snoop on Internet users while online, capturing keystrokes or confidential data in order to send it to outside sites.
Fake websites can trick you into downloading computer viruses that steal your personal information. Security messages are shown that tell you that you have viruses and need to download new software, by doing this you are tricked into downloading an actual virus.

Prime bank fraud

The "prime bank" operation which claims to offer an urgent, exclusive opportunity to cash in on the best-kept secret in the banking industry, guaranteed deposits in "prime banks", "constitutional banks", "bank notes and bank-issued debentures from top 500 world banks", "bank guarantees and standby letters of credit" which generate spectacular returns at no risk and are "endorsed by the World Bank" or various national governments and central bankers. However, these official-sounding phrases and more are the hallmark of the so-called "prime bank" fraud; they may sound great on paper, but the guaranteed offshore investment with the vague claims of an easy 100% monthly return are all fictitious financial instruments intended to defraud individuals.

Rogue traders

A rogue trader is a trader at a financial institution who engages in unauthorized trading to recoup the loss they incurred in earlier trades. Out of fear and desperation, they manipulate the internal controls to circumvent detection to buy more time.
Unfortunately, unauthorized trading activities invariably produce more losses due to time constraints; most rogue traders are discovered at an early stage with losses ranging from $1 million to $100 million, but a very few working out of institutions with extremely lax controls were not discovered until the loss had reached well over a billion dollars. The size of the loss is a reflection of the laxity in controls instituted at the firm and not the trader's greed. Contrary to the public perception, rogue traders do not have criminal intent to defraud their employer to enrich themselves; they are merely trying to recoup the loss to make their firm whole and salvage their employment.
Some of the largest unauthorized trading losses were discovered at Barings Bank, Daiwa Bank, Sumitomo Corporation, Allfirst Bank, Société Générale, UBS, and JPMorgan Chase.

Stolen checks

Fraudsters may seek access to facilities such as mailrooms, post offices, offices of a tax authority, a corporate payroll or a social or veterans' benefit office, which process cheques in large numbers. The fraudsters then may open bank accounts under assumed names and deposit the cheques, which they may first alter in order to appear legitimate, so that they can subsequently withdraw unauthorised funds.
Alternatively, forgers gain unauthorised access to blank chequebooks, and forge seemingly legitimate signatures on the cheques, also in order to illegally gain access to unauthorized funds.

Wire transfer fraud

Wire transfer networks such as the international SWIFT interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country.
There is a very high risk of fraud when dealing with unknown or uninsured institutions.
The risk is greatest when dealing with offshore or Internet banks, but not by any means limited to these institutions. There is an annual list of unlicensed banks on the US Treasury Department web site which is fifteen pages in length.
Also, a person may send a wire transfer from country to country. Since this takes a few days for the transfer to "clear" and be available to withdraw, the other person may still be able to withdraw the money from the other bank. A new teller or corrupt officer may approve the withdrawal since it is in pending status which then the other person cancels the wire transfer and the bank institution takes a monetary loss.

Banking fraud by country

Australia

The Commonwealth Fraud Control Framework outlines the preventions, detection, investigation and reporting obligations set by the Australian Government for fraud control. The framework includes three documents called The Fraud Rule, Fraud Policy and Fraud Guidance
The Fraud Rule is a legislative instrument binding all Commonwealth entities setting out the key requirements of fraud control.
The Fraud Policy is a government policy binding non-corporate Commonwealth entities setting out the procedural requirements for specific areas of fraud control such as investigations and reporting.
The Fraud Guidance preventing, detecting and dealing with fraud, supports best practice guidance for the Fraud Rule and Fraud Policy setting out the government's expectations for fraud control arrangements within all Commonwealth entities.
Other important acts and regulations in the Australian Government's fraud control framework include the:
A lawsuit concluded in 2012 in the city of Wenling, Jejiang province made news because the local court ordered the bank to fully reimburse a man who was the victim of card duplication.

United States

Under federal law, bank fraud in the United States is defined, and made illegal, primarily by the bank fraud statute in Title 18 of the U.S. Code. 18 U.S.C. § 1344 states:
State law may also criminalize the same, or similar acts.
The bank fraud statute was enacted by Congress in response to the Supreme Court's decision in Williams v. United States,, in which the Court held that check-kiting schemes did not constitute making false statements to financial institutions. Section 1344 has subsequently been bolstered by the Financial Institutions Reform, Recovery and Enforcement Act of 1989, Pub. L. No. 101-73, 103 Stat. 500.
The bank fraud statute federally criminalizes check-kiting, check forging, non-disclosure on loan applications, diversion of funds, unauthorized use of automated teller machines, credit card fraud, and other similar offenses. Section 1344 does not cover certain forms of money laundering, bribery, and passing bad checks. Other provisions cover these offenses.
The Supreme Court has embraced a broad interpretation of both of the numbered clauses within section 1344. The Supreme Court has held that the first clause only requires the prosecution to show that the crime involved accounts controlled by a bank; the prosecution need not show actual financial loss to the bank or intent to cause such loss. The Supreme Court has also held that the second clause does not require a showing of intent to defraud a financial institution.
In the United States, consumer liability for unauthorized electronic money transfers on debit cards is covered by Regulation-E of the Federal Deposit Insurance Corporation. The extent of consumer liability, as detailed in section 205.6, is determined by the speed with which the consumer notifies the bank. If the bank is notified within 2 business days, the consumer is liable for $50. Over two business days the consumer is liable for $500, and over 60 business days, the consumer liability is unlimited. In contrast, all major credit card companies have a zero liability policy, effectively eliminating consumer liability in the case of fraud.

Notable cases

Consumer bank accounts

Consumer bank accounts in the United States are protected under federal law. Banks have the option of performing fraud detection either in real time or once every 24 hours. Since personal accounts are the responsibility of the banks, fraud detection for personal accounts is usually done in real time.

Small business bank accounts

Although MasterCard and Visa both claim zero liability on their respective websites for small business accounts, in reality, each bank can choose whether or not they want to abide by the zero liability guarantee. If an account does not specifically say "Small Business Account", then it must be assumed that standard business account liability applies.
Even if the account says "Small Business Account", one must check with their bank to determine how much liability the bank assumes for that account.
Banks have the option of performing fraud detection either in real time or once every 24 hours. If a bank puts the liability of the small business account onto the customer, then it should be assumed that fraud detection is done once every 24 hours. If a bank assumes the liability for fraud on a small business account, then fraud detection could either be in real time or once every 24 hours. It is best to check with one's bank to determine how often fraud detection is done.

Business bank accounts

MasterCard and Visa do not provide liability protection for business accounts. Since fraud is the responsibility of the customer, and not the bank, one should assume that fraud detection is done once every 24 hours. One must check with their bank to determine whether or not a business account has real time fraud detection.