Phishing: An alternative role for banks

In search of an administrative solution
Tracy Kitten addresses in The Fraud blog the problem of money mules. Her article gives a good overview of e-fraud and phishing. She comes to the conclusion that tracking the money flow, either through the accounts of money mules or perhaps even through physical transport, is the challenge for 2011 and beyond. I totally agree, but also would like to raise some questions. Why?

Banks as victims, banks as facilitators
Banks are often seen as the victims of cyber fraud, although it is their customers’ accounts that are emptied. It may be true that banks restore the money, but also that is paid by the customers in the end. What banks do stand to lose is reputation. On the other hand, banks also play a major role in transferring the stolen money into other accounts. This means that they have, or could have, information on how and where the money was transferred to, by whom and to whom. In what way could banks assist each other, and their customers in making their systems safer? In which way can they ensure that the registration of their customers is bettered? And in which way can they assist law enforcement to catch more criminals?

Money mules as part of an eco system
Catching money mules is an art the police is getting better at, as records show. How ever, in a lot of cases these people are desperate characters in need of a fast buck or worse, just duped. Who are other people in the eco system? Behind them there is are persons recruiting the money mules on behalf of cyber criminals often in another country. In front is the cyber gang reaping the profits. It is especially with the last category that LEAs tend to be bothered by cross-border jurisdictional problems, but where banks could actually come to the rescue.

Are administrative measures a possible solution?
The cyber criminals need outlets to cash their money. This can be done in a number of ways, but there has to be an account somewhere connected to some kind of card. This is a* main spot in which the weak underbelly of the cyber gang reveals itself to the world, where the underworld has to surface in the real one. What are the chances here for banks, credit card companies and international money transfer organisations, whether digital or with offices, to make use of this soft spot? What are the possibilities to assist in stopping cyber crimes like phishing? It could be in more accurate information.

Economically the financial industries’ argument that the cost of cyber crime does not weigh against the cost of draconian protection measures may be sound. Some customers may remain easy victims, as a whole the system can still be secure enough, for now. This does however not deal with the reputation angle, nor with the trust end users have or lose in the system as a whole. The big difference may be made by putting in place sound administrative measures, which may not be so expensive. Better information on customers at financial organisations stands for a higher entrance level for criminals as well as for better intelligence for LEAs when they start a case. This could well be one of the missing puzzle pieces we are looking for in fighting cyber crime (and many other crimes for that reason). Knowing who your customer is, may just go a long way.

If the world discusses cyber security strategies, financial institutions can play a part also.

* Others are domain names, IP addresses, hosting, etc. Over these examples banks do not have influence.

Wout de Natris

Leiderdorp, 3 February 2011


About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber arrests, Cyber crime, Cyber crime data or the absence of it, Cyber crime reporting, International cooperation: cross border aspects and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s