July 14, 2017
International Fraud Syndicates
The international transfer of funds is an essential tool for global organized crime. Fraud syndicates with links to Europe, North America, Asia and Australia have elaborate and complex fraud schemes that rely on sending funds across international borders.
Identity Theft for Tax Fraud
One such scheme that OFX has helped to uncover and reduce is multi-jurisdiction tax fraud. This involves the theft of personal information for the purposes of making fraudulent tax claims in multiple jurisdictions. It begins with a data breach, which, in turn, allows Fraud Syndicates to gain access to personal information such as a person’s name, address, age, gender and phone number.
The Fraud Syndicates carefully analyze illegally accessed data to select individuals who are eligible for tax refunds. Once selected, they create false identities using legitimate personal information. In some instances, Fraud Syndicates will use local syndicate members to establish a false identity who are carefully chosen to match the profile of the legitimate stolen identity. An example of this might be, John Smith, a male in his mid-thirties who grew up in the United States. The Fraud Syndicate would hand select a man of a matching background (Sam) to set up a false identity that is then used to open a fraudulent online bank account using John’s personal information for verification and identification purposes.
Once the fraudulent online bank account is set up, John’s legitimate personal information is used to process a fictitious tax refund, directing the refund to be paid into the fraudulent online bank account.
Meanwhile, the Fraud Syndicate has set up or established access to a recipient bank account in another country. The goal is to direct the defrauded tax refund through the fraudulent online bank account set up using John’s personal information and then send it internationally to the Fraud Syndicate’s account.
OFX vs. the Fraud Syndicate
In 2015, OFX was the target of Tax Fraud of the kind described above in a number of countries. The Fraud Syndicate, following the establishment of fraudulent bank accounts, used stolen personal information to register with OFX for an online foreign exchange account. The stolen identity was used to pass OFX’s ID verification processes.
OFX identified a customer registration in the name of an individual who stated they did not submit the application. Upon confirming the fraudulent account registration, OFX worked with ThreatMetrix to analyze the data and also liaised closely with a number of government agencies and financial institutions to uncover what had happened. The OFX Fraud Team was successful in identifying multiple fraudulent applications linked to the suspect account that the individual had identified.
How OFX Exposed the Fraud
ThreatMetrix has the world’s largest Digital Identity Network built on shared intelligence from over a billion transactions per month. With the help of ThreatMetrix, OFX conducted a thorough retrospective review of the establishment of the false account set-up and was able to go beyond the static, stolen credentials. By analyzing all dynamic information, including but not limited, to IP addresses; devices utilized to register the accounts; and the email addresses associated with these, ThreatMetrix was able to help OFX identify the digital identity of the Fraud Syndicate.
With adjustments to the OFX ThreatMetrix profile, the Fraud Syndicate needed to modify its modus operandi with the stolen personal information to attempt an account takeover. By leveraging information around links and associations from the ThreatMetrix Network, OFX was able to identify transactions coming from the Fraud Syndicate. This audit allowed OFX to help government agencies identify additional victims, and, as part of an industry working group, assisted in the identification of over 50 victims, returning approximately $1.75 million to the relevant government agency.
Ongoing Enhanced Identity Assessment
OFX continues to work with ThreatMetrix to combat the threat of fraud activity. Leveraging a substantial pool of information offered by ThreatMetrix, assists OFX to track devices and other digital attributes, regardless of channel, use case, location, presented credentials, or personal identifying information.
Since implementation, ThreatMetrix has helped OFX prevent fraud and continue to lead in the growing online FX industry by leveraging the following key capabilities:
- Deep connection analysis technologies gives OFX a clearer view of unusual transactions. Fraudsters often attempt to hide behind location and identity cloaking services such as hidden proxies, VPNs and the TOR browser. ThreatMetrix accurately detects the use of these technologies and, in the case of proxies and VPN, allows OFX to see the true IP address, geolocation and other attributes of each transaction.
- The Digital Identity Network analyzes billions of transactions, allowing OFX to access identifying attributes, characteristics and behaviors associated with new accounts.
- The ThreatMetrix layered approach validates the end user’s true digital identity through information related to devices, threats and persona (combination of device, history, transactions, email and other attributes), while its real-time decision analytics platform provides additional insights to differentiate trusted OFX customers from potential fraudsters.
“With the technology that ThreatMetrix has provided, OFX is able to more effectively detect, deter, prevent and investigate fraudulent and criminal activity attempting to go through the OFX platform.”
– Deb Wood