Wonder

Log in

Research Outline

Prepared for Ryan G. | Delivered March 13, 2020

Falsified/Inaccurate Financial Documentation

Goals

To find information on the severity and impact of forged/photoshopped documents such as pay stubs, bank statements, utility bills, W2's and other tax documents used for the verification of income, identity, and assets on the financial services industry and online marketplaces KYC account opening process.

Early Findings

  • A study of insider fraud cases funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and conducted by the CERT® Insider Threat Center, the U.S. Secret Service (USSS), the U.S. Department of the Treasury, and the U.S. financial services sector examined insider and outsider computer fraud activities in the financial services sector in order to assist security professionals in the prevention, detection, and management of malicious insider risk and activity.
  • The study found that non-technical staff are most likely to engage in fraudulent activity in the banking and finance industry. For example, if fictitious vendors are included in a payroll system, it is far less likely that the fraud is perpetrated by a database administrator who hacked into the payroll and has authorized access to the system.
  • In the study, 71% of insiders who engaged in fraudulent activity had some kind of authorized access or non-technical bypass of authorized processes. Of the 57 cases analyzed, 52 involved insiders using some kind of previously authorized access to carry out the fraud.
  • Of the insiders who committed fraud and whose position was identified (e.g., teller, teller manager, vice-president), 51% were managers, vice presidents, supervisors, or bank officers. The remaining 49% were not in management positions but they were very trusted staff.
  • The study discovered that personally identifiable information (PII) is a major target of people who committed fraud. Cases involving PII theft were similar to cash drawer theft. The main difference was that individuals who engage in PII fraud attacked information systems rather than cash drawers and that PII was the valuable commodity.
  • Given the huge market for stolen user ID and account details that can be used to configure a credit card or ATM card for immediate use, PII is only a slightly less liquid asset compared to cash.
  • Online marketplaces and ecommerce sites are becoming increasingly popular. But they can be major targets for scams. Both sellers and buyers can become victims of fraudulent practices.