An April 2019 report from SWIFT, the global financial messaging service provider, reveals that 83% of investigated fraudulent transactions in the last two years were paid out through banks in South East Asia.
Fraudsters, hackers and other cybercriminals are increasingly using beneficiary accounts (also known as “money mules”) to move the proceeds of crime around and eventually withdraw it from the financial system. Mule accounts can be accounts opened under false or stolen identities, but increasingly, they belong to legitimate customers who give criminals access to their accounts, usually in exchange for money – for example, international students who sell their bank accounts to criminals when they depart a country.
According to the UK’s fraud prevention service, Cifas, the number of under-21s acting as money mules has increased 26% since 2017.
What does this mean for financial institutions?
“KYC” means more than knowing the person who opened the account. It’s crucial that you monitor accounts for suspicious transactions and activity. You also need to ensure you stay up to date with trends in money laundering and cybercrime so that you know what your systems should be looking for.
In February 2016, hackers infamously used fraudulent orders to steal USD $81 million from Bangladesh Bank via the SWIFT payments system. Since then, cybersecurity professionals around the world have been working to close vulnerabilities and standardise data breach response protocols in order to prevent future attacks. But trying to stay ahead of malicious actors is a constant challenge due to their persistence and their willingness to adapt and change tactics.
The SWIFT report noted an increase in the usage of EUR and GBP in fraudulent transactions since the 2016 Bangladesh Bank cyber heist. USD remains the currency most commonly associated with fraudulent transactions (70% of investigated transactions), being the currency used in the majority of all cross-border transactions.
Value of transactions
SWIFT also noted a decrease in the average value of individual fraudulent transactions, from USD$10 million to a range between $2 million and $250,000, because fraudsters are trying to fly under the radar and avoid triggering anomaly detection systems. However, where fraudsters used existing payment corridors, the transaction amounts tended to be much larger than the average amounts sent over them in the 24 prior months.
The attack on Bangladesh Bank occurred in the evening prior to a series of non-working days in the various countries involved in the payment flows, in order to maximise the window before the fraudulent transactions were detected. However, more recently, attackers have started to issue fraudulent payments during working hours on business days. Cashing-out of these payments often occurs within a matter of hours.
The Kaspersky Security Analyst Summit held earlier in April in Singapore featured presentations on new types of payment system scams targeting ATM networks and digital authentication checks. These scams are a step up from “jackpotting”, which is where criminals would install malware on individual ATMs to make them spit out money.
Are you and your staff up-to-date on the latest trends in Fraud, Cybersecurity and Anti-Money Laundering? Contact GRC Solutions today for more information on our online compliance training modules.