Category: The Authorities

December 12, 2018

New Banking Code on Fraud

Authorised Push Payment (APP) fraud is where a fraudster convinces the victim to transfer money to them, usually under the guise of an authority, the victim’s bank or a supplier. Once transferred, the money is likely to be transferred again and then difficult if not impossible to retrieve.

Traditionally the banks have treated these frauds as being the victims own fault and normally refuse to provide reimbursement. However many of these frauds are very sophisticated and difficult for the victim to know they are being defrauded until it is too late.

Also, the banks practice of simply following instructions and sending money to anyone at any account without any checks means they do little to prevent these frauds and often act too late after they are informed of a problem and the money and the fraudster are gone.

A new draft voluntary code for banks aims to make it more difficult for the perpetrators of these frauds and more likely for the victims to get recompense.

The new code establishes the principle that if customers take “the requisite level of care”, they should be reimbursed by their bank.

However, the code does list eight ways that banks can justifiably refuse to reimburse customers who have been defrauded. These include cases where customers:-

refuse to heed warnings from their bank
“recklessly share” their security credentials
fail to take steps to make sure they person they paid was who they thought they were
fail to be honest with their bank
are “grossly negligent”
fail to heed a confirmation of payee result (see below)

Questions also remain about who is liable when both the bank and the customer appear to have taken all the necessary steps to prevent fraud.

Customers were scammed out of £503.4m between January and June, according to the finance industry’s own research.

Favoured methods include duping victims into paying in advance for a product or service that doesn’t exist or impersonating a trusted organisation such as the police.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

December 10, 2018

FBI Threats Scam

There are lots of scammers sending out messages that claim to be from the FBI and with some long winded story about a very large sum of money due to be paid to you.

You just need to confirm your identity to get the money, but on filling in those details you find out there is a “small” payment needed to release the funds and that’s the scam.

There is no large sum of money just a greedy scammer trying to make something from your greed.

This latest message is from idrf.ca @idrf.ca so this scammer doesn’t know how to make his email address actually look like the FBI.

It claims to be from David Lance Bowdich, the Deputy Director of the FBI who is making personal contact with you over two intercepted consignment boxes at JFK Airport, New York.

“The boxes were scanned and they contained large sums of money ($4.1 million), also some backup documents that bear your name as the Beneficiary / Receiver. An investigation was carried out on the diplomat that accompanied the boxes into the United States and he stated that he was to deliver the funds to your residence as an overdue payment owed to you by a foreign country.

After cross-checking all legal documents in the boxes, we found out that your consignment was lacking an important document and we can’t release the boxes to the diplomat until the document is found, we have no other option than to confiscate your consignment.

The email continues with blather about ownership and regulations, trying to look official.

Then comes the kicker.

You are required to reply within 72 hours or you will be prosecuted in a court of law for money laundering, you are instructed to desist from further contact with any bank(s) or person(s) in any part of the world regarding your payment because your consignment has been confiscated by the Federal Bureau of Investigation here in the United States.

It’s just a scam of course – you cannot be prosecuted for money laundering that you haven’t committed and of course there is no consignment of money, just a greedy scammer.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

December 7, 2018

Unexplained Wealth Orders

New powers under the Criminal Finances Act 2017 came into force on 31 January 2018 relating to unexplained wealth orders (UWOs).

The purpose of such an order is to require the designated person to account for the origin of their assets.

This new power has been designed to target suspected corrupt foreign officials who have potentially laundered stolen money through the UK.

Investigators from the National Crime Agency believe there are billions of pounds of dirty money invested in British property – but it is almost impossible to charge the owners with a crime or seize the assets because of a lack of evidence.

Only the High Court can issue an Unexplained Wealth Order when it is satisfied that there is reasonable cause to believe that the respondent is a “politically exposed person” who has been involved in serious crime or that a person connected with the respondent is, or has been, involved in serious crime.

A “politically exposed person” means an individual whose prominent position in public life may make them vulnerable to corruption. This category includes heads of state, heads of government, members of parliament and members of the boards of central banks.

The enforcement agencies with the power to apply for these orders are the Financial Conduct Authority, Serious Fraud Office, the National Crime Agency , HM Revenue and Customs, and the Crown Prosecution Service.

The First Unexplained Wealth Order

Originally from Azerbaijan, she is the wife of an ex-state banker, Zamira Hajiyeva is the first person named on an Unexplained Wealth Order.

She risks losing her £15m home near the London store and a Berkshire golf course if she fails to explain the source of her wealth to the High Court. Mrs Hajiyeva must now provide the National Crime Agency with a clear account of how she and her husband, Jahangir Hajiyev, could afford to buy their large home in the exclusive London neighbourhood of Knightsbridge.

Jahangir Hajiyev is the former chairman of the International Bank of Azerbaijan and his wife Zamira wil have to explain amongst other expenditure spending £16 million in Harrods using 35 credit cards issued by her husband’s bank.

Oh Dear!

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 30, 2018

Latvian Virus King Sentenced

Ruslans Bondars, a 37-year-old Latvian citizen, was convicted of conspiracy to violate computer crime laws, commit wire fraud, and computer intrusion with intent to cause damage and sentenced to 14 years in prison.

He is the creator of a notorious service called scan4you that helped malware authors avoid detection by anti-virus software.

He charged criminals a monthly fee and his service allowed them to upload their latest malware to receive a report on whether any of a wide range of anti-virus products would detect it as malicious.

Although Scan4You was not the only counter anti-virus service operating on the web, it became the most popular amongst online criminals.

One of the most infamous pieces of malware which took advantage of Scan4You’s service was the Citadel malware, which was then used to steal tens of millions of customer credit card details from US retail giant Target.

Citadel is thought to have infected millions of computers worldwide, inflicting hundreds of millions of dollars worth of damage.

Scan4You was advertised on online criminal forums and even offered technical support to its paying customers.

Bondars, who has also been linked to pharmaceutical spam campaigns peddling illegal prescription drugs, and assisting in the distribution of banking trojans, told the court that he felt “ashamed that some of the website users used it for such terrible things.”

Good riddance, at least for 14 years.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 28, 2018

New Banking Code on Fraud

A new code of conduct has been created but it is not binding in law yet, so really it’s just a set of guidelines.

This has been created by the Payment Systems Regulator after Which? raised a super-complaint about the banks treatment of people defrauded in push payment scams. These are the scams where the victim transfers money to a scammer from their bank account. The banks consider these to be largely the victim’s own fault and hence not their responsibility. But many disagree and believe the banks should identify and stop these payments where possible and make it more difficult for scammers to get away with these frauds.

The issue of who pays compensation and under what circumstances has not been resolved – when should the banks compensate the victims of push payment fraud?

Figures from trade association UK Finance show that in the first half of 2018 consumers lost £92.9 million because of this type of fraud.

The guidelines propose the principle that where the victim of such a crime has met their requisite level of care, they should be reimbursed.

The draft code has been published by the APP Scams Steering Group, made up of industry and consumer group representatives. It has been open for consultation.

It said there may be instances where a victim of this type of fraud has met their requisite level of care, and so should be reimbursed, but no bank or other payment service provider involved has breached their own level of care.

It will work to identify “a sustainable funding mechanism” through which to reimburse consumers in such a scenario.

Under the draft code, banks and other payment service providers would take measures to tackle APP scams, such as:

Detecting APP scams through measures such as analytics and employee training;
Preventing APP scams from taking place by taking steps to provide customers with effective warnings that they are at risk;
Responding to APP scams, for instance, by delaying a payment while an investigation is conducted and, if necessary, carrying out timely reimbursement.

Do you have an opinion on this matter? Please comment in the box below.

November 14, 2018

Tesco Bank Fined for Data Breach

Tesco Bank was fined £16.4m by the City watchdog over a cyber-attack it suffered that netted cyber criminals £2.26m.

The Financial Conduct Authority (FCA) said deficiencies at the bank had left account holders vulnerable to the incident. The bank had received a specific warning that was not properly addressed until the attack had started and the response was “too little, too late”.

This is the first time the FCA has issued a fine for a cyber-related incident.

Tesco Bank said that since the incident in November 2016 it had “significantly enhanced” security measures, and apologised to customers.

Mark Steward, executive director of enforcement and market oversight at the FCA, said the fine “reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks”. Banks must ensure resilience against such crime reducing the risk of a cyber attack occurring in the first place, not only reacting to an attack.

Tesco Bank said the cyber attack in 2016 did not involve the theft or loss of any customers’ data but led to 34 transactions where funds were debited from customers’ accounts, and other customers having normal service disrupted.

The bank’s chief executive Gerry Mallon said: “We are very sorry for the impact that this fraud attack had on our customers.”

Banks and other financial institutions must learn that it’s cheaper to build proper protection that wait for a catastrophe to happen.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.