It’s a real-life game of “cops and robbers,” and the rules change faster than they’re written.
While the storied “stick-ups” of old-West bank robberies exist in modified form even today, the bank vault no longer represents the ultimate treasure trove. Crooks have more “career options” than ever before. There are fraudulent checks to pass, “phishing” schemes to devise and illegal data gathering methods to develop.
Criminals who choose to wreak havoc the old-fashioned way – through the bank’s front entrance – are even showing a shift in style. “Some are so bold they don’t even wear masks,” said Bill Uffelman, president and CEO, Nevada Bankers Association.
The bad news for bandits is that Nevada banks are fighting fraud, safeguarding branch locations and helping customers detect identity crimes with the help of unprecedented physical and technological security techniques.
“Any organization expected to be a safe-keeper of client information deals with constant attempts by crooks to break down security walls,” said Kirk Clausen, Wells Fargo regional president for Nevada. “It requires us to be several steps ahead of the bad guys in protecting that information.”
Forging an Alliance
For the Nevada Bankers Association, there’s power in numbers. The statewide association of 46 member banks subscribes to Fraud-Net, a sophisticated fraud alert network that gives members online access to fake IDs, copies of counterfeit checks, fraud perpetrators’ photos and compiled fraud reports. The 20 state bankers’ associations in the Fraud-Net system work hand-in-hand to share intelligence and combat financial fraud across the country. “It’s the external eyes and ears of the banking industry. Instead of one bank simply relying on its own security information, we share intelligence and work together with law enforcement to report and track fraudulent activities affecting financial institutions,” Uffelman said.
While electronic signatures and the rise of online technologies provide increased opportunities for check fraud, criminals are also using modern methods to “doctor” paper checks. Bill Oakley, regional president for Southern Nevada, First National Bank of Nevada, said he believes the most frequent occurrence of check fraud occurs at the mailbox. “Unfortunately, check fraud happens every day. There are ways crooks can wash the ink from the check and get it through the system, though it depends a lot on the ink and the paper” he said.
Larry Woodrum, president of BankWest of Nevada, agreed, providing some tips to minimize exposure to check fraud: “Notify your bank if you don’t receive the checks you ordered in a reasonable amount of time. When writing checks, use dark ink, never light colors that can be easily erased or covered. Don’t leave any blank spaces on the payee or amount lines,” he advised. “It’s also important to reconcile your statement each month and check for unauthorized transactions – even small ones. Some thieves hope small transactions will go unnoticed.”
Identifying with Responsibility
“Everyone is vulnerable.” It’s a sentiment shared by all the bankers interviewed. While levels of vulnerability and risk exposure vary widely across the spectrum of business and individual consumers, controlling risk is ultimately a function of responsibility.
More credit cards equal more risk. Throwing junk mail and pre-approved credit card applications in the trash without shredding them invites identity theft. Typing credit card information into non-secure Web sites tempts fate. Providing Social Security numbers to unknown callers rings suspect. Where does it end?
“Those who shred mail, operate with one credit card and pull quarterly credit reports have less chance of being exposed, but they’re still not immune,” said Robert Hemsath, president of Northern Nevada Bank.
“Think of the mailbox at an apartment complex or business suite. It’s not uncommon to get the neighbor’s mail, and there’s not anything high-tech about that,” Uffelman said. “It comes down to looking after yourself, your business and your own information. Be prudent.” According to Uffelman, banks within the Nevada Bankers Association network have programs and materials filled with tips to help customers manage their personal and commercial account information. From countertop displays and in-branch promotions, to fraud hotlines and online reporting systems for customers who suspect they’ve been compromised, fighting fraud is a top industry priority.
It’s a concept Clausen knows well. For a monthly fee, Wells Fargo’s Identity Theft Protection service gives customers early warning signs of identity theft before great damage is done to credit standing. It monitors customers’ credit reports, provides up to $10,000 of Identity Theft Insurance and offers direct access to Wells Fargo Insurance resolution specialists. Subscribers automatically receive a detailed review of significant changes recorded on their credit file each quarter.
First National Bank of Nevada’s Web site makes it hard for visitors to miss the latest security news. A link sits front and center, prompting consumers to read up on security bulletins. “Check fraud has been around forever,” said Oakley. “The sophistication of it has changed, but if criminals are in the business of defrauding, they can defraud. We take all of the appropriate steps to protect our customers, clients and employees.”
According to the “2005 Identity Fraud Survey Report” released by the Better Business Bureau and Javelin Strategy & Research, in cases where the perpetrator’s identity is known, half of all identity fraud is committed by a friend, family member, relative, neighbor or in-home employee – someone known by the victim. The same report concludes that the majority of identity fraud crimes are self-detected, a finding that reinforces Clausen’s belief that personal responsibility is key.
“Individuals and business owners have to pay attention. It’s critical to review monthly statements, and we recommend customers monitor their account activity online regularly,” Clausen said. “It’s heartbreaking when we see a customer whose long-time, trusted employee perpetrated fraud on the account. Like Ronald Reagan said, ‘Trust, but verify.’”
“Buy a cross-shredder for $40 and spend two seconds running documents through it to protect your personal information,” Uffelman said. The same rules apply to consumers and businesses. With paper shredders ranging from $12 to $50 lining the shelves of most retail stores, Uffelman asked, “Why not buy a shredder?” The question is timely, given findings of the 2005 fraud report. The report also suggests consumers who manage their financial activities online can reduce access to information on printed statements that could be used in identity theft crimes.
“Stick ’Em Up”
Not so fast, according to the Nevada banks interviewed for this feature. Despite the media and consuming public’s infatuation with all things online, robbing the bank the old-fashioned way has hardly fallen from vogue. But thanks to sophisticated physical security measures, branch employees and bank customers are more protected than ever before.
At Wells Fargo, physical security measures include “bandit barriers” in numerous branch locations. The three-inch Plexiglas that separates tellers from customers may decrease the personal touch of each transaction, but its benefits shine through. “Depending on the location, physical security threats are intensifying. Clearly, as law enforcement has publicly stated, it’s gang-related. These robberies are referred to as takeovers, and the bandit barriers really dissuade the activity,” Clausen said.
While no customer or financial institution is immune to the vulnerabilities that exist in today’s world of high-tech schemes and old-fashioned heists, there are different levels of risk. Oakley said check fraud presents the highest risk in terms of dollars. “When physical robberies happen, they tend not to be substantial in terms of dollar value. But the physical risk to our employees and customers is much more prevalent in a robbery situation,” he said.
Woodrum reported, “We do hire unarmed guards from time to time. Guards are a deterrent for robbers because they do not want to be noticed. I believe the best prevention against robberies is customer service for the same reason; robbers do not want to be noticed.”
Hemsath said physical bank robberies are on the decline in Northern Nevada. “I’m thankful for that. We don’t want our customers or employees to be put in a compromising situation or harmed in any way,” he said.
While each of the 46 banks in the Nevada Bankers Association has its own physical security safeguards, Uffelman said locking vestibules are becoming increasingly popular. The vestibules feature two sets of doors that can be locked down remotely. “They trap robbers before they can make an exit,” he said.
For many banks, physical security measures extend far beyond the teller cage and bank doors. Drive-up and walk-up ATMs feature complex security systems in their own right. Lights and cameras help capture the action. “The landscaping surrounding Wells Fargo ATMs is well planned,” Clausen said. “Concave mirrors allow ATM users to look forward and have an over-the-shoulder view at the same time. We have a bias toward drive-up ATMs. Walk-ups inherently have more risk.”
Oakley said First National Bank of Nevada ATMs are strategically located in public, well-lit venues.
Check 21
On October 23, 2003 the Check Clearing for the 21st Century act was signed into law. Commonly known as Check 21, the act creates efficiency in the payments system and makes “float” virtually nonexistent. According to Oakley, merchants no longer have to submit a physical check to get paid. “They image it, transfer it and they get paid,” he said.
The Federal Reserve Board calls the imaged check a substitute check. It serves as the legal equivalent of the original check and mirrors the original document’s information. Check 21 works with the help of scanning technology. Merchants electing to participate scan customer checks, as do the banks that receive paper checks. Oakley said a large percentage of merchants don’t have the technology, but banks do, though the law doesn’t mandate banks to accept or create substitute checks.
“Whether the merchant or the bank scans the check, scanning takes place somewhere along the process. Merchants do have the opportunity to purchase scanning equipment and participate, but this is a very new practice,” Oakley said. “After the checks have been imaged, our bank secures and shreds them.”
According to Woodrum, Check 21 gives banks and customers huge advantages to discover fraud earlier. “Check 21 helps speed check clearing, so fraud can be discovered faster,” he said. “Faster fraud detection means faster resolution for customers.”
While banks and their customers are already enjoying the benefits and added protection of Check 21, Uffelman said he believes it will be some time before Check 21 is fully implemented. “It used to take a number of days for a check to clear, but now checks are being credited almost instantaneously. When you see checks clearing that quickly, you know the system is working,” he said.
Oakley predicts that over time, Check 21 will help reduce the likelihood of check fraud at some level, since the number of hands touching the original check is now reduced significantly. “Before Check 21, a lot of hands had to touch that check to make the transaction complete. In the eyes of the financial world, the digital image is now considered to be the check,” he said.
As check imaging technologies become increasingly accessible to merchants, Clausen said Wells Fargo is working to stay many steps ahead of tech-savvy bad guys. “We have algorithms built into the process to prevent a check from being run more than once.” Clausen said.
Wells Fargo is not alone in its proactive approach to ward off system vulnerabilities. Hemsath said Northern Nevada Bank is taking all of the necessary steps to make sure imaged transactions are protected. “Any time that you go from a paper item to an electronic item and send information through phone or data lines, there is potential for that information to be compromised. The security of those transmissions is critical, and we’re educating customers on how to protect themselves,” he said.
Gone Phishin’
“Phisher” Web sites and scams have the sole purpose of turning an unsuspecting individual or business owner into, quite literally, the catch of the day. The “professionals” behind the schemes stop at nothing in their pursuit of personal information. Phishing, or spoofing, is a method used by fraud perpetrators who pose as legitimate businesses seeking sensitive personal information, but the information is actually used in illegal transactions. Fake e-mails, bogus Web sites and pop-up windows can be well-stocked with phishing schemes.
While the hooks in e-mail subject lines can range from the proverbial, “Congratulations, you’re a winner” to “Your uncle from Tasmania died and left you $3 million,” the sinker is always the same – the victim’s bank account.
Hemsath said business owners should be especially wary if individuals request account information under the guise, “We need your account data to wire you money.” But schemes aren’t always so blatant. For example, the mark of the Maple Leaf could spell disaster. According to Hemsath, there are crooks who present counterfeit Canadian postal orders to unassuming Americans under the flag of camaraderie.
“They’ll tell you they have a $100,000 Canadian postal order that can’t be deposited into an account in the United States because they are Canadian,” he said. “They’ll request that you deposit it in your account and wire them the money.” The reward? Sometimes upwards of $40,000, Hemsath said. While the lure of the lucrative payoff on something with as little perceived risk as a money order might prompt some to oblige, what victims don’t realize is that it takes time for Canadian money orders to flow through the U.S. financial system.
“By the time it’s marked as fraudulent, the money has already been wired and the illegal money order has been charged back against the depositor’s account,” Hemsath said. “Anytime someone offers to pay you a lot of money and it sounds too good to be true, it is. That’s the No. 1 rule.”
Despite online scams, schemes and spoofing, Clausen said the benefits of online banking far outweigh the risk of fraud. “I would say or do nothing to reverse the presence of online banking, even if I had the power. But, as an unexpected consequence, there are folks who work to reverse anything good for their own personal gain,” he said.
Banking Since 9/11, and Beyond
Sept. 11, 2001 changed the way Americans do business. The reality of increased security is evident, from airlines to bank lines around the country. Under the USA Patriot Act Customer Identification Program, banks must comply with strict regulations and security measures when opening accounts.
At Northern Nevada Bank, Hemsath said it means scrutinizing more than one form of identification. “The regulations put the burden on customers, and sometimes they don’t understand why we have to ask for so many forms of ID when they’re trying to open an account,” he said. “The country as a whole is spending a tremendous amount of money to enhance homeland security and I don’t predict that policy reversing anytime soon.”
In addition to basic information, an individual opening an account should be prepared to share his or her Social Security number. Businesses are asked for their Employer Identification Number, among other verifiable documents. Oakley shares Hemsath’s sentiment and said he believes the country’s financial institutions are in a “necessary situation.”
“There is no exception. Customers understand they have to provide certain information to open an account, borrow money or bank with any financial institution that’s federally insured,” Oakley said.
As the USA Patriot Act continues to evolve, it is putting increased emphasis on financial institutions to take every possible step to prove that their customers are who say who they are – from validating identification to asking new account holders a prescribed series of questions. Clausen said the steps Wells Fargo takes to validate identification for new account holders are “virtually transparent. These steps go a long way to protecting legitimate customers. If we ask a bad guy a question or two, he or she immediately becomes uncomfortable,” he said.
“The USA PATRIOT Act is truly for the protection of consumers,” said Woodrum. “We understand it may be frustrating for customers who have had accounts for a long time. Be assured that this protects us all. Although some systems are automated to check against the list of known and suspected terrorist and/or drug traffickers, it does take time. Time taken to protect our customers, the bank and the nation is time well spent.”
Checks and Balances
So, what’s the bottom line in banking? While industry security measures are positioned to outpace fraud schemes and might seem to change faster than some customers’ account balances, there’s one rule that stays the course of time. “Pay attention. Never stop paying attention,” Clausen said.
It’s a recommendation echoed by all the experts consulted for this feature. “You’re never immune, but you can reduce exposure by being vigilant with your records and personal information,” Hemsath said. “Customers are the best first line of defense.”
