Data Dive, Halloween Edition: Fines and Fraudsters |
There will be no shortage of ways to try to scare yourself through the first half of this week scary movies scary costumes scary receipts for all of the other scary stuff you picked up And there is the fact that chocolate will be getting more expensive this year as candy makers are haunted by the specter of higher shipping costs But for payments and commerce pros there are two surefire ways to always elicit screams stories about the two scariest things in the business Fraudsters and fines And lucky for you we have both for the Halloween edition of the data dive Boo Faster Payments Hit By Faster Fraud In the getting-off-to-a-bumpy-start file Hong Kongs Faster Payment FPS system has only been up and running for a few weeks but allegations are already rolling in that fraudsters have jumped on board Reports indicate that the new system has been used to make fraudulent transactions ranging from 1 280 to 12 750 Complaints that have now been referred to law enforcement include allegations that fraudsters stole a womans personal ID and bank account number and used them to initiate a real-time payment using FPSs Autopay service Other allegations include claims that fraudsters have stolen personal information to set up an eWallet accounts and activate electronic direct debit authorizations by leveraging a feature of the faster payments system that allows users to link bank accounts to eWallets In response the Hong Kong Monetary Authority HKMA said it has suspended the Autopay service under FPS The HKMA stressed however that these instances of fraud are not related to a security shortfall within FPS itself The HKMA further added that bank account holders are not typically held liable for any fraudulent transfers if they did not authorize a transaction When Hong Kongs FPS went live in September HSBC Hong Kong CEO Diana Cesar said the system supports faster transactions that can be made anytime anywhere and contributes to the efficiency of businesses by making real-time settlements possible She added that the system brings unprecedented convenience and security to our daily fund transfers among friends and family as well as the day-to-day operations of businesses It seems unfortunately it has also inadvertently made things a bit more convenient for fraudsters and perhaps will need a few bolts to tighten the system Wells Fargo And Capital One Face Fines Some big names in banking took on some pretty substantial fines this week Capital One was tapped by the Office of the Comptroller of the Currency OCC for 100 million due to shortcomings in the companys compliance with the Bank Secrecy Act and anti-money laundering programs The deficiencies cited in the OCCs 2015 order against the bank included weaknesses in its compliance program and related controls deficiencies in its risk assessment remote deposit capture and correspondent banking processes and failing to file suspicious activity reports In assessing this civil money penalty the agency found that the bank failed to achieve timely compliance with the OCCs 2015 order as required the regulator explained in a press release Capital One has reportedly already paid the fine to the US Treasury Capital One joins a list of notable names in banking hit with fines over violations of the Bank Secrecy Act In February US Bank was served with a 185 million civil penalty after joint determinations of the Financial Crimes Enforcement Network FinCEN the OCC and the US Department of Justice DOJ that the bank was in violation of the legislation In 2017 the OCC warned that banks were at a high risk of non-compliance with Bank Secrecy Act and Anti-Money Laundering act particularly in the face of new technologies that support open access to financial services data Banks according to the OCC may be facing additional money-laundering risk Moreover the report continued ongoing changes in payment technologies and criminal typologies increase the challenges for banks to maintain effective systems to keep pace with these changes Capital One was not the only bank that found itself on the wrong side of a regulatory ruling The New York attorney general announced that Wells Fargo Company has agreed to pay a 65 million fine in connection with its cross-sell business model The misconduct at Wells Fargo was widespread across the bank and at every level of management impacting both customers and investors who were misled Attorney General Barbara D Underwood said in a press release State securities laws are vital to protecting the hard-earned savings of working families and Main Street investors from financial fraud and my office will continue to do whats necessary to protect the public and the integrity of our markets Wells Fargo faced additional scrutiny for the years it spent lauding the effectiveness of its cross-selling methodology in both increasing revenues and recruiting and retaining customers The AG report noted that to support those claims Wells Fargo falsely reported inflated cross-selling metrics to its investors Driven by strict and unrealistic sales goals employees in Wells Fargos Community Bank division engaged in fraudulent sales practices including the opening of millions of fake deposit and credit card accounts without customers knowledge Through a significant incentive compensation program employees who met these targets were eligible for promotions and bonuses while employees who did not meet the sales targets faced relentless pressure and even termination according to the release The AG report also notes the Wells Fargo Board of Directors received reports detailing the misconduct as early as 2011 but failed to report it to investors The attorney generals office added that the settlement has no impact on its other investigation into Wells Fargo related to its practice of opening unauthorized accounts and enrolling consumers in services without their knowledge or consent Fraudsters Face Some Jail Time Sometimes the news is not only scary for law-abiding folks on occasion the law catches up to fraudsters and injects a bit of fright into them Case in point two hackers were indicted in Florida this month on charges of extortion and hacking in connect to a data breach at learning platform Lynda in 2016 One alleged hacker lived in Florida while the other was a Canadian citizen According to reports the two hackers were able to gain access to thousands of users accounts at which point they emailed Lyndas parent company LinkedIn as well as HackerOne the cybersecurity program the company uses After a representative of LinkedIn replied to their email the hackers allegedly said keep in mind we expect a big payment as this was hard work for us And it seems Canadian Vasile Mereacre and Floridian Brandon Glover were not riding in their first rodeo when they went after Lynda The hack was nearly identical to one that hit Uber a few months before the Lynda hack in 2016 That hack saw the names email addresses and phone numbers of 50 million Uber riders around the world compromised as well as the information of about seven million drivers worldwide In that case not many details had emerged until Ubers chief information security officer opted to try to conceal the hack and pay the hackers though he did later note in a Senate Commerce Committee hearing that the two hackers in its breach were from Canada and Florida The two were released on a bond in the Florida case on condition that they are not permitted to use the internet The case is now being heard in a California court where they will face charges in connection with the Uber case in November So what did we learn this week Fraudsters are always around sowing fear in their wake and trick-or-treating in systems that dont want them Always best to on the lookout even if they dont make a bumping sound in the night Happy Halloween and dont eat too much candy But if you do make it chocolate Richemont Inks Deal With Alibaba To Access Chinese Consumers How Supplier Churn Can Stifle B2B Payments Automation Symbeo SMBs Say Banks Dont Appreciate Their Business