Join the Community

22,241
Expert opinions
44,209
Total members
414
New members (last 30 days)
204
New opinions (last 30 days)
28,752
Total comments

The fraud supply chain - a six part story

There is some perception that the majority of the fraud we see is carried out by opportunistic individuals or small gangs, who operate on a small scale. The reality for fraud experts is that fraud is organised, complex and widespread. In fact, fraud driven by identity theft has an ecosystem and indeed a supply chain, which essentially falls into six key parts.

Part 1: Getting the data

Criminals use different methods to obtain data on potential victims of identity theft and they are likely to have developed and invested in tools, such as malware to help them do this. They may take the high-tech route of breaching an organisation to steal data, but they can also use low-tech methods such as 'bin-diving'.

Part 2: Understanding their victims

From the basic data obtained, criminals then assess it to understand who should be targeted. This could be based on there being a lot of information about them, or whether they appear to be the easiest targets or whether the fraudsters can see potential for a big return on their investment.

Part 3: Building a profiling with more information

In some cases the data stolen in the initial activity may not be quite enough to carry out a criminal attack. This is where social engineering comes into play. Vishing is where criminals pose as legitimate businesses telephoning their victims to obtain information. Phishing is where they use the same methods, but through electronic communications, such as email. By building up a profile of an intended victim, which can last months or even years in some cases, means that when they make their attack, it can be all the more effective.

Part 4: Looking for the way in

Having information isn't the end of the story. Criminals also need to understand where they can use stolen identities to commit fraud. At this stage fraudsters are searching for points of weakness in an organisation and looking out for system vulnerabilities. They may re-visit an organisation's processes time and time again to determine where the weak points are, the best methods to exploit them and how they can evade security and detection.

Part 5: The attack

Once the fraudsters have built a plan, tested their line of attack and obtained the data they need, they make their move. Opening accounts fraudulently, taking over existing accounts and diverting payments from their intended recipients are just some of the many ways they carry out their attack. It's worth remembering that fraudsters are always looking for new opportunities.

Part 6: Making it legal

The final stage is to turn their ill-gotten gains into currency they can spend – in other words money laundering. It not only funds further attacks, but in wide-reaching criminal enterprises, it is funding activities like drug dealing and terrorism.

It's a true supply chain with value and risk transferred throughout; amounting to what is a complex structure of criminal activity, with each stage involving different specialisms and assets. For example, malware or call-centres engaged in vishing. Better understanding means being better placed to combat the risk at every stage and build the appropriate defences to protect businesses, people and society as a whole. 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,241
Expert opinions
44,209
Total members
414
New members (last 30 days)
204
New opinions (last 30 days)
28,752
Total comments

Now Hiring