Welcome to the SecAware blog

I spy with my beady eye ...

15 Jan 2011

Fraud detection successful

Here's something we don't often see: a fraudster caught by strong anti-fraud controls.

He was an IT worker for a British supermarket chain who misused his privileged systems access to set up false accounts to receive stolen loyalty card points worth over £8k. 

Interestingly, he didn't try collecting on the cards until a few years later, and then just a few trial purchases.  Fraudsters commonly test out their scams tentatively at first, building their confidence before pressing ahead with The Big One once they know the tests have succeeded.   Only in this case, he was caught early.

For obvious reasons, we're not told much about the anti-fraud controls in the news story so what follows is pure conjecture.  Due to the delay between setting up, filling and then using the cards, it looks to me as if the purchases might have triggered some additional fraud checks, perhaps because of an unusual type or value of purchases; otherwise, they may have detected the fraud initially but had to wait for him to start using the cards before acting on it.  Presuming that the fraudster was intelligent enough not to have registered the cards in his own name with his home address etc., they still had the problem of linking the fraudulent purchases back to him.  Perhaps they were able to identify him at the point of sale - maybe he used his personal credit/debit card at the till at the same time, or perhaps he was filmed on CCTV and someone recognized him.  Discovering all his fraudulent cards would have been another challenge: I guess that would have involved painstakingly checking the logs regarding the original card setups (assuming he was unable to cover his tracks there using his privileged access), or some good ol' fashioned Police work might have caught him in possession of a number of cards.  I know of at least one fraudster who kept meticulous computerized records of his crimes, making the investigation relatively easy although there is always the possibility that fraudsters might use strong encryption, or exploit 'plausible deniability' by retaining an insecure dummy set of records pointing to a trivial crime as a cover for the well-secured real ones.

Anyway, well done to the fraud team, auditors and Police involved in this case.  Good work!

Gary (Gary@isect.com)

No comments:

Post a Comment