CFONB fraud prevention meetings

2015-11 Recontres-CFONB

The Comité Français d’Organisation et de Normalisation Bancaire held its annual meetings on the topic "New forms of fraud" in Monaco on 6 November. We met one of the speakers, Mr. Christian Lothion, Director of the security department and "Security" Advisor of the Fédération Bancaire Française, and former Head of the Judicial Police.

Born in Vouvray in 1952, Christian Lothion spent his entire career in the judicial police, of which he became Head in 2008. In 1980, he was head of the crime suppression unit in Nice, which accounts for his perfect knowledge of the Riviera. After mentioning the physical security black spots in the banking context, he warns us about another type of crime.

C.L: The first black spot is armed robbery. An offence that has declined: overall, all victims numbered 8000 in 1986, and around 2300 at the end of September this year.

The decline is even more dramatic regarding banks: 2185 cases in 1986 versus 32 last year. This is partly due to strengthened facilities but also because diversely to the previous situation with cashiers, cash is now no longer immediately accessible at counters.
Similarly for hostage taking, once numerous and particularly traumatic, it has become rarer, with the last occurrences dating back to 2013.

So ATMs have logically become the prime target for criminals, who use two main methods to attempt to seize ATM contents: attacking the contractor  responsible for supply, or attacking the ATM itself.
In the former case, criminals will attack the contractor or employee when he is topping up the ATM with money within the secure technical area. Criminals mainly use ramming vehicles, driven against the door of the control room. When it gives way, they threaten the employee with weapons and seize the contents of the ATM. Enhanced measures of protection for secure technical areas have been taken by the banks, in close collaboration with the Ministry of the Interior, with a resulting decline in the number of attacks (from 49 in 2011 to 8, as of 31 October 2015).

In the latter case, the ATM robbery takes place at night, mainly in rural areas, with criminals tearing away ATMs using construction equipment or blowing them up in situ with gas mixtures or explosive for seizing strongboxes containing cash. Following a peak in 2013 (217 attacks), the figures have stabilised at just over 100 occurrences per year, around 70% of which fail. But the damage to buildings is often considerable.

To prevent this type of crime, in agreement with the Fédération Bancaire Française, the Ministry of the Interior decided on the installation of staining devices in ATMs to make banknotes "unfit for use" in the event of a robbery.  ATM robberies are generally carried out by criminals linked with mobile crime, and several gangs have been broken up by police and gendarme units.

There is another type of crime, one which does not involve physical security: criminals pose as someone else to persons able to make a bank transfer. This is the fake international transfer order scam, of which the "President Scam" is the best known.
 The criminals do much work in advance to find out about the company and get to know better the person with whom they will attempt the scam; this person is rarely the finance director, but rather the no. 2 or no. 3. The goal is to have the person make one or more transfer orders, that are very often in excess of 100,000 euro.
The criminal poses as the CEO of the company, his lawyer, the manager of a foreign subsidiary etc., and mentions a tax audit, some issue, a takeover bid, or a situation that puts the target person in a position to do something they should not do naturally – make a transfer. Once they are persuaded to do it, the criminal - REQUIRING ABSOLUTE DISCRETION – gives them an account number. The transfers go via bounce banks in Poland, Bulgaria or the Czech Republic, then on to China. The criminal networks involved are Israeli or French-Israeli in many cases.

Another form of fake international transfer orders is a fake change of bank details.  Scam artists pose as a supplier and notify the client company that they have changed bank details, often using a similar email address to the supplier’s with only an imperceptible change (e.g. a dot replaced by a dash) for sending the new bank details. Then all the scammers need do is wait for the (real) supplier to send its (real) invoices to the target company, which will then make transfers to the account opened by the crooks. By the time the real suppliers react and follow up their own invoices, it will be too late!

These last two scams are carried out by international networks of professionals, which are very difficult to manage and break up. The information they can glean on the social networks concerning a particular target person facilitates their efforts.
The only way to prevent this is to exercise the utmost caution.