Toronto-Dominion Bank expected that the new employee would increase the efficiency of this financial institution in detecting cases of money laundering from the outpost in New York, but the final result turned out to be another example of how optimistic hopes do not match the pessimistic reality.
The mentioned employee of the specified bank used his access to customer data to distribute information about them to perpetrators whose criminal network operated in the virtual space of the Telegram digital platform. The relevant data was released by the Manhattan prosecutor’s office. As a result, TD Bank, instead of obtaining the expected result in the form of an increase in the level of efficiency in detecting cases of money laundering, was faced with the fact that its employees provided criminals with access to customer data. Detectives who searched the employee’s phone allegedly found 255 images of checks belonging to clients and other personal information about almost 70 people.
It is worth noting that the mentioned case is not something that can be described as a kind of anomaly in the context of the current banking practice. Nowadays, according to media reports, there is a corresponding tendency throughout the United States banking system, which is not yet a topic for large-scale discussions but already belongs to the category of what can be described as a stable or at least unambiguously existing phenomenon.
Sophisticated scams aimed at local residents are regularly mentioned in headlines across the country. The media notes that the lowest-paid employees of the United States banking sector are often involved in practices such as selling confidential customer information out the back door. The corresponding tendency is gradually transforming into the critical weakness of the US banking system. Obviously, the lack of response to the relevant problem will contribute to scaling it and increase its sensitivity in the context of the consequences generated in the practical plane. In most cases, confidential information about lenders’ clients is used to commit financial crimes.
The mentioned tendency is unpleasant and, in a certain sense, delicate from the point of view of the moral and ethical aspects of this issue. It is worth noting that banks persistently and consistently state the statement that customers are the main subject of responsibility for ensuring that their savings are not conned out.
In most cases, scams are aimed at random people, whose failure to be a victim of deception with financial consequences is the result of a random choice on the part of criminals. At the same time, many victims claim that con artists were initially well-informed about their finances.
R.J. Cross, a privacy advocate at the US Public Interest Research Group, noted that the more employees of a company have access to confidential customer information, the higher the risk of abuse of such access. Also in the relevant context, it was underlined that firms should take technical measures to ensure that staff and contractors will not be able to run off people’s data or access information that is not necessary for them to perform their official duties.
It is worth noting that the problem of selling sensitive data is not a process that started abruptly and scaled up in the shortest possible time. For many years, there have been signs of a gradual formation of an appropriate tendency, which is currently stable, which generates threats to customers of banks and financial services companies.
About ten years ago, New York’s then-attorney general, Eric Schneiderman, publicly called on the largest lenders, including JPMorgan Chase & Co., Bank of America Corp., and Citigroup Inc., to strengthen internal protection after an investigation revealed that an identity-theft ring had enlisted tellers from the industry. A broader study was also conducted, the results of which testified that the number of leaks by corporate insiders is showing an increase. Besides, it was noted at that time that the relevant data is often used exclusively for fraudulent purposes.
Currently, the relevance of the mentioned problem is growing. In the United States, retirees sitting atop a record stockpile of wealth are facing an onslaught of elder fraud. It is estimated that the annual losses from these illegal practices exceed $28 billion. For scammers, tips about who has a lot of money are what can be called a value that exists in the form of information and generates a specific financial result estimated in billions of dollars.
At the same time, bank lobbyists are active opponents of legislative attempts to force companies to do more to protect customers from criminal attacks and share their losses.
The spate of busts is a telling indication that financial institutions have not yet figured out how to prevent employees from monetizing their access to very valuable and sensitive customer information. It is worth noting that some of the bank employees on social media platforms interact with a group of criminals to implement illegal schemes such as faking checks. At the same time, financial institutions in most cases help victims of the mentioned actions. In recent years, the volume of sophisticated fraud has increased. As a result of such actions, it often happens that bank customers, following the instructions of criminals posing as other people, independently commit actions to transfer money to third-party accounts. In the framework of relevant practices, from a formal legal point of view, clients themselves are responsible for the loss of funds. This is because they actually independently approve transactions that result in the loss of money. Being confident in the reliability of transactions that fraudsters recommend or force to commit, bank customers ignore warnings about potential danger from both automated algorithms and employees of financial institutions.
Some lawsuits like the one against Wade Helms of Navy Federal Credit Union are an example of how far information can flow.
Authorities in Escambia County, Florida, accused Wade Helms of jotting personal information about customers in a notebook, creating a handle for himself on the dark web, and making it known he was seeking a buyer for information on clients at Navy Federal, the largest credit union in the United States. In one of the chatrooms, the accused found someone who claimed to be a broker for stolen data. Presumably, initially, they were talking on the phone. Then the communication continued on a personal computer, which Wade Helms kept next to his office desk.
The broker showed interest in obtaining information about an account that would cost a lot of money, and for this reason, it would be easier to sell it on the darknet. The relevant information is contained in an affidavit for an arrest warrant for Wade Helmets. The broker created a Telegram page called Navy Wave, where screenshots of customer accounts were posted. Some of these screenshots were provided by Wade Helms. The relevant information is contained in the warrant. Wade Helms took screenshots of clients’ bank statements and pictures proving their identity.
Navy Wave had multiple handles that began with @ScammingServices with more than 2,700 subscribers. By the time the credit union’s security staff had documented the hack, Wade Helms had exposed at least 50 accounts. At least five postings on the Navy Wave pages included Navy Federal accounts that Wade Helms provided. As part of the deal with the investigation this year, he did not contest his guilt on 11 charges, including illegal use of personal data, and was sentenced to 10 years probation. Wade Helms was also ordered to pay about $9,100 in compensation to Navy Federal. His lawyer did not respond to a media request for comment.
A spokesperson for the credit union stated that Navy Federal is taking all necessary measures to protect the personal and financial information of the members of this union. Also, in the relevant context, it was separately noted that the Navy Federal Credit Union is constantly improving its procedures to ensure the confidentiality of information about members and constantly monitors their accounts to detect suspicious activity. Moreover, the lender stated that it interacted with law enforcement agencies to secure a guilty verdict.
Jonathan Lopez, a former federal prosecutor who specializes in bank crime cases, noted that it is a challenge for companies to adjust to trends in the crime area, especially in the context of the fact that firms are increasing their staff numbers, numbering thousands of employees, including those with high staff turnover. In this context, it was also separately noted that in many instances the issue may not be a malfunction of the program, but the sheer number of people involved. Moreover, it was overlined that zero fraud rates may not be possible, but still financial institutions should strive to keep fraud rates and insider fraud rates close to zero.
The settlement of TD Bank’s dispute with the United States authorities for $3.1 billion over the failure to provide a system of algorithms aimed at preventing money laundering was evidence that executives’ focus on costs caused the weakness of internal systems. The result of this state of affairs was a series of crimes that went largely unnoticed until federal investigators tracking fentanyl sales on the East Coast paid close attention to the mentioned financial institution. During the probe, it turned out that several employees of one of the branches of the bank received bribes in cash and gift cards for opening accounts and issuing debit cards, which were used to transfer money to Colombia through ATMs.
The results of enhanced scrutiny also testified that the manager of a branch of the mentioned financial institution based in New York stole more than $200,000 from an elderly client. As part of the commission of this crime, information about the victim’s account and a fraudulent email address were used to ensure the possibility of withdrawing funds even after the death of the pensioner.
The banker, who was later dismissed from the financial institution, admitted his guilt, without denying involvement in illegal practices. The perpetrator was sentenced to more than a year in prison. The banker’s lawyer said that the reason for the theft of the money was the need to pay for his son’s college education.
In September, New York authorities swooped in on Daria Sewell, TD Bank’s new anti-money laundering officer. In this case, they were charged with storing images of customer receipts on their phones. Data from the Manhattan district attorney’s office indicates that a network of fraudsters from New York was discovered as a result of account hacking. These criminals were charged with fraud with $500,000 checks.
Investigators said that Daria Sewell distributed information on Telegram with instructions on how to open bank accounts and move money to them from TD Bank accounts. Presumably, the final recipients of split profits funds with an employee of a financial institution.
Daria Sewell did not plead guilty to illegal storage of personal information. The lawyer representing the bank employee did not respond to a media request for comment.
A TD Bank spokesperson stated in an email that employees of the financial institution had been dismissed in both instances. It was also noted in this context that lender has always fully cooperated with the authorities in their investigations. Moreover, it was separately noted that the individuals caught in illegal activities related to the use of confidential information materials are not representatives of 30,000 colleagues in the United States who faithfully serve customers.
Outsourcing can create additional cracks in the protection of banks. In Louisiana, the federal prosecutor’s office traced a group of cheque fraudsters among the employees of the Teleperformance international call center. Three of them were accused of selling information about the accounts of elderly USAA customers. Data from the federal prosecutor’s office shows that three employees of the mentioned call center, including Arazhia Gully, Maya Green, and Zarrajah Watkins, joined a group of more than a dozen other companies and provided information about customers with large account balances. The corresponding criminal scheme had been in operation for almost two years. Some recipients used fake checks to withdraw funds. Later, part of the proceedings was deposited into the personal account of a Teleperformance employee and withdrawn at a nearby casino.
It is worth noting that as part of the implementation of the mentioned scheme of criminal activity, a practice was carried out that in a certain sense resembles ordering dishes from a restaurant menu. In this case, it is assumed that unauthorized persons chose which accounts were used. In an example published by the prosecutor’s office, Arazhia Gully sent an accomplice a text message containing information about the age and account balances of eight USAA customers. The person responded with their pick. In this case, a 79-year-old with a $442,000 account balance was unlucky enough to become a victim of criminal practices. Then Arazhia Gully sent a photo from the computer screen with detailed information about the account. The second victim was a 95-year-old with $174,000.
Teleperformance said in an emailed statement that the call center had fully cooperated with the authorities to help with the investigation and had fired employees as soon as the incidents became known. It was also separately highlighted that interaction with customers is carried out to minimize employee access to information about their accounts, including access necessary to provide services, and also minimize the risk of fraud to the lowest possible level.
A spokesperson for USAA declined to comment.
Three call center employees have pleaded guilty to conspiracy to commit bank fraud and are awaiting sentencing. Lawyers for Arazhia Gully and Zarrajah Watkins declined to comment when contacted by the media.
Lawyer Maya Green said his client was low-level in the network and paid just a few hundred dollars for taking screenshots of accounts, stating surprise that this call center employee was able to view so much information with a 10th-grade education and working from home.
It is worth noting that fraud has not only financial consequences for victims of crimes of the relevant categories, but at the same time is a factor that hurts the reputation of a bank, a company providing such services, or a call center. The results of special industry research indicate that in the United States, more than half of those who have experienced fraud as an affected party are considering the possibility of terminating interaction with the organization in whose area of activity the incident occurred. Moreover, 30% of the victims of the mentioned crimes make appropriate decisions. This practice, for example, for banks means reputational losses or less sensitive consequences of a similar nature. Also, in such cases, financial institutions are faced with a decrease in the size of their customer base.
Featurespace chief executive officer Dave Excell, while talking to media representatives, stated that he stated that most consumers have multiple relationships with different banks, and they will switch allegiances quickly based on where, in their opinion, a higher level of trust and trust is needed.
It is worth noting that the issue of cybersecurity has been growing in the area of finance recently. Against the background of the rapid development of technologies, including artificial intelligence, fraudsters’ methods of activity have become more sophisticated. To counteract the corresponding threat in the cyber environment, personal awareness of users is important. For example, an Internet search query such as how to know if my camera is hacked will allow anyone to get information about signs of unauthorized access to the device. Digital literacy is an effective tool for combating cybercrime. At the same time, relevant knowledge should be updated periodically, as scammers seek to use advanced technologies that are in the condition of constant development.
