A Typology of Profit-Driven Crimes

3. Detailed Analysis of Selected Cases

3. Detailed Analysis of Selected Cases

3.1 Payment Card Fraud

Payment card fraud (i.e., involving credit, debit, ATM, or smart cards) may be the most common of profit-driven crimes in terms of incidents, though not of value. This reflects the enormous number of cards, the fact that people assume (wrongly) that they do not bear the costs and are therefore sloppy on security, the minimal risks involved in this type of crime, the accessibility of the technology for faking, and the card’s changed role. There was a time when the card functioned like a plasticized traveler’s letter-of-credit; today, it is simply a tool, often physically unnecessary, for electronically conveying financial information.

While it is true that technology can also be used to increase security, with payment cards, as with currency counterfeiting, there is a constant race between enhanced security and those intent on breaking it, in which the time lag seems to be constantly shrinking. However, there is no evidence that use of such cards is likely to fall – on the contrary. Banks love them for the high interest rates they can charge, while merchants like the faster turnover of goods and freedom from the nuisance of collecting on receivables. The only loser is the consumer – whose debt and debt charges soar and who, ultimately, pays the cost of fraud in the form of higher service charges. And that cost will continue to grow as fraud rises, until iris-scanners replace current security features (even then high-tech methods of beating the scanners will probably not lag far behind).

Although at heart the crime is always the same – fraudulent access to the victim’s bank account either directly or indirectly – there are a multiplicity of ways in which the various steps can be executed. Techniques for acquisition of actual cards run the gamut from stealing from victim’s wallet/purse, pilfering newly delivered cards in the mail, and palming and/or substituting at a point of sale. One group of Montreal CEGEPS students working at a service station proudly revealed (even to the point of permitting photographs) to an enquiring McGill student, who helped collect information for this document, their technique for jamming the card into the corner of the revolving drawer that conveys the card from client to cashier and back. If the client complained, it looked like an accident; if the client did not, the group was rewarded with a shopping frenzy at a nearby mall.

Increasingly it suffices simply to steal account information through telemarketing-type phone scams, internet theft, tip-offs from insiders at banks or credit card companies, shoulder surfing, dumpster diving or a host of more complicated devices, and then make mail-internet­phone purchases.  It works until the victim gets his/her next statement.

Perhaps the fastest growing fraud involves retail clerks passing cards through a swiper (a typical swiper can hold the information from 50-100 different cards at once) to get their electronic data, then selling the data (it can be marketed over the internet) or passing it to confederates who create counterfeit cards. This requires re-embossing and re-coding machines which can be easily bought. A blank card is encoded with information downloaded from a computer onto the magnetic strip, then embossed with holograms and gold foil added to make it look authentic. A new name is then added to original owner’s card information.

The key in all cases is to maximize the time between theft of the card and/or information and the victim’s awareness and subsequent reporting of the loss (two different things). To increase the delay, sometimes fake or expired cards are planted to replace those stolen from wallets or handbags. Alternatively the card/number is obtained in such a way that the victim is embarrassed to come forward. Prostitutes sometimes pick client’s pockets. Even better, internet porn sites are notorious for getting a card number, and then doing multiple run­throughs. If the sums are small, the embarrassed individual may never report and simply swallow the losses.

If the credit card fraud involves fraudulent applications or counterfeit cards using information stolen from the credit card company database, the delay is maximized. Because the original card was never stolen, it does not get cancelled.  Although, the owner of the counterfeit is probably wise enough to use it quickly, then discard it in favour of another. The user might even resell the first at a discount over the original purchase price, the discount varying according to the age of the card and the knowledge the new purchaser has of its history.

Until recently, stealing from the mail seemed almost as good, because the companies sent out replacement cards a few months before the old ones had expired, and of course, they arrived without signatures. However, there is now a new  "security" measure – the card comes with a special numeric code which the client must phone into the company to get the card activated. Anyone intercepting the card automatically intercepts the number, too, but presumably once the card is activated, the old one is automatically cancelled. (If not, then clearly the process is useless for security purposes.) It is far from perfect. The proper owner would discover his/her new card was intercepted through the embarrassment of having his/her existing card refused.

No matter how the physical card is obtained, even if it quickly makes a hot list, it can be used for other crimes, particularly auto theft. Often auto rental companies in small towns still do not have their computers linked to those of the credit card companies, and even in big cities on a busy day, the clerks simply take an imprint without checking. The scam artist, who undoubtedly used a fake driver’s license, then drives off with a new car, straight to the nearest chop shop.

Perpetrators of these scams also run the gamut. Most of the single card operations are purely opportunistic. There may be several individuals involved in swiping or telemarketing type scams. The only time something which might be called (if it were ever possible to get a proper definition) "organized crime" gets seriously involved is in multiple-card counterfeiting operations.  On the whole, while credit cards are the primary target, ATM scams are growing rapidly – although, because clients are often unaware of the theft from their accounts, it is difficult to get an exact handle on its extent.

The most primitive forms involve card-trapping – for example, inserting glue into the ATM slot, and having a typed sign beside it telling the client that if the card is retained, they should tap in their PIN number three times, then punch the enter key. Meanwhile the scam artist notes the pin number – by old-fashioned shoulder surfing (the most experienced can figure out the numbers by following the client’s shoulder movements) or by hidden cameras. After the party leaves, the crook fishes out the card and uses it along with the PIN number. Alternatively the perpetrator can be standing near the mark, and offer his/her cell phone with an official-looking card indicating the number to call in the event of a stolen or lost ATM card – an accomplice waits at the other end of the line to take down the details.  In one of the most audacious instances, a ring of bribed employees at service stations and convenience stores permitted one ring to attach laptops to point-of-sale terminals, and to install video cameras that watched over the client’s shoulder. Each time a customer swiped the card, the laptop recorded the card number while the camera caught the PIN number. All that was then required was blank plastic and the proper encoding equipment.

The offence reveals most of the fundamental characteristics of predatory crime – there is a clear victim (albeit because of the illusion that the client is indemnified against loss, the victim might not realize it); there is an unrequited (unilateral) transfer of wealth; and the great majority of such fraudulent transfers take place in a non-business setting, though occasionally a business front is used to gain access to cards or card data. True, sometimes transfers occur through bank instruments – fraudulent charges against the victim’s card lead to deposits in the predator’s bank account, usually in some distant, preferably offshore, jurisdiction. However, it is also common to use a fraudulent card either to purchase merchandise, often for resale on the black market for cash, or to remove money directly from the victim’s bank account. Which will prevail depends in good measure on whether or not the device is a credit card on the one hand, or a debit, ATM, or smart card on the other; and even credit cards, with PIN numbers, can function as debit or ATM cards.

3.2 Bank Fraud

The term bank fraud is used in a very loose way in both popular and police discussions. It can refer to acts in which people victimize banks, in which banks victimize people or other business institutions, or in which banks are merely (more or less) passive conduits through which frauds involving other parties are conducted. Indeed, many of the things denounced as frauds are perfectly consistent, simply, with poor business judgement, making them difficult to prosecute.

Note, for example, some of the terminology developed during the great Savings & Loan bank debacle in the USA during the 1980s.

Except for the first, none of these is inevitably linked to a predatory criminal offence; and while most of the others border on commercial crimes, and all of them are dangerous to an institution’s financial health, there is no guarantee that the bank will be any the worse off as a result. From that point of view, the issue is not fraud or misrepresentation in obtaining a loan, but what happens afterward to the money – is it merely diverted in a premeditated way, or is it used for speculation? And if it is the second, a successful speculation may allow the borrower to repay the loan, leaving the financial institution better off despite the fraud or misrepresentation.

Hence, for purposes of this analysis, the term bank fraud is restricted to actions that involve:

A loan fraud can be pulled off by either insiders or outsiders. The only difference will be the exact mechanics of executing and covering up the crime. With strictly outsider operations, the scams are likely to be once and for all and therefore relatively large. Purely insider operations might be a series of small fraudulent "loans" or one large one, after which the insiders vanish. Mixed inside-outside operations are most likely in the form of the series of small loans because insiders (corrupted or blackmailed) are in a position to constantly alter records and hide small losses, while the outside party shifts identity by using individuals or shell companies as fronts. The mechanism involved is deception, rather than force. Also, value is transferred in the form of ordinary bank instruments, which in turn requires considerable attention to hiding the trail as those instruments are cashed and the proceeds move through the financial system. Although the operation has the appearance of a normal business transaction, that is merely a front – the transfer comes down to a purely predatory act.

When loans are made to outside parties, obviously collateral is required. It is at this point that a bank fraud may interact with other predatory crimes. Something like a mortgage fraud may require faked personal data like tax slips to confirm the individual’s capacity to service the loan. If what is involved is commercial credit, collateral can vary. It might take the form of receivables, supposedly backed up by a verification of the books of the company. In one notorious fraud against a bank, an insider permitted loans approved to an outside accomplice to be the collateral for further loans!

One of the most popular scams is the use of stolen or counterfeit securities, particularly blue chip stocks and high quality corporate bonds, as collateral. The advantage here is that, because the securities are merely pledged as collateral, rather than sold or cashed, a bank or other financial institution will not necessarily check serial numbers against a hot list or otherwise confirm their veracity. Some of the cleverest frauds have been conducted in this way.

The biggest personal loan fraud in Canadian banking history was the work of a wealthy, respectable London, Ontario lawyer, Julius Melnitzer. When he left the board of Vanguard Trust, a small firm with which his law firm had been dealing, he just happened to take a copy of the corporate seal that Vanguard had used, among other purposes, to attest to the validity of certain forms which it issued in lieu of custom-designed share certificates. Melnitzer’s first trick was to create fake shares by simply typing in the share amounts and stamping the certificates with the company seal. He created five certificates representing a total of almost 900,000 shares. Then he used these "shares" as collateral for personal lines of credit. He also forged financial statements of a company that his father had founded, in which Melnitzer owned 20% of the shares, along with a pledge from the company that it would guarantee Melnitzer’s debts. Using the Vanguard shares and the phoney loan guarantees Melnitzer received a total of $5.6 million in lines of credit from five major Canadian banks. The scam went on for years. Each time a bank would start to press him for repayment, he would threaten to take his business elsewhere. He would also request a letter of recommendation from one bank, then use it to obtain funds from its competitors. A few years later, the banks pressed him to either pay up or come up with better collateral. Emboldened by the fact that no one had questioned the veracity of the forged documents, he decided to do the second.

Melnitzer went to a small local printing company that his law firm had done business with for years. He told them he was representing a client charged with using forged stock certificates to get loans at banks. He wanted to prove in court that printing technology had improved so much, even a small shop like theirs could do a credible job. When the company agreed, he ordered single shares of five blue-chip companies in the name of his daughter to avoid suspicion. He then altered them to put in his own name and bumped up the amounts until they had a face value of about $30 million. Not only did the great majority of the financial institutions he dealt with accept these in the place of the initial collateral, but some even significantly increased his line of credit.  Alas, when an officer at National became suspicious about how Melnitzer’s personal wealth had risen so quickly, the officer asked bank experts to inspect the stock certificates. Melnitzer was arrested three days later.

While some of the cleverest of bank frauds have used fake paper, so too some of the stupidest. In February of this year, the CIBC reported an attempt to use as collateral for letters of credit no less than US $25 billion (!) in USA government bearer bonds – just the sort of thing someone walks into a bank with every day! The bonds bore the likeness of President Grover Cleveland, whose administration never issued bearer bonds; yet some were signed by the Secretary of the Treasury in the Reagan Administration. Bonds supposedly issued in 1934 mentioned the address of a USA Treasury office in Washington, complete with a zip code, an innovation introduced in 1963. The bonds were purportedly worth $100 million each, a denomination which the USA has never issued. And the $25 billion total would have represented about 80% of the total USA public debt in the year they were supposedly printed.[4]

In terms of the typology, bank fraud fits the predatory more than the commercial category. It involves deliberate falsification of collateral or other documents with the intent to extract money from a business institution with no intention to repay. Although the main mechanism is fraud, it involves a non-business or fake business front. And although the transfers are made through normal bank instruments, at heart they involve a redistribution of wealth through a once-and-for-all or episodic deception more than a redistribution of income through manipulation of the terms of normal business dealings.

It is interesting to compare such events to the classic "bank robbery," which also fits the predatory category. In a bank robbery, the event is always once-and-for-all. Although that does not preclude the same bank being hit by the same gang more than once, each incident will be distinct. Insiders may provide information and even covert assistance, but the bulk of the organization takes place outside. No matter how complex that external organization, the procedure boils down to a simple, unilateral and involuntary transfer and, although other things may be taken, the primary target is cash, the secondary one other bearer instruments or valuables like gold if the safety deposit boxes are also hit.

[4] See http://www.publicdebt.treas.gov/cc/ccphony3.htm for an examination of some of the fake USA securities currently on offer. On the CIBC fraud attempt, Canadian Press 15/2/01.