control, and governance
CORPORATE VICTIMS OF IDENTITY THEFT
The Fargo Forum (subscription required) reports that a Toronto man is facing up to 30 years in prison for allegedly bilking 22 major banks of nearly US $1 million after accessing private information belonging to 15,700 people. One of the alleged corporate victims, U.S. Bank, asserts that its customer service center in Fargo, N.D., intercepted calls the man and his accomplices made when opening credit card accounts using stolen identities and personal information. According to bank experts and federal investigators, the fraud scheme — which allegedly took place between 2004 and 2009 — was among the largest and most complex they’ve ever seen.
Frauds often start out small — with the fraudster testing the preventive and detective controls and gradually increasing the size and scope of the illegal activities. However, the vast amounts of information organizations collect — and do not always safely secure — can create control weaknesses so large and tempting that a fraudster cannot resist. In this case, a suspected fraudster allegedly stole 500 identities by accessing private data and user identities to create fraudulent bank accounts — against which credit card and other transactions were recorded.
While a fraud as complex as this alleged case of stolen identities requires considerable effort to maintain and conceal, technology often renders committing fraud schemes less complicated. In addition, fraudsters are not limited to a specific bank, location, or country, which can make the fraud more difficult to detect as well as increase the time and effort to prosecute. However, the same attributes that make it hard to prevent and detect the fraud also can give law enforcement latitude in where they choose to prosecute and what the charges will be. Many countries have extradition treaties and are willing and able to turn over their citizens who have committed crimes. This can affect possible sentencing and send a strong message to other potential fraudsters.
Organizations also need to think about the bigger picture when considering prosecution. Were other jurisdictions involved? Was the fraud committed via the Internet? The nature of the fraud can expand the possible charges to include mail fraud, tax evasion, or other crimes that can have more serious consequences, as well as allow the local authorities to bring in additional law enforcement agencies. This case involved 25 investigators and nine police departments and took five years to investigate and prosecute, but its success will help counter the belief that frauds originating outside the United States but targeting U.S. residents are not prosecuted to the full extent possible simply because of the difficulties they present.
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.