Bank Catches Alleged FraudsterInsider Accused of Siphoning $500,000 from Senior Citizens
The Delaware County District Attorney's Criminal Investigation Unit has arrested Librado Wright on multiple charges, including theft, forgery, identity theft, access device fraud and related offenses.
Barbara Nate, a spokesperson for Wells Fargo & Company [$1.4 trillion in assets], which completed its merger with Wachovia Corp. in January 2009, says the fraud was discovered internally and reported to authorities. "We uncovered the unauthorized transactions through our own internal investigation and brought it to the attention of law enforcement in 2009," she says. "Any customers that were affected have already been made whole."
Investigators linked Wright, who worked as a financial specialist for Wachovia from February 2008 to March 2009, to funds transfers totaling $574,314.69 that he approved from Wachovia customer accounts to numerous personal accounts. All transfers were unauthorized by the account holders, according to the DA's office. Many of the accounts belonged to senior citizens.
"Many of the accounts that Wright set up to receive the funds were established in the name(s) of existing Wachovia customers who did not know about or authorize the opening of additional accounts by Wright," the DA's statement claims. Many of the accounts from which Wright transferred funds belonged to senior citizens.
But internal fraud detection systems picked up on the suspicious activity when on March 3 and March 5 Wright attempted to withdraw funds from the accounts he had established. These attempts totaled $337,869.56. One attempt raised a red flag when the signature on a check Wright had written for funds from an account appeared suspicious. Two additional checks drawn on Wright's Wachovia accounts were presented to PNC Bank and later returned, after Wachovia discovered the fraud.
The bank's discovery of the fraud avoided financial losses totaling $574,314.69.
"Wachovia's internal security prevented a significant loss to the bank," said DA G. Michael Green in the statement. "This case is an example of the harm that can be avoided by the implementation and utilization of appropriate internal safeguards."
Internal Fraud Demands Heightened Controls
The Wachovia incident is just one in a long line of recent insider fraud cases that highlight the need for more sophisticated fraud-detection technology.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Recent high-profile insider cases:
- The $2 billion loss suffered by Switzerland-based UBS after when a rogue trader approved fraudulent deals that flew under the bank's radar for months. [See UBS Blames Internal Gaps for Fraud .]
- The $22 million embezzlement scheme, which lingered for nearly eight years, that Citibank revealed in June. [See Citi Case Exposes Insider Risks.]
- The insider breach at Bank of America, revealed in May, that resulted in a $10 million loss after an employee with access to customer files sold personally identifiable information about 300 BofA customers in California and other Western states to international crime rings.
Mike Urban, who oversees product management for Fiserv's Financial Crimes division, acknowledges that insider financial fraud has been around as long the banking industry itself. "While fraud is definitely top of mind for financial institutions, it is hard for some organizations to balance trust placed on employees and the deployment of a secured layered approach," he says. Many employees who make a decision to steal from an institution have gained the trust of their colleagues based on tenure and manipulation of access points."
Leading institutions deploy layered approaches to catch fraud. Multichannel observation, compliance considerations, information security check measures and application activity examination are all part of their risk-based approaches. Those measures help institutions monitor employee accounts, employee access to client information and other sensitive data.
But nothing is foolproof.
"I think one of the problems is that controls and compliance pick up problems, but they don't always pick up when anomalous activity goes on," says Frances McLeod, a partner and co-founder at U.K.-based Forensic Risk Alliance, a dispute analysis and litigation support company. "You're only as good as your ability to pursue those anomalies."
Banks have too much data. Systems provide information that reveals fraud, but banks do a poor job of analyzing it.
"All organizations have to put appropriate risk management into place," says Robert Stroud, vice president of innovation and strategy at CA Technologies and a member of the ISACA Strategic Advisory Council. "Risk management is going to identify primary and fundamental risk, but you're not going to catch everything."