Category: Crime & Fraud

The raid in Spain

26th August 2009by Consult Hyperion2 Comments

[Dave Birch] Police investigating a drugs ring in Spain busted a counterfeiting operation. The counterfeiters were, naturally, producing their own versions of the drug smugglers’ best friend, the 500 euro note.

Spanish police have seized fake banknotes worth eight million euros (£7 million) in the biggest single haul of counterfeit money ever recorded in Europe.
[From Spanish police seize largest haul of forged banknotes in European history – Telegraph]

The article goes on to say that Spainiards call the 500 euro notes “bin Ladens” because, like the world’s most wanted man, everyone knows what they look like, but no-one has ever seen them. The newspaper points out that the notes are frequently used in “black money” transactions and it is thought that Spain has more in circulation than anywhere else in the Eurozone. Frequently? I’d be curious to hear from anyone who has ever used one in a legitimate transaction! The haul, incidentally, easily beat the previous record set only a few months ago.

Italian police conducted an early- morning dragnet across the country to round up more than 100 people in what they described as the largest bust of a euro counterfeiting ring ever… Four laboratories for printing fake euro bills and minting phony coins were discovered, and 1.2 million euros ($1.6 million) was sequestered during the investigation
[From costa confidential: largest bust of a euro counterfeiting ring ever. Euros were tracked out of Italy to Spain]

It’s not surprising that the records are falling, because the counterfeiting of euro notes is steadily and, it appears, inexorably increasing.

The number of seized counterfeit euro notes jumped by 17 percent in the first six months of 2009, the European Central Bank said on Monday, marking two years of constant increases. In January the central bank had reported a six-month increase of 13 percent while stressing that the scale of counterfeiting remained small, a comment it did not repeat this time.
[From Fake euro seizures climb by 17 pct: ECB — EUbusiness.com – business, legal and economic news and information from the European Union]

Oddly, given these newspaper stories of police raids, fraud factories and international fake note smuggling, the ECB says that no “new” sources of counterfeits were discovered.

The ECB said however that the fake notes seized in 2009 had the same origin as previously discovered notes, meaning that no new sources of counterfeit money had been found.
[From Fake euro seizures climb by 17 pct: ECB — EUbusiness.com – business, legal and economic news and information from the European Union]

So who cares if there’s some counterfeit cash out there? Well, by itself it has an almost undetectable impact on the money supply (especially compared to the current “quantitative easing”) but it does provide a kind of venture capital for the bad guys. Criminals use the counterfeit money for all sorts of things. One gang was found with a large stock of cannabis for distribution, but

Some of the forged money was used to buy more than 16,000 € worth of jamones in Guijelo, (prized ham from the Iberian pigs, traditionally fed on acorns for their flavour) in Salamanca province.
[From Spanish Police uncover ‘ham-loving’ counterfeit criminals]

Well, even counterfeiters have to eat.

crime and fraud, notes and coins

Continue reading “The raid in Spain”

Cross-bored

25th August 2009by Consult Hyperion3 Comments

[Dave Birch] Just as the discussion about whether to start using “chip and PIN” in the US is starting to get under way (more on this in a future post), and people are beginning to find it harder to use stripe cards at some European acceptance points, it’s also getting harder to use chip cards over there. This is because the introduction of chip and PIN cards — without any corresponding enhancement to terminal security or CNP security — has caused a massive increase in card fraud (it’s now triple what it was when the migration started). A lot of this fraud has been exported to places without chip and PIN infrastructure and, in particular, without chip and PIN ATMs. In a perverse way it also seems to have nudged criminals towards the Internet, and once they get there they go nuts because it’s so easy.

A spokesman for the UK Cards Association trade body said the figures were ‘not good’, but insisted they should be seen in the context of the massive rise in on-line shopping.
[From ‘Dynamic’ security system developed as cash card fraud spirals out of control | Mail Online]

Fair point. The figures are not good (and getting worse) but they are not growing as fast as overall e-commerce. This is no comfort. The absolute level of card fraud, already a billion dollar business in the UK, is an unacceptable subsidy to the criminal fraternity. And law-abiding citizens are collateral damage (damn, I am spending too much time watching The Wire).

cross-border, payment cards

Continue reading “Cross-bored”

Has cash jumped the shark?

3rd August 2009by Consult Hyperion2 Comments

[Dave Birch] The internet generation (Generation Y, or in my household, Generation Whatever) have a lovely phrase for deriding something that has outlived it usefulness, something that is going through the motions without contributing creative or positive to society. They say it has “jumped the shark”, a phrase that comes from television criticism. A show jumps the shark at a point

where a show with falling ratings apparently becomes more desperate to draw in viewers. In the process of undergoing these changes, the TV or movie series loses its original appeal. Shows that have “jumped the shark” are typically deemed to have passed their peak.
[From Jumping the shark – Wikipedia, the free encyclopedia]

The origin of the phrase is an episode of the popular television programme “Happy Days“. I’m sure you will all recall the engaging and innocent teenage antics of Ritchie Cunningham, Arthur Fonzarelli and their chums. I never liked it that much, personally, because it portrayed a world that seemed a little remote from my Swindon council estate, but that’s by the by. Anyway, in an episode first broadcast on September 20, 1977, “Fonzie” wearing swim trunks and his trademark leather jacket, jumps over a shark while water skiing, for reasons that need not detain us.

The phrase has been used more recently [when?] outside the realm of popular culture, representing anything that has reached its peak and has declined in quality.
[From Jumping the shark – Wikipedia, the free encyclopedia]

This is the sense I mean in the title of this post.

Has cash jumped the shark? Cash use is certainly declining, and it’s hard to say that cash is of the same quality (ie, purchasing power). It certainly doesn’t contribute anything to the world around it. Look at the evidence. It subsidises organised crime, encourages tax evasion and wastes resources. The private costs are not aligned with the social costs, and the social costs are distributed very unfairly so that the poorest people pay the highest transaction costs. Lots of reasons to dislike it, but because I’ve become a major fan of the unbelievably brilliant television series The Wire, it’s cash’s promotion of crime that I’m concerned with most this week.

cash and cashlessness, crime and fraud, notes and coins

Continue reading “Has cash jumped the shark?”

Window pain

14th July 2009by Consult Hyperion1 Comment

[Dave Birch] In “Tough Guy”, the autobiography of mafia criminal Louis Ferrante — which is an excellent book, by the way, even for someone like me who doesn’t normally care for crime books — I came across a poetic description of card fraud in an early incarnation. Louis’ enterprising confederates in the New York mob had discovered that you didn’t need to be able to forge cards terribly well to enter the counterfeiting business, provided you have collaborators.

For years I made big wood with Sonny’s “dupes”, phony credit cards with real numbers. He sold them to me for a hundred bucks a piece. Sonny had salespeople in retail stores on the take, boosting charge card receipts… I’d visit a jeweller who was in on the scam and buy a Rolex. If the watch retailed for five grand, I’d tell him to hit the card for ten. I’d leave with the watch. He’d made money. Both of us happy.

What the wise guys, as I believe they are know, really wanted though, rather than Rolex watches and the like, was cash. Card fraud was also a means to that end.

If I knew a guy who sold stuff I didn’t want, like Paulie Flowers, I’d work out a cash split. I’d show up and tell him “hit my card for four grand, keep two and give me two when you get paid”. He’d tell the card company he’d delivered arrangements to a wedding, and send them a phony bill of sale, and that was that.

Things have changed since then. That kind of card fraud was a sort of cottage industry, almost quaint. Today the fraudsters have followed the banks and the rest of the business world and globalised. It’s no longer about getting a Rolex and a few thousand to spend, it’s about investment and return on investment. Moises Naim’s book “Illicit: How Smugglers, Traffickers and Copycats are Hijacking the Global Economy” talks about the new cross-border, enterprise-scale organised crime. Card fraud is part of this, and that’s a big problem. From being a minor branch of mafia robbery, it’s become easy money for funding drug dealing, trafficking and even terrorism. This is why, even though the business case for the transition to chip and PIN was marginal from the bank point of view, the government were keen to see it go ahead.

Today card fraud is a cost of doing business, a few basis points. In the UK, that’s more than six hundred million pounds, which isn’t that much compared with total card spending, so it’s not surprising that it may not be the banks absolute no.1 priority at a time when chargeoffs are running at a hundred times the rate of chargebacks. I’m not bad mouthing the UK card industry: card fraud is a global problem.

Australian Payments Clearing Association data for last year shows fraud remains a fraction of overall payments: 44.5 cents in every $1000 of transactions in the case of credit and charge card fraud, 7.1 cents in every $1000 for debit cards and less than one cent in every $1000 for cheques. However, while cheque and debit card fraud are falling, credit and charge card fraud are rising – up from 36.9 cents the previous year. About 70 per cent of that increase relates to cardholders making purchases overseas via the internet and telephone.
[From Card crime jumps, so don’t get caught – Banking – Money – Business – Home]

A few basis points of turnover is a tiny fraction of the money spent on cards, but a big income for organised crime. So even though the crime is tolerated by the payment industry, it shouldn’t be. As Scott Loftesness said on Twitter when we were discussing this, we need to remember the “broken window” theory of policing. Tolerating crime that we can tolerate because it doesn’t stop us from doing business is a bad policy.

crime and fraud, EMV, legal and regulatory, payment cards, SEPA and PSD

Continue reading “Window pain”

Petrol and paranoia

9th July 2009by Consult Hyperion2 Comments

[Dave Birch] I stopped at the Reading services on the M4 to get some petrol and a coffee. I went into the shop and presented my excellent Barclays MasterCard with cashback and PayPass. The Eastern European woman at the counter told me that the chip and PIN machine didn’t work, promptly took my card and ran it through a stripe reader, then presented me with a slip for signature. I duly signed and wandered off. Once I got in my car and drove off, I started to wonder about this incident. Because I’m not normal (normal people don’t care about payments), the paranoia set in… Now I naturally assume that I have been the victim of a clever card fraud scam: the fraudsters recognised my card and they know that those cards have ICVV, so the details from the chip cannot be used to create a counterfeit magnetic stripe card, so they read the stripe details directly. Even now, I imagine a copy of my card is being used in a Tiranan jewellers. Had this not been late at night, and had I been more alert, I would have gone to the ATM and drawn out cash to pay for the petrol.

Shouldn’t a modern payment system free me from these paranoid concerns?

bugs and mistakes, debit cards

Continue reading “Petrol and paranoia”

The Guildford triangle

10th June 2009by Consult HyperionLeave a comment

[Dave Birch] What is it with Britain? Digital or otherwise our degraded realm is an international identity scandal. Europe’s no.1 exporters of payment card fraud, we are apparently now the world’s worst for identity theft overall.

INTERNET users in Britain are more likely to fall victim to identity theft than their peers elsewhere in Europe and North America. In a recent survey of 6,000 online shoppers in six countries by PayPal and Ipsos Research, 14% of respondents in Britain said that they have had their identities stolen online, compared with only 3% in Germany.
[From Where your identity is more likely to be stolen | Online fraud | The Economist]

There may be a correlation here between “identity theft” and “card-not-present fraud” (Germans rarely use credit cards, least of all on the interweb), but we’ll return to that in a future discussion. Now, these statistics don’t, I think, mean the Brits are more criminally inclined. After all, fraud is an international business.

The criminals stored much of their data on computer servers in Latvia and Ukraine, and purchased blank debit and credit cards from confederates in China, which they imprinted with some of the stolen numbers for use in cash machines, investigators say.
[From Global Trail of an Online Crime Ring – NYTimes.com]

It’s more likely that Britain is a soft touch: high card penetration and use, lots of internet shopping and other factors that lead to identity theft on an industrial scale. But where does this tidal wave of fraud actually originate? I read in The Telegraph that the top 10 identity theft hotspots in the UK are all in south east England. There’s an area of white collar fraud between London, Reading and that well-known criminal outpost, Guildford. Odd. In the top 10, only St. Albans falls outside of this theft triangle. Yet the government is going to test ID cards in Manchester… Well, as well all know, ID cards won’t have the slightest impact on identity theft for at least the next decade.

ID cards have been touted as the solution to a number of real problems – terrorism, crime and so on – though none of their supporters can ever explain how having an ID card stops a mugger or suicide bomber. But they began as the answer to a classic fake problem, still routinely cited by ministers, the need to “secure our identities” against “identity theft”.
[From The ID card is on its last legs – just let it die with dignity | News]

Now, I wouldn’t call identity theft a “fake problem”. On the contrary, it’s a very real problem. But what is generally meant by identity theft, certainly in the Guildford triangle, is largely to do with payment card fraud (which is rampant in the UK) and account takeover. These are specific problems, not general identity problems. Until retailers demand that you present an ID card when you buy anything, or somehow allow them to read your identity card over the interweb, nothing much will change. Fortunately, someone is thinking this through: the UK ID card scheme may well use chip and PIN technology so that it can be accepted at retail POS. Lots of newspapers reported this, so I’ll choose to point to the report in that august journal of record from my home town, Swindon (or, “Swindon, city of the future”, as have generally called since 4th July 1995):

ID cards could be fitted with chip and pin technology to help combat identity fraud. The head of the Government agency tasked with producing the cards said there were no “technical obstacles” to adding chips to the cards and handing out pin numbers.
[From ID cards ‘could use chip and pin’ (From Swindon Advertiser)]

I rather imagined that the cards already had chips on them, but putting that to one side, the idea of making ID cards work in chip and PIN terminals isn’t totally infeasible, although I’m not completely clear as why you would want to do this. I suppose the thinking is that the shops already have the terminals. But if you are asked to put your ID card into a terminal and punch in your PIN, wouldn’t you then get annoyed at having to take it back out again, then put your chip and PIN card in and then punch in another PIN? Why not just link your bank account to your ID card?

Continue reading “The Guildford triangle”

Anti-anti money laundering

7th June 2009by Consult Hyperion1 Comment

[Dave Birch] I was involved in a discussion about the relationship between the cost of customer acquisition for simple payment services and KYC/AML/terrorist finance legislation and, once again, I said that I was not sure that keeping people out of the “system” was the best strategy (because if the terrorists, drug dealers and bank robbers on the run stay in the cash economy, then they can’t be tracked, traced or monitored in any way). I made a similar point when I was in the City at a round table on financial regulation. I really didn’t expect my views to be particularly controversial, but they were. What I was arguing for was a relaxation in the controls around small payments — and in particular, getting away from quite strict identity checks, which I think hold back the development of low cost, competitive mobile and Internet payment systems — in order to shift the inclusion vs. exclusion balance that we’ve spoked about before.

I’ll play by Chatham House rules and not attribute what was said by anyone (except me, of course) about money laundering. I said — with poetic exaggeration — that the huge amount of time, money and effort that goes into the AML industry never catches any criminals, and I was given a suitablly hard time by someone from part of Her Majesty’s Revenue and Customs (HMRC) who said that they did indeed use Suspicious Activity Reports (SARs) to detect crime and used the example of last year’s major prosecution of criminals who had been using bureau de change as a front for money laundering. OK, I shouldn’t have said “any” criminals. What I should have said was “almost no” criminals.

cash and cashlessness, innovation

Continue reading “Anti-anti money laundering”

Government interface

19th May 2009by Consult Hyperion2 Comments

[Dave Birch] For e-government to take off, it is transparently obvious that population scale identification and authentication infrastructure (beyond e-mail address and alphanumeric passwords) will have to be in place. If not, the pain associated with every single online interaction with the public sector will grow far beyond the point where the bulk of the population will want to get involved and there will be a hard limit on the efficiency of the delivery of public services. No-one, surely, can be against that. Yet we don’t seem to making much progress towards this. Even in cases (in the UK) where online service delivery works very well indeed (eg, vehicle tax), it does so in silos.

Now, many people will (quite rightly) point out that there is a fundamental danger to the idea of using a single identity across all services. There’s a particular danger to using to the same identity across public and private sector services.

In yet another security breach, the US State Department said 400 passport applicants, and maybe more, have had information stolen. Passport applications containing personal information, including Social Security numbers, were accessed and used to open fraudulent credit card accounts. A fraud ring bought information from a government employee. The information was used to apply for cards. Cards were intercepted by another insider in the post office before they were delivered. The passport applicants had no idea their identity had been stolen.
[From National ACH: Government Employees Selling Identities]

Now, that’s the kind of fraud that imagine was dismissed out of hand by the government’s management consultants when they were procuring the system. “Insiders in the Post Office connecting to insiders in the State Department? Oh, come on! That’s like a Tom Clancy novel, it will never happen.”

It this sort of thing — and it seems to happen all the time — that means that many people react against the very idea of a government identity or a government identity management system, although I draw a different conclusion: we need a better (privacy-enhancing) design for a government identity management system, perhaps building on the schemes used in countries such a Germany and Austria where identities are cyptographically-partitioned between service providers.

(Obviously, I trust the Government even less. I’d much rather have O2 manage my ID than the Home Secretary. SIMs are more secure, cheaper and better-managed than the UK’s ridiculous Stalinist ID card system).
[From Dean Bubley’s Disruptive Wireless: Thoughts on managed identity services by mobile operators]

What we want, surely, is the best of both worlds. I want my SIM to hold a number of identities, including government ones, that I can choose to use on a per-transaction basis. And I don’t think it’s far-fetched to expect this kind of modern infrastructure.

Continue reading “Government interface”

Police and thieves

8th May 2009by Consult Hyperion3 Comments

[Dave Birch] I don’t usually read the newspapers — in the UK they are full of stories that cause professional satirists to weep with shame and retreat to Hebridean monasteries, no longer able to compete — but I had a free Daily Mail to hand on a plane this week and found myself gasping in astonishment at the news that police in some parts of London have set up a hotline for people to call when they want to withdraw cash from an ATM. The police will then meet you at the ATM and a uniformed officer will follow you home a “a safe distance to not draw attention”.

Warning: I am not making this up. If you are a UK taxpayer, you may wish to seek a doctor’s advice before reading any more of this story…

PENSIONERS and shoppers concerned about being mugged after withdrawing cash from the bank are being offered a police escort home in a district of east London. Posters displayed near banks and post offices explain residents can call up and arrange for a uniformed officer to see them safely home.
[From Police escort for elderly ATM users | The Daily Telegraph]

Yet again, the hidden cost of cash rachets upwards. Who is paying for these policemen? Is it the merchants who say that cash is the cheapest form of payment? Is the the customers who use the ATMs? No, of course not, it’s the taxpayers. And as long as the social costs of cash remain unaligned with the private costs, we’ll carry on paying.

cash and cashlessness, costs, crime and fraud, security

Continue reading “Police and thieves”

Pounded

7th May 2009by Consult Hyperion1 Comment

[Dave Birch] A few weeks ago at a conference I said in passing that I thought that about 1 in 50 pound coins in the UK is counterfeit but it turned out that I was way off of the mark and the actual figure may be close to 1 in 20! The economics are worth noting. It costs 10p-20p to make a fake coin, and these fakes are bought by criminals for 70p, so the forgers make 50p per pound. Not a bad return. And he’s another interesting fact I learned about counterfeiting: it’s harder to forge euro coins because they have a magnetised stripe running through them and this makes it easier for machines to spot the fakes.

The reported dynamic is of mass collusion. If you find yourself with a pound coin that you believe to be fake, then you will not report it (because then you are out a pound) but will instead attempt to pass it on to someone else in a Gresham’s Law dance. Thus, they stay in circulation. Instead of just scrapping one- and two-pound coins and getting people to use cards or mobile phones instead, the Royal Mint are “working with banks etc” to remove counterfeit coins before they reach members of the public.

cash and cashlessness, crime and fraud, money

Continue reading “Pounded”