Current Fraud Trends
advertisement
Current Fraud Trends Computer Reseller Industry Jeff Riley, Director, Loss Prevention Scott Heim, Fraud Investigator LP&S Contacts – The Americas 2 Tech Data Confidential Agenda • Fraud Facts and Statistics • Types of Fraud • Current Fraud Trends • Fraud Prevention Procedures • Tech Data Loss Prevention Initiatives • Questions 3 Tech Data Confidential Fraud Facts and Statistics 4 Tech Data Confidential Fraud Facts and Statistics • According to the Association of Certified Fraud Examiners, fraud and abuse costs U.S. organizations more than $660 billion annually. • The Washington Post recently reported that bankruptcy fraud is "part of a new wave of white-collar crime sweeping the country and costing businesses and government alike millions of dollars." • The FBI estimates that 10% of bankruptcy filings involve fraud of some kind. Most Fraud Examiners believe this estimate is low and that fraud accounts for closer to 30% of commercial bad debt losses. • Although business credit fraud is generally acknowledged by experts to cost American business several billion dollars annually, there have never been any statistics to quantify the exact magnitude of this type of crime. We know that it is a large figure, but establishing an exact number has not been possible to date. • Most commercial bad debt losses are never properly identified as fraud and are merely classified as legitimate business failures. 5 Tech Data Confidential Types of Fraud 6 Tech Data Confidential “Bust Out” Fraud 7 Tech Data Confidential “Bust Out” Fraud • • • • This is the most common type of credit fraud. Criminals secretly acquire ownership of a legitimate company. Slowly but surely they will work to increase all available credit lines. Once credit limits are believed to have been maximized and accounts are opened with all available suppliers, they will skip out. • “Bust Out” fraud is the most dangerous type of fraud from the financial impact perspective. • Historic “Bust Out” frauds in the IT industry have averaged anywhere between $2 Million and $50 Million in losses for each fraudulent event. • Examples of “Bust Out” frauds in the IT industry include Impaq Micro ($40 Million), Orange County ($5 Million), and Microline ($2 Million). 8 Tech Data Confidential Credit Terms Fraud 9 Tech Data Confidential Credit Terms Fraud • Typically, credit terms fraud is associated with a new company or “shell” corporation, which exists only on paper. • There will not be an industry “footprint” or “market presence indicator” for this entity. • A suspect entity attempts to open an account with false and misleading information, which often includes fictitious financial statements and invalid trade references. • Typically, the physical address for suspect entities will be a mail drop or a virtual office location. 10 Tech Data Confidential Credit Card Fraud 11 Tech Data Confidential Credit Card Fraud • In a commercial situation, often there is not an industry “footprint” or “market presence indicator.” • Typically, a new customer application is received containing account information from a recently compromised credit card account. • Orders are subsequently shipped and billed to the stolen credit card account following receipt of front-end charge approvals. • Charge backs will always occur after the product has shipped. • The key to identifying this type of fraud is verifying that the bill to and ship to addresses are the same. 12 Tech Data Confidential Business Identity Theft 13 Tech Data Confidential Business Identity Theft • Several U.S. Fortune 500 companies have been targeted for impersonation in this scam. • Highly targeted items for theft include memory, toner cartridges, hard drives, notebooks, processors, digital projectors and networking equipment. • Ship to locations will typically be either a residential address or a freight forwarder. • Priority overnight shipping will almost always be requested. • Contact to the victim will almost always occur via email and will typically be received from generic email addresses, such as yahoo.com, gmail.com, hotmail.com, etc. 14 Tech Data Confidential Business Identity Theft • Tech Data has been targeted directly by criminals behind this type of business identity theft fraud scheme. However, none of these fraud attempts have been successful against Tech Data, directly. • Typical fraudulent orders in Business ID Theft scams average between $30K to $150K in value. • A prime example of this type of fraudulent order would be an order for 500 units of toner cartridges and 500 units of memory going to a residential location as the ship to address with priority overnight shipping requested. • The overnight ship via requested is often the key to catching these! • Awareness of the origin email address for quote or order requests is always key to catching these! 15 Tech Data Confidential Red Flags – Warning Signs Fraud Prevention Resources 16 Tech Data Confidential Red Flags – Warning Signs Footprint - Market Presence Indicators Urgent Order Requested - Highly Targeted Items Ownership Change, Legitimate Financial Statements? 17 Tech Data Confidential Trade References Information Verification: Physical Address, Names, Phone, Fax, References Red Flags / Warning Signs – References • Trade References provided can be a valuable tool to investigate further in the event no market presence indicators are found for an “established” company. • In developing fraud situations, the suspect company will often use fictitious trade references or trade references that can be linked to historic known fraud situations. • Is there information to suggest a viable market presence for the trade references provided by the customer? • Are the trade references provided affiliated with or operating within the IT industry? • Are the trade references provided linked to any active or former problem or bad debt account? • Is the physical address of the trade reference a mail drop or virtual office location? 18 Tech Data Confidential Red Flags / Warning Signs – “Footprint” • No independent information suggesting an industry “footprint” for an “established” reseller. • No advertising and/or consumer reviews available for a reseller claiming to have been in business for several years. • Conflict between dates an “established” reseller claims to have been in operation and available industry “footprint” or market presence indicator. 19 Tech Data Confidential Red Flags – Information Validation / Links to Bad Debt Accounts • Association between customer and previous bad debt or problem accounts. • Association between trade references and previous bad debt or problem accounts. • Association between physical address and previous bad debt or problem accounts. • Association between phone or fax and previous bad debt or problem accounts. • Association between contact names and previous bad debt or problem accounts. • Association between website registrant information and previous bad debt or problem accounts. 20 Tech Data Confidential Red Flags – Financial Statements • Self generated, un-audited financial statements (may be unreliable or possibly fictitious). • Financial Statements in an identical format from multiple customers in the same geographic area. • Financial Statements reflecting information inconsistent with known facts...such as high rent, utilities or insurance for a non-commercial address, including mail drops or virtual office locations. • Stated total sales/revenue appears inconsistent with known banking information. 21 Tech Data Confidential Red Flags – Ownership Change • Unreported ownership change. • An ownership change has occurred with an inactive customer account now attempting to renew the relationship with net terms. 22 Tech Data Confidential Red Flags – Highly Targeted Items • Are the items requested to be ordered unusual, such as highly targeted items for theft/fraud, which include the following: – Memory – Toner – Processors – Hard Drives – Notebooks – Ipods – Digital Cameras • Is there a rush order request from a new customer? • Is priority overnight shipping requested? 23 Tech Data Confidential Research – Records Check • New customer information should always be cross referenced against existing bad debt records as searches for potential links to former bad debt or problem accounts. • Contact names, physical addresses, phone number, fax number and trade reference information should all be checked for potential matches. • Internet search engines such as Google can be utilized to validate business address information. 24 Tech Data Confidential Research – Websites • Customer Websites – Reviewing customer websites can be useful in identifying the website creation date, the website registrant information, along with reviewing the format and overall nature of the website. • In fraud situations, many times the website source code may have actually been stolen from an alternative legitimate website. • Website domain registration information such as creation date, last maintenance date and information on the registered agent can be found for free on such sites as www.checkdomain.com or www.godaddy.com. 25 Tech Data Confidential Research – Market Presence • Information is readily available online via free search engines which is useful in establishing a “footprint” in the industry which suggests a viable market presence. • A company claiming to be “established” in the industry should have some consumer reviews or feedback. • Simple internet searches by company name on free search engines such as Google can be very informative. Other free consumer review sites can be informative as well. • A Better Business Bureau search can help establish information to help validate a legitimate market presence. 26 Tech Data Confidential Research – Due Diligence • You may determine whether the phone and fax number information given is a land line or cell phone by reviewing and searching on free websites such as www.searchbug.com. • Individual contact names can be run for phone number or address matching for free on websites such as www.zabasearch.com. • Advanced search tools such as Accurint by LexisNexis are also available as fee-based options. 27 Tech Data Confidential Research – Financial Statements • Be aware of self-generated, unaudited financials. • Check for expense categories that don’t make sense, such as high rent expense for a residential address, mail drop or virtual office location. • Check for expense categories such as utility expenses, when the address is a residential, mail drop or virtual office location. • Take note of similarly formatted financials from multiple customers from the same geographic area. More than likely this is a fraud situation. • If financial statements seem questionable, check against “trusted” documents such as banking and utility bills received from customer. 28 Tech Data Confidential Research – Trade References • Trade References could be merely “shell” companies, which have no “footprint” in the industry. • Cross reference trade references against existing records in an attempt to identify any potential matches to previous bad debt or problem accounts. • Utilize simple internet searches to check out trade references by looking for a footprint in the industry. • Contact trade reference companies to validate information provided by the customer. 29 Tech Data Confidential Research Resource – Tech Data • Please do not hesitate to reach out to Tech Data for assistance. • We are always willing to offer assistance to our customers. • Tech Data Loss Prevention maintains a database of suspect trade references previously linked to known fraud situations. • Tech Data Loss Prevention has the capability to run pay-based searches through LexisNexis, which can include phone number tracing, social security number vetting, criminal records checks, SOS validation from fee-based states, FEIN validation and Dun’s number validation, if needed. • Tech Data Loss Prevention has the capability to conduct fraud inquiries through third party sources within the industry, industry security contacts, law enforcement agencies and, when appropriate, can send someone to personally view a suspect location. 30 Tech Data Confidential Fraud Prevention – Protecting Customers 31 Tech Data Confidential Tech Data Loss Prevention Initiatives • Fraud Awareness Program developed to protect Tech Data and customers alike through researching current fraud trends and providing related information both internally and externally. • Coordination with other targeted companies and organizations, i.e., Tech Data competitors and industry LP contacts. • Coordination with law enforcement at all levels (Federal, state, local). • Tech Data’s fraud prevention program has been successful in stopping approximately $1.5 million annually in fraudulent orders accepted by Tech Data customers. • Tech Data LP&S identifies these fraudulent orders placed through Tech Data and either cancels them or recovers product in transit. 32 Tech Data Confidential Fraud Prevention – FY10 FY10 LP Corporate Recovery Dollars $1,131,843.39 $1,200,000.00 $1,000,000.00 $800,000.00 $581,737.71 Recovery Dollars $600,000.00 $400,000.00 $245,895.31 $201,647.80 $200,000.00 $102,562.57 $0.00 Q1 - FY10 33 Tech Data Confidential Q2 - FY10 Q3 - FY10 Q4 - FY10 FY10 - Total Summary 34 Tech Data Confidential Summary • Don’t hesitate to reach out to Tech Data for assistance at any time. • Trust your instincts when you sense something is wrong – you’re probably right! • Know your customer! 35 Tech Data Confidential Tech Data Loss Prevention Contacts Scott Heim, Fraud Investigator Loss Prevention and Security Tech Data Corporation 5350 Tech Data Drive, A1-4 Clearwater, FL 33760 Tel: 800-237-8931, ext. 72652 Fax: 727-532-6038 E-mail: scott.heim@techdata.com Jeff Riley, Director - North America Loss Prevention and Security Tech Data Corporation 5350 Tech Data Drive, A1-4 Clearwater, FL 33760 Tel: 800-237-8931, ext. 78003 Fax: 727-532-6038 E-mail: jeffrey.riley@techdata.com 36 Tech Data Confidential Questions? 37 Tech Data Confidential The Difference In Distribution 38
