Referenced in our Newsletter Volume 4, Issue 1 - January 2005
Bust-out Schemes
The pattern discussed this month is based on the submission of SARs (Suspicious Activity Reports)
filed by banks and financial institutions based on a "bust-out scheme" pertaining to credit card
and checks. Although a bust-out scheme is really more of a fraud rather than money laundering,
it still has major implications for our financial sectors and represents unlawful activity.
The stolen money can be used by radical groups (e.g., financing for terrorist groups) or by
organized crime rings. Often, the FBI, Secret Service and state-level law enforcement agencies
cover these types of crimes.
A bust-out scheme is "generally" defined to be a situation where a corrupt merchant is
involved with processing unauthorized credit cards. Basically, the merchant obtains credit
card numbers that are either stolen or provided by other members involved in the scheme
who know they are not "liable" for any of the charges. The merchant quickly maxes-out the
cards with fictitious charges in a fairly short period of time. Unaware that the outstanding
charges are bogus, the credit card (bank) transfers the funds to the merchant's account.
Many times the merchant will declare bankruptcy or simply "disappear" to avoid paying back
the money collected.
Sometimes this happens to a legitimate business when a "broker" requests use of a merchant's
account to process charges for special deals and promises to pay a fee (e.g., 10% or 25%)
of the charges. When the bank catches improper charges, they are charged back to the merchant
to recollect the full amount. The merchant is ultimately liable for these charges and the
broker is nowhere to be found. There are many variations to the bust-out scheme including
using family members, targeting certain ethnic groups, or through blatant criminal activities.
In this example, the VisuaLinks Summarize feature was used to expose all the SSNs
(Social Security Numbers) that were used in DCNs (Document Control Numbers) that
occurred in multiple states (branch states). This approach is used because the SSNs
used by the corrupt merchant tend to be used in multiple schemes because the credit
scores are good (pre-fraud). Thus, they can move around very quickly and set up different
bust-out operations.
The minimal count was set to 6 - which would mean that the same SSN was used at financial
institutions in at least 6 different states. At the time of this writing, there were less
than 50 occurrences of this pattern in the SAR database using this exact configuration.
However, each one reviewed contained an explicit bust-out scheme and often extended to a
number of other transactions, addresses, and suspects.
The entries shown in the query results table below provide a breakdown of the top 10
bust-out schemes.
Each row corresponds to a different SSN - which has been hidden for security reasons.
The number shown in the COUNT column for each row represents the total number of different
states encountered for that SSN. The first row contains 74 states because it represents
bad data (where the SSN is null). The second row reflects the SSN 999999999 and is
therefore discarded.
The next row, with a count of 9, is shown in the diagram below. Although there are
11 SARs shown in the diagram, they actually represent 9 distinct states
(NY and DE are repeated).
The labels show various violation types include check kiting, check fraud, and credit
card fraud. Notice the dates for each of these transactions - they all occur over a very
short time period - basically a full billing cycle for the bank to process the credit card
charges.
In the following example, the SARs are expanded one level using the Walk Data feature and
the primary SUBJECT is now exposed.
The names of both SUBJECTs are the same (with some minor spelling variation) and may be treated
as a single target. Additionally, the banks reporting these SARs were each affiliated with
several credit card companies as reflected in the account numbers presented - which indicates
this was not a localized bust-out scheme.
Expanding the network one additional level, as shown below, reveals the SSN originally used
to expose this bust-out scheme shown as a thick purple line near the 11:30 position in the
right-side circle.
This is indicative of a bust-out scheme and was expected to appear in this level of the
expansion. What is also of interest is the account at the 6:00 position in the middle-circle
because it has a large fan-out, with connections to almost 50 additional SARs
(bottom part of right-side circle).
The network was further expanded (not shown) and reviewed. Each of the SARs expanded to
other SUBJECTs and ACCOUNTs indicating that this is a very extensive bust-out scheme.
One interesting observation is that all of the SUBJECTs displayed in this level have
similar ethnic names. The NARRATIVEs consistently discuss bounced checks, insufficient funds,
and other non-payments.
The next entry in the original query results represents a bust-out scheme that occurred in
8 states represented by each of the unique SARs.
Expanding the network several levels reveals this pattern is structurally identical to the
previous example. Again, the dates reflect that the frauds occur over a very short time
period (a single billing cycle). Considering each SAR is submitted from a separate financial
institution, the collective behavior clearly shows the bust-out pattern, however, the
individual banks have no knowledge of the other banks involved in the scheme.
Unfortunately, these types of events net their operators some quick money and impact the
rest of the financial industry through increased fees, premiums, and other operational
inconsistencies. Getting a better handle on the indicators of the pattern can help banks
expose the scheme earlier to minimize losses. Additionally, it can help law enforcement
pursue and prosecute these schemes with greater success.
For additional information on bust-out schemes, please visit the following URLS:
|
