Banking experts are leaking data on customer accounts as scams rise – East Bay Times

By Tom Schoenberg | Bloomberg

The new employee was supposed to help Toronto-Dominion Bank detect money laundering from an outpost in New York.

Instead, he used his access to banking data to distribute customer data to a criminal network on Telegram, according to Manhattan prosecutors. Local detectives who searched his phone allegedly found images of 255 checks belonging to customers, along with other personal information on nearly 70 other people.

It’s part of a little-noticed pattern emerging across American banking: from towers in Manhattan to centers in Florida and even the suburbs of Louisiana.

As sophisticated scams targeting Americans’ life savings make headlines across the United States, the industry’s lowest-paid employees continue to be caught selling sensitive customer information through the back door, emerging as a critical area of weakness in banks’ risk controls.

This is an inconvenient trend, as companies make a strong case to policymakers and the public that customers are primarily responsible for ensuring they are not scammed out of their savings. While many scams seemingly target random people, some victims have said that the scammers who deceived them knew a lot about their finances from the beginning.

“The more employees within a company with access to sensitive customer information, the greater the risk that access will be abused,” said RJ Cross, privacy advocate at the US Public Interest Research Group. “Companies must have technical measures in place to ensure that employees and contractors cannot abscond with people’s information or access data that is not necessary for their work duties.”

There have been warnings for years.

Nearly a decade ago, then-New York Attorney General Eric Schneiderman publicly urged major lenders, including JPMorgan Chase & Co., Bank of America Corp. and Citigroup Inc., to strengthen internal defenses after an investigation discovered that an identity theft ring had recruited tellers from the industry. This was based on a larger study by his office that showed that leaks by company insiders were already on the rise, and that data “is often obtained exclusively for fraudulent purposes.”

These concerns now take on a new urgency. American retirees with record wealth are facing an avalanche of senior fraud, with estimated annual losses exceeding $28 billion. For scammers, tips on who has a lot of money can be invaluable.

Meanwhile, banking lobbyists are fighting back against legislative attempts to force companies to do more to protect customers or share their losses.

The recent series of bankruptcies shows that banks have not yet figured out how to stop employees from trying to monetize their access to sensitive and highly valuable customer information. Some connect with local conspirators on social media for schemes as mundane as fake checks. Banks usually compensate such victims. But more sophisticated scams have proliferated in recent years, often leaving customers on the hook for their losses.

Some prosecutions, such as that of Wade Helms of Navy Federal Credit Union, illustrate the extent to which data can flow.

Authorities in Escambia County, Florida, accused Helms of writing down personal information about customers in a notebook, creating a handle on the dark web and making it known that he was looking for a buyer for information about customers of Navy Federal, the largest US Union Credit Agency. In a chat room, Helms found someone claiming to be a broker for stolen data. The two allegedly spoke on the phone and then continued the conversation on a personal computer Helms kept next to his office desk.

The broker “wanted high-value account information because it would be sold more easily on the dark web,” according to an affidavit for an arrest warrant against Helms. The broker created Telegram pages called “Navy Wave”, where screenshots of clients’ accounts were posted. Some were provided by Helms, who had taken screenshots of clients’ bank statements and photos of their identification, according to the warrant.

“Navy Wave” had multiple handles starting with @ScammingServices with over 2,700 subscribers. By the time the credit union’s internal security discovered the breach, Helms had allegedly exposed up to 50 accounts. At least five posts on the “Navy Wave” pages included Navy Federal accounts provided by Helms.

In a deal with prosecutors this year, Helms pleaded no contest to 11 charges, including unlawful use of personal identification, and was sentenced to 10 years of probation. He was also ordered to pay about $9,100 in restitution to Navy Federal.

An attorney for Helms did not respond to messages seeking comment.

“Navy Federal takes every precaution necessary to protect our members’ personal and financial information,” a spokesperson for the credit union said in a statement. “We constantly strengthen our processes to ensure member information remains confidential and continually monitor member accounts for unusual activity.” The lender said it worked with authorities to help secure a conviction.

Encourage companies

It’s challenging for companies to adapt to crime trends, especially as companies are expanding their workforces by thousands of employees, including high-turnover positions, said Jonathan Lopez, a former federal prosecutor who specializes in banking crime cases.

“The problem may not be a flawed program in many cases, but the large number of people involved,” said López, a partner at Jacobson López in Washington. “While zero fraud rates may be impossible, institutions should be incentivized to continue striving to get their fraud rates and their internal fraud rates as close to zero as possible.”

TD Bank’s recent $3.1 billion settlement with U.S. authorities for failing to prevent money laundering revealed that executives’ focus on costs had contributed to weak internal systems. The result was a crime spree that mostly went undetected until federal investigators tracking fentanyl sales on the East Coast took a closer look at the bank.

The investigation found that several branch employees accepted bribes in cash and gift cards to open accounts and issue debit cards that were then used to move money to Colombia through ATMs.

The heightened scrutiny also revealed that a New York-based branch manager stole more than $200,000 from an elderly customer, using account information and a fraudulent email address to siphon funds even after the retiree died. . The banker, later fired by TD, admitted to the crime and was sentenced to more than a year in prison. His lawyer said he stole the money to pay his son’s college tuition.

Then in September, New York authorities targeted Daria Sewell, a new employee in TD’s anti-money laundering operations, accusing her of storing images of customer checks on her phone. The breach exposed the accounts to a network of New York-area fraudsters who were accused of a $500,000 check fraud scheme, according to the Manhattan district attorney’s office.

Investigators said Sewell distributed information on Telegram with instructions on how to open bank accounts and transfer money from TD accounts to them. The recipients then allegedly split the profits with her.

Sewell has pleaded not guilty to unlawful possession of personal information. An attorney representing her did not respond to messages seeking comment.

“In both cases, the employees were fired and we fully cooperated with authorities in their investigations,” a TD spokesperson said in an email. “As we have consistently said, these individuals are not representative of our 30,000 colleagues in the U.S. who serve our customers with integrity.”

fraud ring

Outsourcing can create more cracks in banks’ defenses.

In Louisiana, federal prosecutors traced a check fraud ring to employees of the international call center Teleperformance, where three employees in Shreveport were accused of selling account information of elderly USAA customers.

The scheme continued for nearly two years, and the three — Arazhia Gully, Maya Green and Zarrajah Watkins — banded together and offered information about customers with high account balances to a network of more than a dozen others, according to federal prosecutors. Some recipients used fake checks to make withdrawals. A portion of the winnings were subsequently deposited into the personal account of a Teleperformance employee and withdrawn at a nearby casino.

Sharing that data was similar to ordering a menu at a restaurant, with outsiders choosing which accounts to exploit.

In one example provided by prosecutors, Gully sent a conspirator a text message containing the ages and account balances of eight USAA customers. The person responded with their choice: a 79-year-old man with $442,000. Gully then sent an image of a computer screen showing detailed account information. Another victim was a 95-year-old man with $174,000.

“We fully cooperated with authorities to assist in the investigation and terminated employees as soon as we learned of the incidents,” Teleperformance said in an emailed statement. “We work closely with our customers to ensure we minimize our employees’ access to customer account information to include only the access necessary to provide the services and minimize the risk of fraud to the lowest possible level.”

A USAA spokesman declined to comment.

The three Teleperformance employees pleaded guilty to conspiracy to commit bank fraud and are awaiting sentencing. Attorneys for Gully and Watkins declined to comment.

Green’s attorney, Joey Greenwald, said his client had a low profile on the network and paid only a few hundred dollars to take screenshots of accounts.

Greenwald said she was surprised her client could see so much information, noting that she had a 10th-grade education and worked from home: “They hooked her up to a computer and a phone and she had all this access to clients’ accounts. “Greenwald said he is not aware of Green having received training on how to handle the data.

“Trusting him with this kind of information was pretty scary,” he said.

–With the help of Paige Smith.

Originally Posted: December 31, 2024 at 4:57 am PST