I recently read an article published by CNBC on bank fraud. I normally glance right over these pieces. After spending over a decade working in the retail banking industry, fraud is just one of those topics that turns my stomach quicker than bad sushi. For starters, it was something we encountered on a near daily basis, sometimes multiple customers back-to-back with similar issues ranging from compromised debit cards to fraudulent checks and ACH withdrawals. Secondly, everyone who writes an article on bank fraud and all the ways to protect yourself is usually just parroting a Suzie Ormon article they read a few years ago and have never actually been a victim of said fraud, perpetrated it themselves, or had to spend countless hours of their own time and bank resources to help resolve the issues stemming from it.
But when I noticed Frank Abagnale was a contributor to the article, my antennas immediately went up. I have included a link to the article below, but if you don’t know who this is, hopefully, you have watched or at least heard of the movie, “Catch Me If You Can.” Leonardo DiCaprio plays the part of Frank Abagnale, a young man who becomes a master in bank fraud and deceit. He was ultimately caught and convicted for his crimes but now helps to consult on how others can protect themselves from the new age versions of himself. With an impressive resume like that, I was intrigued to hear his point of view on some of the issues I witnessed firsthand while simultaneously calming frantic customers who found their bank accounts drained of anywhere from hundreds to tens of thousands of dollars.
The first point Mr. Abagnale makes in this article is 100% true – from one perspective anyway – and that is how all our modern technological advancements have made it exponentially easier for identity thieves and scam artists to steal our sensitive personal information. Whether you access your bank accounts online all the time from any device over whatever secured or unsecured connection you can find, only check from the safety of your own home, or don’t even know how to turn a computer on makes no difference to these relentless pariahs. Sure, some of those activities will make you more susceptible than others, but ultimtaely, the information an identity thief needs to create an online profile for you with your banking institution of choice is not nearly as much as you might think and can be readily accessed in many ways. To enroll in online banking services at most major financial institutions, all one needs to have is:
- An email address: Guess what? It doesn’t even have to be your email address! If you have never signed up for online services, or are the type of person who either does not have an email address or refused to provide it to your bank when you opened an account or when they updated their records, the hackers and thieves are starting with a clean slate and the bank system will have no way of knowing that the person trying to set up an online presence is not you.
- Bank account number: If you are not utilizing online banking, or you are but still prefer those “paper” statements, this piece of information can easily fall into the wrong hands. Just think about how often you may not have received a piece of mail, particularly a bank or credit card statement, and either blamed the issuer or the postal service. But what if that statement was sent, and the postal service delivered it to the wrong mailbox, one belonging to someone with malicious intent? Or it made it to your mailbox and was taken out before you got home by a calculating criminal who already stumbled upon other pieces of the puzzle needed to wipe out your accounts.
- Social Security number (or sometimes only the last four digits): Some of us protect this information like gold; others take very intimate and private phone conversations in very public spaces with no thought for the consequences thanks to the prevalence of cellphones. Even if you are keying the information in on the number pad instead of speaking it aloud, there are ways to recognize the different tones each key makes, or one could merely look over your shoulder as you are doing it. Scammers are also very good at calling you or sending letters to try and obtain this information via fake sweepstakes and the like. And if you are rolling your eyes thinking no one can be that stupid, I assure you I have assisted many college-educated folks who in a moment of weakness or gullibility fell victim to exactly this type of rouse and were forced to scramble on damage control.
- Date of birth: Probably the least sensitive and guarded of all your personal information and can be obtained in so many ways I will not even waste time on it. If someone can get your bank account number and social security, your date of birth is a walk in the park.
Knowing this, I find the opposite of Mr. Abagnale’s statement can also hold true. Access to technology can also help consumers protect themselves far better than they were able to in the past. Back in the 1960s, consumers had no choice but to wait until their monthly bank statements arrived in the mail before they could balance that good old checkbook and ensure the accuracy of the transactions. If someone had committed fraud against the account on the 1st of the month, they would not find out until around the 7th to 15th of the following month. This allows the illicit activity to continue for over a month, all as the compromised bank account is drained. In the process, legitimate checks the client writes are in danger of getting returned due to insufficient funds, thus wreaking havoc across every aspect of their financial life.
An ounce of prevention is worth a pound of cure.
As it relates to banking and fraud, this is equivalent to the Bible’s Golden Rule. Even if you are not comfortable paying your bills online (a fear we will debunk shortly), simply logging in daily to check your balance and review any transactions that seem out of place will put you in a far better position to catch fraud as soon as it happens and be reimbursed immediately. Thanks to Federal regulations, banks must reimburse all fraudulent electronic charges against your account (bill payments, debit card, ACH withdrawals) in a timely fashion so long as they are notified within 60 days of the infraction. If you think back to the scenario where you are waiting for a bank statement, you could have possibly just squandered 30-45 days of that window. If that doesn’t make you feel better about the benefits of online banking, maybe the following topic will.
When Mr. Abagnale was in the business of bank fraud, it was all done via paper checks, and he did a great job of outlining that process in the article I referenced. Some parts are no longer relevant in the advanced age of banking and decentralization of corporate payment structures, though. Today, obtaining the signature of a CEO will probably not do a whole heck of a lot depending on the company in question since many do not sign any of their corporate checks; they have individual department heads who handle that day-to-day business, and even those signatures are “rubber stamped” – meaning they are preprinted on the check before any payee or dollar amounts are entered. For example, at JPMorgan Chase, Jamie Dimon, the CEO, does not sign any of the bank-issued checks in circulation, at least none I ever witnessed in eight years working there. Should someone come in with a check signed by Mr. Dimon, it would be an immediate red flag that could be spotted by even the most inexperienced teller (but we will come back to this as well).
Considering my concern in writing this is for the benefit of the consumer, the little guy who can’t absorb the effects of fraud like a corporate behemoth can, let’s focus on how writing out your own checks to pay bills makes you more likely to fall victim to fraud than if you paid your bills online. When putting a check in the mail to pay a bill, you have effectively given an identity thief almost every piece of information they need to drain your bank account. This can happen by thieves who steal envelopes from mailboxes, letters delivered to incorrect addresses, or even unscrupulous payment agents at your local utility company who are compiling and selling this information. Never thought about it that way, did you? Most people haven’t, so let’s be clear about exactly what you are giving up when you mail out that check:
-Name and Address
-Bank Routing number
-Bank account number
-The name of a company you do business with
-Possibly your account number with that company if you wrote it in the memo line
With all that information now in hand, it is off to order check-printing supplies as Mr. Abignale explained in simplicity. There are no checks or balances, no one to ask who is the account holder. Now phony checks start flying, and your account begins to drop. When payments are made through a bank’s online payment system, those funds are delivered to the payee in question electronically, usually within 1-2 business days, and the only piece of private information the receiving company is privy to is the name of the bank you use. Those payments are guaranteed to be on time, and that Federal regulation we spoke about earlier covers any fraud. Whether you like the idea of where society is moving, particularly as it pertains to your money and banking, there is very little that we as consumers can do to stop the advancement of technology and the culture of culpability it breeds in the gluttonous financial institutions that “serve you.”
Can the banks be blamed for the actions of criminals who merely use them as a means to an end? It’s okay if that is going through your mind right now, and it is a very fair question – if you have never worked in a bank and witnessed the behind-the-scenes mechanics perpetuating this cycle and emboldening those who see you and your bank as easy targets. If you have stepped into a bank within the last few years, you might have noticed how it seems eerily empty. A teller line of ten stations that used to be fully staffed is now manned by one lonesome college student just hoping they will get to eat lunch that day since they are all alone. How a platform full of empty desks is the only thing greeting you when you require serious attention, and where more customers are sitting in chairs waiting for assistance than there are other people to help. In some institutions, the potential wait time makes a trip to the DMV look like a day at Disney World.
That is because banks try squeezing every dollar of profit they can out of their customers and employees so that their senior executives and shareholders can reap the rewards while you lose your mind. Banks have moved toward a self-service model that has resulted in the shuttering of physical locations, reduction in staff, and elimination of many customary services and conveniences that they no longer deem profitable without concern for the impact on the very people that keep them in business – their account holders! What does this have to do with fraud? Oh, I don’t know, just about everything.
As the number of employees in a retail bank is reduced to drastic levels, sometimes to the point where it is unsafe for them to work (remember, this is a place handling large volumes of cash), corners are getting cut in ways the average customer does not realize. Sure, you are fully aware of your rapidly ebbing lunch break as you wait tenth in line behind a bunch of business customers with sacks of cash for the one and only teller in sight. But what trickle-down effect does that have beyond just your lost time?
Please don’t think I am saying that bank staff lacking these things due to circumstance makes them bad people, just the opposite really. Believe it or not, they are doing their best under the circumstances they are forced to work under and do not want to see the same faces standing there for an hour any more than they want to be there. They are fully aware that many customers will ultimately wind up taking out their frustration on them when they finally reach the window, one after another, like a boxer with their hands tied behind their backs getting punched in the mouth all day long. It does not bode well for their morale or ability to serve you to the best of their ability beyond the forced smile and perfunctory apology for the wait. And honestly, they are sorry. It is the bank that pays them that has zero remorse for the situation you have both been placed in. If they could get away with zero associates and still turn a profit, believe me, they would.
And guess what makes it worse? The bank and senior management responsible for these decisions still want them to perform at their highest possible level, meaning no cash balancing issues, no fraud losses, and no negative customer surveys. That employee takes the brunt of the blame when we, as customers, complain about how poor the experience the bank as a whole provided, while the seven-figure head honchos absolve themselves of all responsibility or guilt. When you have an employee who feels like that, who dreads getting out of bed every morning as if they were back in grade school and knew the bully was waiting for them at recess, bad things are bound to happen. I can speak to this firsthand but spare you any specific examples and focus on the broad facts.
First, tellers are poorly paid and inadequately trained. To the pay piece, I implore you to watch the video in this link https://binged.it/2CEnV1F, in which a major bank CEO could not explain to Congress how one of his tellers might be able to keep her head above water on the salary his bank paid her. That is basically the industry standard, although a select few have started making strides to improve this bleak statistic. As for the training, a teller spends 5 to 10 days on average in a classroom environment where not a single minute is spent on fraud detection and prevention. They are then sent to be supervised in a real bank for a few days by another teller who has slightly more experience than they do, in essence resulting in “the blind leading the blind.” That is also assuming the teller is even allowed to finish that complete training rotation because staffing situations are so dire they are oftentimes pulled out and thrown right into the fire.
When that line starts building, and these inexperienced tellers become deer in headlights, mistakes begin to mount quickly. Deposits wind up in incorrect accounts, cash goes missing or misallocated, and above all else, fraud happens. That cordial guy or gal waiting patiently in line to cash their $300 check approaches the window and is not upset, not abusive. They chat them up like they are a real person and make them feel good about themselves. They get their $300 and are on their way, and that teller feels great for a fleeting moment. And then, minutes, hours, or days later, they find out the check was fraudulent and that charming patient person was a professional scam artist who knew exactly what they were doing and who they were preying on. And that is a mild example. That check could have been $3,000, or any amount under the highest limit that would have required a supervisor to intervene, because yes, the criminals know that information as well – the good ones know more about bank policy than the actual employees do. Plus, the supervisor is busy and overwhelmed as well so, oops.
You might be wondering what happens in circumstances such as these. Well, a few things. First, there is a good chance the teller will be disciplined or even fired. Either way, an unfortunate fate for someone set-up to fail by their employer and one that now makes the bank even shorter-staffed and more vulnerable to fraudsters. The bank will also reimburse the victim’s account for the full amount of the loss. After all, they have acceptable fraud levels built into the budget, simply meaning that as long as the amount of money they save on salaries and adequate training exceeds the amount of money going out the door to fraud, it is still a win for them.
That leaves the customer waiting for anywhere from 24 hours up to 30 days to recover their funds while the bank conducts an investigation. For someone who only had that much money left in their account to begin with, and a rent or mortgage payment due in a few days, that is not an acceptable outcome, but they have no choice. This is also no mystery to the fraudsters of the world, and as long as they continue to succeed, there is no deterrent. Gone are the days of armed bank robbery, which has historically low success rates and results in lengthy prison sentences as a violent crime. The current method of thievery is considered white collar, and if someone gets caught, they are often back on the streets in no time at all without repaying their illicit gains.
Two losers: The customer and the employee
Two winners: The bank and the criminal
Under those circumstances, it is probably hard to even draw a distinction and easier to just classify both of the winning parties as criminals. So God forbid you are ever the victim of fraud, please remember some of this article and think twice about asking how stupid the employee who processed the transaction can be or ask why no one picked up the phone to call you and verify it. The simple answer is probably that the teller didn’t have time to look closely enough or was burnt out from helping every other customer who came in that day, and the other employee or manager on duty who should have called was busy helping a waiting area full of people waiting to place fraud claims of their own.
And the cycle continues…