Presentation on Bank Frauds with examples of some of the most popular Bank Frauds happened. Examples given are Frauds happened in Bank Nordea, Natwest Bank and HSBC.
2. Types of Banking Frauds
• Identity Theft
• Friendly Theft
• Internal Bank Frauds
• These three categories includes different types of banking frauds that
is done all through out the world
6. Nordea Bank AB Company Profile
• It is a universal bank, including corporate merchant banking, retail banking, and private
banking.
• They are also one of the leading providers of life and pensions products in the Nordic
countries.
• The headquarters is located at Stockholm, Sweden.
• Nordea is active in Denmark, Finland, Norway, Estonia, Latvia, Lithuania, Poland, and Russia.
Their International network includes branches in New York, London, Frankfurt, Singapore,
and Shanghai.
• The President/CEO is Christian Clausen.
7. Nordea Bank AB Company Profile
• They have 1,400 branches and serves about 11 million customers.
• The key customer segment for Nordea is corporate clients.
• The bank listed on the Copenhagen Stock Exchange, Helsinki Stock Exchange, and
Stockholm Stock Exchange.
• Nordea operates an internet bank, holding more than 5.9 million online customers
engaging in more than 260 million payments per year.
8. The type of fraud, and how did the fraud take place
• In 2007 Nordea Bank AB was subjected to an online phishing scam.
• The fraudsters managed to steal around 8m kronor ($1.1m; £576,000) from account holders.
• The bank stated that their customers have been targeted by emails containing a customized
Trojan for months.
• The believes that 250 customers have been affected by the fraud.
• According to McAfee, the attack used a Trojan known as haxdoor.ki, to obtain customers
details.
9. The type of fraud, and how did the fraud take place
The Procedure:
• First, Haxdoor installs keyloggers to record keystrokes. Then it hides itself using a
rootkit.
• Next, the payload of the .ki variant of the Trojan activates when users attempted to log
in to the Nordea online banking site.
• As a result, online users were redirected to a false home page, where they entered
important log-in information, including log-in numbers.
• After the users entered their valuable information an error message has appeared,
informing them that the site was experiencing technical difficulties.
• Finally, the criminals managed to use the harvested customer’s details on the real
Nordea website to take money from their accounts.
10. How was it detected and remediated
• According to industry newspaper Computer Sweden, the police have traced the fraudulent
emails first to computer servers in the US and then to Russia.
• The thieves managed to evade detection by limiting their transfers to small sums.
• Later, it was revealed that Nordea clients have been targeted by the phishing emails for at
least 15 months.
• The police in Sweden have already managed to arrest over 100 middlemen in Sweden, who
have been working with the Russian hacker criminals.
11. Chip Authentication Program
• The CAP is a MasterCard initiative and technical specification for using EMV banking
smartcards for authenticating users and transactions in online and telephone banking.
• It was also adopted by Visa as Dynamic Pass code Authentication.
• CAP is a form of two-factor authentication as both a smartcard and a valid PIN must be
present for a transaction to succeed.
• Nordea Bank AB hopes this system will reduce the risk of their customers entering their
details into fraudulent websites through phishing email attacks.
16. Overview of Incident
• In April of 2012 he found that six separate transactions totaling to £7,450
had come out of his NatWest account.
• How was it detected?
“Told it was my fault even though bank never spotted suspicious payments”
17. Type of Fraud and remediation strategies
• Not a phishing email!
• Malware..
• “Trusteer Rapport”
18. Type of Malware
• Zeus Trojan or Zbot
• Egypt, the United States, Mexico, Saudi Arabia, and Turkey
19. Remediation
• Financial Ombudsman Service (FOS)
• UK police arrested 19 individual.
• $9.5 million stolen from online banking customers.
21. • Started its operations in March 1865 in Hong Kong.
• Serves a customer base which is around 58 million in more than 80
countries ad it has around 7200 offices all over the globe covering Africa,
Asia, Europe, North America and South America.
Background of the company
22. • HSBC has done some major acquisitions throughout the time,
including acquisitions of Midland Bank (1992), OfficeMax (2005),
Neiman Marcus Group (2005.
• Many of these acquisitions allowed HSBC to expand the diversity
of its global operations.
• Currently, HSBC comprises of a total of 23 corporate entities.
Background of the company
23. • HSBC is a global financial company so it competes with a range of
leading global banks and financial services providers, including Bank
of America, Barclays, Citigroup, Deutsche Bank etc.
Background of the company
24. • HSBC is a universal bank and is organized within four business
groups:
• Commercial Banking
• Global Banking and Markets (investment banking)
• Retail Banking and Wealth Management (retail banking and
consumer finance)
• Global Private Banking. (HSBC)
Background of the company
25. • As of 31st December 2012, it had total assets of $2.637 trillion, of
which roughly half were in Europe, a quarter in the Americas and a
quarter in Asia.
Background of the company
26. • Wire Fraud
• Former HSBC worker tried to steal £72m ($141m) from the bank
through an audacious electronic heist
Type of the fraud
27. • Jagmeet Channa aged 25, who worked at
the firm's headquarters.
• He stole couple of his colleagues' log-in
credentials to transfer £72m from HSBC to
accounts held with Barclays Bank in
Manchester (£24m) and in Morocco
(£48m).
Type of the fraud
28. • It happened on Friday, 18 April 2008. Channa, while working at HSBC's UK
headquarters authorized two seemingly straightforward transactions. But
they were made using passwords stolen from colleagues.
• That morning, Channa wired £48m to an account at French bank Société
Générale in Casablanca, Morocco. Then moments later, he dispatched £24m
to a branch of Barclays in Manchester.
How did the fraud take place
29. • It was totally audacious, and said to be the biggest fraud of its kind in
the UK.
• He pulled off the biggest crime in British history in terms of the
amount of cash stolen.
How did the fraud take place
30. • Banking security officials in Malaysia had noted a double transaction, prompting
'cause for concern'. Channa had used a global financial holding account where vast
amounts are paid in then removed. At the close of daily trading, the account should
register zero.
• But Channa had inexplicably forgotten to change it and his holding account was
showing a massive debt.
How it was detected
31. • Channa's decision to execute the crime on a Friday.
• Had Channa committed the fraud during the active trading of the
working week, his scam may have remained undetected.
How it was detected
32. • Even though in reality the money had gone, and the theft had taken place by
the time officials were aware of it, HSBC officials contacted both Barclays
and the bank in Morocco and the transferred £72m was frozen and returned
to HSBC.
• Meanwhile, City of London police arrested, but quickly released, the two
colleagues whose identities Channa had stolen.
How it was remediated
33. • Five days after committing the transaction, Channa was arrested.
• The following day Channa was charged with conspiracy to
defraud, money laundering and abuse of trust. Within a week of
committing the fraud, he was facing jail.
How it was remediated
34. • Yet for the police and international banks, the inquest had only
just begun. Even now, officers have no idea for how long the
crime was being planned.
How it was remediated