HAVING ESCAPED TO the rocky, still-chilly, nearly tourist-free Oregon coast, and staying in a town that sports Eden in its name, one might expect to find tranquil bankers pleasantly discussing loan rates before hitting the links. But executives attending the association’s annual convention here found their peace disturbed by fraud expert Rob Douglas, who said the nation’s banking system has become a playground for criminals — and now, terrorists — who know how to turn stolen financial data into steady income.
       “Your concern is no longer a teller walking out the door with cash,” said Douglas. “Your concern is information walking out the door. That’s the new currency. You’ve got to think: information equals cash.”
       Bank crime rarely involves traditional robberies any more, said Oregon Bankers Association Chairman Mike Foglia. Instead, money and information are stolen remotely, via electronic and paper fraud. There is almost no risk to the criminal, who can’t be spotted by security cameras, but can steal the money from the other side of the world.
       Privately, bankers at the conference expressed dismay at the amount of fraudulent financial wire transfers that are completed after a fast-talking criminal tricks a bank employee during a single phone call. Other frauds are even easier — depositing a fraudulent “convenience check” from a credit card company, then withdrawing the money; or skimming ATM card numbers right from the machine.
       How much is virtually slipping out the door? Bankers wouldn’t talk, but Foglia admits loss of “seven figures” at the various Wells Fargo branches he manages near Portland. And he concedes fraud is on the rise at all banks.
       
IDENTITY THEFT HAVEN
       But frequently, the initial crime doesn’t even involve money. It starts as a simple phone call, and a request for information, such as bank account balances. From there, the data is resold and reused, leading to crimes from simple credit card fraud to full-blown identity theft resulting in car loans or even equity loans.
       Where the fraud receipts eventually end up is anyone’s guess, but there is evidence terrorist groups used stolen credit cards and other bank fraud techniques to support the Sept. 11 attacks and other terrorism activities.

       From the heavy sighs and drawn faces, it was clear that Douglas was, at least in part, preaching to the choir. Oregon has already suffered one of the nation’s worst-ever information leaks. Last year, police acting on a tip found computer disks with the state’s Department of Motor Vehicle records — all of them — in a suspect’s apartment. The suspect, Jody Gene Oates, pleaded guilty last month to identity theft and was sentenced to 4 and one-half years in prison.
       Many Oregon banks use state drivers’ licenses to verify the identity of a new account holder.
       “How can you trust that as verification now?” Douglas asked.

Advertisement

       But Oregon’s troubled bankers are hardly alone. Just last week, Bank of America kicked off a new ad campaign “Invasion of the ID snatchers” with the National Consumers League warning customers about the hazards of ID theft. The campaign is a response to an incident earlier this year when a criminal set up a fake Bank of America Web site and stole customer information. During an interview with the American Banker, bank privacy officer Robin Warren said ID fraud losses at the firm are rising, and the February incident was “a big wake-up call.”
       
PHONE CALL TRICKERY
       Douglas takes his shock therapy to banking groups around the country, telling executives that the banking system has become a convenient database for criminals.

       He played secretly-taped phone conversations with information brokers, who regularly call banks pretending to be depositors, tricking customer service representatives into giving out private information. Bank records, for example, can be obtained for as little as $50.
       “She didn’t even ask for my name,” bragged the broker on the tape, who had gotten a customer’s account balance information armed only with a Social Security number. “You wouldn’t believe how easy it is. ... You have to talk fast. You can’t give people a chance to think. That’s the key.”
       Another tactic used, Douglas said, is acting belligerent if the conversation starts to go poorly. Also, since Sept. 11,

many criminals have taken to impersonating the FBI, he said, knowing that many bank employees are all too eager to help the war on terrorism.
       Surrendering private financial information was declared a federal crime in 1999 by the Gramm-Leach-Bliley Act. But while thousands of companies still operate in the seedy information area, not a single one has faced prosecution, Foglia said.
       While he admitted that both identity theft and electronic fraud in general are on the rise, and conceded banks “could do more,” he said the lack of prosecutions was the real problem.
       “We have cases we tie up with a bow and give them to (federal authorities), and we can’t get them interested unless the loss is at least $50,000,” Foglia said. Criminals know this, he said. They know they can risk a $10,000 fraud with almost no fear of jail time.
       “What if we could take all the millions we have lost in fraud in the past year and hire some prosecuting attorneys?” he asked hypothetically. “The fact that there are no prosecutions is deplorable, particularly when we know this stuff funds terrorism.”
       Douglas, who often ends his talks showing a video about stalking victim Amy Boyer — hunted by her killer with the help of an information broker — said there is frustration around the country with the lack of prosecutions connected to Graham-Leach-Bliley or other bank frauds. Even if the initial crime seems neat, clean, perhaps even victimless, the ultimate consequences are severe.
       “This is not about being able to steal a $50 pair of Reeboks (with a stolen credit card) any more,” said Douglas. “It’s about terrorism, stalking and murder now.”