CHAPTER 1
Bank Fraud: Then and Now

Perhaps the earliest recorded case of fraud in the Western world was that of Hegestratos and Xenothemis in 300 B.C.1 The story goes that Hegestratos took out an insurance policy on a boat for a large sum, with the deliberate intention of sinking it. At this time, ships were going down at a very high frequency, so this was not necessarily a bad idea (from the point of view of the fraudster), provided one managed to pull it off. Hegestratos was supposed to carry a large amount of grain from Syracuse to Athens on his boat. His idea was to not carry any grain but sink the boat halfway through the voyage and collect the insurance money. He would get the price of the boat reimbursed, and since there was no grain on the boat, he wouldn't incur the loss of the value of the grain. What ended up happening was something else altogether. The people on the boat got wind of Hegestratos's plan to drown them and confronted him. Unable to face the opposition, Hegestratos jumped overboard and drowned himself. His partner, Xenothemis, had to sail the boat to the port, and things didn't go well for him either. A legal battle followed between the buyer, Protos, who was waiting in Athens, and Xenothemis, when Protos, who thought he was getting grain, found out that there was no grain on the boat.

Even though the exact details of the verdict in this legal battle are lost to history, we know that Hegestratos and Xenothemis were unable to carry out their plan, and things ended badly for both of them. While this is surely not the oldest case of fraud in history, it is one of the oldest recorded cases of fraud.

This chapter traces a rough history of fraud and compares the times we are in with historic times and looks at how complicated the world of fraud management has become. In order to begin laying the groundwork to understand how complex fraud detection systems have become a necessity in the last few decades, it is important to be aware of this history.

THE EVOLUTION OF FRAUD

If we look to the East, many stories of fraud exist in Hindu mythology and in the folklore of various parts of Asia. Fraud is probably as old as money itself, and we could go a step further and say that fraud has probably existed in this world for as long as human beings have inhabited it. One might ask, “What is different about the times we live in?” In historic times, unlike today, fraud was a rather sporadic phenomenon. There was also considerable stigma associated with fraud as most of it was discovered sooner rather than later, which served as a deterrent to its widespread use. Written over 2,500 years ago, the Thirukkural2 is a masterpiece by the poet Thiruvalluvar composed of 1,330 couplets in the South Indian language Tamil (which happens to be my mother tongue). The 284th couplet says that the unbridled desire to defraud others, when fruitful, will produce endless pain and sorrow. This indicates that fraud existed many thousands of years ago, and most often it resulted in the fraudster reaping considerable notoriety and sorrow. Not only was this the case in the East but also in the Western world, as evidenced in the Hegestratos and Xenothemis story.

Fraud in the Present Day

Fast forward to our times. Not only has fraud become much more prevalent now compared to historic times, but the frequency and the ubiquitous nature of today's fraud means that fraudsters don't necessarily meet the end they deserve. Financial institutions are forced to fight fraud all the time. If fraud is not fought effectively, fraud losses can threaten to derail entire institutions. Some of this is because there are so many more human beings inhabiting the world today, and this results in interactions with institutions becoming more and more impersonal, thus opening up a rich environment for committing fraud. Fraudsters have become so sophisticated that they don't need to be present and make personal sacrifices like Hegestratos to carry out their plans. Fraud can be completely impersonal as far as the fraudsters are concerned.

Banks are especially vulnerable to fraud. Why are they so vulnerable? I am reminded of a conversation alleged to have occurred between Willie Sutton, a legendary and prolific bank robber, and a reporter, Mitch Ohnstad. Sutton is said to have robbed more than $2 million and spent over half of his adult life in prison. The reporter Ohnstad asked Sutton, “Why do you repeatedly rob banks?” to which Sutton replied, “Well, that is where the money is.”3 That statement pretty much sums up why banks are so popular with fraudsters. In most cases of fraud that banks experience, the fraudsters are never caught. All that the banks are able to do is to stop the bleeding by stopping fraud as soon as they can ; they have little hope of recouping the money lost.

In the good old days, when there were fewer customers and banks were for the most part local, they had the luxury of having face-to-face relationships with customers. In the last 40 or 50 years, this has been changing. Not only are there more and more (too many) customers to keep up with, but there also are many customers simply not available for face-to-face interactions. As banks got bigger and the pressure to get bigger and more profitable grew, they were forced to innovate in terms of customer acquisition as well as ways in which customers transact with the bank. As interactions with banks became more and more impersonal, the resulting anonymity also helped the fraudsters to exploit the system.

Risk and Reward

As we all know, lending money has been the business of banks almost from when they started. However, the amount of risk a bank is willing to take to lend money has changed dramatically in the last 50 years. Gone are the days when customers had to appear personally at the banker's office and show the assets on which a loan is requested. In those days, not only were assets showing the customer's ability to pay back the loan needed, but there was also the need to have third parties assure the bank that the money would be paid back if the borrowing customer was unable to repay the loan.

Fast forward to 10 or 20 years ago: Pretty much anyone who had an account with the bank and the semblance of a job could walk in and get a loan'not secured, but an unsecured loan like a credit card and/or other types. Even though it seems to be a pretty risky path for banks to take, as long as they could manage the risk/reward equation by exercising decent control on the risk side, it became a very lucrative path for the banks. The reward portion of the equation is generally dictated by the volume of business a bank can generate. Most of the time, the volume of business is proportional to the number of customers. The same volume also helped fraudsters. The higher the number of customers, the more impersonal the relationships become. You can see how the continuum operates.

Secured Lending versus Unsecured Lending

Even with a rapidly growing customer base, it is possible to keep a decent amount of control on secured lending. In secured lending, there is an asset that the bank has control over that can be used to recoup losses it might incur, especially if the perpetrator is the customer. However, unsecured lending is a totally different beast. Unsecured lending is based on intangibles such as the behavior history of the customer and so on. In addition, since the customer does not have skin in the game, unsecured lending becomes a burden mostly on the bank. Unsecured lending pretty much opened the floodgates in terms of fraud. To a number of customers, it seemed like free money … almost. The biggest proliferation of unsecured lending happened in the area of credit cards. The concept of being able to get money using a small plastic card was not only an amazing idea, but also one that caused a lot of crooks to start thinking about how they could exploit this little plastic card to get the free flow of money going. Due to high interest rates for credit cards, in spite of the fraud losses, running credit card portfolios was and continues to be a very lucrative business for banks. However, if there was a way to control losses, credit card portfolios would be even more attractive for banks. This meant that issuers had to figure out a way to keep fraud losses in check. Various authentication methods such as signature matching were used in the beginning to keep fraud rates under control. Not surprisingly, fraudsters found easy ways around these authentication methods. This is when the realization came that studying the cardholders' behavior and looking for deviations would be a much more effective method of keeping fraud in check than using authentication methods, which the crooks could find ways around. Statistical models started do a better job of understanding the nuances of cardholder behavior and what is normal for a customer, so the automation of the process of detecting fraud as well as improved accuracy became a huge asset to managing fraud.

These days, interestingly, even authentication methods are expected to have some understanding of the customer beyond simply matching a password to the recorded password of the customer. We live in a complex world where customer expectations have grown, and as customers have become more sophisticated, there has been an inherent expectation that the banks should almost magically know the behavior of the customer based on past history.

In unsecured lending, a lot more diligence is needed in combating fraud because fraud directly affects the bottom line of banks,...