Understanding Bank Drop Scams: Prevention and Protection

February 24, 2023
February 24, 2023
Bank drop fraud
hZ4W5oQ7pJVIHbW2fBXA

Learn more about Fingerprint

  • Streamline user experiences for trusted traffic
  • The highest accuracy device identification for mobile and web
  • Improve visitor analytics on mobile and web
Talk to our Team

As technology evolves, fraudsters have developed increasingly sophisticated methods for fraudulent activities, including using bank drops to move ill-gotten gains undetected. This poses a serious threat to financial institutions and their customers, whose personal and financial information is at risk.

Fortunately, there is a solution. Digital identity platforms, such as Fingerprint, can help banks better protect their customers and detect online threats quickly. With advanced security measures, banks can prevent unauthorized access to their customers' information, ensuring the safety and security of their financial transactions.

Banks can enhance their products by leveraging digital identity platforms and safeguarding customers from online threats. In this article, we will explore bank drops, how they work, and how banks can use digital identity platforms to stay ahead of fraudsters and protect their customers' financial well-being. 

What is a bank drop?

A bank drop can be a legal transaction, but it is often associated with illegal activities like money laundering and financial fraud. Criminals use bank drops to deposit and move money obtained illegally, often by taking over accounts of unsuspecting individuals, who may not even be aware that their accounts are being used for illegal purposes.

Once the money has been deposited into the bank account, it can then be moved, often with the assistance of a money mule, to other accounts or withdrawn as cash, making it difficult to trace and identify the source of the funds. 

To do this, a fraudster needs access to the victim's "fulls," which refers to someone's complete set of personally identifiable information, including things like name, address, date of birth, social security number, and other sensitive information. With access to the victim's fulls, the fraudster can open bank accounts, apply for loans or credit cards, and commit other types of financial fraud.

How do bank drops work?

So, how do these crafty criminals get away with this whole process? Let's start with an example: Let's say that a fraudster, who we'll call Mike, has stolen the "fulls" of a victim named Jane. He has obtained her social security number, date of birth, and sensitive personal information, through a data breach, phishing, or even by purchasing it on the dark web.

Mike uses this information to create a synthetic identity for Jane to open a bank account in her name. He orders a debit card for the account and sets up online banking access, all while using security measures like accessing the internet through a Tor browser and a VPN.

To make the account look legitimate, Mike first deposits some "clean" cash into it through legitimate means. He may make a few small transactions with the account to avoid suspicion, such as purchasing groceries or paying bills.

Once the account appears normal and has some history of transactions, Mike starts to cash out. He may transfer the funds to another account he controls or withdraw cash from ATMs. To avoid raising any red flags, he keeps the withdrawals below the reporting threshold and makes them from different locations.

Mike carefully uses different accounts and withdrawal methods to avoid detection as he cashes out. He may also use the victim's active email account or other communications channels to receive updates on the account and to stay one step ahead of any potential fraud detection measures.

By using a bank drop, Mike can steal funds from the victim without her even knowing about it. 

How do fraudsters obtain bank information?

Fraudsters often require a victim's account number, routing number, PIN code, and other essential information to steal money from their bank account. They can then transfer funds to their account or another account they control. 

There are multiple ways for them to gain access to this information. One such method is through social engineering tactics like posing as a bank representative and requesting account details under the guise of identity verification. Another way is by targeting vulnerable individuals, such as the elderly or the less tech-savvy, and pretending to be a relative in need of money. 

Once they obtain the bank details, they can convert the money to cryptocurrencies or use other techniques to launder it through money mules without the victim's knowledge.

Scams used to steal bank information

Cybercriminals use a variety of scams to defraud their victims. While social engineering is often the most underhanded and catches victims off-guard, there are more devious ways for fraudsters to steal your bank information.

Phishing

One of the most common tactics fraudsters use is phishing, which involves tricking victims into clicking on links or downloading attachments containing malware. This malware can steal sensitive information, such as bank login details, and send it back to the fraudster. Phishing emails can look frighteningly similar to your regular email.

A fraudster sends an email or text message that appears to be from the victim's bank or another trusted organization. The message will typically contain a link or attachment that the victim is asked to click on to verify their account details or to update their information. If the victim falls for the scam and provides their bank details, the fraudster can use them to steal money from the victim's account.

Unsolicited check fraud

Unsolicited check fraud, also known as the overpayment scam, is another common method cybercriminals use. In this scenario, the fraudster sends fake checks to victims and requests them to deposit the check and transfer some funds to the fraudster's account. Overpayment scams involve the fraudster sending a payment larger than the amount owed and requesting the victim to transfer the excess amount to their account.

Automatic withdraw scam

Fraudsters have developed a highly effective and often unnoticed method of unauthorized withdrawals from victims' bank accounts. During an automatic withdraw scam, fraudsters use stolen bank details to set up fraudulent recurring payments without the account holder's knowledge. This can be a highly effective and undetected form of fraud. Victims may not immediately detect the unauthorized deductions on their statements, allowing fraudsters to steal significant amounts of money over time. 

How banks can protect their customers from bank drop fraud

By now, you're no stranger to the scams plaguing the banking industry. In particular, bank drops and account takeovers are real concerns that can result in significant financial losses. Below are a few ways banks can protect customers and reduce fraud.

Know Your Customer (KYC) 

Financial institutions are tasked with ensuring the identity and legitimacy of their customers to comply with Know Your Customer (KYC) regulations. These laws typically include verifying government-issued documents, conducting background checks, and credit checks; all help deter illegal activities while respecting customer privacy. By adhering to KYC, organizations can safeguard themselves against fraudsters who may have malicious intent.

Two-factor authentication

Another measure that banks can take is to implement two-factor authentication or "2FA." This involves using an additional layer of security, such as a one-time password or biometric identification, to verify the user's identity. This helps to prevent unauthorized access to the customer's account and reduces the risk of fraudulent activity.

Digital identification

Banks can also implement a digital identity solution that uses advanced device identification to identify users accurately and detect online threats quickly. One such solution is Fingerprint—a device identification solution that helps prevent fraud, improve user experiences, and better understand traffic by identifying visitors across the web.