Fraudsters are adapting with increasingly sophisticated methods for illicit activities, including the use of bank drops for moving ill-gotten gains undetected. This presents a significant risk to financial institutions and their customers, as both personal and financial information becomes vulnerable.

However, a solution exists. Device intelligence platforms like Fingerprint can aid banks in better protecting their customers and swiftly identifying online threats. Through advanced fraud detection measures, banks can block unauthorized access to customer information, thereby ensuring safe and secure financial transactions.

In this article, we discuss what is a bank drop, how bank drop methods work, and how banks can protect their customers and themselves from bank drop fraud.

What is a bank drop?

A bank drop refers to a bank account used for receiving illicit funds, predominantly in cybercrime. The term "drop" implies that these accounts are often used momentarily and then discarded to evade detection by law enforcement and banking institutions. This term has its roots in traditional crime where illegal goods are left at a specific location, or "drop", for someone else to pick up.

Bank drops are often associated with illegal activities like money laundering and financial fraud. Cybercriminals use bank drops to deposit and move money obtained illegally, often by taking over accounts of unsuspecting individuals, who may not even be aware that their accounts are being used for illegal purposes.

How do bank drops work?

Establishing a bank drop involves creating a new bank account using false or stolen identity information, primarily to receive fraudulent financial transactions. For this, a fraudster requires access to the victim's "fulls," or complete set of personally identifiable information. This includes the victim's name, address, date of birth, social security number, and other sensitive information.

With the victim's fulls, the fraudster can open bank accounts, apply for loans or credit cards, and commit various financial frauds. Once the funds are deposited into the bank account, they can be transferred, often with the help of a money mule, to other accounts or withdrawn as cash. This makes it challenging to trace and identify the source of the funds.

How do fraudsters obtain bank information?

Fraudsters often require a victim's account number, routing number, PIN code, and other essential information to steal money from their bank account. They can then transfer funds to their account or another account they control.

There are multiple ways for them to gain access to this information. One such method is through social engineering tactics like posing as a bank representative and requesting account details under the guise of identity verification. Another way is by targeting vulnerable individuals, such as the elderly or the less tech-savvy, and pretending to be a relative in need of money.

Once they obtain the bank details, they can convert the money to cryptocurrencies or use other techniques to launder it through money mules without the victim's knowledge.

Example of a bank drop:

Let's say that a fraudster, who we'll call Mike, has stolen the "fulls" of a victim named Jane. He has obtained her social security number, date of birth, and sensitive personal information, through a data breach, phishing, or even by purchasing it on the dark web.

Mike uses this information to create a synthetic identity for Jane to open a bank account in her name. He orders a debit card for the account and sets up online banking access, all while using security measures like accessing the internet through a Tor browser and a VPN.

To make the account look legitimate, Mike first deposits some "clean" cash into it through legitimate means. He may make a few small transactions with the account to avoid suspicion, such as purchasing groceries or paying bills.

Once the account appears normal and has some history of transactions, Mike starts to cash out. He may transfer the funds to another account he controls or withdraw cash from ATMs. To avoid raising any red flags, he keeps the withdrawals below the reporting threshold and makes them from different locations.

Mike carefully uses different accounts and withdrawal methods to avoid detection as he cashes out. He may also use the victim's active email account or other communications channels to receive updates on the account and to stay one step ahead of any potential fraud detection measures.

By using a bank drop, Mike can steal funds from the victim without her even knowing about it.

Common types of fraud that steal bank information

Cybercriminals use a variety of scams to defraud their victims. While social engineering is often the most underhanded and catches victims off-guard, there are more devious ways for fraudsters to steal your bank information.

Phishing

Phishing is a common tactic used by fraudsters where they trick victims into clicking on links or downloading attachments laden with malware. This malware can extract sensitive information, such as bank login credentials, and relay it back to the fraudster. Phishing emails can often closely resemble your regular correspondence.

Fraudsters typically send an email or text message that appears to be from the victim's bank or another trusted entity. This message often includes a link or attachment that the victim is prompted to click to verify their account or update their information. If the victim falls prey to this scam and provides their banking details, the fraudster can use this information to steal funds from the victim's account.

Unsolicited Check Fraud

Unsolicited check fraud, also known as the overpayment scam, is another common method cybercriminals use. In this scenario, the fraudster sends fake checks to victims and requests them to deposit the check and transfer some funds to the fraudster's account. Overpayment scams involve the fraudster sending a payment larger than the amount owed and requesting the victim to transfer the excess amount to their account.

Automatic Withdraw Scam

Fraudsters have developed a highly effective and often unnoticed method of unauthorized withdrawals from victims' bank accounts. During an automatic withdraw scam, fraudsters use stolen bank details to set up fraudulent recurring payments without the account holder's knowledge. This can be a highly effective and undetected form of fraud. Victims may not immediately detect the unauthorized deductions on their statements, allowing fraudsters to steal significant amounts of money over time.

How banks can protect their customers from bank drop fraud

Bank drops and account takeovers are real concerns that can result in significant financial losses. Below are a few ways banks can protect customers and reduce fraud.

Know Your Customer (KYC)

Financial institutions are tasked with ensuring the identity and legitimacy of their customers to comply with Know Your Customer (KYC) regulations. These laws typically include verifying government-issued documents, conducting background checks, and credit checks; all help deter illegal activities while respecting customer privacy. By adhering to KYC, organizations can safeguard themselves against fraudsters who may have malicious intent.

Two-factor authentication

Another measure that banks can take is to implement two-factor authentication or "2FA." This involves using an additional layer of security, such as a one-time password or biometric identification, to verify the user's identity. This helps to prevent unauthorized access to the customer's account and reduces the risk of fraudulent activity.

Device intelligence

Banks can also implement a device intelligence solution that uses advanced device identification to identify users accurately and detect online threats quickly. One such solution is Fingerprint—a device intelligence solution that helps prevent fraud, improve user experiences, and better understand traffic by identifying visitors across the web.