Guns are so yesterday for new bank robbers

The cyber criminal is not a geeky, diminutive, bespectacled shy young man who eats at his desk with his eyes transfixed on his laptop. He is a bold fraudster who doesn’t mind getting caught.

In his plan, he has factored in getting caught, provided he manages to stash the cash in an abyss that auditors will never trace in a 100 years.

He will make sure the money is safe somewhere and those accounts are in his name and he will gladly serve his jail term as auditors sift through mountains of paperwork to get to the bottom of the case.

By the time auditors have skimmed through half the paperwork, the young man will have done his three years of jail time and used the cash to buy assets such as land and houses. Forensic auditors will be lucky if they pin him down and get their money back in 20 years.

Fraud in the banking and insurance industry has become commonplace for young, educated, technologically savvy young men on their first jobs in the banking sector. You are looking at a young man; aged between 22 and 30 years who has neither the time nor patience to wait for his turn at the ladder of success.

He does not want to save his money to buy a Subaru; neither is he willing to pester his colleagues to guarantee him for a loan at the company sacco. He wants his success now. He wants his flashy lifestyle today. And he is willing to do just about anything to get there.

Even if it means risking his life and career to carry out a life-changing fraud. From our investigations, it is pretty easy to illegally electronically transfer money from one account to your account. Especially if you are a young, IT savvy man thirsting for a major kill.

“A lot of them are quite technologically savvy. They are able to figure out the loopholes because the banks are heavily automated and use computerised systems,” says Robert Nyamu, the Forensic and Litigation Support director at Deloitte Consulting.

Most noteworthy among them are usually people with an accounting and IT background or a combination of the two. They will be able to detect the accounts that are not monitored and they have a basic understanding of the internal controls of a bank.

“Most of them come in and they want to get rich quickly, provided they are able to figure out the control weaknesses. They start plotting their heist from day one,” says Mr Nyamu.

CONSOLIDATE THE MONEY

In a typical scenario based on investigations done by various audit firms, these cyber criminals will come in and in no time identify their target accounts; well-funded, but not very actively monitored bank accounts.

In planning a big heist of about Sh100 million, the youngster comes in with the full knowledge of what he wants to do. It will help if he is in the IT department where their activities are not closely monitored and they are left to run their own little IT kingdoms.

The less the control the bank has, the quicker it can be done. The banks that have strong controls, the fraudsters do it in bits and consolidate the money into one account and the bank may not notice. Investigations will later reveal that it was a lot of scheming from various accounts into one account and eventually the money is channelled out.

They will measure twice and cut once; they don’t mind spending weeks, maybe months, studying one account, analysing and plotting the heist, going over every step with a fine-toothed comb.

The entire process involves about three steps. They will first identify the perfect timing; probably a weekend, a holiday such as Easter or Christmas when nobody will notice what they are up to.

Where the stakes are large — Sh100 million and above, the money is channelled to a clandestine overseas account as they will have already figured out how financial systems work internationally.

“The overseas account is most likely in a country where there are relatively lax controls or a jurisdiction that does not collaborate very well with Kenya. It will also be in counties where there is still a lot of secrecy involved in custom identification,” says Mr Nyamu.

Popular destinations for such heists include Switzerland, the Cayman Islands, Luxembourg, China, Mauritius, Bermuda and the Bahamas.

They may not succeed in the UK or the USA because these countries are very cooperative when inquires are made about such clandestine accounts.

Once the money has successfully been wired into a secret account, what follows is a series of withdrawals and deposits into various accounts to throw the auditors into a cat-and-mouse chase with the criminal.

“The money will be withdrawn in cash and deposited into another account which is created for that specific purpose. This is typically what we call money laundering,” explains Mr Nyamu.

They will deposit it in one account and move it around again and deposit it in another account in what you call the ‘layering process’ to cover up the audit trail.

That is why these cases take years to track and crack. Dormant accounts are not the only targets for cyber crime. In fact, active corporate accounts that move large amounts of money stand a higher chance of being robbed.

Depending on your financial threshold, many of us ignore a missing Sh500 or Sh1,000 from the account and we assume that the deduction must be one of those many bank charges. Some people who run active accounts with a lot of money may overlook a missing Sh10,000 thinking it was probably one of the many cheques they wrote that took a bit longer to mature.

If your account has been having unusual deductions that you have been overlooking, maybe it is time you took a second look. This is because the IT savvy youngsters will study and master the bank’s policies and if they discover a loophole that allows them to steal even from an actively monitored account, they will steal and get the money out before they are caught.

They are tactical and instinctive like an animal stalking its prey. A lot of fraud such as card cloning happens around holiday seasons; Christmas and Easter holidays.

TOMORROW: BANKS SPEAK OUT ON HOW THEY HAVE LOST MILLIONS THROUGH INTERNAL FRAUD