The Agency Insider with Linda McGlasson

Inside an Insider Crime

Credit Union Employee Charged with Embezzling $400K to Aid Son on Death Row
Inside an Insider Crime

These are strange days indeed. When I first read the words bank fraud and identity theft in the headline of a press release from the Department of Justice, I thought, "Well, rack up another insider on charges."

We're all aware that insider fraud is at an all-time high, with the Association of Certified Fraud Examiners (ACFE) saying total fraud losses are at $2.9 trillion. Financial institutions are especially vulnerable to damage caused by employee fraud, when monetary loss, reputation and customer confidence are all considered.

But the story of Nazreen Mohammed shows a new level of over-the-top insider fraud and that sometimes good judgment is thrown away when a mother wants to help her son. Now, I'm a firm believer that parents should do as much as possible to help their children, but committing the crime of embezzlement is too much, and the story has even more twists to it.

Embezzlement at Two Institutions

Mohammed's son, Dane Abdool, sits on death row in Florida, facing execution for burning alive his 16-year-old girlfriend in 2006. The Secret Service says Nazreen Mohammed was using the money to finance her son's ongoing defense.

Mohammed was indicted on charges of federal bank fraud, identity theft, and embezzlement last Thursday in federal court in Tampa. Authorities say Mohammed used her status as an employee at a Lake County, Fla., branch of Fairwinds Credit Union (FCU) in 2009 to access member accounts without authorization to embezzle cash.

She allegedly created secured loans and made withdrawals from the accounts of the credit union's members, many of whom were either elderly or deceased. Trying to disguise the location of the money, Mohammed would then transfer the money from these transactions into the accounts of other customers before eventually withdrawing them. The authorities estimate Mohammed took more than $127,000 from FCU.

She didn't just hit a credit union. From November 2009 through January 2010, while working as an employee at a Lake County branch of the Royal Bank of Canada (RBC), Mohammed supposedly accessed the account information of several elderly and deceased customers. Mohammed used this information to make unauthorized withdrawals, change account beneficiary designations and conduct inter-account transfers of funds. As a part of the scheme, Mohammed is said to have used the accounts of other bank customers to camouflage her movement of these funds for eventual disbursement to herself.

Mohammed told the Secret Service that she had some legal fees from trouble her son was in. The bank and credit union have reimbursed customers and members. Mohammed faces a maximum of 30 years on each fraud count and two years on the aggravated identity theft charge. Now, not only is her son facing death, she will most likely serve many years for these crimes.

Stopping the Rogue Mom

What can institutions do to protect themselves against these kinds of mothers-gone-bad employees? I spoke with Ben Knieff, director of fraud products at NICE Actimize, and he shared some of his recommendations for managing insider fraud. Knieff says technology is only one part of what must be a holistic approach. The overall program needs to incorporate education and training for employees, for example. If employees spot unusual behavior, or see unusual transactions, they need know the policies and processes that will help them in reporting the suspicious behavior to HR or internal auditors. He cited an ACFE study that shows 40 percent of insider fraud identified was detected through tips from other employees.

The institution needs to be sure it's examining more than just scenarios it's run up against in the past. People should look for more conceptual ways that will uncover new forms of fraud, like peer profiling -- in which typical behaviors are understood by the organization, in terms of categorizations like job class. So, for example, a peer profiling rule may be created that indicates that "on average, customer service reps are accessing a certain number of accounts per day." Hypothetically, he says, if there are something like two standard deviations away, there's a likelihood for fraud.

Knieff cites another useful and innovative technology practice in linking analysis, where a fraud examiner is looking for where employees are changing multiple, seemingly, unrelated pieces of data in ways that are related, such as the employee who changes multiple account addresses to one common P.O. box. This goes beyond simple rule-based searching, he says.

For smaller and mid-sized institutions, the prevention of employee fraud is very important, because they can be more vulnerable than the larger institution that has the capacity to absorb a significant financial impact. Also, in a small or medium-sized institution, only a few people may have broad access. Someone with administrative access to multiple systems has more opportunities for committing fraud, giving them more insight into potential weaknesses in the system that might enable fraud to be committed without detection.

As the Mohammed case illustrates, an institution can't be too cautious, and no insider scheme is too outrageous.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.