Financial Crimes, Identity Fraud Often Related
Financial Crimes Enforcement Network is the U.S. Treasury’s anti-money laundering and financial intelligence office.
There’s a new federal player on the field in the identity security game—the U.S. Treasury’s anti-money laundering and financial intelligence office, the Financial Crimes Enforcement Network known as FinCEN.
“Many of you may not know what we do,” FinCEN Director Kenneth Blanco told AFCEA International’s Federal ID Forum and Expo Tuesday, explaining that FinCEN was the regulatory agency that administers the Bank Secrecy Act—the primary federal law against terror financing and money laundering—and at the same time the principal financial intelligence agency for the U.S. government, providing access to its database of 30 million financial records to law enforcement agencies, regulators and foreign allies.
Developments in how identity is used in finance have rendered it critical to FinCEN’s mission, he said.
“Many fraud schemes and other financial crimes … rely upon weaknesses in identity verification and authentication systems,” Blanco said.
Of particular concern, he said, was the abuse of a key identifier relied upon across the financial sector: the Social Security number.
FinCEN analysts found more than 600,000 Social Security numbers associated with instances of fraud or attempted fraud against U.S. financial institutions, either through identity theft or the use of fake synthetic identities.
“This is mindboggling and it points to something wrong with how identity is being verified and authenticated across much of the financial sector,” Blanco said.
“Bottom line: Criminals can leverage vulnerabilities in identity technology and governance to commit crimes … and hide the proceeds of those crimes from authorities,” he concluded.
Every month, Blanco said, FinCEN receives reports from financial institutions of more than 5,000 account takeover attempts by hackers and cyber crooks, putting at risk $350 million-plus of customer deposits.
And it’s not surprising, he added, given that “with billions of leaked credentials exposed online, there’s a high likelihood that most of the users of U.S. financial institutions have some personal information about themselves, whether [personal identifying information] or login information compromised.”