Custom Search

Sunday, December 26, 2010

ID thieves zero in on home equity lines of credit

Please click onto the COMMENTS for the story.
Topic requested...


Anonymous Tribune said...

A lawsuit may determine who pays for thefts from a home equity line of credit account, the customer or his credit union.

By DAN BROWNING, Star Tribune

Last update: December 23, 2010

Joey McLeister, Star Tribune

Burnsville resident Mike Calcutt says he was stunned last March when he learned that someone had run up nearly $90,000 in unauthorized charges on his home equity line of credit account at Affinity Plus Federal Credit Union.

His shock turned to anger when the credit union informed him that he'd have to repay the money.

Calcutt is among a growing number of victims of wire fraud scams that target people with home equity lines of credit, or HELOC, accounts. The problem came to light several years ago when authorities broke up an East Coast crime ring that had attempted thefts of $36 million from more than 180 account holders, making off with nearly a third of the money.

Now, despite high-profile prosecutions and seminars to teach financial institutions how to thwart such crimes, HELOC frauds are surging anew, according to CUMIS Insurance Society Inc., which provides coverage to most credit unions.

Brad Mundine, regional manager for CUMIS' credit union protection and risk management division, wrote an advisory in November saying that losses involving purloined HELOC accounts have "increased significantly" this year.

"Total losses reported to [the insurer] have exceeded $4 million so far in 2010," Mundine said, adding that most losses from such schemes can be avoided with simple security measures.

Calcutt alleges in a federal lawsuit filed Thursday that Affinity Plus didn't get the message. The 46-year-old radiological technologist at Fairview Health Services has a $200,000 HELOC account at the credit union in St. Paul. By happenstance, Calcutt said, he was discussing his 2009 interest payments with Affinity Plus in mid-March when he learned that someone had tapped into his HELOC account a few weeks before.

Turns out, Affinity Plus let someone set up telephonic banking privileges on his account, Calcutt said. Then someone executed a series of nine transfers -- each just below $10,000 -- from his credit line to his savings account. And finally, someone got the credit union to wire the money to a drop account in Boston, from which it has disappeared.

Then came the bad news: Affinity told Calcutt that he'd have to repay $88,593 that was stolen from his account. Adding insult to injury, Calcutt said, the credit union reported him to the credit bureaus in November for late payments after assuring him that it wouldn't do so while the dispute was pending.

Sarah Mason, a senior vice president with Affinity Plus, declined to discuss Calcutt, citing privacy concerns. "Our members' security is a top priority for Affinity Plus and its quality has been verified through multiple audits throughout the years," Mason wrote in an e-mail.

Cases elsewhere

Other suits are springing up that pit consumers against their lenders, and lenders against their insurers.

One case involves an Indiana couple, Marsha and Michael Shames-Yeakel, who discovered $26,500 in bogus charges on their HELOC account at Citizens Financial Bank in 2007. The money was wired to a bank in Austria, from which it disappeared.

8:27 AM  
Anonymous story continued said...

Citizens refused to cover the loss, and the couple sued. A federal judge in Illinois denied the bank's motion to dismiss, ruling that couple's negligence claims could proceed.

In another case, a customer of Philadelphia-based SB¹ Federal Credit Union discovered in January that $220,000 had been transferred from his HELOC account and wired to Hong Kong. But unlike Affinity Plus, SB¹ covered its customer's losses and sought to recover the money from its insurers, CUNA Mutual and CUNIS. Those claims were denied, and SB¹ filed suit in August in federal court in Pennsylvania, where the case remains pending.

A key issue in these kinds of lawsuits is whether the affected financial institutions employed sufficient security methods to protect their customers. That's an evolving standard. At one time, it meant passwords and account numbers. Now, such "single-layer authentication" is considered subpar, and many banks require multi-layer authentication methods for remote transactions.

That generally boils down to entering something you have, like an account number and password, and something you know, like your first pet's name.

But crooks are mining public databases, social networking sites and other troves for such information, according to a 2008 webcast presentation by the Credit Union Information Security Professionals Association. Of the 131 banks and credit unions that participated in the presentation, 29 reported getting hit by HELOC wire fraud incidents.

Preventive measures

Now, some banks are issuing their customers "tokens" that generate temporary passwords. Others use e-mail or cell phone text verifications, or simply require customers to appear in person with two forms of ID for large transfers. Customers can also ask for special restrictions on their accounts, limiting wire transfers and imposing stricter authorization requirements.

Calcutt wrote to Affinity's CFO, Bill Urich, alleging that the crooks who hacked his HELOC account raised plenty of red flags that should have alerted the credit union to halt the transactions.

He cited the header on two suspicious faxes authorizing the wire transfers, which indicated they came from someone else -- a person whose criminal record includes convictions for second-degree aggravated robbery, terroristic threats and check forgery.

8:28 AM  
Anonymous story conculsion said...

And Calcutt's signatures purporting to authorize the wire transfers are identical to one another, and to the signature on his HELOC agreement, indicating that someone forged them using a computerized scanner.

Scott Larson, managing director in Stroz Friedberg's Minneapolis office, is a former FBI agent and cyber-crime expert who helped unravel a recent $41 million purchasing fraud scheme for Best Buy. He said HELOC frauds are growing, but most recent cases result from Internet hacks and spoofs. Larson said that the pattern of transfers in Calcutt's case is "definitely suspicious."

"With actual documents [faxes] being sent back and forth to the credit union, that changes it to where there's more of a duty on the credit union for their due diligence," Larson said.

Sgt. Jason Urbanski, who works on the St. Paul Police Department's fraud and forgery unit, investigated Calcutt's complaint but ran into a wall. Urbanski said he lacks the resources and jurisdiction to follow the money on his own, so he turned the case over the Minnesota Financial Crimes Task Force, which includes some federal agents. The task force is considering whether to investigate, a spokeswoman said.

Calcutt says he's vigilant about his finances. He shreds all of his records. He didn't access his bank account from his computer at home, and rarely did so from his more secure computer at work. Yet he was still hit.

"You don't really understand it until you go through it how it really wears on you and your family," Calcutt said. "It's just such a terrible feeling. And then to have a bank that won't acknowledge that it did anything wrong ... that's the part that has me most in dismay."
Dan Browning • 612-673-4493

8:28 AM  
Anonymous Bill Dahn said...

St,Paul is the Bigest Theif of Home eguity.

Bill Dahn Said So!

8:45 AM  

Post a Comment

Links to this post:

Create a Link

<< Home