Letter from the Editor, December 2014

Nick BurkillIn this issue, AFN Board member Greg Valenti explains the legal regime in Italy that governs fraud committed through debit and credit cards. The first part of the article addresses the relevant legal provisions; the second considers the stance taken by the Italian Supreme Court with regard to credit card fraud committed over the internet; the third part looks at the measures adopted by the Italian Government to prevent credit card fraud.

We are also pleased to be able to offer a 10% discount to AFN newsletter readers on IIR fraud courses. Fundamentals of Detecting & Preventing Fraud takes place on 27 January 2015 at The Hatton in central London; Advanced Techniques to Detect, Prevent & Investigate Fraud takes place on 28 January 2015 at The Hatton in central London. Click here for more information. Register your place either online, by calling +44 (0) 20 7017 7790 or emailing kmregistration@informa.com. Use VIP code FKW52862AFNWL to save 10%.

We are always interested in articles and book reviews written by AFN members and readers. If you would like to contribute to the AFN newsletter or the website, please contact us at info@antifraudnetwork.com.

Nick Burkill

Posted in From The Editor | Tagged , , , |

Credit card fraud: Italy is confirmed as one of the safest countries for card payments

Greg Valenti

 

 

 


Legal framework

Under Italian criminal law, there are two main legal provisions that prohibit fraud committed through the use of debit or credit cards:

  1. Article 55(9) of Legislative Decree no. 231 of November 21, 2007 (which implements EC Directive 2005/60 on the prevention of the use of the financial system for the purposes of money laundering resulting from criminal activities and financing terrorism, and EC Directive 2006/70, which contains the relevant enforcement measures) regulates the illegal use of credit or debit cards and distinguishes between three types of criminal conduct resulting from actions put in place by those who, in order to make a profit for themselves or for others
  • Improperly use credit or debit cards or any other similar document that allows them to collect cash, purchase goods or provide services.
  • Forge or alter a credit or debit card or any other similar document that allows them to collect cash, purchase goods or provide services.
  • Possess, sell or acquire from an illegal source such cards or documents and the payment orders produced with those cards or documents.

These crimes are punished with a term of imprisonment of between one and five years and a fine ranging from €310 to €1,550.

  1. Article 640ter of the Italian Criminal Code, entitled Computer Fraud, which provides that

Whoever, by altering in any way the functioning of a computer system or intervening—without the right to do so—on data through any means, procures an undue profit for himself or for others, is punished with a term of imprisonment from six months to three years and a fine ranging from 51 euro to 1,032 euro.

Types of fraud

In order to understand the application of these provisions, it is necessary to look briefly at the different types of fraud that can be perpetrated by means of debit and credit cards.

Lost and stolen cards fraud involves the theft of a payment card or its improper use by someone other than the owner.  The theft of the card can occur in different ways, including trapping the card in an automatic teller machine (ATM) or the physical theft of the card.

Counterfeit cards fraud involves the physical alteration of the card in order to record, transfer, clone, alter or replace the data on the card.  This type of fraud includes practices such as “skimming”, a process whereby genuine data on a card’s magnetic strip is electronically copied onto another for the purposes of making counterfeit cards.

Mail-intercepted card fraud involves the interception and stealing of a card during the period between the issuer sending it and its legitimate owner receiving it, usually by mail.

Fraudulent use of the card number occurs through the use of the code on the card, which is unlawfully obtained via different methods, without any material intervention on the magnetic card.  One method is by “phishing”, which is an internet fraud that aims to steal valuable information such as card numbers, user IDs and passwords.  A fake web site is created to look similar to that of a legitimate organisation—typically a financial institution such as a bank or insurance company—and an e-mail or text message is sent requesting that the recipient access the fake web site and enter their personal details, including security access codes.  The page looks genuine but users entering information are inadvertently sending their information to the fraudster.

Assumed ID fraud occurs through the fraudulent use of the cardholder’s personal data to obtain other payment cards.  This practice includes “account takeover fraud”, which can occur when a criminal—having gathered a person’s relevant documents and information—calls the credit card company requesting a change of address to one controlled by the criminal.  The criminal impersonates the legitimate cardholder by submitting proof of identity to the credit card company and requests a replacement card to be sent to the new, fake address.

Specifically with regard to ID fraud, Legislative Decree no. 64 of April 11, 2011(which amended Legislative Decree no. 141 of 2010) introduced a “Public system of prevention, on the administrative level, of fraud in the field of consumer credit with specific reference to identity theft”.  This new legal framework provides a dual definition of identity theft, which is defined in Article 1 as

  • Total embodiment: the total concealment of one’s identity by means of the unlawful use of another person’s identity and income.  The embodiment may relate to the misuse of data relating to a living person, as is usually the case for fraud on payment cards, or to a deceased person.
  • Partial embodiment: the partial concealment of one’s identity by using data relating to oneself, combined with the misuse of data relating to another person.

The legal issue
[ Continue reading ]

Posted in 2014-12, Newsletter | Tagged , , , , , |

Letter from the Editor, November 2014

In this issue, Carine Smith Ihenacho, global Chief Compliance Officer of Statoil and I take a close look at Statoil’s anti-corruption efforts. These can be seen as a best practice template even for smaller companies and companies with a different risk profile.

We are always interested in articles and book reviews written by AFN members and readers. If you would like to contribute to the AFN newsletter or the website, please contact us at info@antifraudnetwork.com.

Nick Burkill

Posted in From The Editor | Tagged , , |

Addressing global anti-corruption enforcement trends: how Statoil’s procedures meet changing challenges

Nick BurkillCarineSmithIhenaco

 

 

 

 

 

Statoil’s oil and gas exploration and production operations are conducted on the Norwegian continental shelf and further afield in countries around the world including Angola, Azerbaijan, Indonesia, Libya and Mozambique.  In addition to its exposure under local laws where it operates, Statoil is subject to Norwegian, English and US law.

Statoil has a commitment to maintaining best practice in its anti-corruption efforts, just as in other areas of its business, and it devotes significant resources to these efforts.  Its practices are relevant to smaller companies and to companies whose risk profile is different; some core approaches are needed for all effective anti-corruption programmes. Statoil’s practices are scaleable and can be applied effectively to smaller companies and to those who have a different focus for their anti-corruption resources.
[ Continue reading ]

Posted in 2014-11, Newsletter | Tagged , , , , , |

Letter from the Editor, October 2014

When the perpetrator of a fraud appears to be beyond reach, there are usually other claims that can be pursued.  Prompted by the rise in interest in third party litigation typified by the attempts by the victims of Bernard Madoff’s US$65 billion Ponzi scheme to seek damages from the SEC and Mr Madoff’s banks, this month we are taking a look at third party litigation.  Matthew Blower outlines the type of claims that may be brought under English law against third parties.

We are always interested in articles and book reviews written by AFN members and readers. If you would like to contribute to the AFN newsletter or the website, please contact us at info@antifraudnetwork.com.

Nick Burkill

Posted in From The Editor | Tagged , |

Third party claims: What to do when you can’t make a claim against the fraudster

There are many reasons why a claim against the most obvious perpetrator of a fraud is either not possible or is unlikely to result in recovery by the claimant.  This could be because the wrongdoer cannot be traced, is based in a jurisdiction in which a judgment cannot easily be enforced, or is known to have no assets.  Even when the primary wrongdoer may appear to be beyond reach, however, there are usually other claims that can be pursued and careful consideration should therefore be given by potential claimants as to which other individuals and companies may be liable.

Third party targets might include the principal wrongdoer’s employer or the employer’s parent company, or banks, accountants and auditors if their actions can be shown to have contributed to the claimant’s loss.  If others are involved in the fraud, there may also be a basis for bringing a claim for conspiracy.

These types of third party claims have received a lot of coverage recently, particularly with the high profile attempts by the trustee for the liquidation of Madoff Investment Securities LLC to obtain compensation from a number of banks whose accounts were used by Mr Madoff.

There are a number of claims that may be brought under English law against third parties.  They can all be brought as an alternative to, or in addition to, a claim against the principal wrongdoer.
[ Continue reading ]

Posted in 2014-10, Newsletter | Tagged , |

Letter from the Editor, September 2014

Welcome back from the summer break.

In this issue, Mark Johnson introduces us to cyber crime, security and digital intelligence, a topic close to the heart of every business. The article is an edited extract from Cyber Crime, Security and Digital Intelligence, published by Gower Publishing.  AFN readers can purchase Cyber Crime, Security and Digital Intelligence direct from Gower with a 30% discount, using code G8ATZ30 at the checkout.

We are always interested in articles and book reviews written by AFN members and readers. If you would like to contribute to the AFN newsletter or the website in September, please contact us at info@antifraudnetwork.com.

Nick Burkill

Posted in From The Editor |

An introduction to cyber crime, security and digital intelligence

There are several factors determining the future shape of the cyber security landscape:

  • The rise of the machine readable Web, also known as Web 3.0
  • Increasingly vast data storage
  • Computer processing at light speed
  • Increasingly advanced and persistent threats
  • Slow human decision-making speeds and a general lack of awareness
  • A growing chasm between cyber security decision needs and cyber security decision capabilities.

The only obvious solution to this conundrum is the complete automation of cyber security decision making, but the technology to support that is far from ready.

In the meantime, we need to learn to live with the challenge and find ways to better protect our information assets from attack, theft, exposure, loss or damage. Cyber security and cyber risks are ubiquitous, which is to say that they are everywhere and of importance to any person or organisation using one or more internet-enabled devices.

The importance of security and the potential impact of the risks are primarily determined by the level of dependency that the person or group has on the technology.

Key sectors

The one word we need to keep in our thoughts is “resilience”. How resilient are we as a sector, community or nation in the event of a major cyber security event? Some sectors are more sensitive than others and there are also strong interdependencies between key sectors (listed below) which suggests the potential for what is called a “cascading failure”:

  • Financial services
  • Energy
  • Transportation
  • Supply chain
  • Defence and security
  • Government
  • Communications.

Loss or degradation of service in any one of the above areas is likely to have deleterious effects on the others. This makes these sectors particularly attractive to an attacker as well as making them the most sensitive in terms of accidental failures or natural disasters. Essentially, if you work in any of the areas listed, you should be prepared for the possibility of state-grade cyber attacks and intrusions and you should be putting corresponding state-grade countermeasures in place.

Cyber security risks for financial firms

During the late summer of 2012, a number of leading US banks experienced a serious and apparently coordinated series of Denial of Service (DoS) attacks that lasted for a period of several weeks and in fact, some of the attacks commenced earlier in the year. Senior political figures in the United States, including Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, reportedly asserted that these attacks originated in Iran, although no evidence to support this statement was put forward in the public domain.

Coincidentally, during the same period the computer systems of the UK’s Royal Bank of Scotland (RBS), one of the country’s largest financial firms, went down due to what was reported to be an internal software failure following an upgrade. Whatever the facts behind these events, it is now clear that western banking was in crisis mode through much of the year due to various types of cyber vulnerability.


[ Continue reading ]

Posted in 2014-09, Newsletter | Tagged , , , , , , , , , |

Letter from the Editor, July 2014

In tNick Burkillhe second of our two-part series on giving gifts in China, Carl Hinze looks at the rules and traditions surrounding the cultivation of bao (“social reciprocity”), through gift giving. This month, we look closely at the gift-giving rules that apply to PRC Government officials.  With penalties for officials as severe as death by firing squad, businesses need to ensure gifts given to give “face,” i.e., to show respect, to the recipient and increase the “face,” i.e., raise the status, of the giver are well within the bounds of what is legally acceptable and can be proved to be so.

This is our last newsletter until September. I would like to wish all our members and readers a very happy summer.

We are always interested in articles and book reviews written by AFN members and readers. If you would like to contribute to the AFN newsletter or the website in September, please contact us at info@antifraudnetwork.com.

Nick Burkill

Posted in From The Editor | Tagged , , , , |

One person’s gift, another person’s bribe: The challenge of giving gifts in China, Part II

Carl Hinze 2014

In the second of our two-part series on giving gifts in China, we look at the rules and traditions surrounding the cultivation of bao (“social reciprocity”), through gift giving. This month, we look closely at the gift-giving rules that apply to PRC Government officials.  With penalties for officials as severe as death by firing squad, businesses need to ensure gifts given to give “face,” i.e., to show respect, to the recipient and increase the “face,” i.e., raise the status, of the giver are well within the bounds of what is legally acceptable and can be proved to be so.  

Bribery of officials

In respect of bribery of officials, Articles 389 to 391 and Article 393 of the PRC Criminal Law prohibit (regardless of whether the perpetrator is an individual or entity) giving state officials, state agencies, state-owned enterprises and civil organisations bribes in order to receive improper benefits. In order to constitute the offence of “giving bribes” the following criteria must be met:

  • There must be a payment in the form of property or unlawful kickbacks or procedural fees
  • The recipient must be a state official, state agency, state-owned enterprise, unit (an organisation) or civil organisation
  • The purpose must have been to receive improper benefits (emphasis added).

According to a Notice issued by the Supreme People’s Court and the Supreme People’s Procuratorate in 2008, “property” in this context is defined as

Either money or physical objects, and includes proprietary interests that can be measured in monetary terms, such as the provision of housing renovations, membership cards and gift cards (coupons) carrying monetary value, travel expenses, etc.

The Notice also seeks to fill a gap in the Criminal Law by clarifying the meaning of “seeking improper benefits” in the context of the crime of bribery contemplated in Article 389 of the Criminal Law. According to the Notice, seeking improper benefits refers, rather vaguely, to circumstances where the giver of a bribe seeks a benefit that is in violation of laws, regulations, rules or policies, or where the giver of the bribe requests the receiver of the briber to provide help or convenience in violation of laws, regulations, policies or industry norms.
[ Continue reading ]

Posted in 2014-07, Newsletter | Tagged , , , , |