(October 22, 2009) Losses caused by massive fraud could bring down as many as 10 financial institutions within the next three years, predict analysts at Treasury Strategies Inc., a Chicago-based consultancy specializing in financial services. Since bank failures are usually caused by economic downturns or mismanagement, the prediction comes as a startling reminder of the insidious extent to which fraudsters have infiltrated financial services. “Fraud risk in the industry is at an unprecedented level,” Barry Barretta, a principal at the firm, tells Digital Transactions News.

Barretta says small banks are most at risk of failure from fraud, since they generally lack the tools to detect and combat fraudulent transactions and don’t have the capital base to absorb losses. But even some mid-size and regional institutions could shut their doors, he warns. Banks are especially vulnerable these days because of the slump in the economy, which has led many institutions to cut back on spending on fraud-detection tools. “Banks have been weakened by the credit crisis, and you have to overlay that with the fact that law enforcement is ill-equipped to combat this type of fraud,” says Barretta. At the same time, poor job prospects have driven many fraudsters to try their hand at scamming banks. “The economic motivation for fraudsters has never been higher,” he says.

Generally speaking, the fraud results from an over-extended business in originating automated clearing house transactions, though it also stems from sources such as wire transfers, notes Barretta. These are usually business-to-business transfers with very high average dollar amounts, he says. “There’s a number of smaller institutions that have an outsized payments business, disproportionate to their capital structure,” he says. In this situation, losses from any fraud can bring down the whole bank. “They’re at greater risk,” says Barretta.

In a typical fraud, Barretta says, the bogus transactions may come from an originating business that isn’t a direct client of the bank but is rather a client of the bank’s client. This attenuated chain, known as third-party origination, tends to mask the fraudulent activity or at least keep it from being detected for a longer period of time.

Also, fraudsters have proven to be patient, sometimes planting confederates as bank employees—called “sleepers”-- to learn bank practices and codes. In this scenario, they may not launch their fraud for many weeks or months. “The fraudsters are using sleeper accounts, trying to figure out how the bank works,” Barretta explains. “They learn the cut-off times, how payments move, learn OFAC screening.” But once the criminals have learned all they need to know, they spring their trap, and the consequences can be devastating. “I have seen fraud attempts that are over $100 million, involving very large checks are very large ACH transactions,” says Barretta. “The perpetrators, once they figure out what’s going to work, look for the big score.”

Barretta doesn’t try to predict total losses from fraud, and says the number of bank failures owing to such losses is likely to be under 10. But to the best of his knowledge, even this number would be “unprecedented,” he says. Indeed, when Treasury Strategies predicted at a conference it held earlier this month in San Francisco that fraud would likely cause bank failures within three years, the assertion “surprised some bank executives” in the audience, the firm says in a press release.

Banks may remain vulnerable for some time to come as they recover from the credit crisis. “I don’t see them having the money to invest [in anti-fraud technology] for the next 12 to 18 months,” says Barretta.