​Elder Fraud

Payment processors should be on guard to prevent their services from being used to take advantage of vulnerable victims.

Comments Views

​The U.S. Justice Department has charged four executives of a Vancouver, B.C. payment processing firm with assisting fraud schemes that preyed on the elderly and other "vulnerable victims," The National Post reports. Prosecutors allege that executives of PacNet Services Ltd. were aware that some of its mass-mail clients were sending misleading notifications to consumers and were profiting from the scheme. The notifications promised cash, prizes, or psychic services to recipients, but required them to pay a fee to obtain those awards.

Prosecutors say PacNet functioned as a middleman between its clients and banks, including aggregating payments collected by its clients, depositing funds into the company's accounts, and distributing funds. The accused individuals include two owners of PacNet, along with managers from the company's marketing and compliance departments. Each allegedly made $15 million from the scheme between 2013 and 2015. They now face conspiracy, money laundering, and mail and wire fraud charges.

Lessons Learned

In 2016, this column first covered the alleged fraud case involving PacNet when the U.S. Treasury Department designated the company as a significant criminal activity organization. Now those individuals accused of facilitating the scam will face justice.

It is common to hear about the dangers of losing money to scam artists and money launderers, but this case involving fraudulent transactions within a large payment-processing company is no longer surprising. Recently, MoneyGram agents were found guilty of using tactics such as contacting unsuspecting people and posing as relatives who had an immediate need for money. These were schemes that the agents were supposed to protect their customers from.

The PacNet story demonstrates that individuals, companies, and institutions are at risk of mail fraud and must take steps to protect themselves as best they can. Even worse, not only are third-party scammers at work, payment-processing company owners and executives can be in on the take, as well. Two actions are particularly needed:

  • More investigations. Regulators and enforcement agencies worldwide need to step up their investigations and enforcement actions against payment processors that are implicated in facilitating mail fraud schemes. These actions should include more severe penalties for individuals and companies that are found guilty of fraud. The payment-processing industry has relationships with banks around the world. Strengthened international cooperation and greater regulation of this industry — including registration, licensing, and background checks — would be appropriate.

  • Self-regulation and control. The payment-processing industry needs greater self-regulation, with a focus on fraud perpetrated by sellers and providers, including the processors' employees. Processors should educate consumers and businesses about the risks of mail fraud committed by sellers. They also need to strengthen their knowledge and controls over potential seller fraud. They can start by ensuring that account-opening procedures are adequate to verify the identity of account holders.

    Analytics, such as velocity checks and pattern-recognition checks, can enable companies to detect potential fraud in high-risk countries as well as high-risk products and services such as lottery sales and solicitations of money for causes. Processors should follow the example of banks and other financial institutions by focusing on the probability of a transaction being fraudulent — for example, by scoring transactions — and referring suspicious transactions to the company's anti-fraud unit.


Of course, in a case where owners, partners, and managers collude to commit this kind of mail fraud, strong internal controls may not do much good. However, legitimate payment-processing companies also can benefit from:

  • Establishing an executive-level position to combat fraud, and creating an independent compliance and ethics committee on their boards.
  • Assessing the adequacy of the risks and risk mitigations around fraud and anti-money laundering activities that impact the organization.
  • Establishing and regularly monitoring the organization's anti-money laundering and fraud policies, procedures, and processes, as well as checking whether employees are complying with them.


This last employee fraud concern is key to deterring and detecting the kind of behavior reported in this case. Along with fraud detection, employee and third-party human resources policies, processes, and compliance are needed. These should include reviewing and strengthening processes around recruitment, security and background checks, training, the code of conduct, and discipline.

Tim McCollum
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author

 

 

Tim McCollumTim McCollum<p>​​​​Tim McCollum is <em>Internal Auditor</em> magazine's associate managing editor.​​</p>https://iaonline.theiia.org/authors/Pages/Tim-McCollum.aspx

 

Comment on this article

comments powered by Disqus
  • GEICO_September 2019_Premium 1__
  • Chartered Prof Acct Canada_Sept2019_Preimum 2
  • IIA CERT CIA_September 2019_Premium 3