![Page 1: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/1.jpg)
1
Who can it be now?
FinTech Innovation and Emerging Financial Crime Typologies: Emerging Risks and How to Disrupt Them
Anti-Financial Crime Symposium – Nordics
25 October 2018
![Page 2: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/2.jpg)
2
Moderator:
Rajeev Ahya - Financial Crime SME, ACAMS
Panel Members:
Rose Bernard - Senior Intelligence Development Analyst, Digital Shadows
Juho Hasa - Tax Auditor, Finnish Tax Administration
Johan Landström - Co-Founder / Head of Lab, Acuminor AB
![Page 3: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/3.jpg)
3
Ask questions via slido.com
Event code: #nordics
![Page 4: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/4.jpg)
4
Monitoring Cryptocurrencies
Juho HasaTax AuditorFinnish Tax Administration
Anti-Financial Crime Symposium – Nordics
25 October 2018
![Page 5: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/5.jpg)
5
How do we obtain the relevant Data?
Legal background to retrieve third party data:
Tax Act on Assessment Procedure (TAP)
Tax audit can also be carried out solely for the
purpose of collecting data that can be used for
any other investigation, even related to another
taxpayer. 21. Act: Third Party Audit
![Page 6: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/6.jpg)
6
How do we obtain the relevant Data?
Legal background to retrieve third party data (continued):
Tax Act on Assessment Procedure (TAP)
The Filer must identify information in addition to
the name with personal ID number and / or
corporate ID number, or if this information is not
available, other identification and contact
information must be provided. 22. Act: Special rulesconcerning theinformation
![Page 7: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/7.jpg)
7
Sources of Data
Finnish Companies
• Increased likelihood of False Identity
• BTC FIAT Conversion Transactions
• BTC Purchase of Goods & Services
through payment of bills of bills
Finnish Banks
• Strong chance of correct identification
• €-deposits to, and withdrawals from, foreign
exchange platforms
![Page 8: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/8.jpg)
8
Sources of Data (Continued)
Open Sourced
Intelligence – OSINT
• Data leaks (Mt. Gox)
• Internet Forums, Social Media etc.
Debit Cards
• Foreign issued cards used in Finland
• BTC Prepaid Debit Cards (Xapo)
![Page 9: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/9.jpg)
9
Hiding the Assets
Mr. X ran a Payday
Loans Business
The business was highly
profitable. However,
obligations related to
bookkeeping and taxes
were not complied with
Convicted on
bookkeeping and
tax crimes – Fined
€400,000 in
unpaid taxes
Fined
€400,000
![Page 10: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/10.jpg)
10
Hiding the Assets (Continued)
Before officials could seize funds,
Mr. X transferred € 80,000 to a
cryptocurrency marketplace called
Bitstamp and bought bitcoins leaving
enforcement authorities helpless
Knowing our strong legal
background and ability to source
information and data, the enforcement
authorities approached us to assist in
the matter
![Page 11: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/11.jpg)
11
Hiding the Assets (Continued)
We requested exchange of information
from Bitstamp and received transactions
completed through his account and also
his bitcoin addresses
After conducting blockchain
analysis we found out that he had also
used the cryptocurrency exchanges
Bittrex and Poloniex who we then
contacted for further information
![Page 12: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/12.jpg)
12
Bitstamp
Start of the Operation
Private Wallets to
hold and transact
with the funds
Bittrex and
Poloniex used in an
attempt to hide the origin
of the funds *Graph is simplified in order to provide a better overview
![Page 13: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/13.jpg)
13
Hiding the Assets
Mister X has profited from
the overall value increase
in cryptocurrencies and
according to our analysis
his Bitcoin portfolio is now
valued at over € 1 million
However no notable
usage of cryptocurrencies
against Fiat-currency
is found
• P2P trades in cash?
• Bitcoin debit cards?
• New Bitcoin deposits to
Bitstamp in late 2017 &
2018
Next phase is to
do a seizure of his
assets that are in
bitcoin form
![Page 14: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/14.jpg)
14
The Right Tools to Utilise the Data
Priorities
Keep the tax system
convincing (new phenomena)
through audits and other
taxation monitoring activities
Provide knowledge and
information to National and
International authorities
through cooperation1 2
Resource Tool
A relatively large amount of data Data scientists for combining
and enriching the data
Maintaining situation awareness by following
trends and knowledge obtained from the media
Blockchain analysis tools
![Page 15: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/15.jpg)
15
Discussion and Question Time
![Page 16: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/16.jpg)
Thank you
![Page 17: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/17.jpg)
17
In the middle of nowhere
Johan LandströmCo-Founder – Head of LabAcuminor AB
Anti-Financial Crime Symposium – Nordics
25 October 2018
![Page 18: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/18.jpg)
18
![Page 19: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/19.jpg)
19
Private BTC exchange through:
Protecting from volatile course changes by
using Crypto trading platforms and OTC providers
such as Poloniex, Kraken and Genesis
NOTE: Poloniex, Kraken and Genesis
are legitimate actors
Cashing out to FIAT on days with lower
course swings and in accordance to business.
Mondays and Fridays in many cases
Family members Mobile payments
Deposits to prepaid cardsPre-paid cards – legally and illegally obtained
Both FIAT-only and BTC-TO-CARD since it is
still difficult to purchase groceries with Crypto
![Page 20: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/20.jpg)
20
Layering through ever increasing multiple steps...
Constantly
changing behavior
Bank account OSP
(validates ID through
the Bank) Online
gambling establishment
Cash out through
E-Wallet E-Wallet
connected with Prepaid
MC Card use/cash
withdrawal Avoiding detection is
vital within CaaS as well
for private criminals
Criminals follow
trends and ongoing
investigations, so
switching of payment
brands/options is a
frequent occurrence
![Page 21: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/21.jpg)
21
Drivers: Complexity and fragmentation
Who is
responsible
for what and
when
Institutes & classic players
BanksStock market entities
Payment networkproviders
E-money competitionE-walletsVouchers
Pre-paid debitOSPs
Closed loop currencies
Fin-techCrypto currencies -
FXSmart Contracts
Crowd...Multi-walletsGig-economy
![Page 22: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/22.jpg)
22
Source: Copenhagen FinTech. https://copenhagenfintech.dk/about/fintech-startup-scene/
![Page 23: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/23.jpg)
23
Success Factors
Get to know criminal modus operandi
Use external indicators from criminal behaviour and map against internal environments
The use of mobile payments in black market trading of bitcoins in Sweden
• Regular, multiple, and small incoming mobile payments from various private individuals
• Fewer large, outgoing mobile payments to private individuals, can be reoccurring persons
• Fewer large, outgoing payments to established brokers
Measure everything:
Early detection and
identification of
customer segments
misusing products
GDPR is not
a problem
Use new technologies to
gain insight but don't
over trust the models
You will have to be able
to explain the findings
Cooperation and
exchange of
information – Cheap
and very effective
(necessary)
Education
& Training
![Page 24: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/24.jpg)
24
Discussion and Question Time
![Page 25: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/25.jpg)
Thank you
![Page 26: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/26.jpg)
26
Financial crime and the evolution of the Carbanak Group
Rose BernardSenior Intelligence Development AnalystDigital Shadows
Anti-Financial Crime Symposium – Nordics
25 October 2018
![Page 27: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/27.jpg)
27
Overview• ATM theft has come a long way in a very short time
• The Carbanak Group has been targeting financial institutions
since
at least 2013
• In that time, they have continually adapted their tools, techniques,
and procedures (TTPs) to ensure that they are successfully
stealing as much as possible from vulnerable entities
• The group exploit both technical and human vulnerabilities
in successful intrusions
• What does this mean for financial institutions now?
![Page 28: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/28.jpg)
28
Carbanak Group (aka Anunak) are a Russian language criminal group targeting
financial institutions, ATM systems, and point-of-sale service providers
Who are The Carbanak Group?
The group have been active since at least 2013 and in the past five years have
been responsible for the theft of over USD 1 billion
The group’s activities can be divided into 5 phases of targeting, including the
direct targeting of ATMs, Cash Out campaigns, and the exploitation of the
SWIFT communication network
The group combines social engineering tactics with custom made malware and
open source tools
Despite the arrest of a member in March 2018, the group’s profile is unlikely to
change in the immediate future
![Page 29: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/29.jpg)
29
Phases of Activity
Targeting
ATMs
Phase
1
ATMs,
accounts, SWIFT
Phase
2
Point of
Sale systems
Phase
3
Banking trojans,
the hospitality sector
Phase
4
SWIFT
Phase
5
![Page 30: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/30.jpg)
30
• Phishing lures
• Weaponised
documents
• Metasplot
• Mimikatz
• Spearphishing
emails
• Compromised
credentials
• Custom
malware
• Carberp/
Carbanak
Tools, Techniques, and Procedures
![Page 31: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/31.jpg)
31
Key Takeaways
Organised and sophisticated groups use a mixture of technical and physical solutions
Human error is often the initial entry vector
From there groups can move laterally within a network
Technological solutions should be part of an in-depth holistic strategy that also includes training for employees
Criminals will often change tactics – employees are the first line of defence
![Page 32: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/32.jpg)
32
Discussion and Question Time
![Page 33: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/33.jpg)
33
Conclusion and Key TakeawaysImportance of Data and cooperation in its mutual exchange
Be creative - There are ways of using existing data effectively withinlegislation
No Silos > Lateral approach > A holistic view in Anti-Financial Crime
Technology is only as smart as those who operate it – Train your personnelto identify emerging risks
The threat is ever changing, empower your colleagues to think freely in their approach to individual threats...
Think like the criminal to stay ahead of the criminal
![Page 34: FinTech Innovation and Emerging Financial Crime Typologies: …files.acams.org/materials/20181025/ACAMS-Nordics... · 2018. 10. 25. · • ATM theft has come a long way in a very](https://reader033.vdocument.in/reader033/viewer/2022051806/5ffb93485d225655913f1cd6/html5/thumbnails/34.jpg)
Thank you