What Is a Bank Drop?
“Bank drop” is a term used for a bank account that is controlled by a fraudster to transfer stolen funds into.
Fraudsters use fake or stolen personal information to create bank drops. Their aim is to make the account look as legitimate as possible so the criminal’s activities fly under the radar of the bank and the authorities.
Once they have done so, they use these accounts to either transfer misappropriated funds, or to receive funds that have been laundered by themselves or money mules.
How Do Bank Drops Work?
Creating a bank drop relies on first gathering as much information as possible about a victim (or creating a plausible IDs for synthetic identity fraud), taking steps to impersonate the victim as convincingly as possible, ramping up your security to avoid flagging and detection, and then using this to convince a bank you are them.
Specifically:
- The fraudster steals someone’s “fullz” (credentials), buys stolen credentials, or creates a synthetic ID.
- The fraudster collects as much information about the victim as possible, including their credit report or even phone number – and/or tries to gain access to the victim’s comms, such as their active email account.
- The fraudster puts security measures in place, including a VPN, burner phone, Tor browser, and/or advanced firewall.
- The fraudster uses the fullz to open the account and order a card for it.
- The fraudster usually makes a few legitimate transactions with “clean” cash at first, for added security.
- Provided they are successful, the criminal still needs to be careful with their moves, so as not to draw attention.
- The fraudster can then start to cash out.
It should be noted that compromised bank accounts can also be used as bank drops. However, this does not last long since the bank account is more likely to be investigated by the bank and/or the authorities.
A flexible and customizable risk assessment software can prevent bank drops and related fraud. Find out where the biggest challenges lie and how to prevent digital banking fraud.
Read more
Bank Drop Use Example Scenario
After a fraudster has established it and hidden their tracks as well as possible, the bank drop can be used in a variety of ways.
First, the account is passed on to a money mule to receive money into and “wash” it.
- The mule receives funds in the bank drop.
- They layer the funds to hide their origin, using various methods:
- conversion into cryptocurrency
- smurfing
- using it to buy items to then be resold
- withdrawal and transfer to the criminal in different ways, etc.
The mule transfers the now “clean” money to the criminal’s account or gives it to them in cash.
All the above constitutes money laundering and is part of why banking organizations are obliged to take solid steps to stop money laundering by closely following AML legislation and regulations, such as the EU’s Money Laundering Directive – which also applies to the UK and is currently in its sixth iteration (6 AMLD), into effect as of December 2020 and fully adopted by 3 June 2021.
A recent real-life example of law enforcement operations involving bank drops was the investigation into the QQAAZZ laundering network, which was published on 15 October 2020.
QQAAZZ “advertised its services as a ‘global, complicit bank drops service’ according to Europol, opening and operating “hundreds of corporate and personal bank accounts”. The network, which spanned at least 16 countries, charged fraudsters up to 50% of the laundered money for its services.
Meanwhile, in 2018, Brazilian authorities’ investigation into a crime ring that moved USD 1.6bn led to dozens of arrests for money laundering that involved bank drops and some 3,000 offshore companies in 52 countries.
How Can Banks Stop Bank Drops?
Solid anti-fraud tools can help banks, neobanks, and digital wallet providers to stop fraudsters trying to create or use bank drops in their tracks. These vary but usually utilize specific types of technology:
- digital footprint analysis
- KYC processes
- 2-factor authentication (2FA)
- behavior analytics for fraud risk scoring
- machine learning protocols
- manual reviews
Like with all fraud prevention, all efficient anti-bank drop strategy begins with risk assessment and remains flexible and customizable to face future challenges.
Is Open Banking Good or Bad for Bank Drops?
The jury is still out on whether the use of open banking APIs can inadvertently help criminals looking to create bank drops.
On the one hand, open banking allows providers access to more financial data, which should in theory make it easier to catch unlawful muling activity. However, criminals are already attempting to use open banking to take over victims’ accounts, which they then use as bank drops.
Moreover, the wealth of ID documents available at a single point of entry via open banking linked accounts makes it easier for more personal details than before to reach the hands of the fraudster, who can then use them to create a bank drop or for other nefarious purposes.
At the time of writing, open banking is used in the EU and UK, with no current implementation in the US.
Are Neobanks More at Risk?
Using digital account opening protocols, neobanks rely on speed and convenience to attract customers, only functioning online via websites and apps. This makes them a more likely target for bank drop creation than traditional banks with a brick-and-mortar presence.
Also known as neobanks, challenger and online banks such as Wise (TransferWise) and Revolut are also required to always apply KYC processes to verify the identity of new users.
Fraudsters will attempt to use either stolen or synthetic IDs to open an account with them, which is why neobanks employ flexible and adaptable anti-fraud tools that look at each user’s risk score and make the best decision, applying light or heavy KYC accordingly.
That said, there are certain traditional banks and locales too which are more often used by money mules and other fraudsters to create bank drops.
Neobanks, fintech startups or traditional banks – any organization where one can transfer and deposit money is likely to become a target of fraudsters looking to create a bank drop and launder money acquired via and/or destined for nefarious activity.
In this game of cat and mouse, banks are advised to not merely follow local legislation and regulations but to be proactive, in order to avoid penalties and bad publicity.
Below, you can look up information about a bank using any BIN using SEON’s module. Try it out:
Free BIN lookup!
Enter the first 6 or 8 digits of a card number (BIN/IIN)
Text here
Sources
EC.Europa: Anti-money laundering and countering the financing of terrorism
Europol: 20 arrests in QQAAZZ multi-million money laundering case
Mercopress: Massive raid in Brazil, Uruguay, and Paraguay after money laundering ring suspected of moving US$ 1.6bn