On 4/15/24, FinCEN in conjunction with the U.S Department of State’s Diplomatic Security Service (DSS), issued warning regarding U.S. Passport Card Fraud via Notice to financial institutions urging them to be vigilant in identifying and reporting suspicious activity related to the use of U.S. Passport Card Fraud for identity theft and fraud schemes. The purpose of the Notice is to: “ensure that financial institutions identify, and report suspicious activity potentially related to U.S. passport card fraud. This Notice: (i) provides an overview of several typologies related to U.S. passport card fraud; (ii) highlights select technical, behavioral, and financial red flags to assist financial institutions in identifying and reporting suspicious activity; and (iii) reminds financial institutions of their reporting requirements under the Bank Secrecy Act (BSA).” According to the U.S. Department of State, a U.S. Passport card is: a wallet-sized, plastic passport that has no visa pages. The card is proof of U.S. citizenship and identity and has the same length of validity as the passport book. The card is for U.S. citizens who travel by land and sea from Canada, Mexico, Bermuda, and Caribbean countries. The card is not valid for international travel by air and is cheaper than the passport book. The goal of the U.S. Passport Card Fraud scheme is for the illicit actor to wipeout all the funds of the victim’s account.
Increase in the use of U.S. Passport Card Fraud Scheme
The DSS has indicated that over the last six years, there has been an increase in the use of U.S. Passport Card Fraud performed by individuals and fraud rings to gain access to victim accounts at financial institutions. This fraud occurs in person at financial institutions and involves an individual impersonating a victim by using a Counterfeit U.S. passport card that contains the victim’s actual information.
Purpose of the U.S. Passport Card Fraud Notice
The purpose of the Notice is to: “ensure that financial institutions identify, and report suspicious activity potentially related to U.S. passport card fraud. This Notice: (i) provides an overview of several typologies related to U.S. passport card fraud; (ii) highlights select technical, behavioral, and financial red flags to assist financial institutions in identifying and reporting suspicious activity; and (iii) reminds financial institutions of their reporting requirements under the Bank Secrecy Act (BSA).”
U.S. Passport Card Fraud emerging risks and typologies
The FinCEN Notice explains that:
- Individuals and fraud rings are falsely making, selling, and using U.S. Passport Card Fraud to impersonate and defraud persons holding accounts at financial institutions because U.S. passport cards are a less familiar form of U.S. government-issued identification. Consequently, reducing the likelihood of detection by financial institutions.
- S. Passport cards are also cheaper to Counterfeit compared to U.S. passport books.
- The Illicit actors acquire a potential victim’s personal identifiable information from either the U.S. Mail or the Darknet. Using the stolen personal identifiable information, the illicit actors create or order and purchase from other fraud rings a Counterfeit U.S. passport card that includes a passport photo of themselves or of a “money mule” that they have recruited to participate in the scheme, but which reflects the personal identifiable information of the victim.
- The illicit actor (or the money mule) will use the fraudulent identification to impersonate the victim at a branch of the victim’s known financial institution. The illicit actors may avoid branches of the financial institution the victim frequents to evade detection by employees who may be familiar with, or recognize, the victim. If the illicit actor’s identity is called into question by financial institution staff and they are asked to present a second form of identification, they may present a Counterfeit credit card bearing the name of the victim they are impersonating as proof of identity.
These are the transactions that the illicit actors may attempt to do as per the FinCEN Notice:
- Gain information about a victim’s account by asking questions regarding the account balance and withdrawal limits.
- Once the information is obtained, the illicit actor will quickly withdraw large amounts of cash below the Currency Transaction Reporting (CTR) threshold, purchase cashier’s checks or money orders, or initiate wires.
- Cash the stolen or forged checks to obtain funds from a victim’s account.
- Establish a new joint account, using the victim’s account information, with a second illicit actor as a joint owner. After the joint account is established in person, the illicit actor will then transfer funds out of the victim’s existing account into the newly established joint account. The funds in the joint account are then wired to other accounts wholly controlled by illicit actors.
FinCEN presents 17 Red Flags for Financial Institutions to help detect, prevent, and report potential suspicious activity in the U.S. Passport Card Fraud scheme:
- The photo on the presented U.S passport card has a white, blurry border; a dark gray square surrounding the photo; or is in color. Legitimate U.S. passport cards are laser engraved, which produces a clear and crisp grayscale portrait image.
- The photo of the account holder on file does not match the individual present who is pictured in the Counterfeit U.S. passport card.
- The card bearer’s date of birth and other areas of text are flat and do not feel raised when touched. Legitimate U.S. passport cards have tactile text on certain areas of the card and should feel textured.
- The holographic U.S. Department of State seal is missing or has been substituted with a seal from an unrelated agency.
- The smaller portrait is blurry and does not contain micro-printed text with information specific to the bearer of the card, or the portraits are of different people. On legitimate U.S. passport cards, the secondary photo is a complex image that contains personalized details that are microprinted to create the image.
- The signature of a customer presenting a U.S. passport card for identification does not match the customer’s signature card on file.
- A customer presenting a U.S. passport card as identification may not know or be able to reference personal identifiers, including date of birth or social security number.
- If a customer presenting a U.S. passport card as identification does know or is able to reference personal identifiers, including date of birth or social security number, they nevertheless lack basic account knowledge and are excessively interested in specific details about their account balances and withdrawal limits.
- A customer appears to be following directions by phone from a third-party.
- A customer presents a U.S. passport card for identification and opens a new joint account with a third-party with whom the customer has no prior relationship.
- A customer conducts transactions characteristic of U.S. passport card fraud at branch locations outside of their geographical footprint.
- A customer presents a U.S. passport card as a form of identification and subsequently withdraws cash, purchases a cashier’s check, purchases money orders, or initiates wire transfers for a large amount for no business or apparent lawful purpose.
- A customer presents a U.S. passport card as a form of identification and attempts to negotiate an uncharacteristic, sudden, or abnormally large volume of checks made payable to cash.
- A customer presents a U.S. passport card as a form of identification, asks for daily withdrawal and transfer limits, and subsequently withdraws cash, initiates a wire transfer, or purchases a cashier’s check made payable to a third party.
- A customer presents a U.S. passport card before transferring funds out of an existing account to a recently established joint account, and the funds are then rapidly withdrawn or wired from the joint account to a separate, unrelated account.
- A customer makes withdrawals from an account at multiple branch locations for no business or apparent lawful purpose using a U.S. passport card as identification.
- A customer engages in behavior that suggests efforts to evade the CTR filing requirements by altering or cancelling a transaction once informed of the $10,000 CTR threshold.
Financial Institutions have Suspicious Activity Reporting Requirements
The FinCEN Notice encourages financial institutions to refer their customers who may be victims of U.S. passport card fraud to DSS. In addition the Notice is a reminder to all financial institutions of their suspicious activity reporting requirements: “A financial institution is required to file a SAR if it knows, suspects, or has reason to suspect a transaction conducted or attempted by, at, or through the financial institution involves funds derived from illegal activity; is intended or conducted to disguise funds derived from illegal activity; is designed to evade regulations promulgated under the BSA; lacks a business or apparent lawful purpose; or involves the use of the financial institution to facilitate criminal activity. All statutorily defined financial institutions may voluntarily report suspicious transactions under the existing suspicious activity reporting safe harbor”.
Does your Financial Institution have fraud detection systems in place to detect U.S. Passport Card Fraud ?
Who is your Corporate Governance Advisor? ©