|
Issue 020501- Table of Contents Due Diligence Must Be Accurate, In-Depth Getting Rid of PayPal? Priceless AmEx, Visa Announce First-Quarter Profits Processing Fight Gets Nasty: Visa Sues First Data No Stretch: Yaga Could Revolutionize Digital Payments 2001 ACH Payment Volume Exceeded 1 Billion What's So SMART about Smart Cards? Working 'Thru' the Financial Fog iSwipe Turns iPaq into Card-processing Terminal Now You Can Utilize Check Images 24/7
|
Lead Story: Epidemic of False Apps Infects Industry A
n ugly virus is seeping through the already challenged ISO community. It preys upon the trusting yet hungry nature of companies eager for new merchant business. When detected, it quickly disappears and lays dormant for a bit before rearing its vile head in another locale.
What is it? It is the fraudulent rep, and, according to some industry insiders, it is reaching epidemic proportions.
In recent months, fraud cases have been reported with an alarming rate, particularly in Georgia, Pennsylvania and Tennessee. What are the symptoms? Ask MSI or CMS or EDR or Integrated Leasing. This disease has infected them all.
"We were first contacted by a gentleman named Chris Cornwell through online advertising we posted," says Mario Parisi, Director of Operations for MSI New Jersey. "We sent him a non-disclosure. He signed it, sent it back with an app under the name CCC Merchant Group, and we started the process."
That process included a standard credit check, imperative for organizations that work with both good and not so good credit risks. Running a credit check can result in red flags that pop up if the rep has approached multiple processors simultaneously or if the data is incorrect or reflects any illegal or criminal history.
None of those appeared, so MSI signed up the rep. But when MSI took a closer look at his merchant apps, it discovered that the rep was not who he said he was.
Other companies have not been so lucky.
"Through our experiences, we've determined that bad reps bring bad business; so we have put certain procedures in place," says Parisi, "For the first 10 accounts any new rep puts in play with us, we check each account and scrutinize each merchant app."
At that point, MSI's procedures revealed that the first two merchant apps Cornwell submitted were fraudulent. Needless to say, none of Cornwell's accounts made it into MSI's system. It tried to contact Cornwell immediately but, after numerous attempts, discovered that the rep's phone number suddenly was disconnected.
During this time, MSI also contacted the merchants whose names were on the account apps submitted. "We dot all our i's and cross all our t's," says Parisi. "We've got to. The good thieves make their apps look good."
When MSI checked the credit of one of the merchants submitted by Cornwell, it got an alert that someone might be using that merchant's credit illegally. That was the final red flag for MSI. A termination letter was sent to Cornwell's listed address, and MSI immediately contacted its banking partners and several of its leasing partners regarding the alleged fraud.
But for one leasing company, it was too late. Integrated Leasing already had issued a leasing program to Cornwell since he was "legitimately" signed with a reputable ISO - namely, MSI. Monies were paid out, and the scam was consummated.
The core of this disease is centered on defrauding leasing companies out of dollars. "The motivation for these dishonest reps is to get leasing money up front," says Parisi. "And they work fast. The day Cornwell sent in his first deals, we caught him, but it took about a week from the initial contact to when we found him out." Did MSI contact local authorities about this situation? No, it did not. Because the fraudulent rep was working out of Atlanta, MSI recommended that the merchant who had been misrepresented on the application contact the Georgia authorities. Since money didn't change hands between MSI and the alleged fraudulent rep, MSI didn't see itself as a true victim.
"We really can't do anything because these reps could countersue for defamation of character," says Parisi. "And stuff like this has been going on for 20 years. We've had three similar experiences in the last five years. There are some areas of the country we won't deal with. Memphis is a real hot spot."
A Memphis man, Phil Lacefield, was indicted by a federal grand jury in March 2002 on 19 criminal counts, including wire fraud, mail fraud, money laundering, identity theft, forgery and making false statements on federal tax forms. Lacefield allegedly stole consumers' identities and used them to set up phony storefronts and arrange accounts with leasing companies to lease payment processing terminals and office equipment. At the time he was caught, the FBI agents who arrested him said he even gave a false address.
If convicted on all 19 federal counts, Lacefield faces a maximum sentence of 230 years in prison and more than $4 million in fines.
How can companies combat this fraud? MSI sees pooling resources as a viable solution.
"We have to team up together and create a negative data base," says Parisi. "There are two specific areas that we need to address - rep fraud and merchant fraud. There's just not enough info out there. No one really cares about it. Remember, we didn't catch the rep through his personal app; we caught it through his merchant apps. This guy may have gotten in the door, but he didn't get lift-off. We did our due diligence."
Others companies are doing their due diligence as well. Heartland Payment Systems has implemented strict policies and procedures for all sales employees. "The combination of background checks, an agreement that clearly spells out the rules of engagement, liability and benefits, does not allow much room for fraudulent type behaviors and activities," says Leslie Chester, Vice President, Sales and Marketing for Heartland.
And it would seem to be working well for this leading processor.
"A few years ago we had problems with folks posing as others and instituted thorough means of checking out new hires that have kept us out of this kind of trouble," says CEO/Chairman Bob Carr.
Unfortunately, Heartland might be the exception. Florida-based payment processor Electronic Data Resources also was hit by fraud but, like MSI, caught it before it did irreparable damage to its infrastructure. An EDR account manager realized that the name and numbers on the check submitted with the application had been altered.
"One of our app requirements is a preprinted check, a starter check," says Manny Ferriera, Underwriter for EDR. "This particular check looked like it was altered or had a sticker in the corner where the true name would appear."
EDR did a bank verification, and the names did not match the account. It immediately checked all of the recent apps submitted by the rep in question and saw the same account number with different banks, the same DDA and routing numbers with different bank names. The checks indeed had been altered.
"We had put together six deals in the pipeline for this rep, and we immediately stopped them all," says Ferriera. "This rep was from Atlanta. We knew the Atlanta area and, based on the size of some of the merchant apps he had submitted, it also raised our suspicion since independents typically go for smaller merchants. My best advice: When you get an application, always listen to your gut. If you think something is wrong, act on it."
EDR contacted the rep and told him it was ceasing activity with him. What was the response from the rep? "There was no real response. There was no argument," says Ferriera.
EDR also contacted the banks listed on the apps as well as some of the larger processors to see if anyone else had anything on this particular rep. One actually did. Wouldn't it have been nice if that data had been shared before the fact?
Like MSI, EDR did not take any legal action. "We didn't lose anything because nothing had been processed," says Ferriera. "You can call local police, but they really don't understand the business. What would they do?"
So what does EDR do? "We try to keep a negative database and open communication with other colleagues in the industry," says Ferriera. "We share information, and when we have new reps we scrutinize them just a little more. We used to just have to worry about merchant fraud. Now we have to worry about rep fraud. The only thing that can identify rep fraud is experience. There's no way to identify it 'til it happens."
Ferriera warns that fraudulent reps like to stay under the radar for as long as they can. "A common thing was that they took ads out of the yellow pages or local newspapers for low-risk, store-front, retail types of businesses that a processor wouldn't question and submitted them with the application," he says.
Identification would seem to be the antidote. Delivering the serum in a timely manner, however, is the key. Fraudulent reps sign up as independent contractors on a commission basis for an ISO. They run their scams under the umbrella of that legitimate organization. It works for them because it takes time for their new ISO to do background checks.
Sometimes they're done in a cursory manner, once the agent is signed. His credit check looks good, so he's good to go. But when the actual deals arrive, they're putrid. The infection already has spread, and hardest hit are the leasing companies.
Take Integrated Leasing. The rep identified as Chris Cornwell submitted what appeared to be a perfectly legit application. The merchant listed was a beauty salon chain with clean credit. All of the questions were answered properly, and Cornwell was affiliated with an established ISO.
"Where was the hole?" says Corey Saftler, President of Integrated Leasing. "This guy got us. Every character on his app had impeccable credit, so there was no reason for us to be alarmed."
Saftler says this rep even included a picture of his business license, which came back with impeccable credit.
"These guys pick people with incredible credentials. They capture an identity. They set up a phony merchant account and submit a lease account. They can answer all personal questions since they've already captured the identity. No matter how original our questions are, the answers are available to them. So, we fund the deal, process the lease and find out after the fact - after we've paid up front on the lease," Saftler says.
When Integrated received an additional merchant lease app from the same individual, a warning sign did appear - certain data was missing. Integrated tried to contact Cornwell, to no avail.
What is the company's next step? Unfortunately, it has to wait for the grace period for the first payment to end before it can pursue any legal action.
"Before we can claim defraud, we have to be sure the rep makes no attempt to make payment on the lease," says Saftler. "As soon as the first receivable cycle takes place and the first premium doesn't get paid, we'll take action."
That action can be going directly to the local police and filing a fraud claim. Depending on whether it is worth its while, Integrated might contact the FBI as well. Saftler says his company will do whatever it takes to uncover these people - and it has had some success. For example, a culprit from Pennsylvania is in custody, and every month Integrated receives a check from the Probation Department against the amount owed ($15,000).
According to Saftler, it's all about catching and punishing these guys.
"We have anti-fraud filters. We conduct interviews live on tape and ask pertinent and personal questions," he says. "But the truth is that, just like a good car thief, these guys will figure out how to circumvent the alarm system. In this case, these alleged characters study our industry and know how to extract funds."
Saftler says Integrated catches one a month.
"There's a lot out there," he says. "But the broader issue needs to be addressed. It would be nice if we could all share info. All leasing companies have files on these guys. It is an epidemic.
"We have suspicions that these are former ISOs or sales reps that know it's relatively easy to defraud smaller leasing companies who are hungrier and have less technological know-how - companies who are willing to sign up verbatim. As long as these guys are successful in getting funding for non-existent accounts, they'll continue to do it. As long as there are people hungry to do business and work with new guys, there is always the chance of fraud. We try to limit it by expertise, but it does exist."
Another reputable and highly regarded organization, Meramak Bancard, detected fraud through a response to its welcome kit.
"We received an application back in February with a merchant whose credit was very good, and we approved it," says President Richard Ward. "We issued the MID and sent out our welcome kit. The merchant called and asked, 'Who are you? We're processing with another bank and have been for years.' "
According to Ward, this merchant had no idea who the name on the app was. It turned out to be a fictitious owner.
"This guy must have gotten hold of someone's name and credit and sent in a phony app in order to get a lease for equipment," says Ward. "Unfortunately, the leasing company is out the money because they then authorized a lease and paid on it. The scam was to get the lease money as opposed to just setting up a merchant account. On this particular app, it said equipment was already on site. We sent the info to the leasing company, and the rep got funded for the lease."
Ward also advocates sharing information. "We'd like to see a database where reps can't do this," he says. "What happens is they get caught at one place and then go to another. They give a bad name to the industry. These people lie and cheat, and we suffer the consequences.
"We are close with one leasing company, and they will tell us to watch out for certain guys. One guy cost them thousands of dollars and is probably doing it somewhere else. A crook is a crook, and they know what they're doing. The only way to stop it is by knowing who's doing it."
How does Meramak stay in the know? It, too, maintains an in-house negative file on bad guys. The answer to this problem might lie in the sharing of that information.
Dan Lewis, Vice President, National Sales for Certified Merchant Services, is on a mission to investigate fraud. CMS recently has been hit by several different reps but believes it is one individual using aliases. "We had signed an agent up under the name of Melvin Goode who got off to a great start," says Lewis. "Then we got a call from CIT, our leasing partner, telling us he was a fraudulent agent. We terminated him immediately, and a few weeks later we began to receive applications from someone named Michael Miller. One of our agent support reps recognized his voice when he called in for information as that of Melvin Goode. We then terminated him under that alias."
Then, a few weeks later, CMS started receiving a number of applications from an agent named King Singletary. It never was able to speak directly to Singletary but noticed that all of his apps were being penned to social security numbers that were non-existent or being reported as fraudulent.
Upon further investigation, CMS determined that all of his apps were being sent via Airborne Express from the same zip code as Michael Miller/Melvin Goode. All three supposedly were working out of Atlanta. Singletary was given the boot as well.
What did CMS do next? "Upon receiving this information, we contacted our partners and other leasing companies to let them know of this information," says Lewis. "Thankfully, our last experience with him was back in October 2001. We have been watching for him since."
One thing CMS watches for is the number of accounts a rep submits at the onset of the new relationship. "Typically, you'll only get a couple," says Lewis. "But every once in awhile, you get someone with 10 deals. That was the case with Singletary. The first week, we approved them as quickly as possible. The next week, we got more. It was a red flag."
Why didn't CMS contact each merchant personally before approving the app? Because its policy is that it doesn't call each merchant to verify each deal. If all the pertinent data is there, CMS does underwriting based on different criteria. It's all about numbers.
"Unfortunately, when you do 2,000 apps a month, it is impossible to call each merchant," says Lewis. "You have to look at what's realistic. We do call when not all the data is there or something doesn't look right. Unfortunately, these three guys' merchant apps looked good."
CMS also maintains a negative data base file. Lewis says it is not prudent to make any public allegations without hard evidence, but the company reserves the right to terminate any agent in-house and communicate that internal process with its partners.
"We go to our partners and people we deal with and advise them we have had problems," says Lewis. "They have to make their own decisions after that."
Lewis estimates that CMS encounters a "handful" of fraud cases per year.
"The good news is that most of the agents out there are not out to defraud merchants and the leasing company," he says. "It's very easy to get a merchant account, and, unfortunately, what do all of our agents want? They want same-day, even five-hour turnaround. If you don't comply, they'll find someone else that will. As companies, we have to do due diligence as quickly as possible. Part of this problem is our own. All of us in the industry have allowed it to happen because we have to give fast turnaround." But, he adds, "How can you possibly verify every merchant in large volume? You need a pretty large department. And if the merchant doesn't answer the phone on that first contact, do you hold off approving the account and risk losing that business?"
Lewis admits he'd like to know how to make everyone aware of this. "Is there a way we could post people's names out there without incurring any legal problems? You can't do a blackball list."
There may well be issues in setting up a national blacklist, but there are organizations that are combating the fraud disease with the latest technology.
Established in 1998, MAC is an organization of bankcard professionals involved in the risk-management side of card processing. Members include banks, ISOs and card associations.
MAC is dedicated to providing universal risk-management solutions through ongoing communication and cooperation among acquirers and card associations. MAC members include acquiring banks, savings and loans, credit unions, gateway providers, ISPs, ISOs, MSPs, merchant acquirers, and processor and risk-management professionals. There is no membership fee yet, but MAC plans to begin charging in 2003.
All of the major card issuers are members, including Visa, MasterCard, Discover and American Express. MAC is based in Westlake Village, Calif. The contact is Deana Rich, at 818-597-0787 or drich@jettis.com.
What does MAC do to help eradicate the fraudulent rep virus? Monthly meetings are held to educate members in the newest trends in risk management. Through its association with all of the card issuers, MAC keeps members up to date on the newest regulations. MAC also provides networking opportunities unavailable through other industry organizations.
MSI recommends MAC. "They contacted us and asked us if we wanted to be part of an e-mail blast network for risk management," says Parisi. "We need a network of risk managers out there who will keep ISOs and leasing companies from getting burnt. The bottom line: We need to communicate with each other."
|