It regularly happens that international fraud is committed with the help of a Dutch bank account, which is used to receive and pass on money. What does this form of fraud look like and what can be done about it?
International invoicing fraud
Several parties are involved in this form of fraud. In the first place, a party that trades with another party. For example: an Italian company does business with a company in Great Britain; the Italian has to pay an amount and receives an invoice from the British company with the payment details. An everyday situation in which nothing is wrong (yet).
Hacking email accounts
In the meantime, criminals can access the email traffic and read the emails that the British and Italian companies send to each other. This can be done in several ways. The computers of the British or the Italian company can be hacked via malware. It could also be that (employees of) these companies are careless with passwords, or that passwords are easy to guess. The consequence is that the criminal hackers, who often take their time before making their move, come to know that an invoice is going to be sent that has to be paid, for instance because an order has been placed or because an agreement has been entered into. That is the moment that the criminals go into action.
Fake invoice
The criminals can use the email address to which they have (illegal) access to send an invoice showing the amount to be paid. The recipient, in our example the Italian company, would not doubt it. The invoice was expected, the amount is correct, the name of the other party is also correct. What’s more, the invoice has been sent from a trusted email address that has often been used. The Italian company will pay the invoice.
Cash flow capture
In reality this invoice has not been issued by the United Kingdom company, but by the criminals. They want to capture the cash flow and collect the money via the bank account of another person under their control, a money mule. And that can be a bank account in the name of a resident of the Netherlands, at one of the Dutch banks, such as ING, ABN-AMRO or Rabobank. The criminals often operate internationally. All too often they remain unknown and out of harm’s way. Thus it is possible that the Italian company pays an amount into the bank account of the wrong person.
Can this payment not be prevented?
Before the introduction of the “SEPA” (Single European Payment Area) there was in the Netherlands a well-functioning system that stopped payments if the name and account number of the recipient did not correspond. When European bank account numbers were introduced, this system was discontinued for technical reasons. There are similar problems in other European countries. This well-functioning control system has in the meantime been reintroduced, but the system only works for national payments. Technical complications mean that it is (still) not possible to match the name and number in advance. Payments from a foreign country to a Dutch bank account are carried out on the basis of the account number; the fact that the name of the account holder is incorrect does not mean that the payment will be stopped. It is simply carried out. The reverse case is also possible: if a payment is made from a Dutch bank account to a bank account in another European country, this payment is also carried out and not stopped if the name of the account holder is incorrect.
What kind of person makes their account available for this?
Thus, the payment comes into an account that is not in the name of the company that should receive the payment. Criminals need this account to receive stolen money. Criminals who specialise in this type of fraud are usually smart enough not to use an account in their own name. They use the accounts of other people. These people are called “money mules”. They can be naïve people with debts and psychosocial problems, who make their bank card and pincode available in return for a small payment. They can also be people who are being blackmailed or forced in some other way. The account holders are almost always small fry who are so unwise that they lend out their bank card and pincode but themselves earn very little or nothing at all from the crime committed. Thus the criminals can temporarily use the account via internet banking. What’s more, people who allow their bank account to be used in the Netherlands are usually prosecuted and punished. Above all, if misuse is detected they are blacklisted by their bank and lose their bank account.
Transaction monitoring
As soon as a criminal receives money on the account that he (temporarily) controls, he will try to transfer it or take it out in cash from an ATM. Cash withdrawals are subject to a daily limit. This method is therefore slow. Most criminals transfer the money to various other accounts in other countries. It often happens that in this phase the Dutch bank will intervene. Receipt of an unusually high amount from a foreign country can lead to a signal that is investigated by the fraud department of the bank, especially if it involves the account of a private individual who does not normally receive such high amounts from a foreign country. If these amounts are quickly transferred to another country, or if large amounts of cash are suddenly withdrawn at an ATM, these unusual transactions will very quickly stand out and be detected. In recent years transaction monitoring systems have become ever better and more refined, and the banks intervene more and more by freezing the account of their client if they suspect that the account is being used for fraud. The chances of getting the money back have grown in recent years.
What should the victim do?
It usually takes some time before the victim discovers that he has not paid the party with whom he is trading but instead to another party. In most cases the fraud is only discovered when the party that should have received payment makes it known that the payment has still not arrived. It can also be that the fraud is discovered because the “right” invoice arrives, showing a different bank account number. The duped company must contact his own bank at once. The bank of the paying party will immediately contact the Dutch bank. If this doesn’t work, then it is also possible to report the fraud via our office. The reason that the fraud should be reported immediately is that the bank account of the recipient must be blocked as soon as possible. Criminals try to evade the transaction monitoring system by booking off small amounts every day; larger amounts are more noticeable. For this reason, there is a chance that even with a late report there may still be money in the account.
Recovery
The next step is somewhat more complicated, and it is advisable to involve a Dutch lawyer in this phase. Our office is specialised in these kinds of cases. There is in actual fact a legal dispute with an unknown, anonymous opponent: only a bank account number is known, but the name and address of the holder of the account where the money is are unknown. Who should be summonsed if there is still money on the account? And is the Dutch bank prepared to reveal the name of the account holder, a client who has a right to privacy? In fraud cases we almost always succeed in obtaining the name and address of the account holder. But that still doesn’t mean that the account holder will agree to return the amount in the (meanwhile frozen) account. And the bank cannot charge back this amount against the will of the account holder. Often a lawsuit is required. Fortunately, such a lawsuit in the Netherlands proceeds quite quickly and almost always ends to the benefit of the victim of the fraud. The bank will then cooperate in the chargeback.
Want to know more?
Do you want to know more after reading this article? Contact us. We will be happy to help you.
published by Marius Hupkes
