Terrorists are increasingly turning to credit cards, according to a study written by an expert on terror financing.
Terrorists are increasingly turning to credit cards, according to an expert on terrorist financing.
Credit cards serve two key terrorist functions, providing both operational funding and as a means of distributing money to group members. “Credit card exploitation and fraud has become a growth industry for terrorists,” writes IPSA International’s Dennis Lormel in a September 2008 white paper entitled, “Terrorism and Credit Card Information Theft.” Lormel is a managing director with investigative consulting services provider IPSA. According to Lormel: “Credit card information theft and fraud represents a lucrative funding stream for terrorists and consequently poses a serious threat to our national security.”
While Lormel writes that there is no exact data on the amount of credit card use by terrorists, there are “ample” reports showing that terrorists do rely on credit card information in helping to reach their goals.
Terrorist reliance on credit cards appears to be on the rise. “I think it’s taken an upward path over the last few years,” Lormel says via phone, meaning “a limited number of people can do an incredible amount of damage.”
Payment system experts agree that terrorist reliance on credit cards is worthy of concern — even if it’s less than shocking. “Fraud and terrorism do go hand in hand,” says Judith Rinearson, a partner with the international law firm of Bryan Cave. “That’s not a huge surprise.”
Eyeing cards, stopping terrorists
Banks and financial institutions have an important role to play in combating terrorism since they can effectively limit the flow of funds to terrorists. “The focus for credit card fraud should be placed on both the source and availability or distribution of funds,” Lormel writes.
Fighting terrorists involves capitalizing on their weaknesses. “Communication and financing are the two biggest vulnerabilities for terrorists,” Lormel says, since both represent opportunities to track and identify them. The fight requires “us being able to exploit their vulnerabilities as opposed to them exploiting ours,” he says.
That’s why financial institutions have a tough — but necessary — job to do. “The banks have been trying very hard to stay on top of it,” Rinearson says. Still, with terrorists constantly updating their techniques, “It is a moving target,” she says. Nevertheless, it’s a target that banks must hit, says Debra Geister, director of Fraud Prevention & Compliance Solutions with LexisNexis in New London, Minn. “Terrorism is a very dynamic and ongoing thing,” Geister says. As terrorists get more creative financially “it puts more of the general population at risk,” she says.
It’s not only the danger to consumers that keeps banks attentive to anti-terrorist measures. “Financial institutions are certainly mandated by law to do so,” Geister says, with both negative press and the wrath of regulators resulting if banks do not. “They want to do everything they can to be diligent to protect themselves and protect the financial systems in this country,” she says.
White paper worth considering
Lormel’s white paper was released by enterprise payment solutions developer Shift4 Corporation as a follow-up to a presentation he gave as a speaker at Shift4’s 2007 Real Security Summit. Lormel is more than just an author: Before taking on his role as a managing director for anti-money laundering and combating the financing of terrorism issues at IPSA International, Lormel spent 28 years as a special agent for the FBI.
In his paper, Lormel notes that it is important to consider the various types of terrorist groups, what funding they require, the mechanisms used for fundraising and operations and the degree to which individual members and cells are used. Groups such as al-Qaida, Hezbollah and Hamas may have similar monetary needs and operational goals, but their funding sources, actual operations and use of funds are “vastly different,” Lormel writes. Therefore, preventing terrorist financing requires a consideration of differences in operations and funding requirements.
Al-Qaida turns to plastic
For example, the shift in al-Qaida’s structure — from an organizational structure to an ideology associated with regional terrorist groups back to a group reforming as an organization — has meant a change in its source of funds. Where al-Qaida once relied on wealthy donors and charities for most of its money, pressure from the U.S. government on Middle Eastern donors and charities prompted a shift: “This led to greater reliance on criminal activities including credit card information theft and fraud to raise funds,” Lormel writes. “Al-Qaida operatives commit credit card information theft and fraud more on an individual basis than as a group or cell activity. However, depending on the circumstances, they will commit fraud as a group or cell.”
Movement of funds
Terrorists’ home base also determines whether cards are used. Depending on their locations, terrorists may choose to move money by formal or informal means. While countries such as Pakistan and Afghanistan present opportunities for the informal movement on funds, “To operate in Western society, terrorists must rely more on formal mechanisms” like credit cards, Lormel writes.
The ability to carry plastic has benefits for terrorists. Other experts have noted that credit cards allow the easy movement of funds between countries and between individuals. Compared to cash (which is subject to scrutiny as it crosses borders), cards provide a less conspicuous way to get money to operatives.
Not everyone agrees that credit cards make more sense for terrorists. “Not only are card transactions easy to trace, but the cards can also be frozen and turned off,” says Rinearson. True, says Geister, but that may not mean much for terrorist fraudsters. “How well can I track them if they’re using somebody else’s identity?” she wonders. Terrorists who have multiple accounts in several names and no intention to repay may find a closed card to be little more than an inconvenience.
In the end, cash and credit may each be useful tools for terrorists. “One way or the other they both serve their purpose,” Geister says.
Calling credit cards “extremely vulnerable to fraud” and “used extensively by terrorists,” Lormel highlights five out of 12 areas of “systemic weakness” terrorists use to raise and move funds that involve credit card information and fraud:
- Identity theft and fraud — Theft of card information, for example, can be used to establish a false identity.
- Credit cards — The Internet can serve as an educational medium, as well as a means for stealing via hacking and phishing.
- Criminal activity — Crime is increasingly relied upon to raise funds, but can also leave terrorists more open to detection.
- Internet — Credit card information is “extremely vulnerable” to being exploited using the Internet.
- Cyberfraud — Terrorists routinely visit websites and chat rooms to discuss hacking, carding and other schemes.
Lormel cites the case of Imam Samudra as underscoring the need for credit card security. Samudra acted as a member of the Indonesian affiliate Jamaah Islamiah and masterminded the 2002 nightclub bombings in Bali. In his jailhouse manifesto written in 2004, Samudra included a chapter that discussed the vulnerability of U.S. computer networks to hacking, credit card fraud and money laundering. Instead of focusing on specific techniques, however, Samudra explained how to find others in chat rooms to perfect hacking and carding techniques.
The Internet represents a perfect place for terrorists to trade techniques. “With that type of information available for people to use and develop tradecraft, it plays right into that upward trend,” Lormel says. It also allows terrorists to maintain a low profile, even as they plan or stage attacks. “One thing about the Internet is that it’s a very anonymous channel,” says LexisNexis’s Geister.
Changing world, changing terrorists
“It is possible to detect terrorist financing but not highly probable,” Lormel writes. That’s why he recommends systems be created and put in place that make it more likely. For banks, “You can’t be static, and you can’t be complacent,” Rinearson says. “Financial institutions need to constantly review red flags, review losses and then update and enhance programs.”
As for cardholders, experts say they should look for unusual account activity on their credit reports and make every effort to protect credit card data, including on receipts from retailers, as well as making sure online protections like virus filters and firewalls are in place.
It comes down to one central point. “Credit cards are certainly a tool that can be exploited,” Lormel says.