Church Latest Victim of Ach Fraud

By Linda McGlasson
Bank Info Security
September 1, 2010

Over a weekend in August, the Catholic Diocese of Des Moines, Iowa, fell victim to a $600,000 ACH fraud theft and becomes another in the growing list of businesses and entities that have suffered huge losses as a result of these crimes.

The church says it was victimized by criminals who illegally obtained its banking information in order to transfer funds to numerous "money mule" recipients across the United States on Aug. 13 and 16.

The Diocese is but the latest of many such incidents to have hit the nation's businesses and government entities over the past year. The Federal Bureau of Investigation estimates that 205 separate businesses have reported incidents of corporate account take-over since 2004 -- the bulk of them in the past year, with estimated fraud losses topping $40 million.

The increasing trend for criminals attacking mid-level targets is disturbing, but expected, says Chris Roberts, managing director at One World Labs, who has seen similar attacks recently in his investigations. "[The victims] don't have the same level of scrutiny that the major organizations go through, and they are less protected, less aware of the dangers."

How Diocese Theft Happened

Anne Marie Cox, spokeswoman for the Diocese of Des Moines, says the church was informed of the theft by Bankers Trust of Des Moines on the morning of Aug. 17. The bank shut down all relevant bank accounts. Cox says the diocese instructed the bank to start the process of recovering funds, where possible. To date, approximately $180,000 has been recovered, Cox says. How the criminals got the diocese's banking credentials is still not fully known.

As the diocese was alerted, the FBI and Treasury Department were both notified, says Cox. The FBI started its investigation and took several computers from the diocese for forensic evaluation.

Cox says the diocese's insurance carrier and lawyer also have been notified of the crime. Law enforcement officials say the diocese "seems to have been the victim of a highly sophisticated operation, most likely based overseas, which engages participation of individuals who unknowingly act as intermediaries of the funds obtained by theft," says Cox.

At this point, none of the staff is suspected of being involved in the incident. "While the Diocese of Des Moines is protected by insurance and anticipates the restoration of the funds, we have been advised that such criminal activity is rampant," says Bishop Richard Pates, the Bishop of Des Moines. The Diocese of Des Moines has banked with Bankers Trust for more than 27 years.

In a prepared statement, Bankers Trust says it takes security very seriously, and its systems are federally regulated, tested and approved. The bank says its Internet system was not breached and "continues to be secure."

Any original material on these pages is copyright 2004. Reproduce freely with attribution.