In the aftermath of the San Bernardino shootings, there has been much investigation into the terrorists, including their financial lives. Reuters reported that prior to the attack, the shooters borrowed $28,500 with, it’s now clear, no intention of paying it back. News outlets reported that one of the shooters made at least three $5,000 transfers of that money in the days before the shooting, to another family member.

In light of that, Yale law professor Stephen L. Carter suggests, “One Way to Discourage Terror Attacks: Sue.” In his piece on Bloomberg View he cites “fraudulent conveyance,” legal doctrine that describes: “… the transfer of property for with the intent of delaying or defrauding a known creditor. If such a fraudulent intent can be proven, the creditor may bring a lawsuit to void the transfer.” It’s an interesting point of view – perhaps the shooter’s relative will be forced to repay the $15,000.

Bust-out fraud behavior yields clues

In thinking about the attacks in terms of my own work, in the field of enterprise payments and security, the Reuters article also said that the San Bernardino shooters “apparently followed a pattern set by other militants who drained their bank accounts and exhausted credit lines before embarking on what they believed would be a suicide mission.” (Emphasis added.)

“Exhausting credit lines” is behavior that classically falls under bust-out fraud, in which fraudsters obtain credit (typically credit cards, but also loans) and make regular payments for a short while, to appear normal. Then they quickly max out their credit and abandon the cards or loan, with no plans of future repayment.

Bust-out fraud is often hard to detect since the fraudulent behavior is more subtle than, say, a criminal using a stolen credit card number to run up a large amount of purchases in an hour or two. In fact, analysts estimate that between 10% and 15% of all banks’ unsecured bad debt is actually bust-out fraud, resulting in tens of billions in losses every year. Banks’ financial results are skewed, and untold resources are spent chasing down debt that will never be collected.

So, any analysis of terrorists’ presumed financial behavior aside, it makes sense for banks to have tools to carefully analyze customer activity to uncover bust-out fraud, which is often perpetrated by fraud rings. FICO’s link analysis solution (Identity Resolution Engine, or IRE) uses federated data search capabilities and industry-leading analytics, and is an ideal solution for pursuit of bust-out fraudsters. It is typically used in conjunction with social network analysis, which helps identify expansive fraud rings.

A holistic view of the customer

The Reuters article also says that the San Bernardino attackers drained their bank accounts while running up large credit balances. It’s possible for banks to detect this kind of activity, even when it occurs across multiple product lines.

One way to do this is with FICO’s Falcon® Platform, the industry-leading solution for payment card fraud prevention that protects two-thirds of the world’s card transactions. Many institutions also use Falcon modules to detect fraudulent activity in deposit accounts, ePayments, mobile payments and other types of transactions. These modules share information with each other, providing a holistic view of the customer. In addition to flagging traditional fraud patterns, Falcon’s underlying analytic models can also be tuned to look for those that are the hallmarks of terrorists.

One thing is for sure. As banks and other institutions double down on their efforts to fight the rise of all types of financial crime, the predictive analytics that power fraud protection will play an integral role.

Follow me on Twitter @FraudBird.