Modern Day Swindlers: Evading Fraud in the Digital World
by Dominic Liberatore & Paul Bent May/June 2020
Fraud can happen anywhere, from electronic leases to hand delivered documents signed in ink. Dominic Liberatore and Paul Bent explore fraud in the equipment finance industry and provide recommendations for identifying red flags and challenging suspicious activity.
Dominic Liberatore, Deputy General Counsel, DLL
Paul Bent , Senior Managing Director, The Alta Group
Fraud generally does not involve violence or force but instead arises from intentionally misplaced expectations. Common themes include deception, misdirection and reliance on the good faith of victims. Indeed, the “con man” moniker derives from the phrase “confidence man.” This article will provide industry examples, red flags, special considerations in the modern digital world and recommendations to help guard against fraud. Remember, it’s always obvious after the fact.
Brief History of Fraud in the Equipment Leasing Industry
Fraud is often simply the manipulation of the little details we take for granted. Fraudsters prey on the assumption that if the “big stuff” looks OK, then the little stuff probably is too. However, the little stuff really matters. The following are some pertinent highlights (without detailing many of the underlying facts given the scope of this article) from a few well known examples of fraud in the equipment finance industry. These examples were not high tech but primarily “old-school” fraud.
The OPM scheme from the late 1970s involved two cousins who stole IBM purchase orders and used them to finance fraudulent purchases through various leasing companies. Customers were directed to send all incoming mail to the fraudsters who were traveling throughout the pre-email country. However, the underlying equipment never existed (and somehow the front office handling the mail never became suspicious).
NorVergence is one of the most infamous fraud cases in recent years. An estimated 43 leasing companies bought equipment leases from the originating vendor. Unfortunately, this was nothing more than a Ponzi scheme. A bankruptcy triggered the investigation. It turned out the prices for the underlying internet routers were vastly inflated and they were bundled with certain telecom services, a connection that attracted the focus of the FTC and a number of state attorney general offices. This fraud occurred in the early days of the technology upswing and many funders were fooled.
The Equipment Acquisition Resources (EAR) fraud involved bogus invoices and purchase orders and collusion with a used equipment supplier. Serial numbers on the equipment were switched. The fraudsters even allowed on-site inspections. Several large funders were deceived by this scheme. Ultimately, the bankruptcy administrator attempted to claw back lease payments received by the various funders.
Finally, Royal Links involved the financing of golf push carts. The fraud was very similar to others, such as medical and dental office video structures and bus stop advertising deals. In each, the supplier promised that advertising proceeds would generate enough cash to cover the lease payments. Although the leases and equipment were real, the underlying advertising structure was highly questionable and nearly always failed.
What can the industry learn from these cases (and many more like them), and how can a funder avoid being the next victim? Here are some common sense things to keep in mind.
• Drill down on equipment specifics to be certain the correct equipment is involved and actually exists. As simple as it sounds, this due diligence is easy to overlook. Check out the vendors or dealers too.
• Be wary of invoices showing big mark-ups.
• Be extra wary if the vendor or originator does not allow access to the obligor. This is a big red flag and you would be amazed at how often it occurs.
• Do not become complacent with due diligence, including for repeat business. Remember, fraudsters rely on gaining your confidence and willingness to trust them. As outlined later in this article, you should establish standard processes and due diligence and follow them.
• Be wary of artificially created urgencies to move forward quickly or risk losing the deal. Also be wary of a counterparty that is too cavalier.
• Sale leasebacks pose special considerations even without actual fraud. Follow your processes carefully.
Fraud in the Digital World
As everyone knows, paperless transactions (e-signed paper leases and full-blown electronic leases that are electronically vaulted) are becoming more and more commonplace. Of course, this is very positive generally, especially in the COVID-19 world. However, it also creates opportunities for bad actors since face-to-face interactions are replaced by electronic ones. This does not mean that a funder should not operate in the digital environment. If done properly, e-signing and full-blown electronic leases are as secure as, or indeed more secure than, paper leases. The caveat is that a funder cannot be sloppy or complacent, whether in real life or in cyberspace.
One particularly common type of fraud in the digital world is email fraud. Some examples of email fraud include:
Phishing: The fraudulent practice of tricking recipients into disclosing financial, confidential or personal information or just signaling (inadvertently) that they are willing to respond to emails.
Spoofing: Impersonating another user or device to launch a network attack or sending phony emails with links that take the user to the fraudster’s website rather than a legitimate site.
Practical Recommendations for Combating Fraud in the Digital World
To minimize the risk of fraud while dealing with e-signed paper leases or electronic leases, funders should consider the following:
• Which e-sign provider will you use? Did the funder or customer select the provider?
• Is the e-sign provider a recognized name in the market or a new and/or unknown entity?
• Is the customer performing the e-sign service? Is it a “home grown” e-sign solution?
All of these questions are important because they address the strength and completeness of the underlying processes and protections of the e-sign service being used and, ultimately, the enforceability of the underlying leases. Of course, if the e-sign service provider is selected by the funder, you presumably will have performed due diligence already on the provider in terms of the signer authentication process (many providers offer different levels of signer authentication), e-vaulting capabilities (if applicable), cybersecurity considerations, disaster recovery capabilities and overall commercial viability.
However, using a process selected by the customer or “home grown” by the customer may not properly address the foregoing. These considerations are especially significant if the funder intends to securitize or syndicate leases or loans.
Another important question is whose e-sign account is to be used? Even if the customer and funder use the same e-sign provider, the customer or vendor will be responsible for selecting the signer authentication settings of the transaction if you use their account. In the case of electronic leases, the customer may not have selected the “single authoritative copy” process to establish who has the sole “original.”
In terms of signer authentication, does the e-sign provider offer a two-step verification, such as a text with a code or an out of wallet identity check service? Without any face-to-face interactions, taking this extra step is important. In terms of cost/benefit, the incremental time and cost to do so is generally not significant.
Retaining an audit trail (sometimes called a certificate of completion) for the e-signer authentication process is vital. This is not simply akin to a cover sheet and should not be discarded. This document is very important and will, among other things, summarize who signed the lease, the date and time when the signing occurred and the IP address(es) used.
In the digital world it is absolutely crucial to remember the basics. Due diligence on the customer and its email address is critical. Do not skip any steps — small details are important. Look at the customer’s email address closely. If anything looks the least bit suspicious in an email, hover your cursor over the email address(es) and any embedded links BEFORE clicking. You will see the actual email address near the bottom of your screen, and it may not have any relationship to the one showing in the email.
Be on the lookout for emails that are not from an actual company email domain (John.DoeatABC@aol.com vs. John.Doe@ABC.com). Ask yourself, does the email look fishy, include typos or just seem off somehow? If so, dig deeper.
Funders must train their employees on basic technology issues, including IP addresses, URLs, website addresses, internet links and internet names. This training needs to be followed by regular updates and refreshers because technology and fraud techniques are constantly changing.
To minimize the risk of fraud in the modern world, whether dealing with email correspondence and attachments, an old fashioned wet ink signed paper lease delivered to you or an electronically signed (or full blown electronic lease), funders must institute standard back-office processes, including required lessee due diligence, and should consistently apply these, even for repeat business. Funders should remember that common sense and due care are needed just as much in the digital world as in the paper world.
Sometimes a funder will face old fashioned deception and theft. However, increasingly funders will face higher tech versions of fraud that are much more difficult to detect. Remember, fraud is a constantly evolving threat. If some component of a deal does not feel right, it may well not be right. Drill down, whether this means picking up the phone, going out to the customer or performing some other form of due diligence necessitated by the facts and circumstances.
And trust your instincts. Don’t be timid about challenging what doesn’t look right. •
Dominic Liberatore is deputy general counsel at DLL. Paul Bent is senior managing director at The Alta Group.