The Financial Crimes Enforcement Network (“FinCEN”) has issued a Notice on the Use of Counterfeit U.S. Passport Cards to Perpetrate Identity Theft and Fraud Schemes at Financial Institutions (“Notice”), asking financial institutions (“FIs”) to be vigilant in identifying suspicious activity relating to the use of counterfeit U.S. passport cards.  According to the Notice, the U.S. Department of State’s Diplomatic Security Service (“DSS”) has determined that there is a growing use of such counterfeit cards to gain access to victim accounts at FIs.  “This fraud occurs in person at [FIs] and involves an individual impersonating a victim by using a counterfeit U.S. passport card that contains the victim’s actual information.”

As its title plainly states, the Notice pertains to passport cards, rather than passport books.  Passport cards have more limited uses and can be used only for land, sea and domestic air travel into the U.S. from Canada, Mexico, the Caribbean and Bermuda.  The following graphic from the Department of State illustrates the difference. 

The Notice observes that FIs are less likely to detect fraud involving passport cards because they are a less familiar form of U.S. government-issued identification.  Victims’ personal identifiable information (“PII”) is typically acquired through the darknet or the U.S. mail (see our blog post on the surge in mail-theft check fraud here).  After a fake card is created, the illicit actor or complicit money mule will visit a branch of the victim’s FI – often by trying to avoid any branches that the victim actually may visit, so as to reduce the chances of detection.

If bank staff are fooled successfully, the Notice describes what can follow:

1. The illicit actor will seek to gain information about a victim’s account, by, for example, asking questions regarding the account balance and withdrawal limits. Once such information is obtained, the illicit actor will quickly withdraw large amounts of cash below the Currency Transaction Reporting (CTR) threshold, purchase cashier’s checks or money orders, or initiate wires.  To evade the CTR threshold, the illicit actor may visit other bank branch locations and repeat the process, using the same victim’s information.
2. The illicit actor cashes stolen or forged checks to obtain funds from a victim’s account.
3. The illicit actor establishes a new joint account, using the victim’s account information, with a second illicit actor as a joint owner. After the joint account is established in person, the illicit actor will then transfer funds out of the victim’s existing account into the newly established joint account. The funds in the joint account are then wired to other accounts wholly controlled by illicit actors.

The Notice provides a list of 17 “red flag” indicators of identity theft and fraud involving counterfeit cards, broken into three types of red flags:  technical, behavioral, and financial.  The technical red flags are relatively detailed.  For example: “The card bearer’s date of birth and other areas of text are flat and do not feel raised when touched. Legitimate U.S. passport cards have tactile text on certain areas of the card and should feel textured.”  The Notice helpfully contains images which can be used by FI personnel to physically spot technical flaws present in counterfeit passport cards.

The behavioral red flags focus, not surprisingly, on evasive or odd behavior by a customer presenting a passport card.  Unlike some red flags suggested by FinCEN in regards to other types of fraud schemes, these red flags appear relatively practical and effective because they apply to face-to-face encounters.  The financial red flags appear to be more detailed versions of behavioral red flags, tied to specific types of financial transactions.  For example:  “A customer presents a U.S. passport card as a form of identification and attempts to negotiate an uncharacteristic, sudden, or abnormally large volume of checks made payable to cash.”

Overall, the Notice proposes concrete methods for identifying counterfeit passport card fraud schemes.  Unfortunately, people who legitimately rely on passport cards as their means of identification now can expect to undergo a battery of questions whenever they walk into a bank as FIs adjust their procedures to account for the warnings in the Notice.

Finally, FIs filing related Suspicious Activity Reports (“SARs”) should include the key term “FIN-2024-NTC1” in SAR field 2 and should select SAR Field 34(z) (FRAUD-Other) as the associated suspicious activity type and include the term “Passport Card” in the text box.

[View source.]