How a 19-year-old man became Kim Kardashian

Many people wish they could live the life of a celebrity, with all the fortune and luxuries that fame provides. In 2013, a 19 year-old Florida man named Luis Flores, Jr. got a taste of the good life by using private information to commit identity theft against a number of public figures, including reality television star Kim Kardashian. Here’s how he did it and what financial institutions can learn from this incident:

Identities of the rich and famous

The Orlando Sentinel reported Flores lived in the Orlando suburb of Lake Mary with his mother, Kyah Green. He worked at a call center until he lost that job in March 2013 because of charges that he stole a co-worker’s personal information to deposit a paycheck into his own bank account. Following his dismissal, Flores looked to the stars for a more ambitious identity theft scheme.

The fraudulent activities, including takeovers of several accounts belonging to celebrities, took place between March and July 2013, the Middle District of Florida U.S. Attorney’s Office stated. Though Flores was arrested on the state charges for taking his co-worker’s pay in late March, the account takeovers resumed when he was released on bail in May.

Among the scams were two wire transfers for a total of more than $70,000 from the account of Kardashian’s mother, Kris Jenner. Surveillance photos showed Green making withdrawals from the account that received those transfers. A person called American Express claiming to be Kardashian to change the Social Security number attached to her account to Flores’ and order a replacement card. Still other fraud attempts targeted famous names like FBI director Robert Mueller, socialite Paris Hilton, actor Ashton Kutcher and U.S. Marshals Service Director Stacia Hylton.

The source for all this information was a website that posted hacked private and financial records for a who’s-who of big names in politics and entertainment. All of the aforementioned individuals had their data compromised, as did former Secretary of State Hillary Clinton, Vice President Joe Biden, former Attorney General Eric Holder, Beyonce, Jay-Z and Mel Gibson, according to The Hollywood Reporter. On June 24, 2013, federal investigators found the details from the hack saved on a flash drive in the apartment where Flores and Green lived, bringing an end to their time playing the part of a world-famous heiress.

Securing identities and private data

As this case shows, financial institutions must be alert for a range of fraud tactics that change over time. Criminals try multiple approaches and can draw from information belonging to numerous individuals. That’s one reason why data breaches remain a major concern. According to the Identity Theft Resource Center, at least 781 breaches took place in the U.S. in 2015, the second-worst year since the nonprofit organization started keeping records in 2005.

Just as Flores did, fraudsters can use stolen information from such breaches to take control of existing accounts. On the other hand, they may use that data to create new banking or credit card accounts. According to Javelin, new account fraud using stolen or synthetic identities has become increasingly common with a 113 percent increase over the course of 2015. This in part because of new security methods like the EMV chips in credit and debit cards.

The shift to EMV standards and chips make cards is making it harder for fraudsters to inflict losses at points of sale, who are now turning online to commit fraud such as account takeovers or create fake new accounts. Based on the results in other countries that have adopted the standard, card-not-present fraud looks like it will be an increasing problem in the years to come.

Meanwhile, CNBC reported that overall credit card fraud is anticipated to reach record levels in 2016. That’s in part because many retailers are still making the switch to EMV, leaving vulnerabilities open to criminals.

Finding solutions

In January 2014, Judge John Antoon sentenced Flores to 42 months in prison for aggravated identity theft and credit card fraud. He was also ordered to forfeit the electronics used in the crimes and pay financial restitution. Green received three years of probation. While the offenders were caught and convicted in this case, criminal fraud is not going away any time soon. Organized fraud is an industry of its own with dedicated hackers working to steal identities in bulk and then either sell or use the identities themselves to steal money and/or even assume the identities of their targets.

Fortunately, financial institutions today have access to state-of-the-art tools such as Feedzai to stop such fraud from taking place. Feedzai relies on artificially intelligent machine learning to detect fraud across multiple channels and devices in real-time. In this situation, Feedzai would already have granularly profiled Kim’s account activity and detected a phone call from a non-usual phone number. Additionally Feedzai’s capability to query external identity data would have led to a real-time red flag for the attempted change in her social security number. In a nutshell, Flores would have been blocked from taking this action in real-time.

As opposed to other technologies that would have hard coded rules for hundreds of data fields, Feedzai uses machine learning to automatically profile and detect any changes without needing to rely on time-consuming and often incomprehensive manual rule-sets. In addition, Feedzai’s results are not a black box, as is the case with other solutions utilizing machine learning. Fraud analysts will easily be able to use Feedzai’s whitebox scores to see that it is the change in the social security number that it the biggest contributing factor to a fraud alert.

At Feedzai we are constantly on the state-of-the-art of innovating new technologies for this brave new world of commerce. Contact us to learn more about how we can help you.