SAN FRANCISCO - Financial companies have invested heavily in software to spot, and stop, online fraud, but some say they have found it can be hard to get law enforcement agencies to pursue the cases.
Banking executives say the problem appears to be related to differences in both priorities - with law enforcement officials sometimes reluctant to investigate incidents they may consider minor - and methods, because some investigators may be uncomfortable evaluating data gleaned from a highly automated banking system.
With online fraud a large, and growing, problem, financial services executives say they are becoming concerned about the lack of cooperation between the industry and law enforcement agencies.
"The relative ineffectiveness of law enforcement in dealing with fraud has become a critical issue," said Ted Crooks, the vice president for global fraud solutions for Fair Isaac Corp. of San Diego.
Dave Cullinane, the chief information security officer for Washington Mutual Inc., said that law enforcement agencies offered little help when phishers attacked the Seattle thrift company.
"We called our local federal agency, and their response was, 'Call me back when it's a million-dollar problem,' " he said.
Wamu was the second-most phished brand name in 2004, after eBay Inc., but Mr. Cullinane said that police officials' attitude toward specific incidents was dismissive.
"They're not going to drop a million-dollar case to come investigate your $50,000 problem," he said Monday in a keynote speech at the third annual Identity Theft and Fraud Symposium in San Francisco, hosted by American Banker's parent SourceMedia Inc.
Police officers and bankers have very different approaches to security, Mr. Crooks said. "Law enforcement, by its nature, is a business of one-case-at-a-time," usually with "a big, thick file folder," he said, and humans - not computers - investigate cases and make decisions about which to pursue.
The opposite is true of banks, where investigations are often sparked by observations made by software, he said. The difference is so stark that establishing a meaningful connection between the two camps is like trying to plug a dictionary into a video game - "the Nintendo and the unabridged dictionary can't talk."
There is "a fundamental mismatch between the financial world and the world of law enforcement," he said, but "we believe it's possible to overcome that mismatch."
Mike Urban, the technology operations director for Fair Isaac, said, "few law enforcement people have a financial background outside money laundering."
Though many are willing to be trained, they may not be eager to admit they need such training, he said. "Generally, they're not going to say, 'Oh, I don't know that.' "
Mr. Crooks said that law enforcement officials are often more receptive when bankers can link several incidents of fraud and show they are a larger scheme.
Though agencies typically do not have a minimum price tag for a case that will merit attention, banks should act as if they do, he said. "Give them something concrete, enough level of detail that a little shoe leather will yield something," and investigators will act.
Eric Zahren, a spokesman for the Secret Service, said that law enforcement agencies must often be selective in deciding which fraud cases to pursue. "There is a lot of cybercrime out there, and resources may be limited," he said.
He agreed that finding connections between separate incidents and demonstrating that they may be separate elements of a single crime is a good way for banks to catch the attention of investigators.
Mr. Zahren said that his agency has established 24 Electronic Crime Task Forces around the country. One of the important goals of these groups is educating participants, which could make investigators more adept at sifting through electronic data gathered by banks.
However, he stressed that such skills are not a replacement for traditional police work. "The combination of technical expertise and traditional leg work" is the best approach to fighting fraudsters, he said.
Lee Carter, the president of online banking for Zions Bank, said that online fraud has prompted financial institutions to work together against a common foe. "This is not a competition. This can't be the place that we choose to compete."
Mr. Cullinane said that collaborating with veteran phishing targets such as Citigroup Inc. and JPMorgan Chase & Co. provided Wamu with invaluable advice when it had to fend off the rash of attacks. If law enforcement agencies cannot provide immediate help to companies fighting fraud, "we have to be able to prosecute it successfully ourselves."
