The transcript of part two of Frank Abagnale on the Scaling New Heights podcast is included below. You can listen to the podcast by clicking http://scalingnewheights.libsyn.com/episode-02-frank-abagnale-part-2.
You can listen to Part 1 of the 2 part series by clicking HERE.
You will find the entire library of podcast by clicking HERE
Thank you for tuning into this episode of the Scaling New Heights Podcast. This is part two of a conversation with our special guest Frank Abagnale. Frank Abagnale is a world renowned fraud expert portrayed by Leonardo DiCaprio in the movie “Catch Me If You Can.”
In this two-part interview, Frank brings his decades of experience working with the FBI and numerous companies, including Intuit, into a conversation focused on how accountants can help their clients detect and prevent fraud and embezzlement. If you have not yet listened to the first part of this two-part interview, we strongly encourage you to do so. The first part of our conversation with Frank is available on our website at Woodard.com/media. You can also access that episode and all available episodes of this podcast on the iTunes platform. So, let's get right into part two of our conversation with Frank Abagnale.
Joe: Now you spent some time working with Intuit, you mentioned them earlier, and you designed what many believe in the space to be the most secure checks anywhere in the world. Obviously, I'm sure they have the chemical that protects from the toner lifting.
Frank: Absolutely:
Joe: Can you tell me a little bit more about what you did in the design of those checks to protect small businesses?
Frank: Intuit has what’s called the QuickBooks Secure Premier Check. They literally have 27 security features in them to prevent counterfeiting and forgery. I worked with Intuit, and still do today, for the last five years, in not only designing this highly secure check, but designing how the order procedures work for it, how we verify the company is who the company is, and that the checks are being shipped to the correct place, that they are being stored in a very secure environment, and the way they are delivered and dispersed. Because you can have all the security in the world in the check, but if anybody can just simply order them and get them then it's not going to be a very secure document. And you know I have designed ADP’s check for the last 20 years, I've designed Paychex. These are the two largest payroll providers in the world; I've designed thousands of other checks, but I've designed those two big checks that are used more than 800 million times a year by those companies.
So when Intuit came to me they said, “Look we want to go way beyond that. We want to design the most secure check that can ever be designed and then we want you to keep it secure. If there's something new that comes up or you see a new threat, we want to know about it and we want to fix it.” They have 4.5 million customers who use QuickBooks, so I want to make sure that their customers have a very secure check. Everything you can think about, I thought about in designing that check. It has all types of security features built into it to keep it from being altered, chemically altered, or someone making copies of it. They have different levels of the check so you can get the check with a hologram. You can get the check in many variations of colors.
And most importantly, they said to me a couple years ago, “Can we design a personal check? Because if you're a landscaper and you're going to the nursery and you're a small business and you're going to buy bunch of things for a job you have, you're not going to bring out a big check with a laser printer or bring out a big checkbook and carry it around in the back of your truck. Can we have a wallet-sized check that that landscaper can write that will have all the exact same security features of the big check that you would you use for writing payroll or corporate accounts payable?” And so we designed that. You can either have a personal check just for your personal account, because you might have a money market account or a private banking account where you keep a large sum of money in that account, and you want to have all the security in the check. Or, it may just be a small business who has to go out and purchase things on the road and they don't want to carry around a big checkbook; they want to just have a personal check but they want that check to be very secure. They've thought about everything. They're very proactive about this. They stay on top of it; if they perceive a threat or they think there's something new out there, they go back to the drawing board.
Now the reason this works, and I always like to explain this to people. If you went to a check printer and said print this check for me with all these features, it would cost you about a dollar to two dollars a check. So it's cost prohibitive. You couldn't do it. The reason it works is that Intuit is printing millions and millions of these checks. The volume gives them the ability to print them at a very low reduced discount so that they're able to then turn around and print these in mass production with all of these features and technology in them. Then, when you call up and say, “Look, I just need 200 checks, three to a page, in a checkbook,” they pull those off out of the vault, they load them into the press, they print your logo up in the corner in color, they print all your account information and they can ship the check to you within ten days. It gives them the ability, whether you're ordering 100 checks or you're ordering 100,000 checks, to be able to turn the order around. I would encourage anybody no matter how small your business is, or even if you just want a very secured personal check for your personal use, to look at those checks, because a lot of thought has gone into them and we stay right on top of it to make sure they're always safe.
Joe: We use those at Woodard. We the 27-point security checks and I’ve noticed several things. It has a thermal thumbprint, so you can rub it with your finger and it changes the actual way the check appears.
Frank: This gives the teller or the check cashing store the ability to be able to authenticate the document without a machine-use technology. So all they have to do is press their thumb on it and that will disappear; lift their thumb off, it comes right back and authenticates that it’s the real document. If you make a copy of it, obviously you can’t see that it will disappear so it won't be on the copy. This is the same technology that we put on car titles and birth certificates so states can verify that it’s the other state’s car title. It’s just a great, simple verification technology.
We also put a warning band on the check to warn people to make sure they check to make sure these technologies are on the check and they're visible, the ones that are visible. So you have moved liability to the person who's taking the check and saying to the check casher, “Well, I warned you in this warning band not to take the check. You ignored what I said, didn't look at the features to check it.”
So, there's a lot of things we've thought through. Of all the checks I've designed during my 40-year career, it is the most secure check today on the market. And to be honest with you, it is probably cheaper than most checks that small businesses are using.
Joe: Not much more than the standard checks you can get.
Frank: Exactly.
Joe: Before we leave bank accounts, because I know that's a big area of vulnerability, I just want to get your thoughts on debit cards. You're not a big fan. Can you tell us why?
Frank: Well, debit cards. This is my thing; I've never owned a debit card and I've never allowed my children to have a debit card. I found a long time ago that the safest form of payment that exists on the face of the earth is a credit card – Visa, MasterCard, American Express Card. Every day of my life I spend their money. I don't spend my money. My money sits in that money market account or that savings account you're talking about. No one knows the account’s there. No one can get in the account. Every day, I use the card as my payment. So, if I go to the dry cleaner, I swipe the card. I go to the grocery store, I swipe the card; I put fuel in my boat, I swipe the card; I pay for the slip my boat is in, they use my card. I get on the plane and travel, the hotel, the airline, I use my card. Now, I will do everything in my power to make sure nobody gets my number, but if they do and tomorrow they charge one million dollars on my credit card, by federal law, my liability is zero. I have no liability. When I use a debit card, every time I use the debit card, I am allowing someone access to my bank account and my money. Now, when I use a debit card, I do nothing for my credit. I could use that debit card for the next 25 years and it's not going to raise my credit score but half of a point. But when I use a credit card and I pay the bill every month or I pay part of the bill that's due, my credit score goes up.
So I always recommend a credit card as being the safest form of payment. It's really a very simple concept. If tomorrow you got a bill and there were four airline tickets on there for $8,000 and it was your credit card, you'd pick up the phone and call the credit card and say, “Look, I didn't order these tickets, I didn't buy these tickets, I don't know anything about these tickets.” And their response would be, “Just put a line through that, deduct the $8,000 from the balance owed. If we need to send you an affidavit, we will.” END OF STORY. If it's $8,000 out of your bank account, you're saying to the bank, “I never bought these tickets. I need you to put the $8,000 back into my account.” And of course, the bank’s response is, “I have to investigate that. I have to look into it.” It could take thirty days, sixty days. So it just makes common sense that to use a credit card is a much wiser thing to do and that's what I personally do. I've never had any issues; I don't worry about doing that.
Now, this is the question I get from some people, “Well, let me ask you how do you get money.” Well, there's two ways. I go to the ATM and I use my credit card. If it’s my bank, they don't charge me any money. If it's not my bank, they charge me a three-dollar fee, but I know I’m going to make that fee back down the road on points they're going to give me for travel or airline tickets or restaurants or whatever. If that bothered you and you have a debit card, then I say take that debit, put a $1,000 in that account and then when you need cash, just use the debit card. You're not exposing more than a thousand dollars. When you get low, just put some more money in that account if you want to use a debit card to get cash out of the machine. But I highly recommend the use of a credit card over a debit card
And one other thing I would point out to you is that I have three sons. When they went off to college, I told them I wasn't giving them a debit card. I said, “I've actually applied for a credit card in your name. It's your card, but because you have no credit, you're only eighteen years old, I guaranteed the card. Because I guaranteed the card, the bill comes to me, I'm responsible for the bill and I set the limit. I do this for two reasons. One, I want to see how you're spending money while you're away at school. If you're spending a lot of time in a bar and I get the bill, I'm going to know that. Two, every month that I pay the bill, it goes on your credit. By the time you get out of college, you should have a credit score about 800. You want to buy a car, buy a house, buy a condo, start your life, you don't need me to co-sign a note for you.”
Unfortunately, there are a lot of young people go up to college for four years. They use only their debit card. They get out, they go to rent an apartment, and the landlord says, “Son, you have no credit. You don't even have a credit file with the credit bureau. I'm going to need your parents to co-sign the lease in order for me to rent you the apartment.” One of the best things you can do is teach your children to use credit wisely and give them the opportunity to build their credit while they're away at school.
Joe: That’s all fantastic. So, we’re going to stay away from debit cards and we're going to use very secure checks. Now I want to turn a little bit to the office equipment side. Again, when we were talking on the stage of Scaling New Heights 2015, you mentioned the best way to dispose of hard drives or printers that have hard drives in them, and you mentioned the risks of copying sensitive information using publicly accessible copiers, like at grocery stores and places like that. Can you elaborate a little bit on why those activities are risky?
Frank: Yes, because since 2002, digital copiers have a hard drive in them. So everything you copy is stored on to that hard drive. Unfortunately, most small businesses don't know that. So either, one, they have a lease program with one of the companies – Canon, Xerox, Ikon, whoever it is - and in that lease program they service the machine. After you get to so many copies, they'll come and replace the machine and bring in a new machine. If you don't remove the hard drive, they're just going to take that machine back, they're going to restore it, and then they're going to resell it to a wholesaler. The criminal knows that if they buy these used copiers, in most cases they can pull the hard drive out of them and they can then download everything you ever copied on that machine - mortgage applications, driver’s licenses, marriage applications, and passports, you name it.
There’s a great piece, if anyone doubts that for a moment, all you have to do is go to YouTube and look up “CBS Evening News digital copiers”, because they did a great piece on that where they actually sent in some reporters undercover to buy some digital copiers that were used from a wholesaler. They brought them back to CBS studio and they had opened them up, took out the hard drive. The first one belonged to the Boston Police sex crimes unit. The second one belonged to the California Department of Motor Vehicles, and the third one belonged to a large insurance provider in the northeast.
So it is important that you remove the hard drive. Now, you can have them encrypted, but they normally charge you about $500. If you say to the company you're buying the copier from that you want to encrypt the hard drive, they usually charge you $500 to do so. A lot of people don't want to pay that, but then they forget to remove the hard drive when they get rid of the copier or if it breaks down and they're going to throw it away. They need to remove the hard drive from it.
Now I’ll be very honest with you, I personally just put all my hard drives into a safe, because I've yet to find a real way, a good way, to actually destroy them completely. So, I basically just store them away unless somebody has an absolutely 100% way of totally destroying that hard drive. But again, it's important that you remove them from those devices before you get rid of them; otherwise, all you have to do is put a cable on it, plug it into your PC and then download everything you copied. And I would recommend, I think that CBS piece is maybe six minutes long, but I highly recommend small businesses look at that.
Joe: OK. Great information there. Thank you.
You know what I see on television shows all the time, and you know that's a very reliable source of information - fictional television shows, but you know that hackers and people who are trying to run from the FBI, they'll put their hard drives in the microwave and turn on the microwaves. Does that destroy the information?
Frank: No. It is retrievable. It's kind of like people who say, “I use a shredder.” If you use a straight shredder, the FBI lab can put those back in fifteen minutes. If you use a regular diamond cut shredder, they can put those back together. The only type of shredder that you can use is a micro cut shredder; it is the only shredder that we don't have the technology to put that back, because it cuts the paper to the size of a piece of rice. It's the same thing with hard drive; the technology is there to put those back.
I always believe that if the FBI has that technology or the government, so does the criminal. You know we're dealing with criminal gangs in Russia that bring in about 20 billion dollars a year in income. That's more than a lot of companies in the United States do. When you have those kind of resources, there’s not a lot you can’t do.
Joe: All right, so we talked about some embezzlement activities and some kind of scams that people can run. You've got an interesting story of a scam involving e-mails between the CEO and CFO of a company. Tell us about that one.
Frank: This is new. And in the last twelve months, everywhere I go, at least four or five people come up and tell me they've been a victim of this. Of course, I mainly speak business to business and I don't do a lot with consumers; most of my work is on tour for a bank. For example, this year I’m touring for BMO Harris Bank. When I go out and their corporate customers come up to speak to me after the presentation, the biggest thing that they tell me is they’ve been having problems. Because what happens is they get an e-mail, the CFO gets an e-mail from the CEO and sometimes it’s very explicit. “Enjoyed lunch this afternoon. Glad that Carol your wife is doing great. By the way, I forgot to tell you I need you to wire $38,000 to this charity.” And then the CFO goes and wires the money. Later, the CEO says, “I never sent you that e-mail.”
I had one CEO tell me that his CFO said he got an e-mail from him saying, “I'm leaving the building now, but I forgot to mention that I need you to wire these funds.” The CFO looked out the window and sure enough the CEO is getting in his car in the parking lot and he went ahead and wired the money. This is a very well-known scam that's going on right now. Many big corporations are very much aware of it, so they're having to verify; the CFO is having to check back with the CEO and say, “Did you send me this e-mail to do this?” That started a few years earlier with the same thing was happening with companies like me wiring my banker and telling my banker to send funds when in reality I didn't send that email to my banker. So it's getting where you almost have to verify everything. But certainly, if I had a company and I had a CFO, I'd say, “Any requests you receive from me to wire a certain amount of money, you need to get back to me to verify that I sent you that email.”
Joe: Well, I’ll tell you the banks that have the double verification through your cellphone passcode, that's a great preventer for that. Now my company is not huge, so I'm the only person with wiring authority, but if I gave somebody else wiring authority, it would send a code request or a code to my cellphone, and only my cellphone, and I would have to then relay that back over to the person trying to initiate the wire. So, if your bank supports that, it could help.
Frank: Yeah, and there is a very brand new technology, it's called Trusona and you can just go to Trusona.com and there's a two-minute video demo on there that shows how it works. This is the only authentication system that's insured by an A+ insurance company. You don't have to do anything, as long as you are doing the transaction on a device, whether it be your PC or your iPhone or whatever it is, and you're using the token that is provided by Trusona, each transaction is guaranteed up to a million dollars. That's a new technology. It's the only technology in the world that's ever actually been insured, each transaction is insured. So, if you want to 100% make sure that it's the other person on the other end of the phone that's wiring or requesting that information, that's a great new technology. And we'll probably see more things like that come up.
And one other thing I'd mention, Joe, is that today we do have Positive Pay and we have ACH Positive Pay, which works the same way. I remind the small business - go to your bank and you ask to be on Positive Pay. All that means is that when you send or write a check, you download, through a simple software, the checks that you've written to the bank, giving them the check number, the dollar amount, and who the check was made out to, which again is done automatically because you're printing out the check as you type it. That information is sent to your bank, it's stored, and when that check comes into your bank to be paid, it's matched against the data you sent them. So, they're matching the check number, they're matching the dollar amount you said, and they're matching who you made the check out to. If none of that matches, they’re not going to pay the check. And so Positive Pay, and there's ACH Positive Pay that works basically the same way, is a really very good proven method that's been around for 20 years of stopping check forgery, counterfeit checks, and altered checks as well. I always recommend to companies, no matter how big or how small they are, to be on Positive Pay with their bank. When you're on Positive Pay you are automatically on daily reconciliation, whether your Delta Airlines or your just Frank's Barber Shop. If you're on Positive Pay, you're on daily reconciliation - so you're reconciling every 24 hours of every day and to me that in itself is worth being on Positive Pay. But it's certainly something worth looking into. Just ask your bank, usually through your Cash Management or Treasury Services of your bank, about Positive Pay.
Joe: So, just call the bank and they'll tell you all about that and to learn more about Trusona, go to Trusona.com. And I understand that you are helping to design Trusona, so it's got a lot of your intellectual capital.
Frank: Yes. And I normally don't hype things that I design, but I helped the same company design what was called the 41st Parameter. That was a fraud detection technology. We took ten years to design it. I was very involved with that company in designing that technology. We sold that technology to Experian for 345 million dollars and Experian has taken that technology now to 80 countries around the world. Most of all the banks around the world, most all the major airlines, retailers, Amazon on down use that technology.
So, we have started this new design of technology called Trusona, which I think will be even much bigger than the 41st Parameter. But this is not made for the population, it's made for a very small percentage of the population. It's for that CFO who's wiring the large sums of money or people who are sending data. You work at a nuclear power plant and you have to get into your computer from home to identify that 100% you are the person on the other end. And what I like about the website is there's a little demo on there, so you can just play the demo, I think it's about a minute and a half, and it shows exactly how it works.
Joe: That’s fantastic. I just want to cap off here by citing a study that was recently done by Bill.com. And in that study, a staggeringly low number of accounting professionals or bookkeepers, specifically that were surveyed, only 30% said they were concerned about the possibility of payment fraud for their clients.;. and a staggering 51% disagree and 20% strongly disagree. I have to believe that after listening to this interview, those perspectives are going to change.
Frank: Not only that, but I would have to say, Joe, in the 40 years of doing this, if you're an accountant today and you don't believe that fraud is a problem, then you have a very serious problem yourself and you are not providing your client very good protection. We're reaching almost a trillion dollars a year now in fraud in the United States, just fraud. Fraud has gotten way, way out of hand. We don't have the manpower or the law enforcement to handle all the fraud that goes on. So to say that fraud is not a problem, that losing money from fraud is not an issue, that would just be an absurd statement. If I was an accountant, I would be very, very, very concerned about fraud.
But also, everything I do to protect my client is just a value add. So if I can keep my clients safe and protect my client by giving them simple tips or telling them we're going to use these checks when we pay your bills so that you don't have your name ruined or you have your account attacked. Whatever I do, all of that is a value add. That’s what makes me a better accountant than the accountant down the street - that I put my clients' concerns first and every day all I think about is how do I protect my client, how do I do a good job for them and make sure they're safe. That's the accountant I want to have and that's the accountant you want to be.
Joe: Absolutely. And if I want to be more knowledgeable about fraud and I want to help my client, you have some online resources that are available for free. Can you tell the listeners where they can go to get them?
Frank: Just go to my website. Obviously, I sell no products, I provide no service, it is strictly my website. It's Abagnale.com. When you get to the home page, there is a button marked publications. Everything I write, I put up on my website. So if you're interested in embezzlement, you just click on that. If you're interested in identity theft, you click on that. If you have a client who has a small retail store and they're concerned about getting counterfeit money, you can click on counterfeit money - it will teach them how to spot a counterfeit $100 bill, $50 bill, $20 bill, how to spot a counterfeit credit card.
Every year, I publish a 20-page, four-color booklet called “The Fraud Bulletin”. I put it up on my website under publications and it will recap all these things we've talked about today, but puts everything down, all the security features we discussed, everything is in there about embezzlement, identity theft. You can share those with your clients. You can take that bulletin on my website, you can download it and edit it, if you like, and then send it out to your clients. We have no problem with that. That's why it's there, for information. It's very generic, but it has great information in it. If you want to take it and edit a little bit and say, “Well, I don't want this page, or I want to delete this piece of information, I want to add this piece of information,” you can do that and you can send it out. If you want to know what kind of ethical thing you should have for your clients, their code of ethics, I have designed a code of ethics. I put it up on there, you can download it and all you have to do is fill in the company name. Again, you can modify it in any way you would like, alter it in any way you like. But again you have it available to give your client if they're looking to have a code of ethics to share with their employees, because a code of ethics goes a long way to keeping your employees honest.
Finally, when it comes to cybercrime, every interview I do in relation to cybercrime, whether it be with Fortune Magazine or Popular Science, whoever it is, Wired U.K., I basically do that as a Q&A. So if you go to Articles with Frank Abagnale or Interviews with Frank Abagnale on my website, you will see them asking me questions and then how I responded to that question. These would be the same questions your client might be asking you in relation to cyber fraud and you would have the answers there by just simply reading through those.
Joe: OK, that is a lot of information. And folks, just to say that website again, it is Abagnale.com and you can get all the information and the resources that Frank just described to you at that site. It is very generous of you, Frank, that you share that information with us so we can share with our clients. It's part of your ongoing battle, your lifelong battle, against fraud, embezzlement and theft. And we are glad you're out there holding that line.
Frank: Thank you, Joe.
Joe: Thank you so much for being with us today. Fantastic conversation.
Again, if you want to learn more about anything that Frank discussed during the interview today, there are resources available at Abagnale.com, where you can drill down. It’s been great having you, Frank. Always a pleasure. And we hope to have you on a future podcast at some point.
Frank: Thank you again, Joe. My pleasure.
Joe: Thank you for tuning into today's podcast and our conversation with Frank Abagnale.
For more information about today's episode, to explore other episodes in this podcast series, or to learn more about our annual conference, visit Woodard.com. As always, we encourage you to stay tuned in, stay connected, never stop learning and Scale New Heights.