How did the fraudsters commit the crime?
JP Morgan requested details of Frank’s 4.265 million customer accounts as part of its due diligence. It insisted that the inquiry was critical to their due diligence process. Frank’s executives were hesitant to share the data claiming privacy concerns. JP Morgan agreed to use a third-party data management vendor to validate the list of customer accounts rather than receive and examine the original data directly from Frank.
Javice and Amar are alleged to have had a fictitious customer list created containing four million accounts. This list was provided to the third-party acting on JP Morgan’s behalf. The list included fake names, addresses, birthdays, and other personal information. The customer list was never provided directly to JP Morgan. The third-party provided a validation report to both JP Morgan and Frank and then deleted the data at the latter’s request.
At the same time, Frank purchased a list of 4.5 million student names from a marketing company. This list was used and provided to JP Morgan after the acquisition closed. Importantly, this list contained email addresses for only one-half of the individuals itemized therein. Frank then engaged a data technology company to identify potential emails for incomplete individual data, which were then included in the list provided to JP Morgan.