Tackling Fraud in Mobile Banking
CGAP recently surveyed 11 mobile operators to help them better understand how they can ensure that their mobile banking services are not used for money laundering or terrorism financing as well as preventing incidents of fraud against the company. The operators we surveyed had between one and 15 full time staff dedicated to monitoring and investigating suspicious or unusual transactions on their platform.
CGAP has long argued for a “proportionate” approach to regulation in branchless banking. When the requirements that are placed on a customer for opening an account or making transactions are too cumbersome, customers will continue to use informal, unregulated services to meet their needs. Reducing the barriers to having an account can therefore contribute to both financial inclusion and financial integrity objectives.
An example of this is seen in an increasing number of countries that allow a new class of account where account opening requirements are relaxed, but limits are applied to the balance and the number and size of transactions permitted. Many mobile operators make use of these regulations to offer mobile wallets. Mobile financial service providers are required to report any transaction that they think might be related to money laundering or the financing of terrorism to the authorities in their country.
But what do these “suspicious” transactions look like and how can they be spotted? While the risks of money laundering might be correlated with transaction size, this might not be the case for terrorism financing.
1. One way to spot suspicious transactions is to build a profile of each customer and look for activity that is outside of the expected range of transaction activity. For example, a customer who has declared that they are unemployed when they opened their account, but who starts to deposit large amounts of money into their account might be deemed to be worthy of further investigation. But the very low limits on accounts in some countries prevent these large transactions that might be considered “suspicious”.
Perhaps the most useful piece of information that can be used by a mobile financial services provider to build a profile is the customer’s employment status or sources of income. This information alone can allow them to categorize the customer under one of several different profile types around which they can build a model of the range of transactions they would expect to see. Income data can also be useful if the mobile financial services provider wants to offer more complex products, such as credit.
2. Most mobile financial service providers use techniques that have been employed by banks such as protecting accounts with personal identification numbers to prevent fraudulent use. All of the mobile operators that we spoke to also provide updates via SMS anytime an account is used which could make fraudulent activity more quickly detectable.
Nearly all of the mobile financial service providers that we interviewed had been able to spot some types of unusual activity on their systems, usually related to fraud by either customers or agents. It is inevitable that attempts will be made to use branchless banking systems for criminal activity in the future. Mobile operators will need to continue to innovate to find new ways of detecting this activity – to build trust in their systems among both customers and regulators that they present no more risk than traditional banking services. This will ensure that providers can continue to offer services to the majority of users who have legitimate uses for mobile banking services.
- Chris Bold
Comments
This is a very informative
This is a very informative article. It is highly essential for stakeholders, especially in a Country like Nigeria, where Mobile Money is about to be introduced, to be aware of the risk of Fraud and ensure that systems are put in place to prevent these risks. The Mobile Payment Agency Cooperative (MPAC), here in Nigeria have been proactive in the training and creating awareness amongst its Agent Members to minimise the possibility of fraud to ensure the overall success of the new Mobile Money System in our Country.
We expect a gradual upsurge of customers for the Money Payment System and all stakeholders have to ensure that the system is reliable and not fraud prone. This would help build the confidence of the population in using this means for their financial transactions.
The regulatory authorities have put the right framework to guide players to ensure proper KYC procedures are followed and limit in the transactions that can be handled to prevent Money laundering. Some of the newly Licensed Providers also have basic technology to detect Fraudulent activity but we expect that as the society accept the mobile payment system, more needs to be done in terms of technology to forestall fraudulent practices. Providers needs to be pro-active to ensure that the trust is built by the populace
Agent Cooperative is also working to ensure that our Agents and Providers follow these procedures from the Central Bank to the latter, to ensure proper screening to prevent money laundering and fraudulent activities. Proper KYA (Know Your Agents) have also been introduced by the Cooperative to ensure that the right calibres of Agents are recruited in the Ecosystem.
Customer profiling and
Customer profiling and identity authentication are certainly the first steps towards tackling fraud, money laundering and terrorism financing in the mobile banking industry. However, mobile banking service providers can’t afford to take an insular and vertical approach with their fraud solutions. The solutions need to be spatial and underpinned with a multi-dimensional architecture that is versatile and entails minimum human intervention.
The approach to combating fraud needs to be three-fold. First, the solution should be analytics orientated so it can be integrated with the product to provide: transaction alerts based on scenarios, transaction profiling based on transaction types, and have a calibration model built in to identify normal behaviour compared to risky behaviour. Secondly, the fraud solution should be enterprise wide so it covers multiple products, channels, clients and locations; it should not be isolated to a specific need. Finally, the solution should be technology orientated with a component based design, service orientated architecture, and an open system to connect to multiple applications, without glitches for high reliability and efficiency.
On the flip side, the devices customers are using to access the data or process the payments should be secured through biometric authentication, as should the channel that is transmitting the data.
The real issue in this is
The real issue in this is trust. The receiving party is governed by regulations that they must ensure they know who the sender is… they must therefore trust that the sending organisation has established who the originator is…
The sender must be confident that they know who the receiver is and that the receiver conforms to the prevailing KYC regulations in that country.
The role of multiple sending and receiving organisations leads to the need for a common process and a common standard.
Is the industry ready for this level of collaboration or is it still too divided to give central banks and other regulators confidence?
Can I as a remittance receiver dictate the phone contract that my sender has has to have…?
Let’s look for common ground.
Chris, This is an excellent
Chris, This is an excellent discussion piece. In my view, mobile operators can learn a significant amount from the more traditional money transfer operators. Whilst there are clearly differences in that historically traditional RSPs do not hold a wallet, many of the RSPs have sophisticated AML programmes and are able, through a series of systematic checks and having the appropriate people, to identify suspicious transactions on a regular basis. It should be possible for mobile operators to apply to same techniques in an even easier way as they are starting with access to greater quality transaction and customer information. It is often that they have not, as an industry, been exposed to the issues of AML and CTF as directly as the remittance industry is.
There are a lot of synergies here and there is a need to ‘adapt the wheel rather than reinvent it’
Add new comment