A Happy New Year to you from CustomerXPs!
Our 'Newsletter on Financial Fraud' is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space.
In this issue, we brings to light the effect of banking fraud creeping in and making banks lose millions to this plauging menace.
The US government says 1 out of every 14 Americans age 16 or older was a target or a victim of identity theft, a crime imposing a heavy emotional toll on many of its victims.
According to a national household survey of 70,000 people issued by the Bureau of Justice Statistics, identity theft resulted in $24.7 billion in financial losses last year. The crime affected 16.6 million people and fell most heavily on households with annual incomes of $75,000 or more. In that income bracket, 10 percent of such households were victimized.
The survey counted both attempted and successful incidents of identity theft.
Two-thirds of identity theft victims experienced financial losses, which averaged $1,769.
For many victims, the size of the loss was eclipsed by concerns that someone had stolen their identity and that it might take weeks or months to repair the damage.
Among victims who spent six months or more resolving financial and credit problems stemming from identity theft, 47 per cent experienced severe emotional distress, compared with 4 per cent who spent a day or less resolving problems.
Victims experienced a wide range of issues having to do with credit, banking, debt collectors, even cutoffs in utility service. In general, victims whose personal information, such as a Social Security number, was misused were more likely to experience financial, legal or other difficulties, according to the bureau.
Ten per cent of victims spent more than a month clearing up associated problems. A majority spent a day or less. Victims whose personal information was used to open a new account or for other fraudulent purposes spent an average of about 30 hours resolving problems. Victims of existing credit card account misuse spent an average of three hours resolving problems.
The full extent of identity theft is unknown because often, a bank will reimburse the victim for any losses, and the crime is never reported to the police, said Chuck Wexler, executive director of the Police Executive Research Forum, whose members include the heads of large and smaller police departments.
According to the report, 1 in 10 identity theft victims reported the incident to police, while 9 in 10 victims contacted a credit card company or bank to report misuse or attempted misuse of an account or personal information.
"What we're seeing here is the exponential growth of information technology, and with that comes the ability to be hacked," said Jim Bueermann, president of the Police Foundation, a research organization.
Bueermann said that "at one point in the past, people lived in places where they didn't lock their doors."
"Over time, they started to lock them," he said. "We'll come to the same place in our digital life, hopefully sooner."
Less than 10 per cent of victims bought identity theft protection or used an identity theft security program on their computer after being victimized, according to the survey. Of people interviewed in the survey, 85 per cent took one or more preventative actions such as changing passwords on financial accounts or examining bank or credit statements.
Theft involving existing credit cards and bank accounts made up for the vast majority of the 16.6 million victims.
Some 7.7 million victims reported the fraudulent use of a credit card, and 7.5 million reported the fraudulent use of a bank account such as a debit card, checking account or savings.
Amid revelations that Kenya could lose up to US$23 million this year through cybercrime, the Kenyan government has announced its support for the ratification of the African Union (AU) convention on the establishment of a credible legal framework for cybersecurity in Africa.
According to cybercrime statistics released by Fred Matiangi, the Kenyan cabinet secretary for information and communication technology (ICT), the banking industry is the most affected by cybercrime.
As more Africans use the Internet for their banking needs, the number of fraudsters eyeing online financial transactions has also multiplied. The Kenyan government statistics indicate that on a daily basis, close to 1,000 Kenyans fall victim to Internet fraud.
Meanwhile, Africa's heads of state are expected to meet in January next year to discuss the ratification of the AU convention on the establishment of a legal framework for cybersecurity in the region. The AU convention on the establishment of the legal framework seeks to harmonize African legislation related to e-commerce, personal data protection and cybercrime control.
Two months ago, the Kenyan government announced it would assign each person using the Internet a virtual identity in a bid to curb the rising tide of cybercrime. Through the Kenya ICT Board, the government said it would soon establish a public key infrastructure, which will allocate virtual identities to Internet users.
The publicity surrounding the region's cybercrime is raising fears that Africa may face a slowdown in international investment in the telecom as well as the financial sectors. In Southern Africa, Zambia, Zimbabwe and South Africa have in particular been experiencing an increase in mobile and Internet banking fraud, resulting in millions of dollars in losses.
A number of local and international banks in Zambia and South Africa have reported phishing attacks on their Internet banking systems, and in some cases they have been forced to temporarily close branches to protect customers' money.
Officials in these countries have been warning banks that they should not compromise on security in light of the increased risks.
In East Africa, Kenya has been hit the hardest while in West Africa, Nigeria and Ghana have suffered the most attacks.
Africa is experiencing an explosion of mobile money services as banks and mobile service providers compete for customers who would otherwise not have a bank account. This has increased phishing activities on unsuspecting customers, in an effort to lure them to fake sites.
Banks in the region are encouraged by the growing mobile customer base to launch innovative payment options to reach millions of the so-called "unbanked." But that is putting citizens more at risk of cybercrime. In South Africa, there are more than 13 million unbanked people while in Zambia, 60 percent of the population is currently unbanked.
The problem has further been compounded by the fact that very few banks in the region that provide Internet banking services are also able to offer security software to curb cybersecurity attacks.
"The AU convention will help move faster the harmonization of cyberlaws and give authority to countries to arrest and prosecute cybercriminals regardless of where the offense was committed. This will help in the fight against cybercrime," said Edith Mwale, telecom analyst at Africa Center for ICT Development.
Cybercrime in the region is said to have increased following the lowering of bandwidth and connectivity costs as mobile service providers and international cables compete for customers. Over the past few years, African has been trying to harmonize cyberlaws to deal with cross-border criminals by allowing member countries to prosecute criminals wherever a crime is committed in the region. However, progress has been slow in several countries.
A large proportion of people in the UAE still don’t feel quite at ease when using the internet to bank or purchase products, because they worry about fraud risks, a new study has found.
In a Consumer Security Risks survey conducted last summer by B2B International and Kaspersky Lab, 55 per cent of users said they are concerned about online banking fraud.
Nearly half (48 per cent) of the respondents feel vulnerable when making financial transactions or buying stuff online, while nearly 7 out of 10 (69 per cent) have experienced a financial threat.
Online banking and shopping are a growing trend in the UAE and the rest of the region, thanks in part to the flourishing of smartphones and tablets.
According to Euromonitor data, active mobile phone subscriptions in the UAE already exceeded 11 million as of 2011, while the number of internet users in the Middle East reached 70 million.
While consumers are increasingly inclined to go about their business on their desktop or mobile device, cyber security still worries a lot of people because reports of accounts being hacked, credit card fraud and leaking of passwords from trusted online sites continue to surface.
At a time when e-frauds and online scams are dime a dozen, this has to be a new one. A Mumbai businessman lost Rs 63 lakh after a nationalised bank transferred the funds on emailed requests from a fraudster who had hijacked the customer's ID and claimed he couldn't speak to the bank personally as he had a "sore throat".
Disregarding standard practice-the bank initiated several transactions, including liquidating the businessman's fixed deposits, on the basis of these emails without specific instructions to do so. Shockingly, even as the correspondence went on for almost a month, the bank failed to verify the credentials of the account holder through other means of communication.
Santacruz resident Chander (second name withheld on request), who has business interests abroad, holds a NRE or non-resident (external) rupee account with a city branch of the nationalized bank. He also holds some fixed deposits jointly with his wife.
Chander came to know about the fraud when he visited the branch on December 13. During his interaction with the bank, he learned that the bank had transferred about 60,000 pounds (approximately Rs 63 lakh at the time of transactions) in two tranches abroad at the behest of instructions the bank claimed to have received from his registered email ID.
"The fraudster said he had a sore throat and hence could not speak. The fraudster claimed to be in London for treatment and requested the bank to transfer $40,000 to Chander's account in a private bank there,'' said Chander's lawyer Prashant Mali, who is also a cyber-law and -security expert.
Based on this instruction, the bank liquidated some fixed deposits and transferred the money in dollars to its London branch for crediting into the fake account mentioned in the email. "The money was remitted back to the Santacruz branch since the transfer could be carried out only in British pounds,'' Mali said.
The bank then converted the $40,000 to approximately 30,000 pounds and transferred it to the London account on November 21, Chander's complaint said.
The fraudster sent a mail again, saying he had not received the money yet and had taken a loan to meet the treatment expenses. He offered to trace the funds sent and also requested the bank if it could send the money again to the account of his company, Nicky Ventures, maintained in a private bank in London, said the lawyer.
Bank officials did so five days later. Moreover, in one of the mails, the bank provided details of the fixed deposits and the maturity dates to the fraudster though it had not been sought, he added.
Courtesy: The Times of India
Archive Section[-]  2018