Our 'Newsletter on Financial Fraud' is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space.
In this issue, we bring to light the effect of banking fraud creeping in and making banks lose millions to this plaguing menace.
Will ATM machines soon be able to identify you by your eyes?
Citigroup Inc. is testing new technology with automated-teller-machine maker Diebold Inc. that would allow customers to withdraw money with an eyeball scan or a code on a smartphone instead of a card swipe.
The new technology, set to be announced by Diebold on Monday, is the latest foray by big banks to find easier, more secure ways for consumers to access their cash than the ATM card, a staple in consumers’ wallets for decades.
Citigroup may decide not to retool its machines with this new wrinkle, and any mass rollout may be years away. Other big banks including J.P. Morgan Chase & Co. and Bank of America Corp, recently started internally testing their own cardless ATM technologies.
Citigroup’s experiment involves a new kind of cash machine that lacks a screen or touchpad. Instead, customers would first check the bank’s mobile app on their smartphone or tablet ahead of time to sign in and select how much money they want to withdraw. Then, they would approach the machine, which would quickly scan their iris to verify their identity. The machine, which connects to the mobile app, would spit out the right amount of cash.
It remains to be seen whether consumers who are generally suspicious of large financial institutions would be comfortable letting a bank scan their eyeballs regularly.
Changing thousands of ATMs’ hardware to make use of some of these features would probably be expensive and time-consuming. That means it would likely be tested extensively before any full rollout.
The new technology, by contrast, wouldn’t need a card, which means a card’s information couldn’t be skimmed by machines that are attached to ATMs. The new machines also don’t have PIN pads that thieves have spied on using tiny cameras.
Source: The Wall Street Journal
Welcome to the world of vishing, or voice phishing, a technique used to trick gullible customers to part with confidential personal banking details. Vishing uses voice calls to steal identities and financial information. Such “vishing attacks” are designed to secure financial information in a short span by instilling fear in individuals. These calls are difficult to trace because they primarily ride through the internet.
For many Indians, financial inclusion has also been an unpleasant introduction to the dark underbelly of hi-tech banking frauds. People commonly receive “phishing” mails where criminals create e-mails and web sites that closely resemble those of legitimate companies seeking individual banking information.
“There has been a significant rise in the number of these mails,” said a senior official from RBI, which has roped in the Central Bureau of Investigation’s Cyber Crime Cell to help curb the menace.
According to RBI data, banks incurred a loss of more than Rs 12,000 crore in 2014-15 on account of overall frauds, up from a loss of Rs 7,542 crore in the previous year. Between April 2011 and September 2014, banks reported 27,614 credit-card related frauds and another 3,835 debit-card related deceptions. Add to that another 1,969 cases of internet-banking related trickery, the numbers appear too big to ignore.
Bankers warn these numbers could be an underestimation as only frauds pertaining to big ticket are cases are being reported.
Kolkata’s Pallavi Gupta, received an email supposedly from the “RBI”, seeking her bank details. A confused Gupta, who had nothing to do with the RBI, did not share the data. “I have decided not to purchase anything online, I am petrified to give my details online,” she said.
Banks have been regularly sending messages to their customers, asking them not to disclose information to callers or through mail.
“We remain vigilant and are using various methods, including data analytics, to ensure a safe and secure banking environment,” Rajiv Anand, group executive and head, retail banking, Axis Bank.
Unless nipped in the bud, the growing incidence of tech-enabled banking frauds can potentially hinder the government’s plans to encourage plastic money and rein in India’s bustling parallel cash-driven economy that operates outside tax boundaries.
A cyber crime survey last year by audit firm KPMG showed more than half the respondents, or about 51%, saw themselves as easy targets for cyber attacks and 45% said cyber attacks had led to financial losses for them.
“In spite of very robust cyber security and fraud risk management tools in place in the banking sector, there has been a spate of cyber frauds,” Sandeep Dhupia, partner and head of forensic services, KPMG India, said.
Source: Hindustan Times
Fraud cases in the nation’s financial services industry grew astronomically by 183 percent as total number of reported cases increased from a total of 3,786 in 2013 to 10,612 in the last financial year.
Similarly, the amount involved in frauds increased from N21.80billion to N25.61 billion indicating a 17.5 percent increase with expected loss rising from N5.76billion in 2013 to N6.19 billion in 2014.
The Managing Director/Chief Executive Officer of Nigeria Deposit Insurance Corporation (NDIC), Alhaji Umaru Ibrahim stated these in his keynote address at the 2015 workshop for Business Editors and Finance Correspondents Association of Nigerian (FICAN) held at the Bovina View Hotel, Ilorin, Kwara State capital.
Speaking on the theme of the workshop: developments in e-banking, mobile payments system and Deposit Insurance in Nigeria, Alha. Umaru Ibrahim who was represented by Dr. Jacob Afolabi, director of research, policy and international relations of the corporation, said that the types and nature of frauds and forgeries were largely web-based on-line banking and ATM card related, fraudulent transfers and withdrawals and customers suppression of customers deposit amongst others.
He attributed the causes to weak IT infrastructure poor internal controls due to prevalence of contract clerks and tellers accounted for 64 percent of the frauds and forgeries in 2014, emphasizing the urgent need for banks to improve electronic payment controls, IT security, human capital and integrity profiling and motivation of the staff.
Ibrahim was corroborated by the Economic and Financial Crimes (EFCC) investigation of electronic transaction in Nigerian Banks a forensic auditor’s perspective shows that the cyber crimes were on the rise.
According to DCDS Ibrahim Shazali, of the bank fraud of EFCC, online transactions in Nigeria between 2012 and 2014 showed that actual loss from point of sales (PoS) increased from N5.8million to N157.6million, ATM increased fromN55million to N 2.7billion in 2014 while mobile banking losses increased from N6.6million in 2013 to N13.3 million.
Thus the total losses sustained by the financial system on all e-channels increased from N485million in 2013 to N6.2billion, showing an increase of 1,178 per cent.
According to him, the as technology explodes so also the occurrence and sophistication of fraud and just as banks rely on technology they increasingly have to make huge amount of the sensitive personal data readily available to customers ,clients and vendors and employees through various plat forms which face the most risk of compromise namely mobile apps and cloud servers.
But Ibrahim emphasized the need and urgent regulatory intervention in order to achieve much desired financial discipline in the banking sector in line with the wave of change of Buhari administration.
While pointing out developments in the sector require the general understanding, acceptance and active participation of all stakeholders to realize the objectives on inclusion through effective banking policies, he stressed that need for the media to inform and educate the populace to achieve financial system stability.
He recalled that the corporation’s roundtable on mobile money payment services in Nigeria with the objective of creating public awareness on its benefits towards promoting financial inclusion in the country.
Source: Business World
Cross channel scams are the most pervasive form of frauds perpetrated against bank customers. Fraudsters target customer accounts by a number of access points- branches, ATM, cards, online banking or wire transfers. With multiple channels leading to multiple access points, installing adequate combat mechanisms takes a backseat, thus expanding the attack surface. Consumers have been steadily using mobile phones, cards and Internet banking, mainly relying on good faith in financial institutions. But as scams become more complex and less predictable, banks need to keep a tight vigil against fraudsters targeting across multiple channels. Banks need to break free from the traditional ‘Starfish’ approach of combating fraud in silos; they need to actively base their combat mechanism on cross-pollinated intelligence that runs across multiple channels.
Let’s assume a scenario to better validate the above points.
Jamie is a budding photojournalist. She stays in a paying guest accommodation in Mumbai. She is an intern with a well-known magazine. Normally, she receives her salary on the last day of every month and pays her rent on the 1st. She saves the rest of her salary for paying off her expenses throughout the month and manages to save some money for her impending Euro trip. This time though, soon after her salary gets credited, there is an entire salary debit on 1st. By the time the bank and Jamie get to know about this fraudulent transaction, the entire money is lost. The bank fails to recognize this transaction as a fraudulent one.
The scenario discussed above could have easily been averted had the bank implemented a unified cross-channel fraud management system. Jamie wouldn’t have lost her salary. The bank wouldn’t have let the abnormal transaction to go through without additional levels of authentication across different channels.
Traditional fraud management solutions employed by banks have silo based systems that have the ability to monitor and detect fraud only for a single channel/product at a time e.g. credit card fraud detection, Internet banking fraud detection etc. Even the systems credited for being multi-channel managed frauds on multiple channels but not across multiple channels. An ideal cross-channel fraud management solution not just monitors and prevents fraud on multiple channels but also has the ability to correlate the intelligence gathered from one source system to the events happening on other channel to detect and prevent fraud.
Archive Section[-]  2017