May 2014 Issue

Our 'Newsletter on Financial Fraud' is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space. 

In this issue, we bring to light the effect of banking fraud creeping in and making banks lose millions to this plaguing menace.

Banks in Philippines warned against cyber attacks

Cybercriminals around the world are trying harder than ever to acquire confidential user data and steal money from bank accounts by creating fake sites and web pages imitating financial organizations or internet resources, as per a recent research by Kaspersky alerting banks in Philippines. The study revealed that this fraudulent scheme more popularly known as “phishing,” targeted more financial institutions in 2013, when the number of attacks on banking sites, online stores and e-payment systems rose to 31.45 percent from the 22.95 percent recorded in 2012.

Phishing, a conscious misspelling of the word “fishing”, is a form of cyber-crime which involves stealing confidential data from a user’s computer and subsequently using the data to steal the user’s money.

To get a big profit, phishing sites aimed at getting users’ financial details mainly use the brand names of e-payment systems and online banking systems. In 2013, the most attractive targets were banks, which were used in 70.6 percent of all financial phishing activities, a sharp increase from the 52 percent recorded in 2012. “The conclusion here is obvious: the attackers are increasingly focusing on bank web services and this is one of the strongest trends in the area of phishing threats,” the study said.

Source: Tempo

Banks to Be Liable for Magnetic Strip Related ATM Fraud in Kenya

The Kenya Bankers Association (KBA) has issued a stern warning to banks that are yet to comply with the EMV standards compliance on card payments stating that members will bear any responsibility should debit and credit cards with magnetic strips be used in fraud perpetration.

"Notwithstanding the challenges, KBA shall reinforce its commitment to enhance card security and customer protection and has introduced a liability shift requirement whereby the cost associated with fraud involving non-EMV compliant cards will be borne by the issuing bank starting May 31, 2014," said an official.

The association laments that a number of banks have been unable to keep the earlier deadline due to stringent requirements for certification by EMV Co. in the issuance of cards hence the need for an extension from the earlier deadline of March 31, 2013.

According to KBA, Kenya has a compliance rate of 70 percent with approximately 8.4 million cards having been upgraded to be EMV compliant.

Kenya is the fourth country in the continent to seek EMV compliancy following an increase in fraud after South Africa, Nigeria and Rwanda.

Source: allAfrica

Highlights from Payments Fraud Survey 2014

With card payments fraud on the rise, many organizations are now adopting additional security measures to protect themselves, according to the 2014 AFP Payments Fraud and Control Survey.

Highlights from the survey are:-

  • Although the percentage of organizations in the survey that experienced some type of fraud remained steady at 60% from last year’s survey, more of that fraud was occurring through debit and credit cards, with 43% of the organizations victimized by fraudsters reporting card fraud, up from 29% last year.
  • 27% percent of financial professionals whose organizations were impacted by payments fraud reported that the number of fraud incidents increased in 2013 compared to 2012
  • Checks continue to be the dominant payment form targeted by fraudsters, with 82 percent of survey respondents indicating that checks were targeted at their companies
  • 43% of financial organizations were targeted by credit/debit card fraud, a significant increase from 29 percent in 2012
  • 80% of companies that experienced attempted or actual payments fraud did so as a result of fraud originating from outside the organization
  • Corporate/commercial card fraud was most often perpetrated by an unknown external party (57 percent)
  • With the forthcoming shift in credit/debit card liability from issuers to merchants, 22% of organizations that do accept cards from their customers anticipate a significant impact from their investment in card acceptance fraud    prevention solutions while another 50% expect an impact
  • The most popular approaches being used to guard against fraud attacks are conducting daily reconciliations (cited by 74 percent of survey respondents) and reviewing and strengthening internal procedures (73 percent).
  • A majority of respondents (69 percent) believe that if EMV chip cards are successful in reducing card acceptance fraud, fraud activity will migrate to other payment methods

Source: JP Morgan

Are banks using customers’ Situational Intelligence for effective real-time fraud protection?

How can you help customer to control the banking transactions happening on their accounts and use this as an effective fraud protection mechanism? Customer communication and preferences play a key role in detecting fraud at earlier stage and at a lower cost.

Consider the following scenarios:

  • A customer is going on vacation to Switzerland for 2 weeks and he wants all the card transactions ( debit card and credit card) originating from home country to be blocked for the next two weeks

  • Customer wants all fund transfer (Third Party transfer) transactions originating from his internet banking account at any location in home country to be blocked for next 2 months as he is travelling to US for business

  • Customer runs domestic business and don’t travel abroad. The customer wants to disable any transaction originating abroad

  • Customer wants all payee addition transactions to be blocked in his account till he turn this feature on ( aka Facebook privacy settings)

  • Customer wants to be alerted of any attempt of transaction of more than a set limit with the option to respond with a decision to decline or authorize the transaction ( aka. reverse positive payee used for cheque transactions in the commercial banking world)

  • Customer holds multiple credit cards and uses a specific credit card for all his ‘Card Not Present’ transactions (online payments). Customer wants all the CNP transactions to be blocked on all his other debit/credit cards

  • Customer wants to block or fix specific limits for purchase of electronic or jewelry items on his debit/credit card

  • Customer wants to limit the use of his debit card/credit card to any particular state/states within the country

In all these scenarios, the bank customers provide the vital situational intelligence which can be built in to the banks’ processes for effective fraud prevention.  In turn, customers also benefit with the convenience of banking on their own terms and securing their accounts.

If you think this is too futuristic, you may be wrong. Reserve Bank of India’s expert committee on customer service in banking has already given recommendations to this effect (Report of the committee on customer service in banks). We might see these recommendations getting implemented by Indian banks very soon.

Bank’s core system i.e. core banking, internet banking and credit card processing systems, however modern they may be, are ill-suited to handle this kind of agility. Current generation systems can at the best match a transaction to a bank maintained blacklist and stop a transaction when an entity match occurs.

Banks need to handle this using agile fraud management system which can take this situation intelligence into consideration as part of its decision making strategy for fraud protection. What banks need is a dynamic fraud management system that can digest the relevant information about the debit blocks/limit preferences customer has opted for the given time period and the same system is used for real time fraud protection.

A real time fraud protection system monitors every transaction and decides  whether to allow, decline or challenge based on the fraud risk system inherently derives or based on the customer provided situational intelligence. This is an example of a technology that can truly achieve the dual objectives of enhanced customer experience and improved fraud control.

Source: CustomerXPs

Related Blogs and Posts

Subscribe to Our Monthly Newsletter

Get insights & updates from the world of financial crime management in your inbox. Be on our newsletter mail list.

Subscribe Newsletter

©2018. CustomerXPs® Software