BPM Analytics
Mobile banking and payment fraud in the financial service industry
According to research, corporates lose up to 5% of their annual revenue (~$4.7 trillion globally) to fraud. Those with less or no technical knowledge may fall prey to online fraud through their computers or mobile phones. Fraudsters often use messaging platforms such as SMS, WhatsApp, Telegram, and email services to create a sense of urgency or panic for the victim.
This article explains the types and modi operandi of mobile banking and payment fraud in the financial services industry.
Mobile banking fraud
Fraudsters start a mobile banking fraud by following a few steps that include stealing the customer details.
Step 1 – Stealing a customer’s credentials
Using phishing and smishing methods, fraudsters steal credentials such as mobile phone numbers, login IDs and passwords. They typically send links to cloned websites through messaging systems and trick you into clicking on them.
Step 2 – Swapping the victim’s phone with theirs
Fraudsters swap their phone number to receive future OTPs and push notifications. They log in to any of the mobile banking apps using your login ID and password. To complete the authentication, they call the mobile phone owner, impersonating the bank employee.
Step 3 – Opening an account with neobank
The fraudsters then quickly open a neobank account due to lax controls in identity and background verification.
Step 4 – Charge a prepaid card
Charge a prepaid card with a credit card transaction using a dynamic CVV. The push notification comes on the phone they swapped with the victim’s in step 2.
Ways to prevent mobile banking fraud
Both customers and financial institutions require solutions to prevent fraud. Some of the fundamental strategies financial institutions can use to protect their customers are -
Multi-factor authentication
Encourage your application users to set up a multi-factor authentication procedure during new account registration. This takes care of the critical first step by leveraging out-of-band authentication.
Email and text alerts
Inform the customers in real-time of any suspicious activity on their bank account. For example, if there is a login attempt from an unusual location or a new IP address, ask the customer to change the login details immediately.
Another way is to get customer consent if there is a transaction to a new customer from their banking account.
Activity logging and behavioural analysis
AI and machine learning technology can monitor the customer’s account usage activity and immediately flag a transaction if there is a behavioural deviation. You can prevent mobile banking fraud by using passive biometrics.
Multi-channel suspicious activity and fraud monitoring
Take data from multiple channels using machine learning, rules, and alerts for a holistic view of a customer’s activity and potential fraud. These channels include online banking, mobile banking, cheques, and in-branch transactions. The centralised investigation system then assesses the financial risk of a customer and compliance reporting needs.
Cleaning the malware
Both customers and banking staff can get tricked into clicking online links that download malicious software into their systems. If this happens, fraudsters can view emails, monitor keystrokes, capture screenshots, and steal valuable information to access funds. An up-to-date security software helps detect and remove such malicious software from systems.
Secure access through HTTPS
Always use and provide secure connections over the internet and ensure that only the genuine site is available. This way, you can prevent middle-man attacks that steal personal banking data.
Phishing fraud case study
Fraudsters used malicious code to enter a Swiss victim’s computer and steal the e-banking details. The criminals then attempted to make an illicit transaction of CHF 19,990. The payment fraud detection system prevented the transaction because several factors about the transaction did not match the customer’s profile. The mismatch was evident in an unusually large transaction, a new beneficiary, an unfamiliar screen resolution, and a new browser.
Bank insider abuse
A bank employee in Tanzania took advantage of his user privileges to inflate the account balance of an accomplice by $22,000. The purpose was to show a higher balance and withdraw it from several ATMs and the mobile banking app. The fraud detection system automatically flagged an alert when the employee checked a specific account multiple times over a few days.
How can Infosys BPM help with payment fraud prevention?
Safeguard your financial systems and mobile banking with fraud loss assessment, alerting models, precision and recall improvement, entity identification, data platform integration, case visualisation, and unknown pattern identification.
Read more about fraud management in finance industry.