Fraud goes mobile: Protecting data in a digital world

Published | Monday, February 19th, 2018

The recent spotlight on banking fraud has ranged from impossible-to-understand weapons of mass destruction (a.k.a. derivatives) to rogue traders, traditional bank account takeovers and impersonations with traditional ID theft. Technological advances are enabling fraudsters to commit more sophisticated acts of deceit with increasing anonymity.

Fraudsters in the modern age have learned to prey on those with poorly designed controls or no controls at all. They are then aided by the ubiquity and convenience of mobile banking apps that meet daily banking needs for on-the-go consumers.

As a result, identification of your customer or member and Know Your Customer have become two of the biggest challenges throughout the financial services industry.

More Mobile, More Problems

Since the introduction of PayPal in 1998, the industry has exploded with a plethora of online payment systems including the most recently launched Apple Pay, Android Pay, Bitcoin, Samsung Pay and Alipay – to name a few.

In addition to these new payment systems, consumer use of mobile banking apps has grown considerably in recent years. According to the Board of Governors of the Federal Reserve System’s report, “Consumers and Mobile Financial Services 2016,” 43% of all mobile phone owners with a bank account had used mobile banking in the 12 months prior to the survey – up from 39% in 2014.

Consumers rely on the banks and credit unions with which they do business to keep their identities safe and their funds secure. So, as consumers continue to adopt new “banking anywhere” technology, the banking industry as a whole is forced to reconsider its information security protocols and processes, taking extra steps to ensure consumers’ data and finances are protected.

The traditional brick and mortar processes of KYC – when a member enters the credit union to conduct a transaction (e.g. withdraw cash) – are not much different from online and mobile transactions. KYC, along with other application controls for products and services, are a financial institution’s anti-fraud magic bullets.

Bringing Offline Controls Online

To be truly proactive against fraudulent money transfers and avoid weaknesses in existing AML programs, a credit union’s digital mechanisms should mirror those in its brick and mortar facility, where bankers can ask for a PIN or verify members with a passport or other form of identification.

Some proactive steps a credit union can take include:

  • Certify the person sending the transfer or online payment is exactly who they say they are. One option is to have a robust application process during account setup.
  • Confirm the person or business receiving the payment is exactly who they say they are. One example is to create an encryption key that is known only by the recipient.
  • Monitor daily- and member-threshold limits for online payment transfers and transactions. The credit union can perform analytics that include automated scripts to continuously monitor and audit activity.
  • Include an escalation process that provides notifications and additional documentation requirements for AML compliance. Existing AML policies and procedures with key application controls can be reviewed periodically to demonstrate control effectiveness.

Banks and credit unions that apply anti-fraud techniques across both physical and digital platforms will find themselves in a good position for future growth.

This article was originally published by

  Get in touch with us!

In compliance with Section 45 of the ECT Act please confirm the following:

I would like to receive future communication from CQS.

Leave a Comment

Your email address will not be published. Required fields are marked *