Fraud Prevention Archives - Page 3 of 3 - Digital Payments, Payment Security and Lending

Industry Insights, Product, Reading List

Importance of Fraud and Risk Management Solutions for Financial Institutions

Ravi Battula / August 16, 2022

Technology and trust must go hand in hand Technologies are undoubtedly transformative for businesses and their customers. But to fully deliver the promised benefits, technologies must consciously build trust amongst all legitimate users and stakeholders. Trustworthiness is becoming critical by the day in an increasingly digital world because of the rising incidence of online fraud. Just as quality at the source is a mantra for manufacturing companies, the detection, and prevention of fraudulent transactions as soon as they originate is important for banks and financial institutions. At the same time, customer convenience has to be balanced out. Regulators expect banks to enhance their digital abilities to detect/prevent frauds/crimes Regulators play a key role in ensuring the safe, smooth, and efficient functioning of the banking and financial systems within their individual jurisdictions. As such, central banks worldwide have begun to tighten various regulatory requirements in order to reduce the risk of fraud made possible by technological or process loopholes in the systems used by banks and other financial institutions. In March 2022, the Bangko Sentral NG Pilipinas (“BSP”, the central bank of the Philippines), published amendments to its “Regulations on Information Technology Risk Management” with the specific objective of enhancing customer protection. To ensure that digital banking channels are made safer and more reliable, the BSP requires banks operating in the Philippines to implement automated and real-time fraud monitoring and detection systems capable of identifying and blocking suspicious or fraudulent online transactions. Starting 1 September 2022, banks must be prepared to show BSP their action plans; and full compliance with a readiness plan is expected by 31 December 2022. While the Fraud Management systems implemented must commensurate with the bank’s operations and the scope of its digital platforms, BSP does expect that the solutions that banks put in place will, at a minimum, deliver the following capabilities: · Monitoring, collecting, and analyzing transaction data arising from all physical and digital banking and non-banking channels; · Integration with the bank’s Anti Money Laundering (AML) systems to provide a more robust and comprehensive mechanism to prevent financial crimes (and not just detect them); · Building customer profiles and analyzing behavior to detect frauds based on changes in usage patterns; and · Secure scalability to handle growing transaction volumes. FRM solutions must give robust Fraud detection and prevention capabilities without damaging customer relationships Frauds and other operational risks not only damage customer confidence in individual banks (and the banking system as a whole) but can also lead to financial losses (reparations, penalties) and harm your brand/reputation. Clearly, the costs of not having a state-of-the-art Fraud & Risk Management System (FRMS) are high. While there are many FRMS solutions out there, not all of them are equally efficacious. This is because each one uses different protocols to detect and analyze risks and thereafter, determine further courses of action. Wibmo’s Trident FRM platform offers multiple advantages Wibmo’s Trident is an enterprise fraud and risk management platform that uses advanced authentication protocols and ML-driven statistical models. Our platform makes approval/ challenge/ decline decisions based on rigorous, real-time assessment of more than 100 parameters related to the device, user, and transaction (e.g., merchant, location, IP address, time of the transaction, value, etc.). This Risk-Based Authentication (RBA) approach provides a more robust and reliable assessment of the risk of every individual transaction. The omnichannel capability of the platform is an added advantage wherein the bank’s operations team gets a central view of their customer’s transactions across channels For banks operating in the Philippines, Trident can ensure full compliance with BSP’s amended regulations within the stipulated timeframe. However, irrespective of where your bank operates, there are many other reasons why Trident could be the right FRMS solution for your bank: · Many banks rely on disparate legacy systems and point solutions for specific functions (e.g., AML, branch-based KYC transactions, etc.). Integrating data from myriad systems is neither easy nor efficient; the chain is only as strong as the weakest link. Therefore, our risk management platform is API-driven. What is more, it uses 360o degree customer data and insights to detect anomalous behaviors that might indicate fraud or misuse. · Trident is sensitive to the need for banks to deliver a seamless, speedy, and superior customer experience for every legitimate transaction; this minimizes customer friction– key to building loyalty and enhancing lifetime value. · Customers (and fraudsters) can use multiple channels to effect transactions (e.g., 3DS, mobile payment, ATM/POS, online retail/corporate banking). The FRMS solution your bank adopts must be able to function equally effectively- and seamlessly- across channels (to handle situations where customers legitimately switch channels). Our platform uses AI/ML to safeguard customers, merchants, card issuers, and networks in an omnichannel environment. Sometimes, frauds are perpetrated at the merchant level (e.g., by employees misusing customer cards for fraudulent transactions). The Trident platform can detect and prevent such misuse as well. Trident enables full compliance with FATF and AML-CFT, thus helping to prevent financial crimes. · Your bank works with various card networks (Visa, MasterCard, American Express, etc.). Trident is compatible with all networks; it gives you get a network-agnostic RBA score thus strengthening your bank’s overall ability to detect, prevent and manage fraud risks. · Trident can be fully deployed on Cloud, thus assuring high availability and scalability so that 100% of your bank’s transactions are processed in real-time to validate the authenticity and assess risk before completion. · Our FRMS platforms are rules-driven. This lets your bank respond quickly to emerging threats with the help of “quick rules” and “expression rules” for more complex threat scenarios. The bank will also be equipped with Rule Wizard wherein the operations team can build rules on the fly · Quick investigation and resolution of transactions are important to ensure customer satisfaction, and regulatory reporting/compliance as well as enhancing the bank’s preparedness to prevent future false positives. Efficient and workflow-driven case management capabilities built into our platform allow investigators to track, investigate and resolve transactions quickly. This also reduces your bank’s operational expenses– a major benefit gave the pressure on margins. · Banks that adopt

Tech Bytes

Prediction, Prevention, and Detection of Fraud Attempts, the key to faster payment processing

Sujit Kumar Mahato / December 29, 2021

The global digital payment market size is expected to grow from USD 89.1 billion in 2021 to USD 180.4 billion by 2026. The promotion of digital payments worldwide and the increasing penetration of smartphones are major contributors. Besides, the pandemic has accelerated the adoption of contactless and wallet payments. India, too, saw exponential growth. Thanks to 1 Billion cards and more than 2 Billion prepaid payment instruments like wallets and other digital payment modes. But, cyberattacks are a major roadblock in the growth of digital payment solutions. These global attacks are the most critical challenges that the payment industry has been facing. New and evolving cyberattacks affect businesses by breaking into payment systems to get cardholders’ data. The evolving frauds include : a) Friendly fraud — Fraudsters make the purchase on a credit card, receive the product or service. Then demand a refund for a lost or short-shipped order, or file a chargeback through their credit card issuing bank. With the intention of receiving a full refund of the purchase amount. b) Affiliate fraud — Refers to any unscrupulous activity conducted to generate commissions from an affiliate marketing program. Newer types of affiliate fraud include using stolen data for lead generation or stolen credit cards to generate sales. c) Botnets- Submit large numbers of transactions to test the viability of stolen payment card credentials. d) Phishing — Fraudulent communications, through email, text, or call, that appear to come from a reputed source. e) Velocity attacks — Multiple monetary authorizations seeking to detect an active account and decipher CVV/Expiry Date values of a set of cards within a BIN range. f) Triangulation — Fraudster is the middleman between a customer and an unsuspecting merchant. The customer places the order through the fraudster (impersonating as a merchant). Then the fraudster uses stolen credit card information to buy those goods from a legitimate merchant. It is estimated that 9 million identities are stolen each year in the US alone, with a new victim of identity theft every two seconds. Since many people do not report identity theft, no true number of victims exists. According to the Central Statistics Office (CSO), by 2021, loss from cyberattacks would rise to US$ 6 trillion from US$ 3 trillion in 2015. The growing number of cyberattacks is a hindrance to the adoption of digital payment services. In a recent study by YouGov and ACI worldwide, consumers are increasingly concerned about digital payments fraud. As a result, exercise greater caution when using digital payments compared to a year ago. 71% of consumers are more concerned about scams and fraud because of Covid-19, compared to 47 percent of consumers last year at the onset of the pandemic. The study also indicates that banks continue to be the preferred first point of contact in event of fraud. Around 60% of respondents would first call their bank to block their account or visit the bank branch to file a written complaint. Though worldwide initiatives towards customer awareness are on the rise, the banks will need to continue to lead the way not only by increasing customer awareness but also by deploying modern and robust enterprise-level fraud management solutions. For a delightful customer experience, banks need to predict, prevent and detect fraud attempts even before the payment processing to pave way for frictionless digital transactions. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Global Digital Payments, Online Payments

Product, Stories

What is Risk-Based Authentication and why banks should implement it?

Wibmo / November 18, 2021

Driven by the trifecta of smartphone penetration, low-cost data rates, and higher incomes, the Indian e-commerce market was expected to grow to US$ 200 billion by 2026. Covid-19 has caused an inflection point for the e-commerce market in India. A Bain & Company-PRICE survey of 3000 households across income groups and geographies which was conducted between April and June, revealed about 13% of respondents buying online for the first time, while about 40% buying more online. An NRF survey showed that nearly 6 in 10 consumers say they are worried about going to the store due to fear of being infected. Figure 1: Growth of credit cards in India (Source: RBI database, Bank-wise ATM/POS/Card Statistics various years) The majority of the growth is from online shoppers in Tier 2 tier 3 cities. The pandemic has also seen a surge in UPI transactions. While credit cards did a total of 185 million transactions delivering a value of INR 805K million, UPI delivered a staggering 3654 million transactions with a value of INR 6543K million as per RBI and NPCI statistics for Sep 2021. Key Challenges and Solutions: With the spectacular growth in the eCommerce market sophisticated online payment frauds and threats have mushroomed too. An e-commerce transaction involves multiple entities at various stages, such as the marketplace, merchants, payment gateways, financial institutions, apart from the end consumers, and each of them can act as a vulnerability or attack point for malicious actors. For example: The end customer fraud making fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse. Malicious fraudsters involved in account takeover, identity theft, card detail theft, etc. Data leaks compromise millions of consumer details every year contributing to digital fraud through impersonation globally. Fraudulent merchants who could deploy “bust out” merchant fraud and transaction laundering mechanisms to defraud acquirers. However, transactional and identity security is not the only concern of financial institutions. This must be balanced with customer experience. Customer loyalties now lie with merchants and banks that offer the best experience in terms of convenience, speed, and security. With the myriad of devices, payment authentication options, and processes every digital bank faces the ultimate challenge of balancing optimal security and a seamless customer payment experience. This is where Wibmo’s Trident FRM makes a difference. Trident FRM is a comprehensive, omni-channel, risk-based authentication (RBA) solution that identifies and manages fraud in real time. It does so by building a holistic customer profile from diverse data points. Figure 2: Risk-Based Authentication A customer’s transaction journey begins on a checkout page or a bill payment action or when a customer does a fund transfer (wire transfer). These actions result in the customer connecting to the bank’s server and the bank’s server is an integration point for Trident to evaluate the risk of every transaction done by the user in real-time. Trident uses the data it receives from multiple channels and devices. Data comes in various forms, like: Transactional data: Card number/account number/phone number, amount, currency, merchant or payee information, billing, and shipping addresses. Location data: Terminal id, IP address, approximate latitude and longitude, ISP data. Device data: (SDK App ID, Browser information, proprietary device-fingerprinting) User information: Time of the day for this transaction and any deviations from past customer behavior using historical data. With more than 100 data points (in the case of online e-commerce), and a powerful set of operators Trident can write rules for almost every fraud scenario using an intuitive rule builder screen. In addition, Trident employs advanced analytics and machine learning algorithms to generate a real-time score and decisions for every transaction. The decision can be one of the following: Low Risk: These are transactions that can be ALLOWED to proceed without challenging for OTP thereby delivering a seamless customer experience. In Wibmo’s experience, more than 90% of the transactions fall under this category. Medium Risk: Transactions that are suspected are risky enough to challenge using a multi-factor authentication method. High Risk: Transactions that are suspected to be very high risk and suggested to be declined. Any suspected fraudulent transaction is marked as a case for automated action or manual investigation and closure in the Case Management portal. An efficient case management portal drives both proactive and reactive fraud cases using consolidated data across channels. It also generates various reports that are required for regulatory and compliance purposes. Benefits of RBA are: Reduced financial losses due to fraud. Customer delight due to seamless payment experience. Improved compliance with local and global regulatory requirements. Reduced total cost of operations by managing fraud cases efficiently and limiting the number of cases routed for manual review. Impact Analysis: So, a frequently asked question is: What is the impact of doing risk-based authentication? For a credit card online purchase (card not present) scenario, RBA using Trident delivers almost 6–8% improvement in success rates for banks and almost 40% reduction in latency for completing the transaction for the end customers. To put this in perspective, as of Dec 2020 with an average ticket size of credit cards was Rs 3,653 and with 20 lakhs transactions per month for online transactions, for a given bank and assuming a 1% MDR, this is an additional uptick of 43 lakhs every month. Wibmo processes cards not present transactions for many of India’s largest banks. For a large bank with more than 150 lakh transactions, we were able to save close to Rs 5 lakhs in a month. Conclusion: As transaction volumes are set to grow in double digits year on year, and as customers expect to transact from anywhere using multiple devices, the threat of increased online fraud becomes more real. Customers want speed and convenience balanced with security, therefore, banks that deliver the most optimized services will win customer loyalty. Hence, it becomes imperative for issuers to be integrated with robust, omnichannel fraud detection and prevention risk engines. RBA solutions such as TRIDENT FRM is a cost-effective solution that empowers banks to stay one step ahead of fraudsters and deliver delightful customer experiences which they have come to expect in today’s digital world. Author: Ajit Nair, Director Product, and Programs Wibmo A

Industry Insights

How to prevent identity theft?

Krishnan KN / September 29, 2021

With unprecedented growth in online transactions, it is no surprise that online fraud has increased. One of the major malpractices is identity theft. In a country like India which is striding towards the number one position in online shopping, the rise in this kind of fraud cannot be overlooked. Accessing and retrieving personal information is a child’s play in an increasingly digitized country like India. With social media and the deep web or darknet getting more and more accessible to a larger population, the prevalence of identity theft is getting increasingly difficult to control. Who can be the victims of Identity Theft? Have you used your Credit or Debit card to shop online/POS? Have you paid the utility bills using your Card? Have you used UPI or other payment methods? In short, anyone who has used plastic money is in danger of identity theft. Everyone who has shopped online or used any payment portal using their payment credentials is at risk of falling prey to synthetic identity theft. It is, in essence, stealing your identity i.e., impersonating you digitally, and riding on your credibility and creditworthiness. It is done by gathering data that confirms the identity like phone number, Aadhar card number, or PAN card number along with Bank Account number and utilizing this data to impersonate and transact digitally. With widespread social media and the data captured by almost all websites, it is nearly impossible to stay completely private. The Conditions favouring Identity theft In a densely populated country like India, identity theft is spreading like a disease more due to Cyber security laws are in place but reporting and actual implementation of those laws is not easy in a developing country like ours. It is getting easier to lay hands on social security details like Pan and Aadhar Data breach is increasingly difficult to prevent crime by identifying the perpetrators and isolating them. Also, the timeline that the entire fintech industry works, is very limited i.e., the journey of the card to merchant to verification or access control and back to the transaction approval takes just thirty seconds on average. This renders a very small window to our lenders but an easier getaway to the fraudsters. It, therefore, makes more sense to fortify defences at our end through our payment gateways. Usage of multi-layered security makes it a herculean task to track perpetrators while they on other hand enjoy accessibility from any corner which has internet. The Impact It is an indisputable fact that digitization of the financial transactions in India has accelerated beyond what the experts forecasted. Part of it was contributed by the covid waves and the awareness of “cashless transactions and contactless delivery”. It can however not be denied that as the younger population of the country is swelling, we find a major part of the population turning net-savvy and preferring mobile transactions. They demand seamless experience and connectivity through IoT. This has not only provided traction to digitization but has also enhanced the effectiveness of creating an antifraud and secure transactional environment to retain the credibility of the digitized transactions. Role of FRM like Trident in Detection of fraud The simple logic that Wibmo uses is that the more you know your customer, the more difficult it becomes for the fraudsters to impersonate you. E.g., while a person might impersonate another with a banker, it is almost impossible to impersonate him with his family. The difference lies in the fact that the family knows the person in question too well. This is the exact logic we use at Wibmo through our TRIDENT. In essence, the more you use our services, the more difficult it becomes for fraudsters to steal your identity. Collecting various data points through ML or machine learning offers the most effective defence against identity theft. Based on the past patterns, the current transaction can be evaluated and analysed in a fraction of seconds, and thus the fraud detection and prevention can occur without increasing the transaction time. The continuous learning by the machine will only improve as the data points collected are only going to get the virtual persona of the customer more precise. The long-term utility and credibility that such a system can give to the issuer and acquirer are worth every penny spent and every effort taken. Role of end-users in the detection of the fraud There are few steps that you can take to reduce the risk as an end-user. 1. Take time to check the authenticity of the sites where you are planning to use the card. Do not simply click on the links sent over SMS or WhatsApp or mails offering you cashback or discount vouchers 2. Download the apps from a trusted origin and use that for repeat purchase rather than using links that might have been sent to you. 3. Never share the OTP, UPI pin, and other bank details. However, at times this has been reiterated it is surprising how even the educated crowd is taken in. Do not hesitate to change them in case you even suspect them having been compromised. No one can deny that Identity theft is a very real threat but reducing our transactions fearing this is akin to not using roads fearing accidents. Neither is it fair to throw the onus of this onto the end-users or customers. The only sustainable and robust solution lies in fortifying our defences at the PG level. Author: Krishnan KN, Advisor in Wibmo’s Agile PMO Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Identity Management, Identity Theft