Imagine receiving a call from your bank inquiring about several mobile banking transfers on your account that had been initiated from your phone without your knowledge. This is just one example of the emerging types of fraud being experienced by mobile money users across the globe.
Mobile money continues to evolve in various markets, driven by competition and consumer demand. Increasingly sophisticated digital financial products like mobile savings and credit, mobile insurance and health packages, and mobile prepaid cards have proliferated alongside existing mobile payment and money transfer options, such as person-to-person payments, bulk payments and collections, utility payments, cross-border payments, and international money transfers. These services have great potential for financial inclusion. Unfortunately, as they have evolved, so has fraud.
Emerging types of fraud
Both consumers and agents are affected by fraud in key mobile financial services markets. For years, common types of fraud have included identity theft through SIM swaps (as in the example above), phishing, promotional and social engineering scams, fake currency deposits, and ATM withdrawal frauds, to name but a few. Internal fraud has also created significant economic loss for providers and affected a considerable number of mobile money users in these markets. In 2011, for example, six MTN employees stole $3.4 million from the company.
New types of fraud have also been emerging. There have been reports of identity thieves gaining access to consumers’ digital credit and health accounts. There have also been mobile insurance scams in which victims make payments to nonexistent insurance programs. Other emerging types of fraud include funding prepaid cards with the proceeds of crime and transferring money internationally using stolen credit cards. There have even been reports of MMM Ponzi-type schemes in Nigeria, India, and Ghana, where promises of high returns have lured mobile money subscribers into investing in digital pyramid schemes that later collapse, leading to heavy losses. In many cases, subscribers make payments using mobile money.
What can be done?
In their quest for business growth, mobile money providers and other users of their platforms, including banks, need to implement mitigatory controls that strike an appropriate balance between risk management and other business objectives. At a minimum, such controls should include:
- Customer due diligence measures (KYC) to ensure only subscribers whose identity can be verified (and, in the case of legal entities, who are properly licensed) have access to their networks
- Agent and consumer fraud awareness programs
- Agent due diligence and compliance monitoring
- Ongoing product risk assessment to identify and mitigate risks in new products
- Transaction monitoring and sanctions screening to detect suspicious transaction patterns
- System access controls that extend to mobile banking platforms
- Support for law enforcement efforts
Regulators also have a role to play. They need to acquaint themselves with risks as they emerge and put early warning systems in place to identify and curb illegal activity. In this regard, suspicious activity and other statutory reports from providers are a reliable source of information on new products and fraud trends in the market (in addition to media reports). Regulators also need to put in place appropriate regulatory guidelines on risk management in mobile money to further ensure that providers meet the minimum requirements for new products before launch. Such regulations should prohibit the offering of digital financial services by unlicensed entities and prescribe which activities can be undertaken by licensed providers.
Almost all of the frauds listed above are adaptations of previous frauds that have been in operation since long before the advent of mobile financial services. What is new is that there is an expanded footprint of potential victims for the fraudsters because of the more widespread availability of financial services. Also, the barriers to entry for fraudsters are lower - because customers are getting more and more used to operating remotely without going to a physical branch, it becomes easier to set up a fraud or Ponzi scheme. The good news is that the same systems used to perpetrate the frauds all leave a footprint, and can be monitored in real-time, so there is potential to minimise the problem through concerted action and commitment.
Very informative, well explained.