A Stitch in Time: Tackling Fraud in Financial Services
High fraud rates usually lead to tighter regulations while customers reject the innovation altogether. In short, when fraud thrives, nobody wins, except the fraudsters
Financial fraud is bad news for the ecosystem. It has the potential to erode consumer trust in the formal financial service sector of any economy. According to a 2014 NIBBS report, the ATM and mobile channels rank high on the list of platforms with highest volume of reported fraud. Combined, both channels account for more than half of all reported occurrences of fraud within the ecosystem.
The activities of fraudsters on the ATM channels is not news, especially for bank customers. For many years, banked individuals have been constantly educated by their providers about how to protect themselves — never share your debit (ATM) card PIN, ensure nobody is looking over your shoulder as you input your PIN, etc.
However, with the increasing adoption of the USSD channel by providers and customers alike, it was inevitable that fraudsters would take an interest in this channel as well. True to form, in a recent working group comprised of different stakeholders organised by the financial sector development agency, EFInA, it was revealed that there has been a surge in occurrences of fraudulent transactions over the USSD channel.
A lot of effort has gone into lowering the barriers to entry for unbanked citizens. But we also need to complement our efforts by improving the dynamics of fraud prevention within the ecosystem itself.
The Problem of Fraud
The problem with a rising frequency of fraud within the ecosystem is that aside robbing customers of their hard earned money, it also builds a bad reputation for the formal sector. Customers respond to high fraud rates by avoiding/rejecting an innovation altogether.
Fraud is also a headache for regulators. Regulators tend to respond to it with tighter regulations which could stifle other innovations and deter entrepreneurs and investors from venturing into the ecosystem.
In short, when fraud thrives, nobody wins (except the fraudsters!).
To be clear, there is no country where we don’t have fraudulent activities. There will always be con men trying to game the system and make a quick payday. However, the ecosystem cannot afford to be playing catch up. We need to continuously have conversations around innovative ways to deter and mitigate their occurence.
Mitigating Fraud
In what ways can the ecosystem embrace forward thinking in order to plug the loopholes frequently exploited by fraudsters?
First of all, there is a need to develop fraud prevention mechanisms. Is there a way to use real-time monitoring via geolocation data of the physical phone device while transaction is being conducted on the device? Google, Facebook and other internet companies do this all the time. Any login to your account from a new location that is unusual for the customer is flagged as suspicious activity and reported. Same technology would come in useful here and the user can then be asked to answer security questions in order to verify his/her identity. This extra layer of security curtails any unauthorised remote access to the user’s account.
Transactions over mobile, USSD in particular, are on the rise, therefore mobile channels have to be strengthened to minimise the risks. There are various avenues that make the USSD channel vulnerable to fraud — at the consumer’s end as well as the provider’s. Providers need to have appropriate protocols for data-at-rest and data-in-motion.
The newly updated USSD guidelines released in April 2018 (PDF) by the Central Bank of Nigeria (CBN) mandates encryption of USSD information within its environment by an auditable process. In fact, the CBN’s USSD guidelines has a host of mandates that are aimed at improving the security of the USSD channel such as mandatory 2-factor authentication for transactions above N20,000, installation of a Behavioural Monitoring System with capabilities to detect SIM-Swap/Churn status, unusual transactions at weekends, and so on, among a host of others. However, enforcement is required to reduce vulnerabilities and ensure customer data are safe.
In cases where the fraudsters have gained access to the customer’s account, in what ways can the customer be empowered to take action?
At the moment, customers have very limited options. The deficiency of complaints resolution mechanisms is evident in the lengthy response times to reports about fraud or suspicious activity which plays to the advantage of fraudsters. Stakeholders have suggested a toll free USSD short code or a mandatory menu option in the DFS interface dedicated to reporting complaints. This enables the customer to immediately flag or block his/her account in instances involving unauthorised access to the account.
We also need to increase the speed of diffusion of information across the ecosystem as information sharing is the ecosystem’s best defense against fraudsters and hackers. It has been suggested that we create a digital platform where complaints and cases of fraud can be reported and described. Can such a platform be built on blockchain technology? Blockchain will enable us to decentralize the information being reported and ensures transparency, enabling everyone — operators, regulators and customers — is updated in real time of new shenanigans perpetuated by fraudsters. Whichever method or platform is adopted, what matters is that customers can easily and conveniently report fraud and this information is available to industry stakeholders.
Thirdly, citizens need to be educated on ways to protect themselves while using mobile banking services. For example, how many bank customers using the USSD code for transactions lock their phone as well as their SIM cards? Not many. Nonetheless, locking your phone and SIM card is a really effective means of protecting yourself, even if your phone gets stolen. As with most things digital, there’s a learning curve and we need to provide customers with adequate sensitization and education on best practices, same way we did with ATMs a few years ago.
Finally, we need to examine other markets and note the ways they are tackling issues pertaining to fraud so we are not trying to reinvent the wheel. A lot of markets across sub-Saharan Africa and beyond have gone ahead of us in terms of adoption of DFS. Studying their journey thus far helps us to be forward thinking and strategic in the fight against fraud.
Obviously, in order to address these issues, we need a high degree of collaboration within the industry. Thus, fraud prevention and mitigation is a collective, ecosystem prerogative. At least, it should be.
Do you have other ideas on how to mitigate fraud within the ecosystem?
Dr Olayinka David-West and Ibukun Taiwo are members of the Sustainable and Inclusive Digital Financial Services initiative at the Lagos Business School
