Emerging Fraud Risk in the Mobile Wallet Ecosystem
Mobile money has become extremely popular in emerging markets around the world. In countries like India and Kenya, where few people have access to even the most basic banking services, mobile money is a convenient and easy-to-use alternative for cash. While the technology is seen as one of the most effective methods to building greater financial inclusion, wherever there’s money, there’s vulnerability for fraud.
What are some of the ways that mobile money fraud can occur?
Types of Mobile Money Fraud
This method is often associated with online fraud, but it is also popular with mobile money. Fraudsters may use phone calls, SMS messages, or email to trick users to divulge their PINs or other personal information that is then used to steal from mobile money accounts.
Mobile money agents may try to earn more for themselves by breaking up legitimate customer transactions into smaller ones. By doing so, agents can earn more commissions as a result of higher transaction volumes.
Unauthorized SIM Swap
A fraudster may attempt to take over someone else’s mobile wallet account by pretending to be that person using false identity documents. Once they assume the other person’s identity, they are able to swap SIM cards and obtain full access to funds.
This type of fraud is the result of an inside job. Less scrupulous employees may abuse their privileges by accessing and exploiting mobile money customer information, stealing funds from accounts for their own benefit.
By providing false documents during the know your customer (KYC) process, fraudsters can gain access to premium mobile wallets that provide higher limits for fund transfers and withdrawals. This presents an opportunity for money laundering to take place without being detected.
According to a recent report released by Deloitte, the primary root causes of mobile money fraud are internal control failures related to governance, IT, and continuous monitoring.
What can mobile money operators do to reduce their risk?
How to Mitigate the Risk of Mobile Money Fraud
The GSMA describes two categories of measures that can be taken to mitigate risk: preventive controls and detective controls.
- Customer awareness campaigns: In Kenya, Safaricom has engaged its customers using its M-PESA platform by using SMS blasts, radio announcements in local dialects, local skits, and newspaper ads to remind users to be security conscious. The effective use of clear communications over multiple channels has been essential to the success of Safaricom’s fraud management strategy.
- Minimum deposit thresholds: Telenor Pakistan decided to implement preventive controls for its Easypaisa service rather than eliminate the tired commission model for its agents. After analyzing customer behavior, it found that customers always deposited at least 50 Rupees at a time. By setting the minimum deposit to 50 Rupees, Telenor Pakistan avoided impacting customer experience while making it more difficult for agents to take advantage of transaction splitting.
- Employee and agent training: By providing training on the roles and responsibilities of employees and agents, mobile money operators can make it clear from the very beginning the standards of behavior and conduct expected and that fraudulent conduct will not be tolerated.
- Monitor suspicious customer activity: In addition to implementing preventive controls, Telenor Pakistan also determined through its own analysis that over a 15-day period, any account making more than 45 cash deposits or three deposits per day was abnormal and often linked to suspicious activity. Continuous monitoring that detects suspicious behavior such as this early on allows mobile money operators to act quickly before the situation becomes more serious.
- Management review of high-value transactions: By requiring all high-value transactions to be reviewed by management, this provides the necessary oversight to catch potential money laundering transactions. The minimum threshold to trigger a review should be set based on current anti-money laundering (AML) regulations for financial transactions.
- SMS customer alerts: Sending alerts to customers by SMS to inform them of completed transactions, such as withdrawals and transactions above a certain amount can help mobile wallet users detect fraudulent activity on their accounts. When a customer receives a notification about a transaction that they don’t recognize, they can contact the mobile money operator to investigate further and take further action if needed.
The list of controls above are just a sample of some of the actions that mobile money operators can take to manage their risk from mobile money fraud. As the technology matures and the risks continue to be addressed, mobile wallets will continue to be readily adopted as an affordable and fast way to use and store funds without having to sign up for a bank account.
What risks do you see for mobile money fraud, and how do you think they should be addressed?