Crooks targeting apps as touchless takes flight“Putting robust, digital verification methods in place is critical for FIs that are seeking to provide remote services during the pandemic,” according to the AML/KYC Tracker. “More U.S. merchants and consumers are looking for touchless transaction methods to reduce their physical contact during the pandemic, and this could lead to greater interest in P2P payment apps. Providers of these apps need to ensure their services are safe against ever-evolving fraud.” Along with the sudden revolution in touchless payments come new attack vectors, however. The dark web is doing a booming business in everything from credit card numbers to medical data thanks to COVID-era confusion, necessitating stronger authentication measures. For example, “Cybercriminals launch a variety of attacks against mobile payment app users, including scams to trick honest customers into sending them funds under false pretenses and attacks that leverage stolen data to take over users’ accounts,” the new Tracker states. “App providers therefore must be ready to fight back by taking steps like imposing robust authentication measures, programming automatic pop-up alerts and performing customer outreach about common schemes.” Failure to protect customers and clients with identity authentication is being punished with increasing severity. The AML/KYC Tracker details the events surrounding Australia’s Westpac Banking Corp and its recent non-compliance fiasco. “FIs that fail to comply with AML standards have to worry about fines, reputational damage, loss in consumer confidence and the knowledge that they may have allowed serious crimes to flourish,” the July Tracker states. “Australian bank Westpac Banking Corp is now serving as a dramatic example of this, with the FI coming under fire for an alleged 23 million instances of AML and counter terrorist financing (CTF) rule violations. The FI recently released a report detailing the compliance weaknesses that resulted in the millions of failures that occurred between 2013 and 2019. Some of those violations are believed to have helped criminals profit from child abuse, and the FI has since replaced some of its leadership.” Westpac is now reserving AUD $900 million (USD $570 million) for anticipated fines. The Australian banking giant isn’t alone. The new AML/KYC Tracker contains reports of similar actions from Estonia to Britain. And there’s the unfolding Wirecard scandal to consider as well.
P2P, account security beef up with MFAGenuinely new attack vectors don’t appear every day. It is rather the endless malicious repurposing of known-effective attacks that pop up again and again. The July AML/KYC Tracker contains an illuminating collection of attack types popular in the COVID-19 era, including: P2P payments to fraudulent sellers: Criminals accept money but never deliver the promised goods. Fraudsters know that consumers have little ability to regain funds lost this way because P2P app transactions lack the chargeback protections that credit cards have. Account theft: ATOs are a growing threat, with financial services company Early Warning Services’ real-time interbank P2P app Zelle having become the “fastest growing area of account takeover fraud in the U.S. banking sector” in 2020, for example, the Tracker states. To combat this rising tide of cybercrime during a period of unprecedented upheaval in global commerce and payments, merchants and FIs are turning to robust platform ecosystems. “Platform providers … make it more difficult for criminals to be able to get into victims’ accounts in the first place by deploying multifactor authentication (MFA) requirements,” per the Tracker. “This method requires users to supply details beyond usernames and passwords to confirm their identities when logging in. That could include entering one-time codes texted to their smartphones or even scanning their fingerprints on their devices. Such additional layers of security make it more difficult for criminals to break into P2P app accounts, as they then also have to find ways to intercept texted codes and fake customers’ signatures alongside stealing login details.”
Business Verification (KYB)Enhanced Due Diligence Procedures for High-Risk Customers
Identity VerificationProof of Address — Quickly and Accurately Verify Addresses
Business Verification (KYB)How to Verify Legitimate Businesses and Merchants