The Cloak of Technology: Rising to the Challenges of Online Banking and E-Commerce

The last two decades have seen a virtual explosion in online financial activity. Widespread adoption of applications (apps) running on smart phones and tablets offer a new level of portability and faster funds transfers. Customers can link bank accounts, credit cards and debit cards to apps to facilitate payments from any location. The inevitable tradeoff for this convenience is that criminals are now hiding behind the cloak of technology in their attempts to quickly move funds and avoid detection. New technology gives rise to concerns regarding customer identity, exploitation of the technology, and a sharp rise in online scams.

Know Your Customer (KYC) is one of the most basic foundations of Anti-Money Laundering (AML) compliance, but is being challenged by identity theft and synthetic identity fraud. According to articles published by Fraud Strategist Frank McKenna (http://frankonfraud.com) and FICO (https://www.fico.com), a loophole exists in the U.S. because credit bureaus currently do not have a means of comparing their own data to records on file with the Social Security Administration. A synthetic identity is born when a criminal either fabricates an entire identity or partially combines false data with stolen information from real individuals. Perpetrators then begin opening accounts and requesting lines of credit from financial institutions. When a credit inquiry is initiated, the credit bureaus’ systems match up discrete pieces of information to identify a “match” in their systems. If the required fields do not match up, a new record is created and it takes on the appearance of being a real person. With this sobering thought in mind, what changes can financial technology companies and banks implement in their apps to help protect consumers from identity theft and financial loss?

Exploitation of legitimate financial systems is a top concern for AML compliance, as online apps enable consumers to send funds from any physical location where there is an internet connection. It is imperative in AML compliance to question every piece of data. Consider these factors: starting with the payment funding, can the source of income be explained using the bank’s KYC information? Watch for accounts exclusively sending peer-to-peer payments, but not making normal purchases. Indications that the account holder may not be in control of the account may require further review for potential identify theft, elder abuse, or human trafficking. If payments were made peer-to-peer, are there transaction notes to explain the reasons for the funds transfers? What are the frequency and dollar amounts? A high velocity of payments can be a risk factor for suspicious money movement.

If payments were sent to a business, does the company have an online presence or a physical address and a listing with the Secretary of State? Frequent high dollar purchases in non-business accounts may require extra review, especially involving goods with strong demand on the resale market. Examples include high-end electronics, luxury clothing and accessories, art, certain metals, and precious stones. These products are at risk for trade-based money laundering, which may include the re-sale of stolen goods or products purchased from legitimate retailers but using illicit funds. From a general perspective, an analyst should determine if the transactions involve extra fees and/or additional steps to complete the transaction. The whole point of online apps is to reduce friction and increase convenience for customers. If a transaction or series of transactions appears to involve more monetary cost or effort than what the app intended, these factors alone may weigh heavily toward suspicion regarding the source of funds. These examples demonstrate the need for a trained AML investigator who keeps pace with technology and can spot activity that appears to be inconsistent with expected customer behavior.

A final concern is that financial technology has been exploited to facilitate online scams. A few examples include romance scams, child or grandchild in need scams, and micro-payments using stolen credit cards. While each case is unique, there are certain sets of attributes that raise suspicion toward each type of scam. For example, a romance scam may involve an unusual amount of prepaid debit cards or sudden draw down of account balances, with funds going to a single recipient who does not appear to be related to the individual. Child or grandchild in need scams tend to target a middle-age to older demographic. Be especially wary if the account holder does not have a prior history of using online apps, and suddenly initiates a large out-of-pattern transaction. This type of theft is likely to be underreported, because victims may be too embarrassed to admit falling for the scam.

Credit card theft sometimes appears as micro-payments in dollar amounts that are simply too low to have a reasonable expectation that goods or services are being transacted. This scam may originate from countries whose currency is weak against the U.S. Dollar, such that the financial gain is worth the effort. The micro-payment scam sometimes exploits financial apps that are meant to facilitate income payments to self-employed individuals. Credit card theft may also be hidden under the veil of a sham website that is set up to accept payments through a third party app. A review of the website may show grammatical errors, computer code errors that prevent one from navigating to different pages on the website, or an unclear business model that does not suggest virtual goods or services are being exchanged. When this scam is suspected, also test for stock photos of purported employees by using free and publicly available reverse image search programs. Consumers now have the convenience of using credit and debit cards in miniscule transactions (such as vending machines and in-app purchases), so customers may not question these tiny payments. If consumers do recognize the fraud, victims are less likely to make the time and effort to dispute small charges as opposed to unauthorized charges in more significant dollar amounts.

It is imperative that the AML compliance industry keep pace in this rapidly changing environment of technology. As lightning fast payment processing continues to evolve, it is fortunate that the basic principles of AML compliance still apply. Methods of making payments are multiplying, but a solid understanding of the market in which an app or payment processor operates is the best line of defense. Ask questions. Spread the word. The landscape is changing, and it is up to the entire AML community to rise to the challenge.

Full citations:

http://frankonfraud.com/fraud-trends/synthetic-identity-the-history-of-how-it-was-discovered/

https://www.fico.com/blogs/fraud-security/synthetic-identities/