The 'Newsletter on Financial Fraud' from CustomerXPs is your monthly insight into the various new fraud types and methods used by fraudsters globally in the banking space.
This will help you stay abreast of all the latest happenings in the banking fraud space.
The data on frauds in the banking system was compiled by RBI based on information filed by the banks.
Twelve men have been arrested over an alleged attempt to take control of Santander UK's computer systems and steal millions of pounds, British police said on Friday.
The men are accused of fitting a device to a computer at a Santander branch in Surrey Quays, London, enabling them to take control of the bank's computers remotely, police said in a statement. The arrests were made by the Metropolitan Police's Central e-Crime Unit in London on Thursday.
A spokesman for Santander UK said no staff members were involved but could not comment further.
London police said the arrests were the result of a long-term, intelligence-led operation and had been achieved by working in partnership with banks.
"This was a sophisticated plot that could have led to the loss of a very large amount of money from the bank, and is the most significant case of this kind that we have come across," said Detective Inspector Mark Raymond.
The twelve men, aged between 23 and 50 years old, are being held in custody at a London police station.
At least 100 mobile money users lose money every week, some in millions of shillings, police statistics show.
A source in the police public relations office admitted that they are struggling to catch up with the criminals behind the scam.“Because of so many unregistered Sim cards, it’s very hard to track suspects and arrest them. Other conmen use fake details to register Sim cards used in mobile money fraud,” the source said.
Fraud at work
Timothy Arinanye, 32, a mobile money agent lost Shs 3.5m to a conman. He says that a client wanted to deposit Shs 356,600 onto his account. When my employer gave this conman the phone to put the pin number, he transacted Shs 3,566,000 and sent it to his phone. We realised it in the evening when balancing the sales,” he said.
Arinanye adds that when he called the number, the owner denied receiving it and switched off his phone.
“When I contacted MTN to block the money which was deposited on that account, they told me they can’t do it unless I get a court order since the suspect is also their client. By the time I got the court order, the money had been withdrawn and the phone switched off. It will never be recovered,” says Arinanye.
With a bank loan to clear and no more start-up capital, Arinanye’s business collapsed.
In another trick, conmen master the agent’s pin code by giving him an invalid number which he repeatedly dials while entering his code. When he gives the fraudster the phone to type in the correct number, he sends all the agent’s money to himself and disappears. The agent realises later that he was robbed.
Another victim, Cissy Namayanja, says she received a call and a man claimed he had credited her account by mistake.
He said that he was an agent who was sending money to a client and that I should reverse the transaction from my side. He asked whether I had any money on my account to which I said yes. He proceeded to give me a code and finally told me the transaction was hanging since I needed more money on my account as transfer charges.
The message I got on the screen meant nothing and this guy never credited my account in error but wanted to access what I had using the code he provided. I don’t know how those messages work but I didn’t even think of checking my account balance first. I think the screen message I read facilitated him to withdraw the money,” Namayanja says.
The thugs also take advantage of network problems in an area to deposit money on their phones. When the agent gives them his phone to enter the mobile money pin code, they send the money quickly but delete the sent message and tell the agent that indeed the network is off and disappear without paying.
Armed with a fake message that shows funds on the phone, a fraudster can pretend to be in a rush and ask the agent to give him cash but retain the phone to withdraw the money he has taken when the network resumes.
Conmen also use the TelCo back-up customer service for contacts or Sim card registration by pretending to be employees backing up or registering Sim cards. After swapping your card with another, they use it to commit crimes. When police tracks the line, an unsuspecting victim is arrested.
Fraudsters are also targeting money transfer agents such as Western Money Union and Money Gram.They hack emails and get all the details of the sender and receiver. They forge the identification of the receiver and then withdraw the money. By the time the rightful owner goes to claim the money, the fraudster is targeting his next victim.
Delhi police have stumbled upon a new modus operandi of e-banking fraudsters in which they first hack the internet banking account of the target and then get mobile number blocked to prevent the bank customer from receiving SMS alerts about illegal transactions made by them.
In a recent case, two Nigerians were arrested by the staff of South Delhi police for allegedly swindling Rs 70 lakh from the bank account of an NRI based in Japan.
Police seized three laptops from them containing banking data of around 1.5 crore people.
During interrogation, the duo told police about the new modus operandi in which hackers first hack data of bank customers from its website which contains the internet banking Id, passwords, other basic details and the mobile number on which SMS alerts are sent in case of a transaction from the account.
"Armed with this information, fraudsters reach retail outlet of the mobile service provider and get the number blocked on the pretext that the SIM along with the mobile handset has been stolen or was lost.
"As they already know the name and address of the owner of the mobile number through hacking, they even get a duplicate SIM issued of the same number," said a senior police official.
As per police, there have been a number of such cases in the recent past in which transactions worth lakhs were made after getting the number blocked.
On August 13, Basanta Kumar, Country Head of Bangladesh of Global Alliance for Improved Nutrition (GAIN) had filed an FIR with the Economic Offences Wing of the Delhi police saying that some fraudsters swindled Rs 19,31,000 from his bank account through internet banking after getting his phone number blocked.
Criminals have gone a step further after banks started sending SMS alerts to their customers about every transaction and the need of the hour is to devise new methods to counter it, the official said.
"Firstly, people should regularly change their internet banking passwords. We have observed that most of such dubious transactions are made at night and more than one at a time. Banks should change their policy and take note of transactions which take place at odd hours and are dubious in nature," he said. "Banks should ask for alternate mobile number on which a customer can be informed if they detect some suspicious activity from an account such as multiple transactions involving big money or in which money is transferred to foreign accounts," he said.
With the number of SIM card fraud cases in South Africa rising sharply last year, the banks and cellphone service providers are locked in a blame game, with each party arguing that the other could do more to combat the virtual scourge.
An increasing number of South Africans are falling prey to this cybercrime du jour.
According to the South African Banking Risk Information Centre (Sabric), the number of SIM swap incidents was less than 100 in 2011.
In 2012, that number rose to over 1 000, more than 10 times what it was the previous year.
The sharp spike signalled concern from cyber security experts, banks and cellphone service providers alike.
One of the distinguishing aspects of this form of fraud is that it implicates both the banks and mobile service providers in its execution. Vodacom’s chief risk officer, Johan van Graan, explained.
“The fraudster gets the victim’s login and password details for a victim’s internet bank account, usually through phishing [soliciting personal details through emails]. That’s where the fraud starts,” he said.
The fraudster may then approach someone who has very little in his or her bank account, ask if the account can be used to receive money and pay the account holder a few hundred rands in return.
Now that the fraudster has a bank account from which to siphon money and a bank account to receive it, he or she needs to secure a SIM card linked to the victim’s bank account in order to complete the transaction.
Once this takes place, the fraudster receives the one-time PIN numbers or other additional cellphone-linked security devices intended to act as a last line of defence before a person can complete an online banking transaction.
“SIM swapping is actually just another name for online banking fraud.
“When the banking fraud takes place - this is what makes me angry - the staff at the banks’ call centres say, ‘if the cellphone service providers hadn’t authorised a SIM swap, you wouldn’t have lost your money.’”
Van Graan said, by doing that, the banks are denying their own accountability in the process. But the law backs the view that banks are largely liable for losses incurred through SIM fraud, he said.
Instead of blaming service providers, he said, the banks could do more to mitigate risk by increasing security measures involving the adding of new beneficiaries.
“The banks could hold payments to new beneficiaries for more than 48 hours,” he said.
This would allow time for fraud detection systems to pick up false payments and freeze them before they are transferred.
Banks could also work more closely with cellphone service providers to red-flag possible incidences, Van Graan said. Cellphone service providers can flag phones with newly activated SIM cards that have not made any phone calls but have authorised a number of payments in a short amount of time, he said.
Vodacom has already started collaborating with FNB on this front with good success.
Archive Section[-]  2018