FRAUD RISK FOR E-COMMERCE COMPANIES OR FINTECH INDUSTRY

Links- https://www.cfainstitute.org/en/research/cfa-magazine/2017/why-fintech-could-lead-to-
more-financial-crime

https://www.radial.com/sites/default/files/Trends-in-Ecommerce-Digital-Fraud.pdf

Fintech industry has the potential to increase the financial crime and it has been doing this.
Fintech startups aim to disrupt current practices and do it fast, but disruption can also create new
opportunities for fraud.
Lack of experience working in financial services may correlate with increased vulnerability to
financial crime.
Following are some of the problems that have arisen in financial industry because of the increase
in fintech.

1). Identity Crisis

One enormous change with modern financial services is that clients can open accounts and send
money without ever having met an adviser face to face. An example could be of ClearVest
Company. ClearVest, a platform that provides independent advisers with access to alternatives
and commodity managers, facilitates manager choice and online enrollment to enable client
onboarding. Though its client advisers do have personal relationships with clients, ClearVest has
an electronic-only relationship with the investor. Despite this, the platform has a fiduciary
responsibility to investors: It must comply with know-your-customer and anti-money-laundering
(AML) regulations and protect itself from false identities. While ClearVest has brought advanced
technology to the onboarding process, the process isn’t finished until human and machine
insights are combined to determine whether the funds coming in and going out belong to the
person whose name is on the account.

Identity fraud is relatively easy and made easier by the amount of personal data we post online
every day. All one needs to access most online financial services is a photo with accompanying
contact information. Cryptocurrency investing introduces a special risk for identity fraud.
Agarwal describes how it can happen. Someone steals your identity and buys bitcoins using a
fake credit card and bank account. The bitcoins are then transferred to the fraudster’s private
bitcoin wallet immediately, leaving no trace. From an investor’s point of view, fraud issues are
critical. Because investments in fintech innovations usually happen during the startup phase,
established financial institutions dedicate substantial resources to predicting the amount of write-
offs due to fraud and arrange a balance sheet to accommodate the losses. New companies don’t
have the same luxury, and even smaller losses can crater the stock price. Add in hackers who
steal information from small companies with the intent to drive down the stock price and profit
from their already-established short positions, and one quickly sees the benefits of monitoring for
potential frauds.

2). Sly Velocity

Increased speed in initiating relationships and transactions is what attracts customers to fintech
applications, but these same characteristics are exploited for ill-gotten gains. Consider the risks
that come with the speedy approvals touted by online lenders. Applications come in over mobile
devices, personal data is entered, permission is granted to access bank accounts, and decisions on
whether to approve get turned around within 24 hours. The lender checks a great range of
personal data, which always includes a credit rating.

Still, the speed of approval doesn’t leave time for real-time updating of applicant credit
information, and that opens an opportunity for a growing problem for online lenders called “loan
stacking. In this scheme, the borrower submits applications to several online lenders. He might
get $35,000 from Lending Club and the same from Prosper and SoFi. Instead of a single loan, he
gets five and banks the total amount. The risk in the system is that none of the lenders know
about the other applications. Desperate people can stack loans and do it without the intent to
defraud. Cross-border differences in regulations and cultural mores add opportunities for
absconding with other people’s money.

In the US, online lending took root because individuals can’t get loans from banks anymore; in
the EU, the market is small (and thus competitive), regulation is not consistent across countries,
and there’s no credit bureau.

China, in contrast, is a huge market, and many Chinese citizens’ first computer was a cell phone.
With almost no banking infrastructure and even less access to financial services for individuals,
China’s consumer financial services market has been captured by such mobile apps as WeChat
and Alibaba. Each app performs multiple functions for users: WeChat, for example, can make
online payments, is linked to a bank account into which paychecks are directly deposited, and is
integrated with Bloomberg Tradebook, Yelp, LinkedIn, PayPal, and ticket and hotel purchases.
Compared with the US, there are many more opportunities—and many more threats.

This mobile-only relationship with money transfers and transactions combined with card-not-
present credit purchases keeps those charged with preventing fraud extremely busy. According to
online fraud-protection company iovation, in July 2013, roughly 25% of its monitored
transactions among subscribers in the financial services industry originated from a mobile
device; in 2016, mobile traffic represented nearly 42% of all transactions. Based on these
statistics and the incumbent risks associated with card-not-present transactions, iovation predicts
that US retailers and financial institutions will lose $7.2 billion due to fraud by the end of 2020.

The potential speed of transactions is often hampered by the threat of identity theft. With online
transactions taking only seconds, the lines between traditional businesses of all sorts are blurring.
Consider online marketplace auction houses, which facilitate international buyers transferring
frequent and sometimes large sums back and forth well in advance of the delivery of the goods
being purchased. Airbnb is just a well-intended platform for renting vacation homes, but people
with stolen IDs use the system fraudulently. 

Blockchain technology, which promises fraud inhibition by transparently recording each step in
the history of a transaction, has its own problems. A particularly promising blockchain platform,
Ethereum, was launched in 2014. Promoted as a “decentralized platform that runs smart
contracts,” Ethereum gives developers the tools to create markets and transfer and store
documents and blockchain tokens with ostensibly no counterparty risk or intermediary taking a
fee. The flaw in the system was exposed in 2016 when a cryptocurrency-based venture fund was
hacked and $36 million was misappropriated to a fraudster’s account. Entreaties to get the funds
back were in vain, and the platform had no choice but to create a hard fork in the chain and hope
all developers would then work with the new chain. Not all did, leaving Ethereum, the venture
capital fund using the platform, and all the developers scrambling for a new solution.

Individuals or groups indulging in fraudulent e-commerce and m-commerce transactions

apply varied methods including unauthorized account access, card usage, among other
fraud techniques. Some of these major fraud methods are outlined below:

• Account Takeover (ATO): Unauthorized access and control of another user’s personal
information online is the most prevalent type of fraud in the e-commerce domain. Around 40%
of e-commerce fraud falls under the ATO variety. ATO – also known as identity theft – occurs
when one user obtains the credentials to another user’s value storing account. A value storing
account can be anything from a bank account to a gaming account to a Facebook profile.
According to Javelin Strategy & Research, ATO takes place every three seconds in the US.

Credit Card: A stolen credit card can be used for extensive fraud. CNP (Card Not Present)
credit card fraud constitutes any illegitimate buying and selling transaction that takes place
online with stolen credit information: it can involve sales, resales, or returns. There are 2
subtypes of credit card fraud:

Friendly fraud: Known as the more explanatory “chargeback fraud,” a “friendly” fraud occurs
when a customer makes an online purchase with his or her own credit card and then requests a
chargeback (money returned from the transaction for an alleged fault in the product) from the
bank or credit card company after receiving the item or service.

Triangulation scheme: In this type of fraud, the fraudster purchases an expensive item from one
e-commerce domain (using a stolen card or employing deliberate friendly fraud) and visits a
second website (a seller’s website that accepts public merchants, such as eBay) and sells the item
to a third unsuspecting individual. The faster the transactions occur, the less time either website
has to conduct the appropriate checks and balances to determine the validity of the card, which
may be stolen. The fraudulent party is paid by the third party, while the original merchant has
either accepted payment from a stolen credit card (which will result in a chargeback) or suffers a
chargeback as the fraudster claims that he or she never received the merchandise.

• Malware: Malware is a malicious software such as trojans and viruses, designed to infect your
computer without your informed consent or knowledge. It can monitor your keystrokes (thereby
recording everything you do), take control of your computer, or do any number of other things
that can affect the performance of your computer. Malware is generally distributed through
email, social networking sites and video sites.

With a large amount of card information stored and transferred online, it has been become easier
for hackers to get access to this information. Every time new measures are taken to prevent
fraud, hackers step up their game and find new ways to avoid the newly set barriers.

There are two main reasons that online fraud occurs as often as it does:
1. It is fairly easy for hackers to steal the needed data. For fraudsters, it is easy to buy this
information on the black market.

2. Lack of prosecution for this type of crime.

HOW TAX EVASION OR MONEY LAUNDERING OCCURS THROUGH ROUTING

PAYMENT TRANSACTIONS

Links- https://evercompliant.com/transaction-laundering-new-advanced-form-money-
laundering/

Transaction laundering is the new sophisticated form of money laundering and terrorism
financing  and is one of the biggest challenges facing the AML regime today. This advanced
merchant-based fraud scheme takes advantage of legitimate payment ecosystems by
funneling unknown transactions through seemingly unrelated ecommerce merchant
accounts.

Left unchecked, transaction laundering can have truly dire consequences. It has come to light
that Cherif Kouachi, one of the two terrorists who attacked the Charlie Hebdo office in Paris on
January 7, 2015, had financed the attack with proceeds from counterfeit goods that he sold
online. Transaction launderers essentially tap into the payment ecosystem by using a storefront
merchant account to process transactions originating elsewhere. This way, the fraudulent
merchants are able to funnel unauthorized transactions through legitimate payment networks
while avoiding detection, not only by regulators but even by the payment processors themselves.

Due to its ability to conceal the true origin of the transaction, transaction laundering is often used
to process payments resulting from criminal activities. Transaction laundering opens the door
into legitimate payment systems for money launderers of all sorts: criminals, tax evaders,
merchants involved in shady business practices and financing acts of terror.

Creating multiple layers of complexity, as a way to obscure the real origin of funds and to
hide the identity of the real beneficiary of a certain transfer is the main goal of transaction
laundering. By creating vast networks of interconnected online entities, criminals can easily
separate the true source of funds from the transaction, and thus are able to circumvent anti-
money laundering checks and measures without setting off regulatory alarms. This makes the
trailing of illegal proceeds extremely difficult for the law enforcement agencies and regulatory
bodies

Ecommerce Payments- the Blind Spot in the AML regime

Although FinCEN and other regulators constantly enact ever stricter policies, AML rules and
regulations did not adequately adapt to the growing magnitude of ecommerce and the associated
growth of the payments ecosystem. Current regulations and enforcement mechanisms are attuned
to other lines of business and financial services, such as banking, capital markets, and insurance;
and products , such as cash deposits, wire transfers and securities trading.  
Ecommerce payments using credit cards, among other means, are rapidly growing, and this
growth creates an ample opportunity for criminal enterprises to abuse the legitimate payments
ecosystem. As things currently stand, payments in general, and card-not-present credit card
payments specifically, continue to be the blind spot of the AML regime.

LIST OF CYBERCRIMES AFFECTING THE PAYMENT INDUSTRY

Links- https://www.radial.com/sites/default/files/Trends-in-Ecommerce-Digital-Fraud.pdf

Phishing: The fraudulent practice of sending emails purporting to be from reputed retail
companies in order to induce individuals to reveal personal information, such as passwords and
credit card numbers. Any unfamiliar source is an indication of phishing activities.

• Identity theft: The fraudulent practice of using another person’s name and personal
information in order to obtain credit, loans, etc. A cybercriminal, who steals personal
information and uses it under false pretense, is engaging in identity theft. Hackers penetrate
firewalls through old security systems or by hijacking login credentials via public Wi-Fi. Many
retailers offer Wi-Fi across stores for public access.

• Pagejacking: The behavior of stealing high-ranking web page content from another site and
placing it on your site in the hope of increasing your own site’s search engine rankings. Hackers
can reroute traffic from a retailer’s ecommerce site by hijacking part of it and directing visitors to
a different website. The unwanted site may contain potentially malicious material that hackers
use to infiltrate a network security system.

• Advanced fee and wire transfer scams: Hackers target credit card users and ecommerce store
owners by asking for money in advance in return for a credit card or money at a later date.

• Merchant identity fraud: This method involves criminals setting up a merchant or retailer
account as if it is a legitimate business and charging stolen credit cards. The hackers then vanish
before the cardholders discover the fraudulent payments and reverse the transactions. When this
happens, the payment facilitator is liable for the loss and any additional fees associated with
credit card chargebacks.