Professional Documents
Culture Documents
A MicroSave Publication
FRAUD IN MOBILE FINANCIAL SERVICES
Table of Contents
For many years, financial inclusion was a The study will help stakeholders
major challenge globally, due to the high costs understand the kind of interventions that
involved. To offer financial services, premises are necessary to address these risks.
had to be constructed, new employees
recruited and significant capital investments The study should help lower the cost of
made. Financial institutions concentrated on intervention by enabling new deployments
the high value consumers that yielded larger to learn from older, experienced operators.
revenues and largely excluded the majority of It is noteworthy that early adopters of
the population. mobile financial services learnt from
financial services, payments, and
The introduction of mobile telecommunications industries allowing
telecommunications and later, the adoption of them to mitigate early risks.
mobile phones to provide financial services
changed the dynamics of the industry, bringing Understanding fraud enables better
financial services closer to the public through knowledge of investment required in
existing merchant infrastructure within local mobile financial services. Investment costs
communities. The success of M-PESA since necessarily include capital investment,
its launch in Kenya in 2007 has increased the infrastructure, platform development,
appetite for mobile financial service human resources and capacity building to
deployments especially in developing respond to fraud. These costs will be
countries. Financial institutions such as banks incurred by various stakeholders including
and microfinance institutions are also regulators, operators, agents and security
investing in the provision of mobile financial agencies among others.
services.
Definition of Fraud in the context of Mobile
The implementation of mobile financial Financial Services
services, like other financial services, faces
risks and challenges. This paper addresses Fraud is commonly understood as dishonesty
fraud as a challenge in the provision of mobile calculated for advantage—a deception
financial services. deliberately practiced in order to secure unfair
or unlawful gain. Fraud in the context of
The Importance of Studying Fraud in mobile money is the intentional and deliberate
Mobile Financial Services action undertaken by players in the mobile
financial services ecosystem aimed at deriving
The study of fraud helps mobile financial gain (in cash or e-money), and/or denying
service providers build a fraud lifecycle other players revenue and/or damaging the
that is closely aligned to the product reputation of the other stakeholders.
lifecycle. Different types of fraud will
occur at different stages of the product.
FRAUD IN MOBILE FINANCIAL SERVICES 2
Key fraud enablers in mobile financial services Absence of communication may increase
are: fraud occurrence, as new victims will not
be aware of the risks and mitigants.
Weak regulation – The inability of
regulators to monitor the mobile money High cost of transactions – When
ecosystem, to set guidelines for different transaction costs are high, customers may
stakeholders increases the likelihood of try to reduce their costs by abusing the
fraud in any system. Regulation does not system.
necessarily mean statutory regulation; it
may mean oversight by financial regulators. Pricing policies – Pricing and commission
In a number of mobile financial service paid to different players will contribute to
jurisdictions, regulation is done by the level of fraud in the system. Percentage
oversight with regulators exercising best pricing has a different impact from
practice in managing services. staggered pricing and commission. In some
cases, the operator may opt to charge for
Maturity of the mobile money services - services at a single point and therefore open
Different types of fraud occur at different it up to abuse at points where the service is
stages of the deployment. For example, free.
fraud on B2C and C2B transactions will
likely occur in more mature markets, while Cultural issues – Fraud in certain markets
fake registrations tend to be prevalent in will be higher because the society is
new deployments. generally lenient to fraudsters. Leniency
may be caused by weak legal structures, or
Processes – Weak or non-standardised a weak political system.
processes open and enhance the
possibilities for fraud. Fraud can be Seasonality – Fraud tends to increase
reduced and limited by ensuring that there during certain seasons and activities. As the
are checks and balances within systems and festive season commences the fraud levels
structures to limit its occurrence. also increase because there are more
promotions, and everyone is trying their
Compliance monitoring – Processes alone best to attract funds.
are, of course, not enough to reduce fraud
… they will only be effective if they are Fraud in mobile financial services mirrors
properly monitored. Compliance fraud in other financial services such as
monitoring will take the form of scheduled banking, cards, and ATMs. It is not unique to
audits, independent and mystery shopping, mobile and therefore lessons learnt in other
third party reviews, peer reviews etc. areas can be replicated in the context of mobile
money. Occurrence of fraud depends on the
Consumer awareness and poor stage of the deployment of financial services.
communication within the system - Therefore, the level of incidence will change
Communication enables different users to as the mobile financial service evolves.
know fraud trends, and mitigants.
FRAUD IN MOBILE FINANCIAL SERVICES 3
The table below lists prevalent types of fraud and the probability or frequency of its occurrence at
different stages of the deployment cycle. This table forms the basic framework of the paper.
1
Click on hyperlink to go to Appendix giving details and examples of these frauds and how they might be
mitigated
FRAUD IN MOBILE FINANCIAL SERVICES 5
2
click on hyperlink to go to Appendix giving details and examples of these frauds and how they might be
mitigated
FRAUD IN MOBILE FINANCIAL SERVICES 6
Employees and fraudsters link wrong mobile numbers Low Low High
to bank accounts
Illegal transfers from business mobile money account Low High Medium
B. Businesses Defrauding Mobile Money Operator
Fraud on multiple access channel (Web and handset) Low High High
3
Click on hyperlink to go to Appendix giving details and examples of these frauds and how they might be
mitigated
FRAUD IN MOBILE FINANCIAL SERVICES 7
1. CONSUMER DRIVEN FRAUD He suddenly realises that he has no time and asks
Mavuno for his cash, excuses himself and begins
Consumer driven fraud is fraud that is initiated by to walk out. The first consumer returns to the
fraudsters posing as customers. Consumer fraud counter to continue with the conversation. At this
targets agents, other consumers, businesses and point, the second consumer returns, pretending to
mobile financial service providers. Consumer have changed his mind and requests that Mavuno
driven fraud is the most common fraud in the carries out the transaction urgently. Mavuno
market and transcends the different stages of the obliges and only reconfirms the amount and
deployment. It is more prevalent during the deposits the cash. He makes the mistake of not
transaction activation stage of the business when checking the currency again and only realises later
consumers begin to trust the mobile financial that the currency is fake.
service better, but are yet to understand many of
the potential risks in the service. The key method Phishing – Fraudulent consumers send fake
of managing consumer driven fraud is consumer SMS to agents either from their own handsets
education activities, although there are many or generated from computers. The SMS looks
processes and system-based checks that can also genuine to the recipient.
help mitigate these challenges.4
John has been looking for money to pay off his
The most common types of consumer driven fraud creditors. One day he receives a call from a sweet
include the following: - talking person who claims to represent the largest
supermarket chain. The person claims that John
Counterfeit (fake) money – Fraudulent
has won US$ 1,200 in a draw that was carried out
customers deposit counterfeit currency with
recently by the company. The caller however has
agents and receive electronic money. They
one request, could John send some money (US$
immediately withdraw the electronic money at
100) to account 12345 in order for the winnings to
other agent outlets, ATM devices or point of
be activated? John obliges and transfers the funds.
sale devices.
Next time when John talks to the caller about his
winnings, the caller claims that the funds
Mavuno was recently hired by an agent as an
employee and part of the mobile money business transferred were not enough, and an additional
team. On the second day at his job, a consumer US$ 100 was required. John borrows the
visits the shop. This consumer pretends to know additional funds from his friend Mark promising
very little about the service but would like to to repay with interest of 10% per month. After
register and deposit some cash. Mavuno, sensing sending the money a second time, he tries to call
registration revenue, attends to the consumer the recipient but finds his number unavailable. He
explaining the service. A second consumer walks tries for about 2 hours to no avail. He then decides
into the shop and asks to deposit some funds. to contact the mobile operator’s call centre. He is
Mavuno checks the currency and confirms its duly informed that there is no such promotion
authenticity. While Mavuno is confirming the going on and several consumers have complained
cash, the consumer receives a call and begins to of being defrauded in a similar manner.
talk on the phone.
4
Also see Ignacio Mas’ Blog My PIN is 4321 for a
discussion of these issues.
FRAUD IN MOBILE FINANCIAL SERVICES 9
Split deposits
4. MOBILE FINANCIAL SERVICE process takes 5 years to finalise, during which the
PROVIDER FRAUD account is largely forgotten. An employee of the
mobile money operator with super-user rights
This is a range of fraudulent activities perpetrated accesses the account and over time transfers funds
by the mobile financial service providers’ to himself. By the time the liquidation process is
employees. The fraudulent activities will be finalised the account has no funds.
carried without authorisation of the business. The
key types of fraud in this area include fraud on the Collusion between fraudulent mobile money
mobile money operator, mobile money operators’ employees and other fraudsters to carry out
employees defrauding agents, businesses and unauthorised SIM swaps.
consumers. Fraud in the ecosystem is less
prevalent at the beginning of the deployment and Jackie is seated in her grocery shop. She decides
becomes common during the customer activation to make a call to her husband who works in
and value stages of the deployment. At this stage, another city. She tries to make her call but is
substantial electronic money has been invested in unable to connect. ―Another network issue‖ she
the system and it therefore becomes attractive to mutters and stops trying. She attributes the failure
fraudsters. to poor network and continues with her work.
Suddenly her neighbour appears extending her
Examples of the most common types of fraud phone to Jackie. ―It is your husband‖, she says.
include the following: She informs her that her husband has been unable
to reach her all morning. Jackie realises that she
Corruption within the mobile money business
has a problem with her line. When she contacts
the mobile operator’s call centre using her friend’s
John is a teacher and is looking an avenue to
handset, she is informed that her line has been
invest in his spare financial resources. He has
swapped … and soon discovers that her mobile
recently been told that operating an agency
money balance has been withdrawn.
business for a leading mobile financial service
provider is lucrative. He decides to try his hand at
it and submits the relevant application / Unauthorisediiaccess of financial records for
documentation. He receives a call advising him personal gain.
that for his business to be given rights to operate
the outlet some payment is required as a Paul and Michelle are going through a divorce
―facilitation fee‖. If the bribe is not given, the process. Paul suspects that Michelle has more
outlet will not be approved. money in her mobile money account than she has
declared. He seeks out a customer care employee
who agrees to share details at a fee. He pays and
Mobile operators’ employees stealing funds he is given the account balance.
from the business
Unauthorised transfer of funds from
Baku is a leading master agent with 30 outlets and customers’ accounts
has transacted mobile financial services for over 3
years. Baku is declared insolvent and the business John has been depositing funds in his account and
has to undergo liquidation process through the transacting quite frequently. He grows suspicious
court of law. Baku’s mobile money account is one day when he checks his balance and realises
frozen pending completion of administration that what he deposited the previous day is
process. Access to the account by the original missing. He decides to check at the nearest
owners of Baku is cancelled and they can neither operators’ shop and finds that funds have
view nor transact the account. The liquidation disappeared from his account. He requests for his
FRAUD IN MOBILE FINANCIAL SERVICES 12
statement and realises that a withdrawal of which Weak password and transaction PIN strength
he has no record or recollection has been made
from his account. He lodges a complaint with the Michi transacts a lot on his mobile banking
mobile money operator specifying that funds have account. He finds it convenient to do so. His son,
been transferred from his account without his Daudi gambles a lot and needs money to feed his
consent. The mobile service provider investigates habit. Daudi knows his father’s year of birth. He
the transaction and finds that one of the has on a previous occasion been instructed by his
employees accessed the account and transferred father to unlock his phone using the year of birth
funds from John’s account into his own personal as his PIN. Daudi guesses, correctly, that his
account. The employee is unable to provide a father’s mobile money PIN is his year of birth. He
justification for this action and his service is duly tries it and is able to send money to himself which
terminated. he subsequently withdraws.
System related fraud covers all fraud activities John works for a third party vendor contracted by
that affect the mobile money deployment through a leading financial institution. He has been given
system weaknesses and processes. System related administrator rights in order to facilitate
fraud will cut across different stakeholders integration between the mobile money platform
including agents, businesses, and mobile money and the financial institution. He creates two
operators. System related fraud is highest when a unauthorised users with rights to initiate and
platform has inadequate controls to guide in verify transactions, and transfers funds from the
transaction processing. This fraud is prevalent organisation to his associates’ wallets, effectively
during transaction activation stage of the stealing money from the financial institution
deployment and continues to grow into the value
addition stage. Individual users with multiple rights
The key occurrences of fraud include: Jim is the Money Transfer Manager with a leading
master agent owner. The owner, to save costs,
Password/PIN sharing
decides not to hire additional staff. He creates
Chantal runs an agent outlet with two employees. himself and Jim as the only persons authorised to
Each employee is required to apply for his/her transact the main mobile money account. Being a
own PIN in order to transact the mobile money busy man, the owner entrusts his password with
business. However, Chantal encourages Jim, allowing him to act as initiator and verifier
employees to use the same PIN. Even when on the account. Jim uses this access to transfer
employees are terminated from employment, the funds fraudulently to his friends.
same PIN is used by newly recruited employees.
Fraud on multiple access channels
One day, Mark, one of the employees takes the
day off work. He however, passes by the business At some point in the business, a leading master
to check on something and finding the handset agent lost his computer and had to temporarily
lying on the counter, transfers money to a transact from a computer located inside a cyber
fraudulently registered number. The money is café. Subsequently, in an unrelated event, he fires
withdrawn at an ATM location. It is very hard to two of his employees Navaro & Sadiki. Even
pin the blame on Mark since he should have been though he now has a new computer he forgets to
off duty on that day. disable the secure certificate in the cyber café.
Navaro & Sadiki being aware, use their access to
illegally transact from the cyber cafe.
FRAUD IN MOBILE FINANCIAL SERVICES 13
IMPACT OF FRAUD
5
See Mas and Ng’weno ―Why doesn’t every Kenya
business have a mobile money account?
6
That said, anecdotal evidence from the field
suggests that customers’ trust was not very badly
damaged by the reports of the internal fraud (even
though it was large in size) as no customer was
affected and only the Telco lost money. Had many
agents or end customers been affected, the impact
would probably have been much larger.
FRAUD IN MOBILE FINANCIAL SERVICES 14
CONCLUSION
It is evident that mobile money-related fraud is unlikely to be shared amongst various mobile
increasingly becoming important. Over the money players. Donors and consultants can
past few years, several serious cases of fraud bridge this gap as neutral parties facilitating
have been reported that have raised concerns such sessions and including other stakeholders
within the industry. As mobile payments begin including regulators, law enforcement
to scale in many markets and new products are agencies, universities etc.
introduced, there is growing need to address
fraud conclusively. The donor agencies and Development of Smart Tools and
consultants have a key role to play in this Processes – Smart tools and processes are
aspect of the industry. important in the management of fraud. Most
fraud, especially those of a larger
Research – There is very limited research scale/magnitude, can be detected and limited
into fraud in mobile financial services. This is through effective data analytics. Many
largely because mobile financial services are deployments have failed to employ real time,
fairly new globally with a limited range of efficient and reliable analytics in mining data.
successful deployments. Research would In order to remedy this weakness, deployments
involve working closely with these may be forced to develop new and better
deployments to understand the risks of fraud. platforms or create interfaces that will enable
In many cases, deployments will be very generation of proper data for mining. Many
sensitive about the type of organisation they mobile financial service providers neither have
work with in order to protect their sensitive the competence to understand the importance
data. They are therefore more likely to work of this activity nor the funds to invest in these
with independent reputable organisations that activities. They are purely focussed either on
are unlikely to compromise on their data. scaling up their existing services or trying to
Donors and consultants can play a key role in develop new products for their customers.
identifying neutral parties to carry out this Donors and consultants can finance the
research which in the long term benefits the development of smart tools that can bridge this
industry. Research will help the market gap by investing in smart tools and processes
understand the core reasons of fraud, on behalf of the providers. They can work with
frequency of occurrence, patterns, responsible experts to automate services for organisations
parties and the effectiveness of various and identify resources to help in data analytics.
interventions carried out to curtail frauds. They can also design new tool kits should, test
them and implement.
Stakeholder Groups – As this is a
sensitive matter and has a bearing on the brand Capacity Building – Many deployments
image and business volumes, many operators do not have the capacity to understand fraud in
prefer to deal with fraud individually without their businesses and/or in the industry in
consulting other players. There is therefore general. The body of experts is limited and
limited information flow across parties on expansion is yet to keep pace with demand for
similarities in fraud and hence transfer of services. Fields of study previously considered
lessons learned. A fraudster having tricked one limited in scope are becoming increasingly
financial service provider can move to the next relevant. For instance there is need for
knowing fully well that the information is business analysts, fraud managers, money
FRAUD IN MOBILE FINANCIAL SERVICES 16
laundering managers, and compliance officers. Mobile financial services providers must
It is not the core business of mobile financial therefore have a comprehensive curriculum
service providers to build this capacity. Even if in place for initial and on-going training of
they build capacities in this area, there is a agents. The curriculum must include
tendency to position experts within their certification and evaluation. Well trained
organisations. There is no mechanism to track agents will be aware of risks, will ensure
frauds at an industry level and create faith of that customers are made aware of the risks
the population on the mobile money eco- and will know off measures to deal with
system. Donors can bridge this gap by risks and minimise damage.
providing funding to create capacity in this
field and by helping development of Structured customer and/or agent feedback
curriculums / training platforms to train sessions and events. These forums help to
different stakeholders in the mobile money sensitise users and players about mobile
eco-system on fraud prevention. Work in this financial services and obtain feedback from
field will have to be an on-going effort which these stakeholders.
will enable a body of experts to build expertise
in this field. The use of road shows which focus on
experiential interactions between the
Financial Education – Financial education mobile financial service providers and
is required for both agents and consumers to customers/agents. Road shows have been
effectively tackle the menace of fraud in widely used in the Fast Moving Consumer
mobile financial services. Financial Goods (FMCG) sector to create awareness
transactions using the mobile phone are a very around products and services and to address
recent phenomenon. Even the upper and any objections to the products. Mobile
middle class population—which is better financial services are very closely aligned
educated and more aware about technology to the FMCG sector and therefore road
and usage—has not started using the service to shows should help providers engage with
its full potential. The low income population, the customers better.
especially the un-banked and under banked,
needs to be educated on the usage, benefits Thirdly, adoption of consumer education
and risks among other aspects so that it can through awareness campaigns. Awareness
confidently use this facility. Similarly, agents campaigns on specific areas of fraud in the
will not be able to service the consumers print and electronic media will help in
properly and ensure client protection unless sensitising the public about the specific
they know about the risks and cautions they risks.
need to take as service providers. Financial
education need not be formal, but involve Monitoring and Supervision of Agents–
usage of marketing and promotional tools to Investing in channel identification, recruitment
drive awareness. There are a number of critical and management is critical for successful
financial education measures that should be deployment of mobile financial services. It is
considered: costly and requires recruitment of staff,
structures, processes and activities that will
Agent training and certification – It is ensure that the channels or agents provide
widely agreed that agents form the back standardised services to customers. Strong
bone of mobile financial services. systems and processes are effective only if
Comprehensive training of agents creates implemented properly. Regular monitoring of
the first line of defence against fraud. agents is important to check and ensure proper
implementation. If there is intentional laxity or
FRAUD IN MOBILE FINANCIAL SERVICES 17
negligence on part of agents, they can be mobile financial service activities which
warned; on the other hand if agents make helps them understand the services better.
mistakes and are ready to learn, they can be Activities may also be done by internal
guided through the journey. Periodic audits management teams and or independent
need to be carried out to verify records and companies contracted to provide
practices, and to hand out performance independent reviews.
rewards and (where appropriate) punishment.
Mobile financial service providers require the Stakeholders must be aware of the
intervention of donors and consultants in existence of mystery shopping as a way of
providing support and resources to implement quality control. This will ensure that agents
these activities. They may need to deploy work towards ensuring they comply with
consultants to help build internal capacity requirements, demand training from the
within the organisations. business if required and provide feedback
on quality assessment tools used.
Mystery Shopping or Compliance
Monitoring Activities– One of the ways to The rewards and consequences of
keep a check on the agents’ activities and noncompliance must be defined and
adherent to defined processes is to conduct communicated to all agents in advance.
mystery shopping. Monitoring and supervision Agents will therefore be aware of the next
are formal approaches to manage agents’ steps which will avoid any
performance and adherence to prescribed misunderstanding or fear of victimisation.
processes designed to reduce fraud, but since
they are regular and institutionalised, agents Client Protection Reviews– Client
often recognise the staff conducting the protection measures are those measures that
monitoring/supervision visit. Mystery are in place to protect consumers and other
shopping conducted by people who are not users of mobile financial services and
known to the agents can provide invaluable therefore the industry itself from unfair
feedback of actual consumer experience. The practises. A formal review of an organisation’s
key drivers of effective mystery shopping ability to optimise client protection and thus
include the following: reduce operational, fraud and reputation risk
can be carried out through a series of agent,
Mystery shopping activities should be consumer, staff and senior management
planned as part of the channel management interviews (and use of other PRA tools).8
strategy of the mobile financial service Donors should support these client protection
providers. Activities must have well reviews to protect the nascent e/m-banking
defined objectives and clear monitoring industry from shocks as recently seen in the
tools. This will ensure that activities are not microfinance industry. Client protection
sporadic but that they are consciously measures will involve:
developed by the team. Typically, activities
would happen continuously at various
levels covering the entire country. 8
MicroSave has adapted the seven client protection
principles developed by Smart campaign for mobile
Mystery shopping activities should be financial services. These are (1) appropriate
carried out at various levels. The levels product offering and delivery, (2) ensuring safety
include regulators collecting information and reliability, (3) transparency of products and
services, (4) responsible pricing, (5) fair and
for their own needs. Regulators are more
respectful treatment of customers, (6) mechanism
strategic, looking for ―a general feel‖ of for complaint resolution and (7) security and
privacy of customer data.
FRAUD IN MOBILE FINANCIAL SERVICES 18
APPENDICES
Consumer driven fraud is fraud initiated by fraudsters posing as customers. Consumer driven fraud is
the most common type of fraud, targeting many people at the same time. Fraudsters may target agents,
other consumers, business organisations and the mobile money operator.
99
See Mas and Ng’weno ―Why doesn’t every Kenya business have a mobile money account?
FRAUD IN MOBILE FINANCIAL SERVICES 23
Repudiation
Repudiation in mobile financial services means reversal of transactions done between parties (individuals and/or corporate
organisations). Repudiation is a controversial subject in mobile financial services as it may lead to intentionally perpetrated
fraud.
Repudiation of such transactions is the easiest because mobile financial service operators maintain contracts that are signed
with corporate organisations and agents after detailed vetting process.
Typically, when money has to be reversed from the agent, the mobile operator will call the agent and confirm that
indeed the funds were sent to their account in error. It is highly unusual that an agent will deny the business access to
the funds if they were erroneously transferred.
When funds are erroneously transferred by a customer to a business, the customer may directly inform the business or
notify the mobile payments operator who notifies the business. In this case, if funds were not intended for the
business, it is also unlikely that they will refuse to reverse the funds.
If funds have been transferred from the agent or corporate customer, the funds can be blocked by the operator urgently and
refunded to the organisation immediately they are advised. Affected customers will then be advised of the repudiation.
This repudiation affects transactions from one individual subscriber to another subscriber. It is the most contentious type of
repudiation and comprises the largest percentage of transaction repudiations.
Scenario 1: - No Repudiation
The operator opts not to interfere with the transactions, callers are advised to either resolve the matter with the recipient
directly, or seek legal redress.
Advantages
Disadvantages
The majority of repudiation requests are genuine and genuine customers may lose money
Customers will rely on goodwill of recipients to refund.
The recipients of funds will often charge the customers for the refund since there is a cost of transferring the money
back to them. This is unlike a reversal which is usually free.
Consumers may lose trust in the service especially when they have a negative experience and lose funds.
Most deployments have opted not to adopt this approach because it makes the operator appear impersonal.
FRAUD IN MOBILE FINANCIAL SERVICES 24
The call centre may repudiate transactions on the strength of the sender’s request only without consulting the recipient.
Advantages
Repudiation is instant and therefore it will lead to additional transactions on the platform.
Repudiation is cheaper since no additional calls are required to any other party. Additional calls consume time and
resources.
The requestor’s funds are protected before they are misused. There have been cases of consumers receiving funds
erroneously and withdrawing the funds instantly.
Disadvantages
Under this scenario, the customer calls the call centre and requests for repudiation. The call centre immediately suspends the
funds to ensure that they cannot be withdrawn. The recipient is then called. If the recipient insists that the funds are genuinely
theirs, the call centre employees release the funds to the recipient. However, if recipient accepts that the funds belong to the
sender, the funds are reversed and transferred back to the sender.
Advantages
The process is inclusive and both parties have an opportunity to provide feedback. If the recipient surrendered goods
and services to the sender this will come out during the call.
Even when funds are not returned, the sender feels that the operator made every effort to retrieve the funds. Periodic
system generated mails to the sender can be helpful. The mobile financial service brand image remains positive.
The recipient feels obliged to release the funds if they do not belong to him as the call is from the operator.
It is cheaper for both parties since there is no additional cost to the party refunding
Disadvantages
Impersonation of business A fraudster sets up point of Develop and publish to the public a
organisations: Fraudsters sale (POS) materials clear process for recruitment of
impersonate as agents of (including posters, and corporate organisations with clear
businesses to receive signage) in a low income KYC requirements.
payments from consumers. neighbourhood of a major
Fraudsters reach out to the city impersonating as an Organisations must develop a clear
public, providing their agent of a leading process for disbursement of funds
personal mobile money insurance company in east to eliminate errors.
accounts and creating the Africa. The fraudster’s
impression that those materials solicited Comprehensive process that covers
numbers belong to the insurance premium identification, monitoring,
organisation. payments from the public. communication, and management
Prevalence of such frauds of fraud.
is higher in mature markets
where adoption rates Enforcement of penalties for
among businesses for channel providers involved in
receiving payments via creating businesses as mobile
mobile financial services if money customers without
high. following the right process.
10
See MicroSave India Focus Note 71 ―Sustainability of BC Network Managers (BCNMs) in India - How are
BCNMs Paid?‖
FRAUD IN MOBILE FINANCIAL SERVICES 29
Aggregation of commission
payments to agents for payment after
a scheduled period of time preferably
monthly. A report should be
generated specifying commission
earned, the mode of payment and
any reference number for the
payment.
FRAUD IN MOBILE FINANCIAL SERVICES 32
Mobile financial services credibility requires accuracy and fast turnaround time of transactions.
Because mobile financial services are technologically driven, the technology introduces a different set
of risks. The risk of fraud is in system administration, password management and misuse of access
rights. The table below describes the most common types of fraud and how they should be mitigated.
Password/PIN Management
Passwords/PINs should never be shared
by users, super-users, administrators,
super-administrators.
Complexity of passwords/PINs.
Preferably, ensure that pins have more
than 4 characters to limit users from
using their year of birth as
password/PIN.
This may be referred to as ―Fraud in the family‖. This type of fraud is perpetuated by employees of
the mobile financial service provider on the business, its partners and other parties. Fraud in the
family affects the credibility of the services and is usually a reflection of process failure.
Theft of mobile money A deployment in east Africa The businesses (agents/corporates) must
provider’s revenue. almost lost money through an complete details with accurate
Internal employees defraud employee who attempted to information of contacts and banking
the mobile money operator, withdraw funds from the details and sign off these details.
targeting sale of airtime, organisation but was thwarted in
Any changes to the mobile money
customer charges, funds time to stop the transaction due
agents/business account holders’ details
that may be unclaimed, to effective controls.
must be properly authorised by a
dormant accounts and other
responsible party within the requesting
revenue streams. The funds MTN Uganda, part of a leading
organisation.
may be diverted to global telecommunications
fictitious accounts and company, reported in the media All revenue reporting lines, and airtime
withdrawn from the mobile the loss of over USHS 9 Billion accounts must be reconciled on a daily
money system. (US$ 4 Million) in fraud by basis to track cash in, cash out and
employees. According to the balances.
company, this fraud was
Suspense accounts should be checked
perpetuated by employees who
and balanced on a daily basis. Any
were able to access the
suspense accounts should only have
company’s funds after an
balances current to 24 hours.
upgrade.xiii
Develop clear processes for external
Issuance of mobile money This fraud would occur if an parties to deposit money into the bank
to organisations against organisation deposits a cheque for float, verification of deposit and
uncleared funds. Staff into a trust account. The amount resolution of disputes on deposits with
responsible for issuing should only be credited when clear service level standards.
electronic money can do so the funds clear. However, in the
Preferably, all withdrawal requests of
on the strength uncleared event of collusion between
funds from the mobile money partners
funds such as cheques,
FRAUD IN MOBILE FINANCIAL SERVICES 39
Contact centre employees are the first line of call for consumers and other stakeholders that contact
the business. To facilitate their work, they will be granted access to contact centre sites, and can carry
out certain actions such as making changes on customers’ accounts. This role presents different types
of fraud that must be addressed by the business.
Unauthorisedxv access of call This fraud is yet to be reported The mobile money provider
records for personal gain. by providers. Typical fraud will should maintain a CRM for
Customer care teams have happen when a fraudulent handling consumer challenges.
access to customer records and employee provides transaction The system must include the
can misuse this access to sell details to fraudsters to facilitate following
customer transaction extortion or phishing. o Type of issue
information to third parties or o How long would such an
share the information to issue take to resolve.
fraudsters.
The business must maintain a
Unauthorised transfer of This fraud is yet to be publicly customer escalation procedure to
funds from customers’ acknowledged by any provider. handle all complaints from
accounts to other people’s It is very likely to happen when customers and manage resolution.
accounts. Employees with customer accounts are dormant Contact centre teams must be
access will use tools available over long periods of time. vetted before they join the
to them to move funds. business.
Unauthorised SIM swapsxvi An operator in central Africa Maintenance and review of
occur when a customer’s SIM fired employees for this fraud, transaction logs on the platform
card is swapped without while a second operator in East tracking all access to the system
authorisation for a new SIM. Africa arraigned an employee in and accounts with special time
The holder of the new SIM card court. stamps and reference numbers.
can access the mobile money
account and transact. The SIM Customer care roles should be
swaps may be intentionally limited to reversal of transactions
carried out by employees of the and not movement of funds from
mobile financial service the account to other accounts.
provider or the employees may This should be escalated to
be led to swap after fraudsters another team either within
pass the vetting process. customer care or outside
customer care.
Unauthorised access to co- Some employees in mobile Document a clear SIM swap
workers access rights on the financial service deployments process which limits
system. The fraudsters find a may share passwords or people/organisations that can
way to access the log in details maintain easy to guess and thus carry out SIM swaps and
and misuse this access on the abuse passwords. This type of establishing time limits between
mobile money platform. fraud is yet to be publicly
the time that SIM swap is carried
acknowledged. However, it out and the time it is
happens in the financial sector implemented.
and therefore may happen in
mobile financial services as Keep track of swaps carried out
well. through reports.
FRAUD IN MOBILE FINANCIAL SERVICES 41
APPENDIX 6: DEFINITIONS
END NOTES
i vii
For purposes of this document, consumers are Agents need SIM cards and point of sale devices
individuals who are either existing customers of the to carry out transactions. Obtaining these tools is
service or not. Fraudulent activities carried out by essentially obtaining a license to provide mobile
consumers are similar whether the consumer is financial services. Some Master Agents may obtain
registered or not. In many cases, a consumer intent these tools and resell to others.
on committing fraud, may register for the service
viii
just to defraud other participants in the mobile In customer to business transactions (C2B),
money ecosystem. In other cases, a consumer may operators allow the business to settle charges levied
be lured into registering for the mobile money for services against receipts only when the C2B
service by a fraudulent customer to enable the organizations want to access their funds.
consumer transfer funds to the fraudster. Employees of the organisations will therefore
confirm the total receipts against what is owed to
ii
Regulators protect customer information through the mobile financial service deployment
privacy laws. This makes unauthorised access to periodically. Once this is done, they should deduct
customer data a criminal offense. Employees may the charges owed from total receipts. Many
be motivated by financial gain in accessing platforms do not automatically deduct charges and
customer data even though it could lead to criminal therefore organisations can still settle without
prosecution. deducting charges due to the mobile financial
service provider.
iii
Under staggered tariffs, agent commission as
ix
percentage of customer transaction value is higher In most business facing transactions, mobile
on lower transaction values as compared to financial service providers set different tariffs for
commission earned on higher transaction values. different businesses. In some cases, each individual
Therefore, an agent is likely to earn more organisation will have its own tariff. This happens
commission by splitting a single withdrawal into mostly when the operator has few business partners
more than one transaction than processing the in place. In a number of deployments, operators set
withdrawal in a single transaction. different sets of tariffs for different types of
business. Some businesses will attract lower tariffs
iv
When a leading global telecommunication because of projected high volumes or a special
provider launched its mobile financial services in relationship with the operator. In both cases the
Africa, customer charges were not set on the deployment will have a process of implementing
mobile payments platform. Under this tariff, the tariffs approved for the businesses. There is a
customers would pay for services charges directly risk that processes in place may be weak and
to the agent in cash. This translated to multiple therefore abused by employees.
charges in the market due to lack of coins and
x
change. Effectively, Agents earned more The Observer - How MTN lost mobile billlions
commission than was recommended by the by Jezz Mbanga, dated 24th May 2012. The exact
business. Customer confidence in the deployment nature of this fraud is not clear. Press reports point
was damaged and the operator was forced to to unauthorised access of employees to customer
discontinue the practice. Subsequently, all accounts. The operator claims that employees stole
customer charges and agent commission were set money directly from the company and customers’
on the system. accounts were not affected. Whichever version is
correct, this fraud points to weak controls in the
v
Many deployments do not charge for deposits in business leading to the loss of a substantial sum of
order to encourage cash into the mobile financial money.
system. Once the money is put into the system,
xi
operators earn revenues from follow up The risk presented by dormant accounts is quite
transactions such as transfers, withdrawals, airtime big especially as the deployment matures. In
purchase among others. banking, there is a very clear definition of
dormancy, and dormant accounts are very closely
vi
We have also seen that in east Africa, agents monitored. In mobile financial services, dormancy
prefer female employees to male employees. There on subscribers is dependent on regulation set for
is a perception that male employees have a higher telecommunications providers on SIM cards before
incidence of fraud than female employees. they are recycled. In many cases, this is usually 6
months. Many operators are yet to define dormancy
FRAUD IN MOBILE FINANCIAL SERVICES 45