The rapid growth of mobile banking through phones and tablets reflects the central role that these devices now play in the lives of consumers around the world. It also highlights some of the growing challenges that banks face in handling their customers’ migration to new banking channels. In the UK, research by the British Bankers’ Association found that British consumers would use mobile devices to check their current accounts 895m times during 2015, against 427m transactions in bank branches. By 2020, the BBA forecast that customers will check their current accounts from mobile devices 2.3bn times a year, more than internet, branch and telephone banking combined.
As more consumers choose to make the mobile phone their primary method of managing most aspects of their day-to-day life, the potential clearly exists for banks to experience very rapid growth in customer numbers. The example of an African bank that saw its customer base grow from 4m to 14m in less than two years after it introduced mobile banking is far from unique. A shift of this size and speed inevitably places huge loads on the banks’ IT systems as transaction volumes explode, as well as providing another route into the banks’ information systems that can become vulnerable to fraud and unauthorised use. The hugely increased demands placed on staff and IT systems can make effective risk controls very difficult to implement and to scale up in step with rising customer numbers.
Mobiles are also becoming an important means to verify the identity of a customer, leaving the bank potentially vulnerable to simple frauds that involve changing the mobile phone number shown for a customer on the bank’s CRM database to that of a fraudster, who is then in a position to call the bank’s telephone service in order to gain access to the victim’s account information, using the false mobile phone number to authenticate their identity.
How to detect mobile account takeover actions in order to protect customers and prevent fraud?
A multi-channel & multi-layer fraud mitigation approach combined with automated controls is essential. At NetGuardians, our controls correlate audit trails from the mobile channel and other multiple sources e.g. core banking system.
Any changes to customer sensitive data, new mobile banking set-ups for corporate and internal accounts, account lock-outs, etc. are all flagged/identified for action. The relevant information is brought forward to identify and follow-up suspicious fraudulent transactions to help forestall any customer account takeover.
Alerts are automatically sent by email or SMS in case of suspicious behavior.
From eBook: A-Z of Banking Fraud 2016