“Courage is what it takes to stand up and speak; courage is also what it takes to sit down and listen.” – Winston Churchill
Hello Readers, thanks for the various calls and messages received last week on the article. I also got a private call from one of my senior bankers who advised me to change the latter part of the heading….Ha. ha. ha. Obviously I am not a layman in banking so my opinion is definitely from a banker’s point of view.
The latest surprise scam attempt
I woke up on Friday 16th February 2016, to complete this article. While doing so, I had alerts four on my phone, without a source, appearing in quick succession: “Authorize payment of GHc1,000 from your account. Enter MM PIN to continue, Cancel/Send” Of course I immediately cancelled, as more messages with GHC1,500 , GHc500 and GHc200, gHc1,640 also appeared one after the other!! I found this alarming because I was afraid someone was remotely trying to siphon my funds. Where is the convenience, speed and advantages associated with having a bank account linked to my mobile money? The need for awareness of new scams on unsuspecting patrons and remedies to rid society of such is now urgent.
The Marriage has come to stay
During weddings, the officiating ministers say “What God has put together, let no man or woman put asunder”. This is very apt for this article, because whatever marriage we have between the telcos and the banks has really come to stay. The keyword here is collaboration, and NOT competition. Whatever the fraudsters do to cause confusion between the three tripartite parties, it shall not succeed.
Not every customer should PATRONIZE the product
This week we shall examine the reasons why we should be circumspect in selling the mobile money product to every customer. Some of them think it is fashionable and of course very convenient but end up with funds being wiped out. In March, 2016, I run a series on “THE PROS AND CONS OF ‘BUNDLING’ PRODUCTS FOR SALE TO NEW CUSTOMERS”, where my lens focused on the recent banks’ strategy of selling “bundled” products at the account opening stage. Product bundling means offering several products for sale as one combined product.
In that article, I used my own funny segmentation like any typical branch manager would.
The Literate Senior Citizen Group (Born Before Computer, or BBC)
The semi or stark illiterates
The “One-Touch” Generation
To quote an extract from those articles published in March 2016, I emphasized on the one touch Generation as “Yes! Those are the ones to watch out for. They are always on the go. Their main characteristic is “instant”. They are always in a hurry to “touch and go” by the click of a button on their smart phones and computers. If your transactions are not up to the global standards that go with e-banking, then you might as well forget it. They are made up of:
Students in tertiary institutions
Young workers in formal institutions
Persons who may be disabled and may not be able to enter the banking halls which are not disability-friendly.
Persons who have a tight schedule and hardly have time to attend to their banking needs during working hours.
They may be older professionals like accountants, doctors, pharmacists, teachers, etc. They know their rights and expect the bankers to be on top of their act. They are very financially savvy and can easily take bankers on. Yes some of them have been in banking before or even teach banking and finance at the tertiary level education”.
Based on my above mentioned categorization, which group above would you sell the mobile banking product most? Of course it is the instant generation group, which barely has time to wait for transactions to be done for them. In addition, the BBC group, which is also made up of very literate and very financially savvy persons will also benefit but will be slow and cautious. As for the illiterates, they are the “no-go” area. Surprisingly a greater number of patrons of mobile money patrons are semi-literates who are easily defrauded. Education is the key in making the product work. Just as banks prepare glossy brochures, are they prepared to invest money into brochures which focus on safeguarding customers’ wallets? After all, the wallets are linked to their account balances.
Identifying and Assessing key risks: understanding the potential of fraud
In order to build an effective risk management strategy, operators and banks need to identify the vulnerabilities in the operations of its deployment. The risk identification process should be conducted by a combined team of the risk management of personnel in both the banks and telcos. The review should also include the sales, marketing, distribution, finance and security and revenue assurance of both parties, not forgetting representatives of Bank of Ghana who are regulators of payment systems. Where in the mobile money process might actors or participants be at risk or capable of committing fraud? The key players who need to be considered are the customer (transactional risk), the agent (channel risk) and the employee (internal risk).
For banks, the most important objective should be to protect the interests of bank customers from fraud, while also ensuring the service remained accessible and easy to use. A robust risk management strategy would be foundational to building trust with customers
The East African Example
The launch of the mobile money payment system in East Africa was fraught with the following problems:
Vishing/Smishing: Use of phone calls or SMS to gather personal details such as account numbers, PINs or personal identification details.
Advance Fee scams: Customers duped to send funds under fake circumstances or promises.
Payroll fraud: Non-existent or “ghost” employees receiving funds.
Reversal Requests: Customer requests to reverse transactions that were in fact successful.
False transactions: Sending fake SMS to make customers believe a transaction was successful. Often accompanied by a reversal request.
Split transactions: Agents split cash-in transactions in order to earn multiple commissions (only applies to tiered commission structure).
False transactions: Agents transferring customer funds to personal account.
Registration Fraud: Creation of accounts for false, invalid or duplicated customers for the purpose of obtaining extra registration commissions.
Internal fraud: Employees colluding for unfair personal financial gain.
Identity theft: Employees accessing and exploiting customer information without authorization.
Now that these fraudulent schemes have been duplicated in Ghana and even reaching alarming proportions let us bankers and telcos should urgently work together to ensure this beautiful marriage works.
The Preventive and Detective Controls
Let me borrow some extracts from Lara Gilman and Michael Joyce’s book “Managing the Risk of Fraud in Mobile Money”:
“Preventive Controls and Detective Controls:
Control access rights to protect customer information
Segregation of duties to reduce error or fraud on high risk procedures (e.g: e-money reconciliation)
Threshold limits to reduce risk associated with AML/CFT
Customer awareness campaigns to increase customer education and protection
Agent training on acceptable practices and terms and conditions
Employee training on roles and responsibilities
Monitor and analyse suspicious activity
Monitor activity on system access
Create robust customer recourse and escalation procedures
Monitor agent transaction activity, SMS alerts to customers, Management review of high-value transactions.
Preventive controls are generally held to be stronger than detective controls, especially if these controls can be implemented as technical features of the mobile money system. If controls such as segregation of duties, access rights or network hardening are deployed, it is important for these controls to be implemented robustly, with proper documentation, review and testing. If the controls are in place but are easily circumvented (for example, if segregation of duties is in place but users commonly share passwords to get around it), risks of fraud still remain.
Fraud and risk are two key areas that the regulator of banks as well as the telcos must address with urgency. Fraudsters have no respect for their targets, whether you are a policeman, banker, MP, Senior citizen, student: their concern is your mobile money wallet. We are all at risk. They are the concern not only of the operator, but also the concern of the customers, the banks, the agents and the regulators. We need Bank of Ghana to initiate the setting up of a Review Committee as soon as possible.
For bankers, please sell the product well by educating your customers on the benefits while cautioning them about ways they can prevent frauds on the wallets. Don’t be afraid that it will scare them away. Rather be assured that your customers would rather feel empowered and in control of their bank balances as well as their mobile wallets. After all, knowledge is key, and they will appreciate you more. By ensuring that frauds are managed, banks and operators can protect themselves, their customers and agents and help contribute to a successful mobile money business and contribute to make Ghana a cash-lite economy and all persons financially included.
Just as I was about to send this article to the BFT Editor, another guy has called. His mission? He has sent me GH950 wrongly. I checked…the GH950 is from his own personal phone….He calls again……I replied that the funds are not from Mobile money….he got angry and actually threatened me that he is going to clear the GHc?? in my account. Truly the amount he quoted is the balance in my wallet! Minutes later, another alert pops up.. “Authorize payment of GHc1,200 from your account. Enter MM PIN to continue, Cancel/Send”
Am I dreaming….This is an urgent SOS message… Banks, Telcos and Bank of Ghana…Please help us!
ABOUT THE AUTHOR
Alberta Quarcoopome is a Fellow of the Institute of Bankers, and CEO of ALKAN Business Consult Ltd. She is the Author of two books: “The 21st Century Bank Teller: A Strategic Partner” and “My Front Desk Experience: A Young Banker’s Story”. She uses her experience and practical case studies, training young bankers in operational risk management, sales, customer service, banking operations and fraud.
Email:firstname.lastname@example.org or email@example.com