Digital Banking – Convenience vs. Risk
Compliance expert, Matt Goble, shares fraudulent activity your financial institution should watch for as digital banking demands increase.
Welcome, to the digital world. Whether you’re ordering groceries or making a virtual trip to the doctor, companies from every perspective of the economy are making accommodations in order to appeal to the modern day consumer. The banking industry is certainly no exception. With more individuals desiring to perform their banking functions from the convenience of their smart phones and tablets than ever before, financial institutions are responding to those preferences by offering customers a digital experience to bank without the building. While the ability to open deposit accounts and apply for credit online from anywhere using your smart device provides the convenience factor for the customer, it also comes with new challenges and risks for financial institutions to face head-on– beginning with Bank Secrecy Act/Anti-Money Laundering (BSA/AML), Office of Foreign Control (OFAC), and Know Your Customer (KYC) compliance.
In both traditional products and services as well as those provided via digitally through online and mobile banking, compliance risks related to BSA/AML is high as financial institutions attempt to effectively manage money laundering risks. Additionally, a fully digital account opening experience must come complete with digital identify verification. Digital identity verification is a key component of the remote account opening process as it satisfies KYC requirements that all financial institution’s must adhere to when onboarding new customers. KYC is the first step in the continuous fight against fraud. Cyberattacks on financial institutions are not only growing in volume and complexity, but the rate of attacks are also increasing. Given the scale and impact of fraud in today’s banking environment, it is vital for financial institutions to detect fraud during the account onboarding process.
Fraudsters use data stolen from customers through data breaches or “hacks,” account takeover, social engineering, phishing attempts, or other methods used to fraudulently open an account. In addition to application fraud, the use of fake, manipulated, or manufactured identities are also on the rise. Common attacks that lead to account take over by fraud include:
- Phishing attacks: Fraudsters send emails or SMS messages designed to encourage the recipient to click a link that will redirect the user to a fake banking portal or to open an attachment that will install malware engineered to collect the individual’s personal credentials.
- Mobile Banking Trojans and Overlay Attacks: Fraudsters will leverage weaknesses in operating systems to install Trojan software on the victim’s electronic device designed to overlay fake screens on legitimate mobile banking apps in order to collect an individual’s banking credentials.
- Malware: Fraudsters use malware to collect data through key-logging or man-in-the-middle malware which intercepts data via the victim’s internet browser.
- Fake Banking Applications: Using fake stores or discount/promotional campaigns, fraudsters distribute apps that pretend to be owned by the financial institution. These fake apps look like the real thing, except that data is sent to the criminal.
To mitigate such risks when performing due diligence to identify your customer, consider obtaining additional identification verification items if:
- The customer’s photo identification is unclear
- The signature on the identification does not match the signature on the signed documents
- The driver’s license or state identification card was recently issued; the address on the application does not match: (a) the address provided by the customer or (b) the address on the identification card
Given the scale and impact of fraud, a digital onboarding process also poses substantial operational and strategic risks for financial institutions. As fraudsters use increasingly sophisticated methods, financial institutions need an identity verification and risk-based fraud solution that leverages AI (artificial intelligence) through supervised and unsupervised machine learning. Financial Institutions that do not consider the impacts from technological advancement or innovation to their business, or are slow to adapt to changes within the industry, are increasing their exposure to strategic risk.
If your organization is looking to expand its digital footprint and you have questions about how it impacts your compliance management program, look no further than Temenos Compliance Services. We currently have digital onboarding quick compliance guides that can help. Plus as a customer, you can ask unlimited compliance-related questions to our seasoned staff of experts.