Prevention of Digital Banking Frauds

Digital fraud can be defined as the use of phishing emails, fraudulent websites and mobile apps, hacking, fake social media profiles or identity fraud and other mechanisms used to obtain personal information to defraud users or customers.

While digital transformation is transforming the banking system, it has paved the way for new forms of digital banking fraud. The legacy branch-based banking has given way to multi-channel banking services and opened up new ways for cybercriminals to operate.

Digitization of banking services offers many benefits like

• enabling banks to provide more services 24/7
• allowing the users to access banking services from wherever to whenever and
• making it cheaper for banks themselves to offer such services.

The flip side to these benefits is that this digitization has created more vulnerabilities. Not all customers are tech-savvy, making it easy for fraudsters to target them. Since customers do not have an awareness of the security risks, they are easily duped into divulging confidential personal and banking information to cyber criminals, who then proceed to use this information to authenticate

Types of digital frauds

• Identity theft - Fraudsters steal personal, private, or financial information of an individual or individuals. This type of crime impacts individuals whose identity has been stolen and companies that utilize these identities. The identity that has been stolen does not need to be that of a living person. Fraudsters take the identity of deceased people or even establish a fake identity. Some examples of identity fraud that can be committed are;

1. Fake passport identification
2. Fake credit card accounts
3. Fake bank accounts
4. Fake loan applications
5. Fraudulent bank transactions

Phishing - Fake emails, text, or social media messages are sent by fraudsters falsely identifying these as to be sent by legitimate senders, asking for confirmation of personal information. It can also be through links that can infect the recipient's device with malware once clicked on.

Physical theft - This is a common theft, wherein physical documents are stolen and used for fraudulent transactions.

Shoulder surfing - Scammers monitor people as they use devices in public and pick up on the keyboard inputs. Public WiFi can be hacked and hackers can take control of devices directly.

Prevention - The most straightforward way to stop such instances is not to open or click on links remotely from unknown sources. Since such relations cannot be sent from the original address or person, scammers fudge the address.

1. Be vigilant when checking or replying to emails or messages from unknown sources.
2. Carry digital documents to avoid physical theft.
3. Do not use public WiFi or use VPN to avoid hacking.
4. Use two-factor authentication (2FA).

• Malicious software - Malware is software installed in a user's computer or mobile device without consent, with the intention of stealing personal and confidential information. Such software can make system changes and even send keystrokes to scammers. Such software can get installed when

1. Free software is downloaded and malware gets downloaded with it
2. Unknown or suspicious links are clicked
3. Mails from unknown sources without verification are opened
4. Unknown malicious sites are visited
5. Software updates are not done and antivirus is not installed

Prevention - Such attacks can be prevented by

1. Keeping the operating system and applications updated
2. Avoiding clicking on unknown links
3. Being selective about site visits
4. Downloading apps only from official play stores or sites

• SIM cloning - The word cloning means duplicating something, in this case, an official or legitimate SIM card. Scammers make a duplicate SIM with the same information as the original. The cloned SIM data or information is then transferred to a separate, secondary SIM. This cloned SIM can then be used to intercept incoming calls and text messages and make calls and send messages. This lets fraudsters intercept messages from banks like OTPs and also send or call the bank for verification.

Prevention - Cloning a SIM is a physical act. It is not common to clone a SIM remotely. Such cloning can be prevented by

1. Removing the SIM if the device is being sent for repairs or replacement
2. Enabling a SIM PIN. Duplication is not possible without the hacker having access to the PIN.
3. Using an eSIM. eSIMs are now being offered by many mobile operators. This is one of the most fail-safe methods.

• E-transfer fraud - E-frauds can be of two types. The money to be deposited to the receiver's account is sent back to the sender's account. In this type of fraud, the sender's account is already compromised and the money is being sent from the compromised account to the hacker's account when the money is returned.

The second way is when the money is not transferred to the intended recipient and is transferred to the hacker's account. In this case, the recipient's account is compromised and the money is sent to the hacker's account.

Prevention - Following steps can be taken to prevent fraud or recover the money.

1. Contacting the financial institution to look into such transactions and block the account temporarily.
2. Change the passwords routinely.
3. Set up a fraud alert.

In conclusion, it falls on the user or the client to take fraud seriously and be aware of the security traps. Most banks and financial institutions are continuously upgrading their systems to prevent fraud, and it is the joint responsibility of both the clients and banks or financial institutions to prevent and report such incidents. While digitization has made it easy for banks and clients to use the system for their benefit, the flip side is also very evident. Using fraud detection software for banks can help banks and financial institutions to prevent such frauds while ensuring that clients do not bear the brunt of such malicious attacks.