Financial Fraud - Customer Education ?

Ramgopal

4/26/20103 min read

photo of white staircase
photo of white staircase

A top private sector bank has been releasing half-page advertisements in leading newspapers under the 'Customer Education' title for quite some time now. Each time it describes a specific kind of banking related fraud (mostly technology related) and provides tips to customers to safeguard from such incidents. The general intent is to bring in awareness among customers. You would expect the kind of frauds mentioned to be prevalent so as to be relevant. Otherwise, it can unnecessarily propogate wrong information and also create fear among the general public that anyway is mostly non-tech savvy. Here's one such recent example related to 'SIM-Swap Fraud'.

<<Begin Contents of Advertisement>>
How do SIM-swap frauds occur?
- The fraudster obtains your mobile phone number and bank account details through a phishing e-mail.
- He asks your mobile-phone-service provider for a replacement SIM card under some pretext, like changeover to a new handset or loss of SIM/handset.
- The service provider deactivates your SIM card and gives him a replacement SIM.
- The fraudster introduces a payee into your bank account using the phished data, transfers funds from your account to his and withdraws the money through an ATM.
- All this while, your service provider's alerts don't reach you because your SIM card has been deactivated.

What are the safeguards that should be taken?
- Never respond to phishing e-mails.
- Do not disclose your mobile phone number on websites.
- Change your banking passwords frequently.

<<End Contents of Advertisement>>

The questions that came up were,
- Is this such a common fraud or likely to be in the near future?
- Is it easy for somebody to commit such a fraud?

According to me, these are neither common nor easy. However, for some reason the bank in question has felt it worthwhile to warrant a half-page Ad. So lets proceed with the belief that they must be right. You may also say, it needn't be easy for a fraudster to be interested in commiting a fraud, as long as its possible they will attempt it. Fine.

What needs to be overlooked by the various parties involved in allowing the fraud to take place?
- An email is sent by the fraudster impersonating to be the bank. The customer responds to the email divulging mobile number and bank account details like user id, password etc. This is fault #1 commited by customer. Inspite of repeated warnings/requests, people somehow fall for such emails and disclose sensitive information. Never divulge details to anybody under any circumstances.
- A replacement SIM is acquired by the fraudster from the mobile-phone-company. This isn't an easy thing to achieve. Mobile-phone-companies do not (are not supposed to) provide replacement SIMs to anybody other than the actual customer (fault #2). They would (should) also ask for relevant identity proof to ascertain the identity of the person seeking replacement (fault #3). They are supposed to file the copy of the identity documents provided which have the photograph of the person seeking replacement (fault #4). They would (should) make an attempt to trace/contact the original SIM before deactivating and reissuing (fault #5).
- From the time when the SIM has been deactivated to the time when the money is siphoned off from the bank account, the original customer should have not noticed that their SIM isnt functional any more which means they wouldnt have been able make or receive any phone calls / messages (fault #6).

What trails have been left by the fraudster?
- The fraudster walked into a mobile-phone-provider asking for replacement SIM. The executive at the store would have seen the person.
- The fraudster has given personal identity documents with photograph at the mobile-phone-company.
- The fraudster has transferred money to their (or an accomplice) account. The details of the account would be available as part of the online transfer transaction trail.
- The fraudster's bank account would have significant details of their customer (the fraudster) including photograph, signature, PAN details, address etc.
- The fraudster's photograph would (should) have been captured while withdrawing money from the ATM.

If and when the victim realizes the loss and reports to the bank, the bank would (should) be able to trace the fraudster. Ofcourse only with the help/co-operation of the security agencies, mobile-phone-company, fraudster's bank, the bank owning the ATM etc. If multiple jurisdictions are involved then it would require the co-ordination among the various security agencies as well. Should the fraudster be a group rather than an individual then its likely that a single individual would not have committed all parts of the crime meaning, the person appearing for SIM replacement, the person opening a bank account, the person at the ATM etc could all be different people. This could make it even more difficult for investigating agencies to crack.

From this analysis, you should have known by now that it certainly isnt easy to commit the fraud. However, should it be committed, the investigation and capturing/arrest would be even more difficult, (though not impossible) given the number of entities that could be involved.

Family

Connecting memories and stories since our inception.

Home

Welcome

contact@cillanki.com

© 2024. All rights reserved.