- A guide on key lessons from managing digital fraud attempts; as a wealth management firm in Nigeria over the past three years.
Digital fraud has grown at an almost equal pace alongside financial innovation–from banks to modern-day fintech. From time immemorial, digital innovations in the finance space have always ushered in new levels of ease and speed. In 2017, we wrote a detailed article about this evolution. Sadly, just as innocent users are grateful for these changes, so also are fraudsters.
Over the past 3 years, we have monitored the activities of these fraudsters and how they’ve tried to game our system. Thankfully, at all times, we’ve been able to cage them before they caused damage. Our lessons have also placed us in a proactive position to anticipate and quash fraudulent acts before they manifest.
Basic Digital Fraud Categories
So far, we have been able to identify three categories of people associated with digital fraud:
- Referral Program Gamers
- Smurfs: Distributors of Fraudulent Cash
- Trusted Intruders
Using in-house examples, we’ll share how these categories differ, their modes of operation and how to reduce their success rates to zero.
Referral Program Gamers
A usual market-entry approach for service providers, and by extension other consumer tech products, is to use a referral program that nudges users to invite their friends. There are numerous case studies that prove this is a solid growth approach. This manner of digital fraud directly impacts any company’s growth efforts negatively.
The downside to this referral-based growth is that people try to game the system by referring nobodies. In essence, you can have one user duplicated as one hundred users.
People like these are described as gamers. In their numbers, they can drain marketing resources dedicated to genuine referrals. A quick fix is to limit people to signup with only known domains, like gmail.com. However, that will serve as a major hurdle for many.
And even if that were possible, gamers can just register legitimate emails using their cards. To effectively tackle this, we started with identifying known spam domains and flagging referrals made with the same card.
Do not let anyone sign you up, through a referral program, to any financial service without your total consent or proper understanding of the platform.
Money Smurfs: Distributors of Stolen Money
Today, using your Bank Verification Number (BVN), it is possible to open wallets that can take in more cash than your primary bank account limits. This is interesting to the everyday user and fraudster.
For the everyday user, a business person, for instance, it makes it easier to receive more payments seamlessly and then transfer to any bank account of their choice.
However, for the smurf, this is a beautiful loophole. A smurf refers to a money launderer who is tasked with under-the-radar transfers. With a random BVN, a smurf can set up a wallet, and transfer large sums in small bits to separate accounts.
Once the transfers are done, a smurf can go on to withdraw these amounts from mobile money operators in cash. Then the bulk cash is paid into a lesser number of accounts, or have them “cleaned” through purchases tied to legitimate accounts of the fraudsters.
Usually, smurfs make use of accounts in rural areas to receive these monies. Given the number of accounts that can be involved, tracing the money can be quite tough and frustrating. And even when properly traced, the BVN holders might be oblivious of what the accounts were used for.
As a BVN holder, do not share your BVN with anyone except trusted platforms. Your details can be used to wrongly tie you to a financial fraud case.
Here’s an example:
Emmanuel receives a fraudulent transfer into a wallet created with the BVN of a fisherwoman in Makoko. In the last three months, in building up, he has been making purchases from her. Gradually, he built up a rapport with her and finally got her BVN.
It is important for financial institutions to properly explain the impact of sharing BVN details. The issue is not with other fintechs, but random individuals who get these details to carry out transactions in their names. Here is a BVN education sample.
With her BVN, he created a wallet that received the fraudulent transfer. To cover his tracks properly he goes on to transfer the money in bits to various mobile money agents. Finally, he is able to access seemingly untraceable cash that can be paid back into the financial system as legitimate.
Smurfs are fond of using BVN details of people in rural areas or their unsuspecting friends or acquaintances. We’ll discuss a proposed solution to managing this category after breaking down the final category of fraudsters.
Trusted Intruders
This final category is quite similar to smurfs. Although these ones do not necessarily receive fraudulent cash, they tend to take the same withdrawal path. People in this category are usually close friends or family members.
Do not use the same password and PIN across platforms. Doing that makes you vulnerable to multiple attacks.
Given their proximity, they struggle less with getting passwords or PINs. An ally can log in to make a transfer, divert funds and clean up tracks easily. For example, Onyinye logs into her sister’s wallet and makes a withdrawal into the account of a money agent. Then, she will clear up the transactional emails that show proof of transfer.
How to Manage Digital Fraud of Smurfs and Trusted Intruders
Given their similar withdrawal patterns into accounts that cannot be traced to them, the same solutions apply. The first step is to limit withdrawal options to accounts associated with the BVN details.
As a service provider, leverage friction when it comes to editing BVN details. This might contradict the call for seamlessness with fintech apps but there is a strong case for frictional UX when money is involved.
With this limitation, you restrict the intruder and make it easier to track funds if they finally get through your security structure. Regardless of the strength of your structure, access might still be possible due to oversight from the user. Hence, such restrictions are welcome.
In one of the cases we have successfully handled, we were able to leverage BVN details to easily track funds moved by an intruder to multiple bank accounts and quickly froze them. With the freeze effected, we were finally able to retrieve the funds, identify the recipients and return back to the legitimate owner.
Secondly, set up approval hurdles like the use of the google authenticator app for two-factor authentication (2FA). If there is a need to turn off 2FA, they’ll need a token from the app or reach out to your support team for help. Once again, leverage friction.
In summary, it goes beyond having a strong security wall. It is more about observing user behavior and building flags around suspicious patterns before an attack happens. Keep building a seamless experience with security coming first.
RELATED:
Best Way to Resolve Flagged Accounts
I have been saved times without number from my 20% savings on my salary earned and this I enjoyed using cowrywise application.
I simply want to applaud the initiatives behind cowrywise, and God bless the day I downloaded this app, seamless transactions and activities, this is a one stop shop for investors and planners alike.
Oluwadamilare Akinola.
(Dee3concepts Travels)
A+ for financial literacy.
Thank you Cowrywise!
??
So happy to have you on board ?
I love saving with cowry wise. I have no regret… i have also learnt some things on their blogs concerning savings and investment
So glad to hear that, Blessing. Thanks!
Yayyy ?
I’m a student. Although there are other saving app buh i love cowrywise moreee… So straightforward
Thanks Omowunmi! ??
?
As a student who uses both PiggyVest and Cowrywise, I prefer Cowrywise because it is waaayy simpler. And has more options.
Always teaching its users something. Thank you!
Thank you, Omolola.
Among all other sites and companies, I have been investing I still choose cowrywise as the best . Because,its simple, straightforward, and attend to their customers,thanks to cowrywise we are still looking up to you,
for more development.
I love CowryWise for their regular financial education
I love cowrywise
And introduced it to my friends
Great initiative from Cowrywise
Now i would love to ask where the 10% tithe comes to play in
Well, you get to play around with the percentages when it comes to the 50-20-30 rule. I include my tithe by lowering my necessities to 40%, and also included black tax @ 9%. Just make sure all your categories add up to 100% and adjust where only necessary.
Specially want to thank OPE he’s/she’s been great! Thank you for all the financial advices!
Overall best in financial literacy
I so much love cowrywise especially because they have a plan for Muslims who do not want interest on their savings and I also love their automation
I am always happy and always look forward to when cowrywise will remove my money
Them say debit alert no dey give person joy but whenever it’s from cowrywise am always happy
Please I need your advice on how to get debt free with my income how to spend and Dave to pay up the loans
I always look forward to Ope’s email because their is always something to learn.
I invitatied one thousand I did not see the money or income
Awesome! I loved this app because any time I logged in,it gives me future assurance.
Kudos to you guys (expecially ope) your quote motivated me a lot ❤️❤️ cowrywise
I wanna know about cowrywise investment…I only know about her savings
With little responsibilities, I stay with my parents , my main expenses are usually transport and internet subscription, I’m able to save up to save up to 50% of my salary
Cowry wise is the Best
I love cowrywise and I’ll introduce anyone to it.
I wish to know more about Cowrywise investment
I wish to know more about Cowrywise investment. I have interest in investing. How can I go about it
Cowrywise is very nice ,they do great job
Wow really loved this
A very nice article thanks
Thank you for yet another insightful post??
I have no regrets since I joined cowrywise, since 4years ago, I love it and have introduced many people, God bless you all Amen
The first 200k I was able to save was because Cowrywise made it possible ????.
I love the fact that once a saving plan is set you can never break it till it’s due date.
I remember rushing down to my app to withdraw my money just for me to realize it’s a one year saving plan?? I was heartbroken at then but guess what one year later I was immensely grateful that the money was safe locked without me accessing it.
I have a lot to learn from using this app as I journey to financial freedom, I haven’t officially utilized the investment options but I will definitely give it a good try someday.
Thank you Cowrywise for this awesome opportunity ❤️?
Thanks for always educating me ❤️?
Thank you cowrywise..Thank you Ope
Thanks so much my favourite Savings adviser, Ope, this 50-20-30 plan is an eye opener. I will put into use immediately so that I can be consistent in my savings. Thanks
Lovely write-up as usual, always happy to see cowrywise content