By Rajat Deshpande, CEO & Co-Founder, Finbox
The rise of digitisation in financial services has left stakeholders – from institutions to customers – exposed to fraud risks like never before. RBI reports a 166% YoY increase in bank-sector fraud cases in FY24. Online fraud cases rose by 334% too. The regulator also highlighted that small-value cards and internet frauds dominated private sector bank reports, while public sector banks saw frauds mainly in loan portfolios.
These statistics are a mere tip-of-the-iceberg. Take a closer look, and one begins to unearth a web of fraud-related complexities the industry must combat. Mitigating fraud risk across parties is a systematic problem, exacerbated by fraud’s pervasive nature and the fintech ecosystem’s interconnectedness. Most solutions around fraud place heavy emphasis on vigilance and following industry best practices (regulatory and self-imposed). While the approach seems fair ask for institutionalised players, is it fair for end-customers?
The financial illiteracy problem
Financial illiteracy today must be viewed through several lenses including data privacy, misinformation, digital literacy, and public awareness. The traditional route of bridging knowledge gaps cannot guarantee immunity from fraud exposure. Take the infamous FedEx scam for instance: people across age, social, and digital-literacy spectrums have fallen victim to it. This, despite warnings against practices like OTP/data sharing and transfer of money to suspicious parties being a part of popular discourse for years now.
The threat of customers being duped into OTP-sharing and money transfers is one instance of fraud. They can also fall victim to phishing, impersonation, and become innocuous participants in mule account schemes. And as technology evolves so will instances of well-orchestrated fraud – making the public’s fraud awareness knowledge gap wider. Placing onus of fraud prevention on customers in this backdrop is impractical.
Can institutionalised fraud mitigation be the answer?
Addressing systemic issues like fraud risk requires a collaborative effort between regulators, regulated entities, self-regulatory bodies, and FinTech’s. A top-down flow of policies, backed by well-thought-out frameworks across the ecosystem is the way to go. The system must be both proactive and reactive. It must enable prevention, detection, redressal of issues, and mechanisms that place institutions a step ahead of bad actors.
Fraud has been on the RBI’s radar for a while now. Recently, in a significant stride to manage financial fraud, the apex bank published a revised directives to REs for financial fraud management is noteworthy. The directives provide a framework for “prevention, early detection and timely reporting of incidents of fraud”. It provides REs with a structure of governance, empowers them with legal reinforcement, and empowers them to hold third parties accountable – a top down, systematic approach that is sure to pay off. On the technological front, the RBI also called for an Early Warning Signals (EWS) to be set up. It mandates mechanisms to capture fraud indicators from transactional data, financial performance, market intelligence, and borrower conduct.
The setting up of the EWS in the fraud management framework is a welcome move. It’s a step towards shifting the onus of fraud prevention from the end-user on to regulated entities who are better equipped to deal with fraud. As for the implementation of the EWS technology, REs is halfway there already!
Leverage existing tech for fraud prevention and detection use cases
The use of transactional data analysis and alternative data tools for underwriting is almost a hygiene requirement in digital lending and onboarding. Here’s a closer look:
Bank statement analysis: Modern bank statement analyzers can help banks and lenders detect patterns in applicant’s financial behavior and flag potentially fraudulent activity. They’re easy to integrate into onboarding workflows and can analyse and flag fraudulent activity in seconds. Furthermore, a good bank statement/transaction analyzer can also detect tampering of documents through document fingerprinting.
Alternate data analysis: In-device data like SMSes, location details, and meta data can be leveraged to flag malicious activity. This data must be anonymised, encrypted and be purged off any personally identifiable information (PII) to ensure customer data security. Banks and lenders can access such data with consent from customers, helping them flag potential suspicious behaviors like account take overs, social engineering schemes, and more.
Conclusion
The evolution of fraud with tech is inevitable. And financial literacy is no longer an option (or excuse) for the banking ecosystem to shrug off responsibility. It is imperative that banks be nimble and act quickly to take both proactive and reactive steps towards mitigating fraud risks. And transaction analysis and alternative data analysis are a great – and easy – starting point.