The recent spotlight on banking fraud has ranged fromimpossible-to-understand weapons of mass destruction (a.k.a.derivatives) to rogue traders, traditional bank account takeoversand impersonations with traditional ID theft. Technologicaladvances are enabling fraudsters to commit more sophisticated actsof deceit with increasing anonymity.

Fraudsters in the modern age have learned to prey on those withpoorly designed controls or no controls at all. They are then aidedby the ubiquity and convenience of mobile banking apps that meetdaily banking needs for on-the-go consumers.

As a result, identification of your customer or member and KnowYour Customer have become two of the biggest challenges throughoutthe financial services industry.

More Mobile, More Problems

Since the introduction of PayPal in 1998, the industry hasexploded with a plethora of online payment systems including themost recently launched Apple Pay, Android Pay, Bitcoin, Samsung Payand Alipay – to name a few.

In addition to these new payment systems, consumer use of mobilebanking apps has grown considerably in recent years. According tothe Board of Governors of the Federal Reserve System's report,“Consumers and Mobile Financial Services 2016,” 43% of all mobilephone owners with a bank account had used mobile banking in the 12months prior to the survey – up from 39% in 2014.

Consumers rely on the banks and credit unions with which they dobusiness to keep their identities safe and their funds secure. So,as consumers continue to adopt new “banking anywhere” technology,the banking industry as a whole is forced to reconsider itsinformation security protocols and processes, taking extra steps toensure consumers' data and finances are protected.

The traditional brick and mortar processes of KYC – when amember enters the credit union to conduct a transaction (e.g.withdraw cash) – are not much different from online and mobiletransactions. KYC, along with other application controls forproducts and services, are a financial institution's anti-fraudmagic bullets.

Bringing Offline Controls Online

To be truly proactive against fraudulent money transfers andavoid weaknesses in existing AML programs, a credit union's digitalmechanisms should mirror those in its brick and mortar facility,where bankers can ask for a PIN or verify members with a passportor other form of identification.

Some proactive steps a credit union can take include:

• Certify the person sending the transfer or online payment isexactly who they say they are. One option is to have a robustapplication process during account setup.

• Confirm the person or business receiving the payment is exactlywho they say they are. One example is to create an encryption keythat is known only by the recipient.

• Monitor daily- and member-threshold limits for online paymenttransfers and transactions. The credit union can perform analyticsthat include automated scripts to continuously monitor and auditactivity.

• Include an escalation process that provides notifications andadditional documentation requirements for AML compliance. ExistingAML policies and procedures with key application controls can bereviewed periodically to demonstrate control effectiveness.

Banks and credit unions that apply anti-fraud techniques acrossboth physical and digital platforms will find themselves in a goodposition for future growth.

Brian C. Chung

Product Manager, ACL

Contact

604-669-4225 or [email protected]