16. Keeping Customers Safe Online Flashcards
Define Financial Crime.
Any NON-VIOLENT OFFENCE committed by or against an IDIVIDUAL OR FINANCIAL SERVICES FIRM which results in FINANCIAL LOSS
What are the different groups of financial criminals that have been identified by the International Compliance Association (ICA)? (3) What types of entity make up each group?
- Organised Criminals
- Terrorist Groups, Large scale operations which need funding through cybercrime and fraud. - External Stakeholders
- customers, contractors, suppliers - any individuals with a connection to the firm - An Individual Criminal
- serial or opportunistic fraudsters
Define Cybercrime.
Any criminal act dealing with COMPUTERS or NETWORKS
Which type of cybercrime impacts consumers the most?
DECEPTION, e.g. scam emails asking people to reveal sensitive info.
What is Identity Theft? What are the consequences of Identity Theft for its victims?
Obtaining PERSONAL INFORMATION for the sole purpose of ASSUMING SOMEONE’S IDENTITY TO MAKE TRANSACTIONS/PURCHASES.
Consequence = damaged credit scores, finances, reputations & livelihood
What is Phishing?
Stealing USER DATA (e.g. card/login details). The attacker PRETENDS TO BE PERSON/COMPANY THAT PERSON TRUSTS, enticing them to open links etc.
What are the two types of links that can be found within phishing emails? (2)
- MALWARE
= used to damage or gain access to a device
(e.g. viruses, trojan horses, spyware) - RANSOMWARE
= Type of Malware that blocks access to the device, encrypting data until money is paid.
What is Hacking?
SPECIALIST MALWARE is injected into a network so the hacker can GAIN CONTROL.
Resulted in COMPROMISED DATA & hackers being able to TRACK KEYSTROKES/PASSWORDS
Has the introduction of Cloud Computing and Open Banking caused an increase or decrease in the vulnerability of banks to cyber attacks?
Increase, more opportunities for cyber criminals
Are firewalls and anti-virus software considered to be a pro-active/offensive approach or a reactive/defensive approach to fighting cyber crime?
Reactive/Defensive. Banks are now moving towards using more proactive techniques.
What are some examples of things that banks are investing in to fight cybercrime? (7)
- AI/Machine learning
- Biometrics
- Electronic Identification
- More staff/systems
- Best practices for password protection
- Antivirus software
- Data encryption
Think: BAD PEAS
Define Fraud.
When TRICKERY is used to gain a DISHONEST ADAVNTAGE, which is often financial, OVER ANOTHER PERSON.
Fraud can include the theft of:
- money
- data
- property
Is the following scenario Fraud or a Scam?
Suspicious activity is found on your account, i.e. a transaction you did not knowingly make
Fraud
Is the following scenario Fraud or a Scam?
An update of your contact details which was not made by you
Fraud
Is the following scenario Fraud or a Scam?
You knowingly parted with your money or details with the expectation that you were dealing with a genuine person.
Scam
What is remote banking fraud?
When a criminal gains access to your account to make an unauthorised transfer using one of the 3 remote banking channels:
- Internet banking
- Phone banking
- Mobile banking
The Financial Ombudsman Service categorises complaints relating to fraud and scams into 3 main categories. What are these?
Two of these categories can also be grouped together under another joint name. What is this?
- Plastic card transactions not authorised by the customer
(in-store or online) - Scams where the customer was tricked into handing over bank details - scam where fraudster is able to take money from an account without consent.
- Scams where the customer was tricked into transferring money into the fraudster’s account
2 & 3 are known as Authorised Push Payment (APP) fraud complaints
What type of fraud has occurred within the following scenario:
A fraudster hacks into an individual’s email account. They then find out the names of any companies this individual is already doing business with and proceed to pose as this business (could be their bank).
The fraudster then asks the individual to make a payment to an account in the name of the company they are pretending to be.
Authorised Push Payment (APP) fraud.
The individual has authorised the payment themselves but they were tricked into doing so.
Customers usually only make complaints to the Financial Ombudsman Service regarding scams or fraud if their bank refuses to refund the money they they have lost.
When looking at these complaints, will the FOS make the bank refund any payments lost to the customer?
It depends on whether the customer authorised the payment.
Authorised payments where the bank followed all industry guidance to protect the customer from fraud = bank NOT LIABLE to refund
Authorised payments where the bank did not follow all industry guidance: FOS could ask the bank to refund some or all of the loss and possibly an upset payment/lost interest, depending on circumstances.
Plastic card fraud & unauthorised payments = banks should refund the customer ANY MONEY LOST PLUS ANY INTEREST OWED so long as they have not acted:
- fraudulently
- with intent
- with gross negligence (not just ordinary carelessness)
Define an Authorised Payment.
The customer has given the bank instruction to make a payment and knew the money was going to leave their account.
Who holds the most responsibility to protect customers from fraud? The customers themselves or banks?
Customers do have a responsibility to protect themselves, but banks hold the most responsibility.
Banks should aim to detect fraud as early as possible to prevent loss. Which are the 3 main ways in which they do this?
- Sophisticated computerised monitoring systems
- Dedicated risk teams - if the system raises suspicion, the team usually contacts the customer to check whether the payment was genuine.
- Raise customer awareness
What are some steps that RBS has in place to try to protect customers? (4)
- Online app contains warnings
- Additional checks within higher risk circumstances - eg getting in touch to check details & give advice on the signs of a scam
- Take 5 initiative - raises awareness of scams and how to deal with them
- Staff training to spot scams
What is the role of frontline staff in relation to fraud? (4)
- STAY AWARE
- of how/when customers are transacting
- of the type of goods involved - MONITOR UNUSUAL ACTIVITY
- computers flag up, staff scrutinise whether it is in line with usual behaviour. If not, contact customer. - TRAINING & LEARNING
- to ensure compliance with current regulations - FOLLOWING INETRNAL PROCEDURES
Name some examples of suspicious transactions that could be brought to staff attention. (4)
- Large cash withdrawals
- Transfers between accounts without rationale
- Unnecessary used of third party accounts
- Transactions involving high-risk jurisdictions
What are profiling systems?
systems used by banks to help them identify where there may be suspicious activity on a customer’s account.
When customers set up a new beneficiary to make an online/app payment, what to banks tend to do?
Send the customer separate advice (often by text, outside of the app) to alert the customer before the bank makes the payment
What is the APP Scam Code? What are the commitments within the code? (3)
Payment Service Providers (PSPs) like banks voluntarily sign up to this code to protect customers against Authorised Push Payment scams (APPs). Set up as a result of INDUSTRY COLLABORATION between PSPs, consumer groups & the regulator.
PSPs who sign up to the code commit to:
- Put in place procedures with DETECT, PREVENT & RESPOND to APP scams.
- Prevent accounts from being used to LAUNDER THE PROCEEDS OF APP SCAMS.
- CONTINGENT REIMBURSEMENT MODEL
- reimburse victims of APP fraud, so long as the customer has met the standard expected of them within the code. Reimbursements are taken from a fund set up by the signatory banks. (remember this is voluntary, they don’t legally have to do this)
What is the Banking Protocol system?
An initiative between the Police and banks to work together in collaboration against fraud to protect vicitims.
Which body holds responsibility for the Contingent Reimbursement Model (CRM)?
The Lending Standards Board (LSB)
