Is fear of fraud coming in the way of your bank’s product and service innovations and becoming a stumbling block for the march towards market leadership? Is your bank’s innovation vision, planning and execution taking the fraud control imperatives into consideration?
Last week’s news of fraud at NatWest bank’s Get Cash service seems to be a case in point for some introspection. Get Cash service is an example of an implementation of an innovative service that did not take sufficient fraud control measures before the rollout.
What is Get Cash program?
Get Cash is an innovative service offered by NatWest to its customers to withdraw up to 100 pounds cash at a time using a mobile app. Customers are given a security code through mobile app, which is valid for three hours and can be used at an ATM to take out cash. This was rolled out in June, this year and seen as great innovation in the market.
What happened in Get Cash Fraud?
Some NatWest customers have been lured into giving out their personal details through phishing attacks which were used by the fraudsters to register for Get Cash service with victim’s debit card details and withdraw cash from ATMs. A number of customers have reported fraud and the bank had to suspend the Get Cash service within four months of the launch. The bank later clarified that they are going to reintroduce the service with stronger fraud control measures.
This incident attracted lot of media attention as ‘mobile payments’ has been buzzing for both right and wrong reasons in the recent times. This is an example of bad implementation of mobile payments rather than mobile payments being a bad service from the fraud control perspective. Ironically customers who downloaded the app and registered with their debit card did not get impacted by this fraud. Victims are those customers who have not registered for this and fallen prey to phishing attacks to give out personal and debit card details
What could have been done to prevent this from happening?
If I were to analyze this in retrospect, this is what the bank could have done in the first place to get it right.
App/Service Registration: Though the bank was using customer’s personal and debit card details for registration, this was obviously not enough as it’s only one-dimensional. Banking technology market is already aware of advanced technologies like MFA, device intelligence and device mutual authentication. Implementation of Multilayered controls and stronger authentication during the app registration and access could have definitely helped the bank preventing this.
Real-time cross channel transaction monitoring: It is interesting to note that the fraudsters have done a series of ATM cash withdrawals each of which are below are 100 pounds limit using the secure codes generated by the Get Cash app. An intelligent cross-channel transaction monitoring system, if implemented could have been effective in detecting this scenario and could have prevented this from happening if that system has real-time transaction stopping capabilities.
So the next time you are thinking about innovative service, plan to have robust controls and take the help of innovative real-time fraud monitoring and preventing systems so as to ensure that you get your service right the first time and every time!
– By Jayaprakash Kavala
Jayaprakash Kavala is Product Manager at CustomerXPs.
He can be reached at email@example.com
CustomerXPs offers real-time, intelligent products that empower banks with instant insights enabling influenced outcomes of deeper customer engagement and fraud-free transactions.