Open in app

Sign in

Write

Sign in

A Step by Step Guide For Preventing Fraud in Fintech

R.K. Hari Krishna
Givelify Engineering
Published in
7 min readFeb 19, 2022

--

Are you doing enough to mitigate the risk of fraudulent attacks against businesses? These tips will help you protect your clients and your business.

Fraudulent transactions are on the rise across industries. But scammers especially enjoy targeting one sector in particular — fintech. As many as 85% of all financial industry companies have seen fraudulent activity related to account opening. The dark web makes it easy — you can purchase someone’s existing bank account information for just $100.

Criminals are sophisticated when it comes to phishing, credit card fraud, and money laundering, so you must keep your business protected with the most evolved, cutting-edge anti-fraud strategies.

Here’s the good news — if you take fraud seriously and follow industry best practices for preventing it, you will always be prepared to fight back. The key is to embed anti-fraud practices into every facet of your company, from your engineering to operations to even how your sales team engages with potential customers.

Here’s how to make anti-fraudulent practices a central part of your business culture by educating yourself and taking the proper steps to outsmart the criminals.

The Major Types of Fraud

There are many different fraudsters out there, and their tactics are evolving faster than many businesses can keep up. However, some fraudulent attacks are more common than others.

Money Laundering

One of the oldest fraudulent tricks in the book is money laundering. Smurfing, using mules, and opening shell corporations are among the most popular tactics. If your business has some sort of market place, then someone is thinking of laundering money through you. Be on the lookout for repeated transactions that can range from a hundred dollars to tens of thousands of dollars to help identify potential money laundering operations. Also, pay attention to internal transfers with large outlays. If your businesses involve dealing with merchants, look out for counterfeit social security numbers, fraudulent banking info as part of their onboarding processes. You can use tools like GIACT to help weed them out during your merchant onboarding process.

Stolen Credit Cards

Criminals often put stolen credit cards to the test by making purchases online. This usually happens in combination with testing stolen personal identifying information (PPI). What’s more, some scammers will even try to convert stolen credit cards into fast cash. This usually happens if they have access to the recipient’s bank account. Recipients could be merchants in your platform or other consumers. Therefore, if you are processing credit cards and have mobile wallets, you need to monitor your transactions for fraudulent credit card activity.

Fraudulent Chargebacks and Refunds

Chargebacks and refunds are one of the most common types of fraud. When someone commits fraud by purchasing an item with a stolen credit card, the credit card company may issue a chargeback to the merchant. This is also known as a refund in some cases. Fraudulent chargebacks and refunds are a massive problem for businesses of all sizes.

Employee Theft

While this is hard to hear, many companies fall victim to their very own employees. So it’s crucial to ensure those team members who have access to sensitive information aren’t going rogue and using it to their advantage. Background checks, legal coverage, good data handling practices and periodic audits can help mitigate such incidents.

Building Your Defense

As a business owner, you are responsible for protecting your company from fraudulent activity. This can include anything from credit card fraud to employee theft. Therefore, it is essential to have a plan to protect your business from these crimes.

Here are some things you need to prioritize as you start to build your defense:

Set up a fraud monitoring team.

You’ll want to designate a team dedicated to keeping your business safe. This should be the first thing that you do as an organization when looking to protect against fraud. This team will be responsible for reviewing threats and ensuring the business errs on the side of caution without causing mass inconveniences to your customers.

Monitor every transaction.

Every business transaction should be monitored; When your volume is low, this is something you can do manually through your fraud monitoring team. However, as your business grows, either build your own automated fraud detection system or purchase a transaction threat monitoring service. Do some statistical analysis of the behavioral patterns of your customers and always look for outliers. Fraud is easy to catch once you learn which patterns indicate trouble. However, patterns change, so periodically re-analyze.

Use a fraud management system.

As your business grows, you will need your own risk and fraud management program even if you use third party payment processing and merchant management tools like Stripe or Square. A good rule of thumb is never to store PII information no matter how convenient it may seem. Utilize third party vault systems.

Get the whole company talking about fraud.

Put fraudulent activity at the forefront of everyone’s mind. Create situations where you game out different kinds of fraud and give everyone in the company a voice to talk about potential fraud. Game scenarios and test it against your existing risk management systems and procedures. Create a retrospective culture, perform and document root cause analysis every-time a fraudulent incident slips through the crack.

How to Set Up Risk Management

While it’s tempting to believe you can manage everything on your own, the reality is that you need a team. Here are some tips for setting up your risk management team:

Set up a cross-functional team.

Your risk management team should consist of company members across departments. These should be engineers, data scientists, sales team members, and operations team members you can trust. Be sure to run your fraud team using agile practices. Train your team to be objective, create a retrospective culture, and practice radical candor. Ensure that Root Cause Analysis (RCA) is performed when an incident happens. Finally, build mechanisms to implement recommendations from RCAs.

Put it in writing.

Ensure you have legal coverage around code of conduct, data privacy, and trade secret protection that your team will have to sign and adhere to . The possibility of legal consequences is in itself a huge deterrent from employee theft.

Create a system for storing data and managing alerts.

In order to effectively catch fraud, you need as much of your customer activity and transaction data logged and stored. Collect and store as much data as you can. Remember that all data is good data. Consider how people are using your products and services so you can determine what behaviors to flag. Be sure to track meta information, including IP addresses, location information, and customer profile information, data on how they interact with your product, etc. Furthermore, once you decide how to flag fraud, you need a system for managing your data and alerts. You need to have an audit trail of how your team has responded to these alerts, what investigation they performed, document and store it.

Utilize basic statistics to set up your initial alerts.

A quick and easy way to set up alerts is to use basic statistics to help flag things. What is your average transaction volume, what is the median? What are outliers that are two standard deviations out. However, do not make this a long term strategy. Although most fraud is based on outliers, there are some exceptions, so do not make this a long term strategy. Fraud is an ever evolving game, so constantly tweak , re-analyze data and continue to add more methodologies of analysis.

Scaling Your Risk Management Team

Be sure to start small at first. You can begin by having someone monitor activity every few hours around key times.

Set alarms if certain thresholds are violated. For example, a simple rule of thumb is to flag activity that is two standard deviations from the expected behavior.

As you scale, you need to automate more of your processes. For example, look at partnering with organizations that perform PII checks and other authentication checks like GIACT or Jumia on your merchants or customers during onboarding processes.

Finally, overtime hire data scientists and engineers to join your cross functional fraud team to help identify and build algorithms that monitor transactions and mechanisms to shut things down automatically.

99% of the business you do will likely not be a fraud. But that 1% can change everything. Be sure you stay prepared and keep your business ready for anything criminals throw at you.

Summary:

  • Major types of fraud include money laundering, stolen credit cards, fraudulent chargebacks and refunds, and employee theft.
  • To build your defense, be sure to monitor every transaction using a fraud management system, designate a fraud monitoring team, designate thresholds for monitoring fraud, and create a culture of openness about fraud.
  • When setting up risk management, be sure to set up a cross-functional team, make the team sign on to a common code of conduct to prevent internal fraud, and create a system for managing alerts and data.
  • Scale your risk management team by automating more of your processes and hire \ data scientists and engineers to build out your system for identifying and mitigating fraud.
Fintech
Fraud Detection
Startup Lessons
Payfac

--

--

R.K. Hari Krishna
Givelify Engineering

Written by R.K. Hari Krishna

17 Followers
Editor for

VP of Technology at Givelify; Electrical Engineer; Tinkerer; Technology with purpose; Advocate for inclusive engineering culture

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams