Stakeholders in the financial sector have called for a collaborative approach to counter fraud in the financial services sector.
Speaking at the 3rd edition of the annual Mobile Money and Digital Payments Conference hosted by Oxlink Capital in Harare last week, CBZ’s Head of E-Banking & Card Services, Saul Chin’anga said it was time for Zimbabwe to use a collaborative approach in order to counter fraud in the financial services sector.
Chin’anga said “Collaboration between banks, third party vendors, payment processors, switches, Mobile Network Operators, Merchants and law enforcement agencies is very critical. Financial Institutions need industry- wide fraud alert system more than enterprising measures that address one institution.”
The Mobile Money & Digital Payments industry is now infiltrated with numerous Cyber Crimes such as card cloning, brute force password attack, hacking, identity theft and many other crimes like counterfeiting which are taking toll in the banking sector.
Chin’anga further noted that the impending bill which will provide the computer incident reporting and this will assist in coming up with the structure to share information.
“We need collaboration in managing the ballon effect. This is where one channel is closed, the fraudsters move to the other channel. Create customer awareness on risks associated with digital payments and then effect EMV implementation & PCIDSS compliance.
Collaborate with law enforcement agencies and share information for the successful prosecution of cyber criminals. Public sector collaboration is very critical in sharing information and best practices. Therefore, banks should share information on fraud incidences” added Chin’anga
In his presentation, Chin’anga drew up the below list of best practices which banks can fully adopt in order to counter these industrial loopholes:
- Effective Anti money laundering controls.
- Provide tools to customers to manage their card activations. CBZ Touch is one application where a customer can block and unblock their cards in seconds.
- Introducing transaction limits and SMS alerts on transactions to keep the communication with customers open.
- Strong Change management controls so that changes to customer information files are approved at the right levels.
- Sessions timeouts for banking applications that are dormant user profiles.
- Banks should provide hotline numbers on ATMS and websites. A 24 hr Contact Center is ideal.
- Back-end fraud detection mechanisms such as velocity and country risk profiles.
- Card not present transactions need to be authenticated. Introduce 3D secure!!
- Internet banking platforms should operate with dynamic two factor authentication.
WHAT CUSTOMERS NEED TO DO
- Customers must always secure their PINs
- Must ensure that at all times, their cards are blocked and only unblock when you want to use the card.
- For e-commerce and internet transactions, customers must always use secure sites.
- Do not give out your card details to some unknown person at the hotel to process your payment. Once your CVV number is known, your card can easily be compromised.
- Not respond to requests for emails asking login credentials from anyone, including purported bank staff.
- Always log out when your done with your business..
- Customize must avoid areas that are not well lit so that they are able to see the machine proceeding their card;
- Card Cloning normally happens at ATMs
- Places such as night clubs, bars, sports clubs, gym facilities, betting houses normally present conducive environment for data theft.