Uncategorized

When the deceased borrows from a bank

7 MIN READ

“Dead man walks into a bank and withdraws Rs 1.3 crore”. Sounds ludicrous, doesn’t it? Except it actually happened. Well, almost.

It was late one July evening when an employee in the fraud monitoring cell at a well-known bank raised a suspicious transaction alert over a couple of high-ticket withdrawals. The red flag was not the size of those transactions but a tiny detail buried within an ominous pattern – there had been a series of requests for changes to the KYC details of the account holder, a doctor based in Kolkata. When officials dug in, they figured the doctor had been dead for several years.

Turns out, two housekeeping staffers at the bank mopped up this handsome amount by successfully changing the KYC details of the deceased doctor and tricking the bank into activating net banking and phone banking facilities using smartly forged identity documents.

Prevention is better than chasing a fraudster

Now, imagine for a second that you were the bank official who verified and approved those KYC changes. It would have been a life-changing event, and not in a pleasant way. Why should scamsters get the better of banks when technology has enabled affordable solutions to prevent them? While some are familiar, others are not so well-known but are dramatically more powerful and can slash fraud rates when used intelligently. Let’s take a look at a few.

The Fraud Prevention Army

Make no mistake – you are fighting a constant war against fraudsters and, as in any war, your defense is crucial. Just as infantry, cavalry, and artillery form the core of any ground combat, so do Aadhaar, PAN, and photo-based verification systems provide a first line of defence for your combat against fraud.

PAN – The Infantry

Let’s face it, fraudsters love abusing this ubiquitous document, that is to say, they keep finding new ways of using someone else’s PAN. To prevent that, financial institutions use technology for face comparison in pictures, also known as FaceMatch. All that the PAN cardholder needs to do is upload their PAN card and a selfie. The FaceMatch algorithm will then provide you with the extent of the match (in terms of percentage) between the photo on the PAN card and the selfie. If the match falls below a certain threshold, it will trigger alarm bells.

Now, scamsters are an inventive lot. What prevents them from tampering with a PAN card to affix a different photograph or photoshop the digital copy of the PAN Card? Nothing. That’s where PAN tampering check and PAN verification check come to the rescue.

Aadhaar – The Cavalry

As with PAN-based verification, you can use similar OCR-based FaceMatch algorithms to ascertain the individual’s identity and detect any evidence of tampering with identity documents. However, with Aadhaar you ought to use it through Digilocker – a method that practically eliminates the possibility of forgery by accessing the digital version of the document directly from the government’s database.

Photo Checks – The Artillery

Let’s say you are faced with an admirable (but still nefarious) adversary, who has managed to penetrate the above lines of defence. What do you do? The answer is smarter technology.

Your potential and existing customers are familiar with the concept of a selfie, which is used extensively in the above-mentioned face match verification methods against an uploaded identity document. What if a fraudster tried to deceive the system by taking a picture of a passport photo, or Whatsapp DP, or maybe even a LinkedIn profile picture? Clearly, the person trying to verify their identity is not the same as the holder of the ID document.
Enter “Liveness Check”. This fraud detection solution can tell you whether the person in the selfie is actually a live person or a “picture of a photo”.

The Stealth Bomber Add-ons

With the above solutions, you have covered the basics. But what about the sneak attacks? How do you protect yourself from highly-trained and sophisticated fraudsters?
For those, you need your own smarter and more sophisticated tech in place.

Phone Number Verification

Scamsters favor using burner phones – sim cards that they buy and discard as they move from one attempted or successful scam to another.

As a crucial data point, you can obtain details of the ownership of the sim card. Has the owner obtained the sim card recently? While a negative answer might not throw any significant light, a positive one might be a red flag. Or, if it’s an old phone number, another check could let you know if the number has been inactive for a while – an indicator of the owner either not using the account actively or, as we saw earlier – a deceased one.

Even the smartest scamster cannot doctor the outcome of this check, and that’s the true power of stealth air cover at your disposal.\

Universal Account Number (UAN) Check

The UAN is a unique number, assigned to both an employee and the employer, which they use to contribute to the Employee Provident Fund (EPF).

While a person may be inactive with your bank, they may be active elsewhere. A simple UAN check can help you ascertain how long the person in question has been active – an indicator which will help you avoid situations where you approve transactions and KYC changes for deceased individuals.

e-Sign APIs

An e-Sign API is like a second-factor authentication that you use to protect your online email and social media accounts. This check can be done in two ways. In the first method, an OTP is sent to the registered number of your customer for them to enter and verify that they are indeed carrying the registered mobile number. Unless the scamster obtains access to the registered mobile number, it’s a pretty difficult hoop to jump through.

The second method is to e-Sign via Aadhaar, in which case the OTP is sent to the mobile number linked to your customer’s Aadhaar number, which is significantly more difficult to circumvent.

An impenetrable defense strategy relies on triangulation and coordinating several related tactical moves successfully. In precisely the same manner, your fraud detection strategy will depend on a coordinated execution of several methods mentioned above.

But the best part about this whole operation is that it runs in the background, it doesn’t bother the customer at all. Very similar to the military itself- it protects you but is invisible. Because the aim is to catch the bad guys, not harass the good guys.

If you want to talk more about any, or all of these, just hit reply and let me know.

VCIP technology now extended to re-KYC

The RBI has rolled out new instructions for conducting re-KYC. It’s new circular suggests different ways for re-KYC completion while ensuring customer convenience in all scenarios. Such as, in case of insufficient or unclear documents, the RBI has allowed VCIP as a means to conduct re-KYC, ensuring minimal effort for the end consumer.

Nominee for NPS death claim to be verified using video-based identification

In its new circular, the Pension Fund Regulatory and Development Authority (PFRDA) has allowed intermediaries to use VCIP as an added due diligence mechanism for verification of the nominee/claimant/legal heir while processing the withdrawal claims in case of death of NPS subscribers. In addition, it has also directed the intermediaries to use penny-drop for the claimants’ bank account verification.

You can read more about it here.

 Is RBI’s retail CBDC a tall order against UPI?

The RBI plans to launch a ‘retail central bank digital currency’ in the future. However, its  immediate success is uncertain due to an absence of a clear motive for people to shift from UPI to CBDC. This article covers various angles as to how CBDC might be a tall order for financial institutions and people.