Finnovation.UK

View Original

Part Two: Strategies for EMIs to Protect Against APP Fraud

As Finnovation.UK continues its mini-series on the new APP Fraud Reimbursement rules, we turn our attention to further exploring the impact of these changes on Electronic Money Institutions (EMIs). In “Part One: APP Fraud Reimbursement Rules – Key Considerations for EMIs” we discussed the unique challenges EMIs face under the new mandatory reimbursement requirements that will take effect on 7th October 2024. Building on that foundation, this article delves deeper into strategies EMIs can adopt to protect themselves and their customers amidst these evolving regulations.

1. Implement Advanced Fraud Detection Systems

EMIs should invest in sophisticated fraud detection systems that leverage machine learning and artificial intelligence to monitor transactions in real-time, before they are processed. These systems can identify unusual patterns and flag suspicious activities, enabling EMIs to take proactive steps to prevent fraud. Indeed robust anti-fraud verification and cool-off periods for large payments are also sensible measures to have in place to reduce the risk of fraud.

2. Enhance Customer and Payee Authentication

Firms may implement enhanced customer onboarding such as CIFAS checks but strengthening customer authentication processes is vital. EMIs can adopt multi-factor authentication (MFA) and biometric verification to ensure that transactions are authorised by legitimate account holders. MFA adds an extra layer of security, making it harder for fraudsters to gain access to accounts.

3. Educate Customers

Educating customers about APP fraud and how to recognize potential scams is crucial. EMIs should provide regular updates and training materials, recognising that vulnerable customers may have additional needs, including:

  • Alerts about common fraud schemes

  • Best practices for securing personal information

  • Guidance on verifying the legitimacy of payment requests

4. Educate Employees

Ensuring that there is a culture of compliance and an appropriate level of fraud awareness across the organisation, supported by good quality and well-documented policies, procedures and processes that are implemented and followed in practice. Firms should also keep abreast of new fraud methodologies with this knowledge that then feeds into risk mitigation, identification and control measures, supported by a sufficiently resourced and experienced fraud team.

5. Collaborate with Other Financial Institutions

Collaboration and information sharing with other financial institutions can enhance fraud prevention efforts. EMIs can participate in industry forums and networks to stay informed about the latest fraud trends and jointly develop strategies to combat them.

5. Enhance Internal Controls and Monitoring

EMIs should review and strengthen their internal controls and monitoring processes. This includes:

  • Regularly auditing and updating fraud prevention policies

  • Conducting thorough background checks on employees and agents

  • Implementing stringent access controls to sensitive information and systems

6. Develop a Robust Incident Response Plan

Having a well-defined incident response plan is essential for dealing with fraud cases effectively. EMIs should:

  • Establish clear protocols for reporting and investigating fraud incidents.

  • Train staff on the steps to take when fraud is detected.

  • Ensure quick and efficient communication with affected customers.

7. Utilise Data Analytics

Data analytics can help EMIs identify patterns and trends that indicate potential fraud and detect scams. By analysing transaction data, EMIs can develop predictive models to anticipate and mitigate fraud risks.

8. Strengthen Partnerships with Agents and Distributors

Since agents and distributors often interact directly with customers, it is vital to ensure they are well-trained and adhere to the EMI’s fraud prevention policies, as their transactions are also covered by the mandatory reimbursements, the funding of which is likely to fall to the EMI. Regular training sessions, audits, robust monitoring and clear communication channels can help maintain high standards across the network.

9. Conduct Regular Risk Assessments

Regular risk assessments can help EMIs identify vulnerabilities and areas for improvement. These assessments should consider evolving fraud tactics and the effectiveness of existing controls. Based on the findings, EMIs can update their risk management strategies accordingly.

10. Implement Customer Verification Tools

Verification tools such as Confirmation of Payee (CoP) can reduce the risk of APP fraud by ensuring that the payee’s name matches the account details provided by the sender. This added verification step can prevent customers from inadvertently sending money to fraudsters.

11. Stay Updated on Regulatory Changes

Keeping abreast of regulatory changes and guidelines is essential. EMIs should ensure they are compliant with the latest regulations and adjust their policies and procedures as needed. Engaging with regulatory bodies and participating in consultations can also provide valuable insights.

Conclusion

By adopting a comprehensive approach that includes advanced technology, customer education, collaboration, and robust internal controls, EMIs can effectively protect themselves against APP fraud. These measures not only safeguard the institution but also enhance customer trust and compliance with new regulatory requirements. As the financial landscape continues to evolve, proactive and adaptive strategies will be key to mitigating fraud risks and ensuring the security of electronic money transactions. 

All of the above strategies feed into a robust fraud risk management framework, and whilst they all aim to reduce the likelihood of APP fraud occurring, it will most certainly not be eliminated. The financial risk of the mandatory reimbursements to banks, APIs and EMIs will therefore remain, and thus an additional risk mitigation strategy could be to take our APP Reimbursement Fraud Insurance, which will be covered in Part Three of this series.