Demystify Mobile Money Risks and Money Laundering with Better Monitoring Controls
2007 was a remarkable year in many ways for me as a graduate student and a tech-enthusiast.
It was the year when J.K Rowling wrote her final book, ‘Harry Potter and the Deathly Hallows’, which I read and re-read with much enthusiasm, and the year that marked the beginning of ‘iPhone mania’.
It was also the year when the largest mobile network operator in Kenya, Safaricom (part of the Vodafone Group), launched M-PESA – an innovative payment service for the unbanked.
This heralded a new era for mobile customers, allowing them to leverage telecom providers beyond the traditional use of voice and SMS. They could use network provider infrastructure for financial transactions, money transfers, and other services without having to hold bank accounts.
Fast forward to 2021
Now, it is a sea change. Mobile money has grown to become a significant contributor to the overall revenue for most Asian and African operators. By the end of 2018, there were over 866 million registered accounts in over 90 countries processing over US $1.3 billion a day. 2019 marked a major milestone for the mobile money industry with over 1 billion registered accounts across 290 mobile money deployments in 95 countries, processing over US $1.9 billion a day. This was the year when the industry first witnessed 57% of digital transactions values that exceeded the cash-in/out values and the US $22 billion in circulation.
When the world was hit with Covid-19 in early 2020, it quickly became clear that mobile technology was vital to keep the world connected. More importantly, it became evident that mobile money could play a critical role in providing safe, no-contact way for payments for life essentials, including food, electricity, daily grocery supplies, money transfers to friends and family, etc.
The year 2020 saw an increase of 17% year-on-year in the number of monthly active accounts, 5.2 million unique agent outlets, and US $500 million digitized transactions per day by agents globally. Despite the difficulties during the pandemic, there was a significant increase in the adoption of digital technology. No-contact and restricted movements made digital payments a necessity. This saw an increase of 12.7% in the number of registered mobile money accounts.
Risks of Using Mobile Money
Being relatively new to the market, mobile money has several loopholes by way of operations, regulations, and user knowledge. Also, being a fast, cheap, and easy way to transact makes it increasingly susceptible to attacks like money laundering and fraud.
On October 3, 2020, MTN Uganda was forced to suspend mobile money transactions on its network after discovering that hackers had breached the payment system through one of their partners, a finance aggregator. The hack, executed using 2000 mobile SIM cards, resulted in the theft of nearly US $3.2 million dollars.
This example is one among many frauds that permeate the mobile money network. Mobile money attacks arise from different sources – from within the network, through agents, customers, employees. It can also be part of wider schemes to steal financial data. Some of the common mobile money attacks are shown in the figure below.
Types of Mobile Money Attacks
- Fraudulent top-up using compromised or stolen credit-cards
- Identity or subscription fraud
- Dealer or agent fraud
- Commissions fraud
- Internal fraud (employee collusion)
- Social engineering fraud
- SIM swaps
- Roaming fraud
- Foreign exchange (exploiting currency differences during deposit and withdrawal)
Source: GSMA Mobile Financial Services – Fraud Risk Analysis
Without the right controls, mobile money presents increasing business, financial, operational, and compliance risks. On the business side, it can also lead to identity theft and impersonation. Financially, it breeds laundering by exchanging counterfeit notes for digital money or spoofing transactions to withdraw cash. On the operations side, it may cause a lack of electronic float and abuse of customer details. Finally, from a compliance perspective, it presents risks arising from inadequate KYC and screening of PEP and sanctions lists.
According to an Interpol report, transaction fees for mobile money networks are lower than traditional banks, making it lucrative for criminals to section big transactions into many smaller ones to avoid detection. In fact, one of the most dangerous and costly risks is money laundering. In money laundering, the objective of the launderer is to conceal their identity, source, and destination of the money for organized crime, financial fraud, arms dealing, terrorist financing, etc. Funds are simply transited through various accounts and financial systems. The rapid speed of transactions and minimal face-to-face interactions make mobile money a viable channel for money laundering.
The cost of money laundering is heavy for telecom operators. According to research from Fenergo, regulators across the globe issued more than US $10 billion in anti-money laundering fines to financial institutions in 2020. Nearly 198 fines were issued to global financial institutions in 2020 for non-compliance with AML, KYC, data privacy regulations. Global data privacy fines amounted to US $88.6 million, while AML and MIFID (Markets in Financial Instruments Directive) breaches in US, Europe, and China by 203 individuals led to fines of US $88.8 million. Controlling money laundering involves detecting suspicious transactions and reporting them to the correct authorities. This, in turn, requires strong monitoring controls.
Fraud Monitoring Controls
With years of experience in fraud management, Subex has seen the types of fraud becoming more ingenious and innovative in methods. In the same vein, it requires dedicated commitment and effective monitoring controls such as:
- Customer and agent/dealer dedupe controls
- Transactional controls at all levels (customer, dealer, device, etc.)
- Internal fraud controls
- Anti-money laundering controls like monitoring new and existing customers against International Sanctioned lists and Politically Exposed Persons (PEP)
- Advanced machine learning techniques to automatically segment customers based on predictive models and identify complex fraud techniques like smurfing or layering
A stitch in time
Robust processes and appropriate solutions are needed to deploy numerous fraud controls in real-time. It calls for powerful machine learning techniques, AI-driven AML monitoring, and real-time visualization tools to combat the existing and future threats in the mobile money landscape. Other capabilities like risk categorization, AML watchlists, and activity monitoring can protect mobile money networks from criminal activities and fraud attacks, thereby securing them for safe financial transactions and revenue growth.
Download this point of view to know how CSPs are minimizing losses and enhancing user satisfaction.
Experienced Director with a demonstrated history of working in the telecommunications industry, especially in the Fraud and Security domain. Skilled in Oracle Database, Hadoop, Data Visualization, and Business Intelligence. Strong professional with a MS focused in Software Engineering from TU Eindhoven.