Identity Verification Key to Eliminate BEC Fraud

Identity Verification – Key to Eliminate BEC Fraud

Fraud prevention and cybersecurity are the major concerns of the companies in the digital era. Norton predicted that cybercriminals will steal an estimated 33 billion records in 2023. And misuse of such information is a common practice. Fraud comes unannounced so the businesses need to adopt a proactive approach towards such events. Fraud prevention is a continuous process. For example, if you perform KYC and AML screening before onboarding your customers and do not practice it at the time of every transaction you are leaving a loophole for a Business Email Compromise (BEC) fraud. 

BEC fraud, also called CEO fraud is very common because most of the communication is online. The criminals do a lot of research before targeting an entity for BEC fraud. In this fraud, the criminals will send an email or make a call for urgent fund transfer to a company impersonating as one of their customers or merchants

BEC fraud is executed in a very friendly way. The criminals either manipulate the person with a friendly chat or by showing urgency in fulfillment of their fund transfer request. 

For example, 50 years old Evaldas Rimasauskas tricked Google and Facebook to wire more than $100 million to his bank accounts. 

The man researched a merchant of Facebook and Google namely, “Quanta Computer” and registered a firm with a similar name. Then he sent fake invoices and contracts to make the fraud appear more natural.  

He tricked the employees of both companies into wiring money to his bank accounts in Latvia and Cyprus. Then he transferred the funds to his bank accounts in Hong Kong, Hungary, Cyprus, Slovakia, Latvia, and Lithuania to hide the money trail. 

How is a BEC Fraud Executed?

 

A BEC fraud starts with a lot of research about entities (businesses that could be the soft targets for the fraud. The criminals collect information related to the merchants or customers of the company that has their payments pending. Once they have the information the criminals will make an email ID quite similar to that of your client’s email ID and contacts one of your employees. At times the criminals use the legitimate email ID of your customers because one of your customers might have been careless about securing their email credentials. 

This fraud could also be executed the other way round. The criminals might use your email credentials to contact your merchants and clients for fund transfer of pending payments. Your clients will make the payments and you will have to bear a financial loss if your legit email credentials are used for the execution of the fraud. 

The contact is mostly conducted through a casual email like asking about your last vacation or your health. Once they break the ice, they will send a friendly email regarding the change of their account details or for an urgent fund transfer.  

Not suspecting anything suspicious the employees often fulfill the request, quickly due to the urgency created by the criminal. 

Often the criminals send fake invoices as well with the official header or logo of one of your clients. Or they make calls impersonating as the CEO of your client company to make things look more natural. 

Also, in most of the email compromise frauds, the criminals ask for a wire transfer and leverage over the confidence that companies have in security protocols practiced in wire transfer fraud. 

Industries That Are Common Victims of BEC Fraud

Banks

 

Banks are the most common targets of BEC fraud as they are the financial intermediaries and serve a diverse clientele. Banks around the globe are struggling to retain their customers after the advent of fintech and are always in contact with their clients. Receiving wire transfer requests from customers is common for banks. When they receive any such email for urgent transfer from a credible client the employee often tries to fulfill the request at the earliest to retain happy customers. 

Real estate

 

Real estate is also a common victim. The criminals collect information regarding some ongoing real estate deals and contact the buyer as the legal representative of the seller and request a fast payment or clearance of dues. 

As the deal is in the closing phase the buyer does not suspect anything suspicious and makes the transaction. 

B2B Businesses

 

In this case, the criminals target the companies in a B2B relationship. The email ID of the CEO or legal representative of one of the companies is exploited in such cases. The criminals collect complete information regarding the previous email communication among the two companies and use it to send an email with a natural casual tone. 

How to Prevent BEC Fraud?

 

BEC fraud has caused huge losses to many businesses of all sizes and types, even the non-profit organizations have been the victims of this fraud. FBI’s Internet Crime Report (ICR) found that BEC fraud losses rose by 90.3% in 2018 and fraud complaints rose by 14.3%. 

Businesses of all types and sizes need to pay heed towards the prevention of BEC fraud. It not only cause financial loss but also affects the credibility of a company. Below are a few suggestions for preventing BEC fraud.

Identity verification of every request of wire transfer

 

Most of the businesses use online communication, but do not understand the significant risk lurking in the cyberspaces. Businesses need to develop and practice in-house fraud prevention measures to counter any BEC fraud attempt. 

Businesses should use verification methods to screen every such request. Ask the email sender to go through a real-time identity verification process every time a customer makes such a request. The verification could be performed through face recognition or 2-factor authentication. 

Online identity verification is a feasible solution as it shows quick results and does not cause any inconvenience for the end-user. Also, the visible security measures will show your commitment to the security of your merchants or customers. 

Train your employees

 

Employees of companies are the common victims of BEC frauds. The criminals choose a soft target that is easy to manipulate for wire transfer fraud or a phishing scam. 

So, the employees must be trained on a regular basis, regarding the latest trends in cybersecurity and the types of cybercrimes. This will help them to identify suspicious emails and fake fund transfer requests. 

The training could be based on the following pointers:

 

  1. Do not open any emails that are way too attractive, it might be a phishing email. 
  2. Beware of urgent payment requests from your merchants. 
  3. Tackling the account credential change request from your customers/merchants
  4. Very casual and friendly email from your merchants 
  5. Train them about the technical aspects of fraud prevention software used in your company

Report the concerned authorities 

 

As soon as you find a BEC fraud, report it to the concerned authorities. It will protect the company from such attacks in the future. Also, it is the corporate and legal responsibility of the businesses to report such fraud attempts for the benefit of the masses. 

Email security

 

Using email security filters help in analyzing and detecting any threats in the email messages. Also using the filters for detecting the newly registered domain names similar to your domain name helps in finding the potential risk before it could cause any harm. 

Such filters help in identifying and stopping spoofing emails from reaching the mailbox of the employees. 

To wrap up, BEC fraud is a planned crime and businesses need to be proactive to eliminate such frauds. Caution in sharing contact information and basic identity verification of the person making such fund transfer requests is necessary to eliminate the chances of becoming a victim of BEC fraud. In-depth verification of clients and merchants before making transactions helps in eliminating the risk at the very first stage. These minimal and easy steps might prevent a huge loss for your company.

Mobile ID Verification

Why Payment Processors Need Mobile ID Verification?

One of the many by-products of progressing technology is payment systems that have cropped up over the years. The extinction of cash payments has long been threatened by credit and debit cards. Online payment processing systems take this to a whole other level by allowing users to make online purchases effortlessly. However, issues like large scale data breaches, frauds and scams like identity theft and credit card fraud put a hamper in this process. These issues directly affect everyone involved in a transaction including a merchant, consumer as well as the payment processor. Each party has to deal with the costs of fraud and cybercrime, both structurally as well as financially. But the fraud prevention solutions currently available in the market have enabled businesses to detect fraud in real time. Mobile ID verification is one of these solutions that can secure online transactions including payment systems.

According to reports, in 2018, merchants in the US ended up losing upwards of $6.4 billion due to payment card fraud. For businesses that are still in their infancy, online fraud might not be much of a problem to consider as they would be processing a minimal number of transactions in a day. However, as businesses grow they have to consider the volume of transactions they receive in a day. The utmost priority of the business must be to secure these transactions effectively.

How Does Mobile ID Verification Work?

The fact remains that companies cannot afford to continue losing billions of dollars due to frauds and need to be proactive about implementing fraud prevention solutions. An ID verification solution can perhaps prove to be the most effective form of anti-fraud measure for payment systems to adopt. Digital ID verification systems use a multi-layered system that can verify users through different verification methods. Firstly, it involves document verification, wherein the user scans their ID document (passport, ID card, driver’s licence etc.) to be verified through an ID verification software. A user can be further authenticated through a facial verification system that uses facial recognition software to authenticate users remotely. Another way to verify users is through an address verification system. An AVS allows online merchants to verify the address of a customer using their recent utility bills.

Here are a few reasons why a customer identity proofing system is important for payment processors and gateway systems;

Fraud Prevention

Among other things, the first and foremost priority for businesses and their payment systems is the prevention of fraud. The convenience and speed that comes with online payment processing are normally at the expense of security. In 2018, the case of Venmo serves as the perfect example. Venmo is a payment service owned by the renowned payment gateway Paypal. The former was subjected to a humongous $40 million in payment fraud in the first quarter of the previous year. This is not an isolated case; payment processors are often vulnerable to fraud due to the lack of prevention measures they implement in their systems.

Establishing Contactless Payment Systems

Online payment systems are meant to be fast and efficient. Verifying individual users online can be a challenge for businesses and payment channels. ID verification presents itself as the perfect solution in the landscape of payment processing systems. With online payment systems, e-commerce merchants found a way to establish a contactless transaction system. But authenticating those transactions is an entirely different matter. A number of businesses and payment systems still use elaborate passwords and knowledge-based authentication (KBA) techniques for user verification. An online identity verification system can establish a seamless verification process, allowing users to authenticate themselves instantly through thier IDs and facial scans.

 

Eliminating Ongoing Issues in Payment Systems

Online payment systems tend to have a number of other operational issues that affect their efficiency. Some of these issues include chargebacks, card-not-present fraud and false positives. All such problems cost payment processors profoundly. Data breaches are an added evil in this situation, inhibiting the performance of payment systems. Payment processors can, however, combat the problem of payment fraud through a mobile KYC solution.

Cater to More Services

Integrating a mobile ID verification solution can enable payment processors to provide services to a wide range of businesses or services. There is a range of apps and website that look for secure payment systems to incorporate into their interfaces. By adding payment functionality to online businesses payment providers can cater to more services and scale their services to a wider set of audience.

Build a KYC Compliant Payment Solution

With the increasing regulations by financial regulators across the globe payment processors need to be vigilant about complying with KYC (Know Your Customer) regulations that require businesses to properly verify their customers. Businesses face chargebacks in case of credit card fraud and identity theft. On top of that, they have to pay a fine to the bank or credit card company of their customer for not implementing sufficient KYC measures. Integrating an identity verification software, businesses can comply with KYC regulations and requirements thereby avoiding massive chargebacks and fines in case of fraud.

Organisations still implement outdated KYC methods that are slow and inefficient. Most of them use lengthy passwords and two-factor authentication to verify customers. All such methods are subject to spoofing and data breaches. Secure payment processes can be established through robust client verification procedures that are least subject to fraud. A mobile verify ID verification service is currently the most effective solution. It enables payment processors to verify credit card payments with increased accuracy, thereby eliminating fraud.

Shufti Pro is a KYC verification services provider that caters to a wide range of businesses. It provides mobile ID verification services based on an AI-enabled verification system. It can verify users from over 230 countries in real-time using a hybrid verification technology of AI and Human Intelligence.

Recommended For You: