Status of Risk and Fraud Management in Digital Wallet
Over past few years Digital Wallets have come up as a fast growing and acceptable payment instruments particularly for smaller amounts like Bill Payments, Mobile recharges, Cab Bills, Movie tickets etc. Digital Wallets penetration is definitely bound to grow within the country and also around the world primarily due the fact that you don’t need to keep a larger sum in the wallet and it is generally topped up just before usage and consumed quickly so the risk exposure in terms of value becomes lower and possibly this is the reason the focus on risk control on digital wallet appears to be a bit lower. With the addition of more and more services like Money Transfer, Purchase of Goods, Travel Bookings etc. on Mobile Wallets and with RBI relaxing the transaction limits on Digital wallets the overall transaction volume is increasing which on one hand open up huge market potential but on other hand also poses possible threats of misuse and frauds. Many digital wallet players have entered into this vast market however the major market dominance is shown by only 5 or 6 players and these few companies control almost 65-70 percent share of the current market.
The fast paced market of digital wallet business in India is currently doing transactions worth over $3 billion and is predicted to go beyond $11 billion by the year 2022 and this is huge business. And such a huge value of transactions over digital means may definitely attract more and more fraudsters and can pose very high risk to the customers as well as the business. Despite of being at such a high risk potential it appears that the existing players are still not so much concerned about this and there are no evident and stricter fraud management programs are created or implemented. A joint initiative by the name of Payment Council of India (PCI) taken by few of the mobile wallet players 2-3 years back has still to come up with something substantial and the industry seems to be focusing on wooing customers by the way of discounts and cash backs rather than attracting them with service quality and safety of their stored money.
Fraudsters use digital wallets for account takeover, provisioning stolen and skimmed card data, and depositing and circulating stolen funds. Fraudsters leverage social media to manipulate call-centre employees, customers, and traditional and emerging financial services. New breeds of malware target mobile devices, while SMS and instant messaging are the new vehicles for phishing attacks. These threats damage customer confidence and obstruct the adoption of digital wallets.
Some common Frauds that are generally seen around the industry are loading money on digital wallets using Stolen Credit Cards or Stolen Bank Account information, Loading Cash onto the wallet and using it for Money Laundering Purposes for example transferring money from one wallet to multiple bank accounts in smaller chunks and doing this with multiple such wallets.
The question comes what the existing players are doing to avert such frauds and what is more they should do.
Most of the Digital Wallet players have implemented some checks to protect the wallets. Few of the checks are at the time of Registration while some work at the time transactions take place. Registration checks for example are checking the Geographical location through IP Address of the prospective customer and thereby controlling wallet issuance for a particular country or geography. Some impose OTP for registration and also for transactions. This is one of most common check for financial transactions and definitely helps in ensuring to an extent that the request has come from a legitimate customer. It helps in ensuring that the Mobile Number being provided is not fake. They also impose checks on Cash Loading and Money Transfer transactions limit for newly created wallet. Also the basic customer information is scrubbed against “Blacklist Customer Database” to ensure they don’t create wallets for known fraudsters. Two wallets for same person are not allowed. One wallet is created then there are certain checks imposed on transactions also. These controls include per transaction limits for various services, daily, weekly and monthly limits based on the type of wallet. Limits on wallet top-up or wallet recharge transactions by way of cash or credit card.
RBI has also released certain guidelines which each digital wallet operator has to mandatorily adhere to but these are also not enough and do not provide any major specific controls. Since we foresee a major growth in the sector it becomes a joint responsibility of the wallet operators and controlling bodies to impose stricter and better Fraud Management Practices including industry standard benchmarking for fraud exposure and come up with standardized guidelines so that the customer money does not remain at risk.