By offering a wide range of advantages over traditional payment methods, financial wallet applications are becoming increasingly popular both among customers and fraudsters. Only in 2021 e-wallet losses exceeded $10 billion.
Cybercriminals use attacks of all types from phishing to SIM swapping to steal sensitive information or users’ assets from the digital wallet.
The more cases of compromised financial wallets I deal with, the more I see that the human component is definitely an important factor to consider when discussing fraud prevention. So I decided to dedicate a whole passage to educating users: Whys and hows.
Let’s start with Why. No matter how strong your security system is, the human factor is an uncontrollable asset that can be skilfully manipulated by attackers.
How to protect users and their funds? Personally I think that it is easier to prevent financial wallet fraud than invest into combating the consequences and explaining to the public something like “We apologise for the inconvenience and we’ll make sure that
this will never happen again” for you know – it will. Is there anything you can do to prevent attacks? Yes, sure!
Fraud prevention has to do with implementation of measures and strategies to proactively react and stop fraudulent activities. This can be done by building a strong anti-fraud system. And this is another How.
Data is the cornerstone, this is how an anti-fraud system can analyse, identify patterns, detect anomalies. The next elements are proactive measures, device attestation, authentication, integrating KYC & AML, and user education. Let’s shortly dive into each,
starting with proactive fraud prevention, which includes the following steps:
Understanding user behaviour by researching how users interact with the wallet typically.
Gathering events from the wallet to collect user actions, and identify patterns, anomalies, suspicious activities, better understand user behaviour.
Calculating user risk scoring to identify suspicious or malicious users.
Limiting access and blocking users, identified as malicious.
Enabling remote device attestation is about collecting and validating unique properties of a device (mobile or web browser) to distinguish between a legitimate and a compromised one.
Authenticating and re-authenticating means confirming that the current user is a legitimate one via the appropriately chosen authentication method. The next step –
KYC (Know Your Customer) and AML (Anti-Money Laundering)
integration is about verifying the user’s identity, monitoring transactions, risk assessment and prevention of money-laundering activities.
And the cherry on top is user education: Making informed decisions has to do with understanding dangers and taking precautions, thus educating users about risks and how to mitigate those is the most effective way.
When it comes to the importance of proactive measures, I totally agree with Dutch scholar Desiderius Erasmus that “Prevention is better than cure”. Engaging security experts or researchers is always a good idea when we speak about early detection and fixing
security vulnerabilities, improving security posture, investing into financial establishment reputation.
To sum it up: Properly built anti-fraud system requires a proactive approach, strong security measures, integration into digital wallet code, proper user education and consulting with security engineers that help businesses in identifying potential hazards,
designing and implementing a holistic anti-fraud strategy.