Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Crooks hacking US accounts and wiring money to China - FBI

The FBI has issued a fraud alert, warning small US businesses to watch out for cybercrooks compromising their online banking details and wiring money to companies in China.

See article

Fraudulent Wires - Need for Customer Payment Profile

FBI's recent report states that between March 2010 and April 2011, the FBI identified twenty incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts to approximately $20 million; the actual victim losses are $11 million.

Modus-operandi is similar to account takeover frauds, prominent in SME segments, through online account hacking using malwares. Apart from technical lines of defense set up by banks, it seems hackers could slip through walls and transfer funds, more so when automation and STP processing handles such "pass through" payments seamlessly. The need for lines of defense at business process layers in payment processing is critical in this context.

Financial institutions with customer centricity should be able to offer Customer Payment Profiles, to capture payment preferences of customer. Apart from differentiation of customers in the space, it adds risk management by setting up risk control parameters as defined or preferred by customers. Profile supports account segregation. Account owners should necessarily segregate accounts for various purposes for which account relationship is established with Financial institution. Mark up accounts used for collections, payables, salary payments, reserve funds, returned funds etc. This will define the need or rather restricting payment services on certain accounts which reduces risk exposure for such accounts. Any account take over in such cases will fail in payment processing at subscription validations. Receivables if segregated through different account, there is no need to enable payments in such accounts so wire originations from such account can be restricted through such selective subscriptions.

Preferential subscriptions provide for Risk Limits. Risk Limits to provide additional confirmation calls with SME account owners thro' Call back limits based on risk appetite will reduce fraudulent payment flow.  Risk Limit definition should be data based/ need based. Defining arbitrary limits - $1,000,000/$500,000 etc. - may end up in setting unnecessary space for fraud payments. Limit setting should be based on past data on funds flow needs through designated account. It is reported that in most cases of reported frauds, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. Setting up frequency based limits on volumes and value of payments (during a business day, holiday, cumulative on a predefined frequency (Daily/Weekly/ Biweekly/Monthly etc.)) can also regulate funds flow from accounts. These limits could be definable at more granular levels apart from account. Origination modes with higher vulnerability should be protected with lower limits. Payment validations should have differential handling based on origination modes.

Watch Word Monitoring will definitely help in filtering fraud payments in similar cases. Fraud payments normally follow a pattern in payment origination. For instance, here the case reported used certain key chinese cities -Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning in beneficiary details of payments. Once identified, such key words should be incorporated in payments filtering as a preventive measure.

As always said, financial and reputational loss are substantial in these cases, and it is prudent to protect financial resources from external siphoning/take over through above business check points, as a business layer in addition to all authentication technical layers which often is drilled through by fraudsters


Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 10 May, 2011, 13:32Be the first to give this comment the thumbs up 0 likes

Why not a simple SMS/email alert after each wire transfer initiated online? That's what one of my banks provides, and it seems to work just fine in alerting me to potential fraudulent activity in my company's business banking account.

Of course, it could be argued that a fraudster gaining online access to my account credentials can modify the mobile phone # / email set up for receiving alerts and thus subvert this fraud protection measure. But, the same argument applies for the proposed measure of Customer Payment Profile because, with the increasing trend towards eBAM, neither banks nor their customers are going to be pleased with a paper and wet ink based process for modifying risk limits, payment frequency and other elements of a Customer Payment Profile.

Watch Word Monitoring will help in detecting fraudulent transfers, albeit after-the-fact. From the credit card industry that has already implemented such measures, false-positives will pose a major challenge, though.  

Rajeev Nair

Rajeev Nair

Managing Director- Accenture Technology - Banking


Member since

26 Jun 2007



Blog posts




More from Rajeev

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all