Anti-Fraud, Cyber Security & Consumer Protection in Mobile - PowerPoint PPT Presentation

Anti-Fraud, Cyber Security & Consumer Protection in Mobile Money; Global Best Practices 11 th June 2019

In 2018, the mobile money industry added another 143 million registered customers reaching 866 million registered accounts — a 20 per cent year- on-year increase

The industry is now processing over $1.3bn per day with digital transactions growing at more than twice the rate of cash-in and cash-out Across Egypt, Ethiopia and Nigeria, over 110m mobile money accounts can be unlocked in the next five years

Consumer Protection Concerns

Current Consumer Protection Concerns in Mobile Money Safeguard Data Privacy Customer Funds Consumer Cyber Security Fraud Information

Current Consumer Protection Concerns in Mobile Money

Global Best Practices

Global Best Practices in addressing Mobile Money Consumer Protection Concerns The GSMA Mobile Money Certification aims to realise a number of industry goals:  Define and promote excellence in the provision of mobile money services, setting a high bar to which all providers can aspire.  Advance financial inclusion, stability, integrity and consumer protection by promoting responsible business practices  Enhance consumer trust, particularly among women and vulnerable customer segments  Accelerate commercial partnerships and facilitate interoperability

The GSMA Mobile Money Certification Independent certification scheme for Mobile Money providers  Promotes excellence in risk management and consumer protection  practices Covers eight core operational areas of business  Open to all types of Mobile Money providers (MNO, Non-MNO and bank)  Voluntary  Over 133 million registered customer accounts covered 9

Eight Principles with 300 Criteria Defining Best Practices in Eight Core Areas. Defining Best Practices in Eight Core Areas. 10

AML/CFT/Fraud Prevention

AML/CFT/Fraud: Combat Money Laundering, Terrorist Financing & Fraud Practice Fraud Management Policy Establish a mobile money fraud management policy that defines the approach to anticipating, monitoring, assessing, managing and controlling fraud. Anti-Fraud Training Anti-fraud training should be implemented for staff and agents Notifications to Customers & Send notifications to customers and agents whenever activity occurs on their account so that the user can verify it. Agents Secure Changing to Security SIM swaps and PIN changes are particularly susceptible to fraud. Impersonation fraud and employee frauds are common. Credentials & SIMS Controls should be implemented to protect SIM swaps against impersonation fraud. Agent Anti-Fraud Measures Ensure that agents cannot provide services outside the expected geographical area of their activities, as this may indicate fraudulent activity Sanctions for Agents, Sanctions should be applied to agents, businesses or merchants found to be in breach of process or involved in fraud. Businesses and Merchants Information-Sharing with An information-sharing process or forum should be set up to enable a country's mobile money providers to share Other Providers information about known frauds and counter-measures. Protect Risk-Accounts And Certain types of accounts have been targeted by fraudsters (often internal fraud), and measures should be implemented Transactions to protect these accounts. 12

AML/CFT/Fraud: Combat Money Laundering, Terrorist Financing & Fraud Practice Effective AML/CFT Policies Develop effective policies and procedures for Anti-Money Laundering and Combating the Financing of Terrorism & Procedures (AML/CFT) Compliance. Senior management Senior management shall demonstrate their commitment to AML/CFT compliance through proper oversight. commitment to AML/CFT Appointed AML/CFT Appoint a qualified money laundering reporting officer (MLRO) to promote and monitor compliance with AML/CFT-related manager (MLRO) obligations. Software to monitor Create a system to monitor transactions for AML/CFT and anti-fraud purposes. transactions Staff & agent AML/CFT Develop and implement training programmes for staff and agents training procedures Risk-based KYC & Adequately identify clients transaction/balance limits Place appropriate risk based transaction & balance limits on accounts, depending upon the strength of customer identification & verification Have the ability to block account transactions under certain circumstances Screen accounts using domestic and international money laundering, terrorist financing & sanctions watchlists. 13

Cyber Security

SECURITY: Ensure the Security of the System Supporting the Service Practice Security Governance Develop, implement, and regularly review a formal security policy for mobile money services. Train internal staff about their security responsibilities. Ensure policies are in place for the secure handling of information and assets Ensure the protection of their assets that are accessible by suppliers and third parties Designing & Developing Ensure that data is protected by cryptography and network security controls Secure Systems, Applications & Network Ensure that systems and applications are designed and developed securely and are thoroughly tested Security Operations Identify and assess security risks prior to offering mobile money services and continue to monitor such risks on an ongoing basis. Properly identify and authenticate system users Limit access to customer data on a “need to know” basis Limit physical access to systems Ensure correct and secure operations of information processing Develop processes to ensure that all transactions and user activities are logged with appropriate audit trails. Regularly test security systems and processes. Ensure continuity of information security. Develop a process to identify, address, and monitor security incidents and security-related complaints. 15

Transparency

TRANSPERENCY: Communicate Fees, T&Cs, AND Information Transparently To Customers Practice Effective Disclosure & Ensure that customers are provided with clear, prominent, and timely information regarding fees and terms and conditions. Transparency • Inform Customers of ALL fees, T&Cs • Publish T&Cs in Plain Language where Possible • Notify Customers in Advance of Changes to T&Cs or Fees Schedule • Use Official & Local Languages • Inform Customers of Expected Downtime & Communicate Unexpected Outages • Train Customer Service Personnel in T&Cs & the Fee Schedule • Inform Customers of KYC Requirements for Opening Accounts in Different KYC Tiers • Help Customers to Locate Agents, Service Centres, & Other Retail Location Education of Educate customers about how to use mobile money services safely and securely. Customers About Safety & Security • Educate Customers on How to Use the Service Securely • Inform Customers of Mobile Money Fraud Threats • Emergency Contact Details For Loss of Handset/SIM or Suspicious Activity • Entering Security Credentials And Resetting Account Details • Exercising Caution with Cash-In/Out Transactions At Agents • Providing Alerts On Suspicious Activity on Customer Accounts • Advising Customers That User Interface will Change 17

Data Privacy

DATA PRIVACY : Protect Customers Personal Data Practice Governance of Data Comply with good practices and relevant regulations governing customer data privacy. Privacy • Data Privacy Policy • Assign Responsibility for Customer’s Data Privacy • Identify All Personal Data and Manage Privacy Risks • Data Privacy Rules Behaviour • Data Privacy Rules of Third Parties • Personal Data Quality and Accuracy • Training and Education on Data Privacy • Data Privacy Incident Handling Data Privacy Ensure that users are provided with clear, prominent, and timely information regarding their data privacy practices. Transparency • Transparency Regarding Data Privacy Practices. 19

Thank You