Anti-Fraud, Cyber Security & Consumer Protection in Mobile - - PowerPoint PPT Presentation

Anti-Fraud, Cyber Security & Consumer Protection in Mobile Money;

Global Best Practices

11th June 2019

In 2018, the mobile money industry added another 143 million registered customers reaching 866 million registered accounts — a 20 per cent year-

• n-year increase

Across Egypt, Ethiopia and Nigeria, over 110m mobile money accounts can be unlocked in the next five years

The industry is now processing over $1.3bn per day with digital transactions growing at more than twice the rate of cash-in and cash-out

Consumer Protection Concerns

Current Consumer Protection Concerns in Mobile Money

Data Privacy Fraud Cyber Security Safeguard Customer Funds Consumer Information

Current Consumer Protection Concerns in Mobile Money

Global Best Practices

 Define and promote excellence in the provision of mobile money services,

setting a high bar to which all providers can aspire.

 Advance financial inclusion, stability, integrity and consumer protection by

promoting responsible business practices

 Enhance consumer trust, particularly among women and vulnerable

customer segments

 Accelerate commercial partnerships and facilitate interoperability

Global Best Practices in addressing Mobile Money Consumer Protection Concerns

The GSMA Mobile Money Certification aims to realise a number of industry goals:

9

The GSMA Mobile Money Certification



Independent certification scheme for Mobile Money providers



Promotes excellence in risk management and consumer protection practices



Covers eight core operational areas of business



Open to all types of Mobile Money providers (MNO, Non-MNO and bank)



Voluntary

Over 133 million registered customer accounts covered

10

Defining Best Practices in Eight Core Areas. Defining Best Practices in Eight Core Areas.

Eight Principles with 300 Criteria

AML/CFT/Fraud Prevention

12

AML/CFT/Fraud: Combat Money Laundering, Terrorist Financing & Fraud Practice

Fraud Management Policy Establish a mobile money fraud management policy that defines the approach to anticipating, monitoring, assessing, managing and controlling fraud. Anti-Fraud Training Anti-fraud training should be implemented for staff and agents Notifications to Customers & Agents Send notifications to customers and agents whenever activity occurs on their account so that the user can verify it. Secure Changing to Security Credentials & SIMS SIM swaps and PIN changes are particularly susceptible to fraud. Impersonation fraud and employee frauds are common. Controls should be implemented to protect SIM swaps against impersonation fraud. Agent Anti-Fraud Measures Ensure that agents cannot provide services outside the expected geographical area of their activities, as this may indicate fraudulent activity Sanctions for Agents, Businesses and Merchants Sanctions should be applied to agents, businesses or merchants found to be in breach of process or involved in fraud. Information-Sharing with Other Providers An information-sharing process or forum should be set up to enable a country's mobile money providers to share information about known frauds and counter-measures. Protect Risk-Accounts And Transactions Certain types of accounts have been targeted by fraudsters (often internal fraud), and measures should be implemented to protect these accounts.

13

AML/CFT/Fraud: Combat Money Laundering, Terrorist Financing & Fraud Practice

Effective AML/CFT Policies & Procedures Develop effective policies and procedures for Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Compliance. Senior management commitment to AML/CFT Senior management shall demonstrate their commitment to AML/CFT compliance through proper oversight. Appointed AML/CFT manager (MLRO) Appoint a qualified money laundering reporting officer (MLRO) to promote and monitor compliance with AML/CFT-related

• bligations.

Software to monitor transactions Create a system to monitor transactions for AML/CFT and anti-fraud purposes. Staff & agent AML/CFT training procedures Develop and implement training programmes for staff and agents Risk-based KYC & transaction/balance limits Adequately identify clients Place appropriate risk based transaction & balance limits on accounts, depending upon the strength of customer identification & verification Have the ability to block account transactions under certain circumstances Screen accounts using domestic and international money laundering, terrorist financing & sanctions watchlists.

Cyber Security

15

SECURITY: Ensure the Security of the System Supporting the Service Practice

Security Governance Develop, implement, and regularly review a formal security policy for mobile money services. Train internal staff about their security responsibilities. Ensure policies are in place for the secure handling of information and assets Ensure the protection of their assets that are accessible by suppliers and third parties Designing & Developing Secure Systems, Applications & Network Ensure that data is protected by cryptography and network security controls Ensure that systems and applications are designed and developed securely and are thoroughly tested Security Operations Identify and assess security risks prior to offering mobile money services and continue to monitor such risks on an

• ngoing basis.

Properly identify and authenticate system users Limit access to customer data on a “need to know” basis Limit physical access to systems Ensure correct and secure operations of information processing Develop processes to ensure that all transactions and user activities are logged with appropriate audit trails. Regularly test security systems and processes. Ensure continuity of information security. Develop a process to identify, address, and monitor security incidents and security-related complaints.

Transparency

17

TRANSPERENCY: Communicate Fees, T&Cs, AND Information Transparently To Customers Practice

Effective Disclosure & Transparency Ensure that customers are provided with clear, prominent, and timely information regarding fees and terms and conditions.

• Inform Customers of ALL fees, T&Cs
• Publish T&Cs in Plain Language where Possible
• Notify Customers in Advance of Changes to T&Cs or Fees Schedule
• Use Official & Local Languages
• Inform Customers of Expected Downtime & Communicate Unexpected Outages
• Train Customer Service Personnel in T&Cs & the Fee Schedule
• Inform Customers of KYC Requirements for Opening Accounts in Different KYC Tiers
• Help Customers to Locate Agents, Service Centres, & Other Retail Location

Education of Customers About Safety & Security Educate customers about how to use mobile money services safely and securely.

• Educate Customers on How to Use the Service Securely
• Inform Customers of Mobile Money Fraud Threats
• Emergency Contact Details For Loss of Handset/SIM or Suspicious Activity
• Entering Security Credentials And Resetting Account Details
• Exercising Caution with Cash-In/Out Transactions At Agents
• Providing Alerts On Suspicious Activity on Customer Accounts
• Advising Customers That User Interface will Change

Data Privacy

19

DATA PRIVACY: Protect Customers Personal Data Practice

Governance of Data Privacy Comply with good practices and relevant regulations governing customer data privacy.

• Data Privacy Policy
• Assign Responsibility for Customer’s Data Privacy
• Identify All Personal Data and Manage Privacy Risks
• Data Privacy Rules Behaviour
• Data Privacy Rules of Third Parties
• Personal Data Quality and Accuracy
• Training and Education on Data Privacy
• Data Privacy Incident Handling

Data Privacy Transparency Ensure that users are provided with clear, prominent, and timely information regarding their data privacy practices.

• Transparency Regarding Data Privacy Practices.

Thank You