16. Keeping Customers Safe Online

Question 1

Define Financial Crime.

Answer 1

Any NON-VIOLENT OFFENCE committed by or against an IDIVIDUAL OR FINANCIAL SERVICES FIRM which results in FINANCIAL LOSS

Question 2

What are the different groups of financial criminals that have been identified by the International Compliance Association (ICA)? (3) What types of entity make up each group?

Answer 2

1. Organised Criminals
   - Terrorist Groups, Large scale operations which need funding through cybercrime and fraud.
2. External Stakeholders
   - customers, contractors, suppliers - any individuals with a connection to the firm
3. An Individual Criminal
   - serial or opportunistic fraudsters

Question 3

Define Cybercrime.

Answer 3

Any criminal act dealing with COMPUTERS or NETWORKS

Question 4

Which type of cybercrime impacts consumers the most?

Answer 4

DECEPTION, e.g. scam emails asking people to reveal sensitive info.

Question 5

What is Identity Theft? What are the consequences of Identity Theft for its victims?

Answer 5

Obtaining PERSONAL INFORMATION for the sole purpose of ASSUMING SOMEONE’S IDENTITY TO MAKE TRANSACTIONS/PURCHASES.

Consequence = damaged credit scores, finances, reputations & livelihood

Question 6

What is Phishing?

Answer 6

Stealing USER DATA (e.g. card/login details). The attacker PRETENDS TO BE PERSON/COMPANY THAT PERSON TRUSTS, enticing them to open links etc.

Question 7

What are the two types of links that can be found within phishing emails? (2)

Answer 7

1. MALWARE
   = used to damage or gain access to a device
   (e.g. viruses, trojan horses, spyware)
2. RANSOMWARE
   = Type of Malware that blocks access to the device, encrypting data until money is paid.

Question 8

What is Hacking?

Answer 8

SPECIALIST MALWARE is injected into a network so the hacker can GAIN CONTROL.

Resulted in COMPROMISED DATA & hackers being able to TRACK KEYSTROKES/PASSWORDS

Question 9

Has the introduction of Cloud Computing and Open Banking caused an increase or decrease in the vulnerability of banks to cyber attacks?

Answer 9

Increase, more opportunities for cyber criminals

Question 10

Are firewalls and anti-virus software considered to be a pro-active/offensive approach or a reactive/defensive approach to fighting cyber crime?

Answer 10

Reactive/Defensive. Banks are now moving towards using more proactive techniques.

Question 11

What are some examples of things that banks are investing in to fight cybercrime? (7)

Answer 11

1. AI/Machine learning
2. Biometrics
3. Electronic Identification
4. More staff/systems
5. Best practices for password protection
6. Antivirus software
7. Data encryption

Think: BAD PEAS

Question 12

Define Fraud.

Answer 12

When TRICKERY is used to gain a DISHONEST ADAVNTAGE, which is often financial, OVER ANOTHER PERSON.

Fraud can include the theft of:
- money
- data
- property

Question 13

Is the following scenario Fraud or a Scam?

Suspicious activity is found on your account, i.e. a transaction you did not knowingly make

Answer 13

Fraud

Question 14

Is the following scenario Fraud or a Scam?

An update of your contact details which was not made by you

Answer 14

Fraud

Question 15

Is the following scenario Fraud or a Scam?

You knowingly parted with your money or details with the expectation that you were dealing with a genuine person.

Answer 15

Scam

Question 16

What is remote banking fraud?

Answer 16

When a criminal gains access to your account to make an unauthorised transfer using one of the 3 remote banking channels:

1. Internet banking
2. Phone banking
3. Mobile banking

Question 17

The Financial Ombudsman Service categorises complaints relating to fraud and scams into 3 main categories. What are these?

Two of these categories can also be grouped together under another joint name. What is this?

Answer 17

1. Plastic card transactions not authorised by the customer
   (in-store or online)
2. Scams where the customer was tricked into handing over bank details - scam where fraudster is able to take money from an account without consent.
3. Scams where the customer was tricked into transferring money into the fraudster’s account

2 & 3 are known as Authorised Push Payment (APP) fraud complaints

Question 18

What type of fraud has occurred within the following scenario:

A fraudster hacks into an individual’s email account. They then find out the names of any companies this individual is already doing business with and proceed to pose as this business (could be their bank).

The fraudster then asks the individual to make a payment to an account in the name of the company they are pretending to be.

Answer 18

Authorised Push Payment (APP) fraud.

The individual has authorised the payment themselves but they were tricked into doing so.

Question 19

Customers usually only make complaints to the Financial Ombudsman Service regarding scams or fraud if their bank refuses to refund the money they they have lost.

When looking at these complaints, will the FOS make the bank refund any payments lost to the customer?

Answer 19

It depends on whether the customer authorised the payment.

Authorised payments where the bank followed all industry guidance to protect the customer from fraud = bank NOT LIABLE to refund

Authorised payments where the bank did not follow all industry guidance: FOS could ask the bank to refund some or all of the loss and possibly an upset payment/lost interest, depending on circumstances.

Plastic card fraud & unauthorised payments = banks should refund the customer ANY MONEY LOST PLUS ANY INTEREST OWED so long as they have not acted:
- fraudulently
- with intent
- with gross negligence (not just ordinary carelessness)

Question 20

Define an Authorised Payment.

Answer 20

The customer has given the bank instruction to make a payment and knew the money was going to leave their account.

Question 21

Who holds the most responsibility to protect customers from fraud? The customers themselves or banks?

Answer 21

Customers do have a responsibility to protect themselves, but banks hold the most responsibility.

Question 22

Banks should aim to detect fraud as early as possible to prevent loss. Which are the 3 main ways in which they do this?

Answer 22

1. Sophisticated computerised monitoring systems
2. Dedicated risk teams - if the system raises suspicion, the team usually contacts the customer to check whether the payment was genuine.
3. Raise customer awareness

Question 23

What are some steps that RBS has in place to try to protect customers? (4)

Answer 23

1. Online app contains warnings
2. Additional checks within higher risk circumstances - eg getting in touch to check details & give advice on the signs of a scam
3. Take 5 initiative - raises awareness of scams and how to deal with them
4. Staff training to spot scams

Question 24

What is the role of frontline staff in relation to fraud? (4)

Answer 24

1. STAY AWARE
   - of how/when customers are transacting
   - of the type of goods involved
2. MONITOR UNUSUAL ACTIVITY
   - computers flag up, staff scrutinise whether it is in line with usual behaviour. If not, contact customer.
3. TRAINING & LEARNING
   - to ensure compliance with current regulations
4. FOLLOWING INETRNAL PROCEDURES

Question 25

Name some examples of suspicious transactions that could be brought to staff attention. (4)

Answer 25

1. Large cash withdrawals 2. Transfers between accounts without rationale 3. Unnecessary used of third party accounts 4. Transactions involving high-risk jurisdictions

Question 26

What are profiling systems?

Answer 26

systems used by banks to help them identify where there may be suspicious activity on a customer's account.

Question 27

When customers set up a new beneficiary to make an online/app payment, what to banks tend to do?

Answer 27

Send the customer separate advice (often by text, outside of the app) to alert the customer before the bank makes the payment

Question 28

What is the APP Scam Code? What are the commitments within the code? (3)

Answer 28

Payment Service Providers (PSPs) like banks voluntarily sign up to this code to protect customers against Authorised Push Payment scams (APPs). Set up as a result of INDUSTRY COLLABORATION between PSPs, consumer groups & the regulator. PSPs who sign up to the code commit to: 1. Put in place procedures with DETECT, PREVENT & RESPOND to APP scams. 2. Prevent accounts from being used to LAUNDER THE PROCEEDS OF APP SCAMS. 3. CONTINGENT REIMBURSEMENT MODEL - reimburse victims of APP fraud, so long as the customer has met the standard expected of them within the code. Reimbursements are taken from a fund set up by the signatory banks. (remember this is voluntary, they don't legally have to do this)

Question 29

What is the Banking Protocol system?

Answer 29

An initiative between the Police and banks to work together in collaboration against fraud to protect vicitims.

Question 30

Which body holds responsibility for the Contingent Reimbursement Model (CRM)?

Answer 30

The Lending Standards Board (LSB)