How has fraud evolved and become sophisticated in the DFS space 0f Uganda? This blog examines the evolution of customer/agent-level fraud by examining the six most common frauds in the market.
Uganda has seen an explosive growth in mobile money adoption in the last few years, growing from 550,000 active users in 2009 to 5.2 million in 2012 (active on a 30-day basis) according to the Economic Regulation Unit’s Broadcasting & Telecommunications Market Review 2011/12. Now, the rate of mobile money account ownership outstrips bank account ownership, which stood at 3.6 million bank accounts in 2013.
However, the Uganda mobile money market has been a playground for fraudsters. Reportedly, on an average at least 100 mobile money users lose money every week, some lose millions of shillings. In an environment where there are 5.2 million active users, 5,200 cases of fraud per annum do not seem to be a very high prevalence. But many cases are likely to go unreported, and each and every case will be amplified by word of mouth and undermines trust in the mobile money system. The 2013 Agent Network Accelerator survey for Uganda conducted by The Helix Institute of Digital Finance highlighted that the “risk of fraud” and “dealing with customer services when something goes wrong” were the two biggest challenges faced by agents. See “Challenges to Agency Business – Evidence from Tanzania and Uganda (Part- I)” for discussion of this.
We have already outlined the nature of many mobile money frauds and presented a generic framework broadly based on the Kenya market to understand these and their evolution with the maturation of the mobile money market – see Fraud in Mobile Financial Services. However, the Uganda market evolved differently to the Kenyan one, with multiple players entering the market over time and, most importantly, no national ID. These factors modified the evolution and sequencing of frauds, and in this blog, I highlight the six most common agent/customer level frauds in Uganda. The blog draws on my five years of my personal experience in the mobile money business in Uganda with Warid and Airtel during which I keenly observe the evolution of the mobile money market. As Zonal and then Regional Manager, I was able to watch and discuss frauds with agents across the country – indeed responding to fraud was a key part of my work.
The approaches to fraud executed by the con-men demonstrate their thorough understanding of the mobile money system and the lacuna in the processes in place. While the regulators and MNOs were busy fixing the leaks in the systems and processes, the fraudsters also learned and evolved their modus operandi to find new ways to cheat mobile money agents and customers. Their fraud mechanisms have become more sophisticated over the years.
In Uganda, the fundamental underlying problem is the country’s weak KYC norms. Currently, anyone can obtain a SIM(s) in different names and can operate under different identities. This phenomenon is compounded by the lack of a national ID in Uganda. The registration process for a national ID just started 2 months ago. The typical identifications for KYC have been either a passport, work ID or local council ID. The latter is most common, yet easily obtained by fraudsters and in as many distinct copies as they want, typically by paying the local council leader a small sum of money (usually ranging between $ 2-3). The ease of securing a fake local council ID for SIM and mobile money KYC registration makes it difficult to trace fraudsters, Such SIM cards are registered for purposes of committing fraud and quickly thrown away after successfully achieving their purpose/objective.
So how has fraud evolved, manifested and become sophisticated in the DFS space 0f Ugandan market?
1. Fake currency
During initial years the fraudsters took advantage of the low level of awareness by customers and agents through the use of counterfeit money to defraud unsuspecting victims. Fraudsters targeted busy agents in high traffic areas who did not perform due diligence in monitoring counterfeits, and in turn, agents also passed this fake currency to unsuspecting customers. Soon, agents became vigilant and many started to use ultra-violet lighting rods to detect fake currencies, resulting in a drastic decline with this tactic.
2. Reversing “erroneous” transactions
Fraudsters then resorted to sending fake SMS messages to customers’ phones (alerting the customer of a P2P/cash in transaction on his mobile money wallet). Shortly thereafter, the fraudster would call the customer claiming to have erroneously sent money to a wrong customer number. Innocently, and before checking the balance on his mobile money wallet, the customer would make a P2P transaction to reverse the “erroneously sent money” from his account – thus losing money. This did not stop with registered customers, un-registered customers would also fall prey of the fake SMS and “send back” the erroneous money through OTC at the agent point. The fraudsters had a field day with this tactic.
In a bid to protect their customers, MNOs run above the line (ATL) campaigns and to send SMSs broadcasts to educate customers on how to differentiate between authenticated messages from mobile money payment systems and fake ones sent by fraudsters. Although this had moderate success, it called for the change of tactics from fraudsters.
3. Facilitation fees for winners of the prize draw
The next evolution saw fraudsters introducing yet another tactic, this time using the MNOs’ marketing and advertising strategies to their advantage. Between 2010 and 2012, the Ugandan telecom sector was witnessing fierce fights for supremacy in revenue, customer acquisition, and retention. There were price wars, bonuses on airtime top-up and special prizes under loyalty programmes that included motor vehicles, bikes, money, etc. Winners would be called through telephone calls asking them to pick up their prizes.
The fraudsters responded quickly by creating their own “call centers”. Posing as staff from the MNO, they would call customers informing them that they were lucky winners and should come quickly to redeem their prizes. However, the fraudsters requested the customer (their “lucky winner”) to make an initial deposit of mobile money to facilitate the process of hand over of the prize, this would range from $45 to $400 depending on the magnitude of the “prize won”. For a motor vehicle, the “facilitation fee” would increase up to $1,000. Excited customers would quickly send this “facilitation fee” to a mobile money account provided to them by the fraudsters, only to wait in vain for the prize. On checking with the MNO, customers would then realize that they had been defrauded and the mobile money number to which they had sent the “facilitation fee”, had been switched off with no trace of ownership.
MNOs responded by ATL campaigns to increase awareness of their office phone numbers through which winners would be contacted. These numbers were publicized through TV, radio, newspapers and trade materials. Customer’s awareness of this fraud tactic increased and soon there was a drastic drop in its use.
4. PIN Appropriation
Fraudsters were still thinking and soon introduced a new wave of fraud targeting mobile money agents – specifically those that were busy and highly liquid. It was common practice for busy agents to initiate a transaction and then hand over his phone to the customer to punch in his number. The customer would give the phone back to the agent to complete the transaction by inserting in his PIN code.
Fraudsters took advantage of this. They would go to the agent point as normal customers wanting to conduct a transaction and followed the usual process. During this time, the fraudsters studied the buttons the agent pressed for his PIN code. After a few visits to the agent, the fraudsters could usually identify the agent’s PIN codes. The fraudster then went to the agent to transact. This time when the agent handed over his phone to the “customer”, the fraudster quickly punched in a phone number, inserted the agent’s PIN code and completed the transaction. The fraudster then started another transaction to cover his tracks and handed the phone back to the agent to complete it. The fraudster then walked away … never to come back. The agent was not aware that two transactions had taken place on his phone and had lost money ranging from $500 – $1,500.
Again MNOs had to intervene and they conducted awareness campaigns targeting agents advising them to:
These awareness campaigns forced fraudsters to adopt more sophisticated methods that required patience and careful study of the behavior of both customer and agents.
5. SIM Replacement
Fraudsters now study behaviors of customers and agents to find out those who carelessly expose their PIN codes. The fraudsters do not need to get in contact with the customer or agent’s phone, all they need is the phone number and PIN codes of the customer or agent.
MNOs provide a four-figure PIN code when activating a mobile money account for security purposes. Yet customers and agents usually (perhaps for fear of forgetting their PIN codes), chose to have a similar 4 figure PIN code, for instance choosing to use the classic 1234 or 4444, 2222, 5555, or 1111. See Ignacio Mas’ excellent blog “My PIN is 4321” on this. This makes it easy for them to memorize the PIN at all times. They continue to use this simple PIN without changing it (even when advised by MNOs to frequently change their PIN codes), thus making the fraudster’s work easy. Once he knows these PIN codes, through guessing or observation, the fraudster gets a duplicate ID issued in his name. He then goes to a police station to report the loss of “his/her” SIM, for which he gets a police letter. He presents this police letter to the MNO’s customer care center and a replacement SIM is provided thus inactivating the original, correct SIM. As the fraudster knows the PIN code of the target customer or agent, he is able to withdraw the money using the replacement SIM.
MNOs are facing a challenge with this tactic because the police innocently provide a letter for loss of a SIM (of course fraudulently obtained), so it is their obligation to provide a replacement SIM. Interrogating the MNO’s database for information to confirm KYC information provided at the time of registration is an option. But this is often inadequate to ascertain if the customer seeking a new SIM is genuine because the fraudsters have done his homework well and are well equipped with relevant information of their target victim. The relevant information and frequently verified include the customers’ date of birth, parents name and next of kin – upon this information matching with that of the MNO’s database (for proof and authentication purposes), a replacement SIM is issued to the fraudster who goes on to defraud innocent customers.
6. Reversals
In the latest round of frauds, the fraudsters have targeted the MNOs’ processes for the reversal of money sent to wrong mobile money accounts by customers and agents. Its common practice for money sent to the wrong recipient, to be sent back to the source account (after the MNO has received the complaint and done its due diligence investigation).
Fraudsters now go to a merchant to purchase an item for which they propose to pay using mobile money. Once the fraudsters have transferred the money to effect the payments, they leave the shop with the item and then call the MNO’s customer care center and ask them to block and reverse the payment on the basis that it was a wrong transaction. The MNO (following set reversal procedures) blocks the merchant’s account or the amount in a debate, then listens to both parties. However, the merchant in many cases has no proof that he is the genuine recipient and will be asked go ahead and settle the dispute legally. Clearly, this is not an ideal solution for a busy shopkeeper, and with the prospects of repeated visits to the MNO or lawyers for a reversal, he is left with no option but to agree to the transaction.
This blog examined the evolution of customer/agent-level fraud in Uganda by examining the six most common frauds in the market. In the next blog, we will examine how the MNOs have responded to the activities of fraudsters and how they might strengthen that response.
Leave comments