By Rushi Mehta: Digital Transactions in India is seeing a phenomenal growth. As per latest data from NPCI about UPI Transaction, total value of UPI based trasnsactions have crossed 15 Lakh Crores for month of June.
Similary for IMPS based Transaction, it is 5 Lakh Crores for month of July
Owing to such influx in transactions, there is a need to redefine the transaction monitoring in Banks, NBFCs and Fintechs. Relying on rudimentary transaction monitoring software will lead to cyber criminals exploit the banking system. There are a lot of Telegram Channels working to provide ‘Rented’ Bank accounts. For example, following accounts are in great demand currently with the mentioned commissions.
Indicators of Mis-use of Bank Accounts which can be put in Transaction monitoring
- Crossing the Turn Over of Company / Enterprise
Companies declare the average yearly turnover while opening current accounts. A monitoring mechanism with threshold of turn over should be implemented. As soon as the churning volume crosses declared turnover, there has to be a flag and enhanced due diligence should be done.
Using Government Database:
A solution can be deployed to check the company or individual’s turn over or information with GST database, MCA Information, PAN, Litigations etc. Many fintech companies have created an automated APIs to check for the same.
2. API / IP Address & Location
Mule accounts are operated from different IP Addresses. Many banks provide API facility. These accounts avail API facility. Some of the common learnt indicators of IP based detection are :
- Use of anonymous VPN
- Continuous changes of IP address [Geographic difference]
- Very high login attempts to account
- Login into the account only for conducting debit transactions.
IP can be automated and integrated using API to detect VPN, Proxy, Location etc (ex. ipinfo.io). Use cases are mentioned on following websites.
Same can be integrated with Security Operations Center as well.
3. High Cash Out
Cash out is the main aim of any criminal operation. A cash out monitoring of Bank account is one of way to detect rented account. Cash out may be in the form of
- ATM Withdrawals [India & Overseas]
- POS Withdrawals
- Continuous IMPS transactions [Suspected P2P Transaction of Crypto]
- Payment Gateway — Merchant Payment
Basically money will not lie stagnant in the account. It will be immediately transferred.
4. Multiple flags by Law Enforcements
As soon as a notice is received for a particular account for any fraud, immediately a team of fraud risk should be deployed to analyse the involvement of account without waiting for further notice. The same is available to all the banks. Compliance team / Audit team to monitor all flagged bank accounts should look at all freezing initiated by Indian Law Enforcement Agencies.
5. Suspicious Mobile Device Database
A list of suspicious Android IDs or device identifiers should be maintained and even shared by banks to identify if any bank account is being managed from same mobile device. There are many companies providing such facility on paid basis.
6. Yearly Audit of Debit Freezed Accounts.
An external audit on all the bank accounts debit freezed by Law Enforcement Agencies needs to be conducted by Bank in order to identify lacuna in KYC / Transaction monitoring system of banks and improve the same.
7. Analytics of Bank Accounts opened in particular branch
Involvement of Bank employee in opening mule accounts cannot be ruled out. A dashboard / analytics to identify sudden jump in opening of bank accounts from particular employee ID or branch can be initiated to tag the anomaly.
Trust / Clean Image is more important in business in longer run than bottomline or numbers achieved by negligence or wrong means.