Forensic auditors and financial experts say numerous businesses are falling victim to financial fraud facilitated by some flaws in the banking system’s handling of money transfers, especially online transfers.
While making transactions, banks primarily validate account numbers often without matching them with account holders’ names.
This systemic oversight, according to some industry experts, is paving the way for a surge in fraudulent activities that are costing companies substantial financial losses.
Without giving statistics, a source in the industry said one of the most common scenarios involves fraudsters providing legitimate institution names but linking them to fraudulent account numbers, and unwitting firms, believing they are paying genuine business partners end up transferring funds to illicit accounts.
Some forensic auditors believe the magnitude of the financial fraud is staggering because by the time the error is discovered, often after the funds have been withdrawn, it is usually too late to recover the money.
Aware of fraudsters’
shift: Shaba
“What is alarming is the ease with which fraudsters can manipulate the system, often leaving no trace until the damage is done,” explained Handsome M’bwana, director of forensic investigations and valuations at Fletcher &Evance, a firm of forensic accountants.
According to M’bwana, investigations conducted in various corporations in 2023 alone indicate the losses incurred run into millions, severely impacting their financial stability and trust in the banking system.
“The current system is like leaving your front door unlocked. Banks need to implement a more robust verification process, ensuring that both the account number and the name the money is being sent to are thoroughly matched before any transaction is approved,” he said.
M’bwana, whose firm has been engaged by several companies that have systematically fallen victim to the fraudsters, said while some banks have started to acknowledge the existence of the issue, the pace of implementing more stringent checks is lagging.
“The need for a unified approach across the banking sector is more pressing than ever. This would not only enhance security but, also, restore trust of customers and businesses in their financial institutions.
“As businesses continue to bear the brunt of this systemic flaw, the call for action grows louder. The banking industry must prioritise safeguarding clients’ funds by upgrading their transaction verification processes, a move that is not just necessary, but long overdue in the digital age,” explained M’bwana.
He recommended: “The lesson is clear for companies. They need to be vigilant and verification is paramount. Until banks rectify this critical vulnerability, businesses must exercise increased caution in verifying the authenticity of account details during transactions.”
But Bankers Association of Malawi (BAM)president Zandile Shaba in an interview said her association, without giving specific stats, was aware of the shift by fraudsters to target digital payments platforms, where some operators using bank platforms are substituting genuine account numbers with fraudulent ones, thereby misrouting transactions.
She said while banks are custodians of money and other valuables, even after doing the needful, they may still be caught up in situations where fraudsters capitalise on weak control environments elsewhere.
Shaba said the standard protocol in most banking institutions, as it turns out currently, is to verify transactions based on account numbers, an approach that enables fraudsters to exploit the system.
“The payments landscape has over the years evolved and fraudsters have not been left behind. If, however, you look at control configuration in its entirety, digital platforms are generally much more secure than any manual payments,” she said.
Shaba said BAM was also aware of some fraudsters that are hacking e-mails of customers and hijacking conversations, especially where a deal is being closed.
These fraudsters, according to Shaba, take over the conversation and issue an invoice substituting a bona fide beneficiary account with their own.
“Note that in all instances, there appear to be some gaps in terms of general awareness of key controls on digital platforms and cyber security. These failures may not be attributed to the industry in all fairness.
“Please note, however, that BAM can work with industry stakeholders to enhance awareness. As time goes on, with collective efforts, we should be able to fight this vice,” she said.
However, Shaba said while some people expect bank systems to match the account number and account name, the reality is that core banking systems are generally not configured in such a way.
But Reserve Bank of Malawi (RBM) national payment systems director Fraser Mdwazika observed that it is generally acknowledged that prevention of fraud is a shared responsibility and needs to start with the initiator of a transaction.
“That’s why even in low-value payment platforms, people are urged to avoid sharing pin codes,” he said.
Mdwazika said since mobile transfers, largely called credit push transfers, are initiated by the sender, the host system or bank is only on the receiving end and validating the account number is the primary key while validating account name may be secondary.
“If the ‘fraudster’ provides a ‘legitimate company name’ but a ‘wrong account number’ then it could be wrong to accuse banks of facilitating fraud because it is incumbent upon the institution itself to validate the necessary information before effecting a payment,” he said.
However, Mdwazika said RBM was discussiing with market players to verify ‘push’ payments with at least two verification details, including name and account number or account number and phone number or account number and national ID number, which would help in verification enhancements.
On his part, ICT Association of Malawi (Ictam) president Clarence Gama said while his association was not aware about the fraud, they are ready to help in consulting so that together they can develop a solution.
Gama said: “The problem is broader and not just with technology. There are a number of factors, including governancein the banks, and shared database within the banking industry.”
According to RBM, the use of digital financial services has lately gone up, reflecting an improvement of transactions in both volume and value.
This is because the bank has embarked on raising awareness on adoption of digital financial services with focus on the marginalised rural population.
The post Crooks prey on banks first appeared on The Nation Online.
The post Crooks prey on banks appeared first on The Nation Online.