Are e-wallets convenient or caution-worthy?
The demonetization exercise carried out late last year has resulted in a rise in individuals and businesses adopting digital technology, particularly e-wallets, for transactions. While this is a welcome move, one must also understand that the technologies and business models backing e-wallets are fairly nascent in India, thereby exposing customers to potential fraud risks, including the following:
• Phishing Frauds – Fraudsters may use phone calls, SMS messages, or email to trick users into divulging their PINs or other personal information that may result in embezzlement of virtual money from the wallet.
• Intrusion/Cyber Attack – Fraudsters may hack into the mobile money platform and manipulate wallets to their gain.
• Unauthorized SIM Swap – A fraudster may attempt to take over someone else’s mobile wallet account by pretending to be that person using false identity documents. Once they assume the other person’s identity, they can swap SIM cards and obtain full access to funds.
• Fake KYC – Customers can furnish fake KYC documents to gain access to premium wallets that allow higher transaction values (transfer and cash out). This may help facilitate money laundering.
• Commission Frauds by Agents – Mobile money agents may try to earn more commissions by breaking up legitimate customer transactions into smaller ones resulting in higher transaction volumes. Agents may also introduce fake accounts to gain higher registration commissions.
• Benefits through Misconduct – Regular customers may discover product or application flaws that can provide benefits to them in a specific scenario and can repeatedly simulate the same scenarios to exploit these limitations. For example, transaction failures for specific scenarios resulting in the wallet/account getting credited without corresponding debit from the other side, etc. You may read more about emerging risks in the mobile money industry here.
The root causes of most of these possible incidents arise from internal control failures around governance, IT and continuous monitoring, thereby highlighting the need for regular fraud risk review and monitoring.
With the mobile payments industry being largely at a nascent stage in India, the ultimate surge in mobile platform adoption rates may be accompanied by a spate of fraud risks. Organizations therefore need to look at adopting fraud control measures, while also educating users about adequate precautions to remain safe.
A longer version of this write-up was contributed to the Forbes Online magazine and can be read here.
If you have any comments or would like to share your views, please write to us at email@example.com or on Twitter by following @deloitteindia.
Authored by: KV Karthik, Partner, Deloitte India and Arjun Rajagopalan, Director, Deloitte India