< Back

Share |

Fraud in FinTech: issues, solutions and aspirations

The FinTech industry has had a great deal to celebrate – a recent report by KPMG Internationanl and CB Insights, suggested a record US$19.1 billion was raised across 1162 deals last year globally, and innovation has been rapid and impressive, bringing new products to a well-established and traditional sector. There is another side to this industry disruption, however, which is the heightened risk of fraud.

September 2016

Fraud in FinTech

FinTech has revolutionised financial services, introducing consumers to new products such as faster payments, robo-savings products, loan platforms, crowdfunding and more. FinTech companies are now household names and have certainly broken the dominance of financial service's largest players.

With this innovation, however, has come an increased risk of fraud. Recent fraud-related scandals involving peer-to-peer and crowdfunding platforms have served as stark reminders of the risks of using FinTech when appropriate regulation and/or compliance processes are not in place. Users of FinTech are concerned about fraud, so for the FinTech industry to survive, it must be protected against exploitation by fraudulent activity. Fortunately, entrepreneurs have identified this issue as yet another opportunity, and are busy developing a complementary industry to address this: RegTech.

RegTech, now an inherent part of FinTech

RegTech refers to technologies that work alongside FinTech services (as well as more traditional banking), allowing those services to operate more efficiently by ensuring legal and regulatory compliance in an increasingly regulated industry, while allowing innovation to continue. The UK is widely seen as being a global leader in FinTech and now RegTech; the Financial Conduct Authority (FCA) is actively working with startups to streamline compliance, while continuing to heavily promote innovation in financial products and services. RegTech is a rapidly growing industry: at the time of writing, 137 startups listed on Crunchbase, the well-known database of the startup ecosystem, are fraud detection startups.

Biometrics and tokenisation

There are various types of RegTech which have been developed to reduce the risks of fraud. Biometrics and tokenisation are popular, often used in the context of mobile phone payments. Biometric verification methods are principally fingerprint and iris recognition. Tokenisation is where a unique "token" is generated for each transaction, keeping all sensitive data, such as the cardholder's name and card number, stored remotely. So, even if a fraudster obtained the "token", they couldn’t use it to identify any personal information.

Faster payments can mean faster fraud

There is a growing trend towards real-time payments: an instant fund transfer service, whereby the funds appear in the recipient's account immediately. Real-time payments gives rise to greater risks of fraud, money laundering and terrorist financing and so, to counter these risks, technologies which act in real-time are required. Big data analytics and data clouds can help. Data analytics collects and then analyses all of this data on a scale and at a speed which has only recently become possible, in order to identify behavioural patterns. In the consumer context, data analytics is able to monitor a person's usual spending habits and flag an unusual transaction, thereby identifying potentially fraudulent transactions faster and more accurately than before. In the corporate context, behaviour can be monitored and unusual or suspicious transactions which may constitute a breach of regulatory obligations can be flagged. Some providers have now produced bespoke tools aimed at identifying all correspondence and records relating to a series of payments, including SWIFT records, to better manage sanctions and money laundering compliance risks.

Next step: harmonisation

The International Institute of Finance's recent report "RegTech in Financial Services" noted that the effectiveness of such monitoring and reporting systems is hampered by the fact that different banks use different payment systems which are often not wholly compatible with each other. One example of this is the fact that participants are often unable to identify country information in payment messages. Harmonisation of payment systems would allow for faster and more effective identification of transactions which could be linked to money laundering or terrorist financing.

A further area in which harmonisation of systems could be of use is in assisting with regulatory obligations to conduct "Know Your Customer" (KYC) checks in order to comply with regulatory anti-money laundering obligations. Cloud-based sharing systems could allow institutions to share KYC data in order to enable them to verify the identity of their consumers more quickly, although identifying what data is made available to whom, and ensuring it is kept secure, is likely to continue to be a major barrier to such systems for some time.

If you have any questions on this article please contact us.

Fraud in FinTech
Paul Glass


Nimisha Agarwal

Paul and Nimisha look at the symbiosis between FinTech and RegTech.

"For the FinTech industry to survive, it must be protected against exploitation by fraudulent activity."