caalley logo

The alley for Indian Chartered Accountants

A new weapon against online payment frauds:
Timely alerts on transactions via UPI, debit card, credit card, net and mobile banking

May 28, 2024

Synopsis
Fraud transactions: Banks like Standard Chartered Bank, HDFC Bank, ICICI Bank, and others have implemented a fraud protection measure wherein the bank will call you for transaction confirmation if it feels that these transactions are fraudulent. However if you give the confirmation, the transaction will go through. Know here how it works.

A new weapon against online payment frauds: Timely alerts on transactions done through any digital payment modeGetty ImagesA new weapon against online payment frauds: Timely alerts on transactions done through any digital payment mode

To make sure that your bank account is not misused by fraudsters for carrying out unauthorised transactions, many banks have implemented a safety feature - transaction confirmation. In this feature the bank sends an immediate alert to you before allowing any unusual or suspicious transaction initiated through your bank account. When you get this alert, you have two options - either to give consent to the transaction or decline it.

We have confirmed that some banks like ICICI Bank, HDFC Bank, and Standard Chartered Bank have already implemented this fraud prevention measure. There are other banks as well that have implemented such a system to prevent such fraudulent transactions.

How does this fraud prevention feature work?

Banks are building a credit intelligence system that identifies a suspicious transaction, which is different from your usual transactions, sends you an immediate alert, and does not allow such transactions unless you confirm its authenticity.

Say you are a resident of Mumbai and have an HDFC Bank credit card. Now you may have never done any financial transaction in South Africa or even been there but suddenly a high-value transaction got initiated from a South Africa-based website on your credit card. So HDFC Bank's credit intelligence and control department may immediately inform you of this transaction by calling you for confirmation. If you do not pick up this call or give your consent, the transaction will be declined.

"HDFC Bank has implemented such monitoring framework across all channels like UPI, Net banking/mobile banking, credit and debit cards, etc. This is to safeguard the customers against potential frauds," says Manish Agrawal, executive vice president, of the credit intelligence and control department, HDFC Bank.

Another example of such suspicious transaction alert and prevention is a UPI transaction in ICICI Bank. "We are unable to reach you to confirm UPI Payment txn of Rs 30000.00 in ICICI Bank Savings Acc on 21-MAY-24. To raise a dispute, call 18002662. To unblock, call 18001080. If outside India, call 91-22-33667777," an SMS sent by ICICI Bank when it could not get confirmation of the UPI transaction from a customer.

"We follow various methods to highlight to our customers the transactions in their accounts through credit cards, debit cards, UPI, Net banking, and mobile banking. For transactions that appear to be unusual or don't match the past transaction behavior of the customers, we call them on their registered mobile number. The customer is provided with an option to confirm the transaction on the call or raise a dispute," says an official spokesperson for ICICI Bank.

Standard Chartered Bank also uses fraud risk management tools with detection and prevention capabilities, which are designed to mitigate the risks of online and card fraud. "This system level capabilities allow monitoring of suspicious activities by collecting and analysing available data such as device, location, internet connectivity, merchant type in addition to transaction velocity, value, etc. The bank has also implemented various controls at each stage of transactions, like at the time of login, beneficiary addition or transaction from the account, etc. Apart from these controls, the Bank also monitors transactions to safeguard customer's accounts," said a spokesperson for the bank.

When will this feature be activated on your bank account?
The transaction confirmation feature is very selective as it is not activated for all transactions initiated through your bank account across different channels-UPI, credit card, debit card, etc.

As per Agrawal, this fraud protection feature is activated based on certain set parameters. "The parameters can be a combination of a risk score developed with the help of AI/ ML, payments not matching with customer profile, velocity, etc," he says.

As per Sheetal R Bhardwaj, executive board member of the Association of Certified Financial Crime Specialists (ACFCS) and head of compliance for a Dubai, UAE-based bank, the criteria employed by banks to detect such transactions can vary. "Typically, the criteria include factors such as the transaction amount, frequency, location, and recipient. Additionally, banks may take into account the customer's previous transaction history and behavior to establish a baseline pattern. Some banks also leverage AI engines and machine learning algorithms to continuously learn and adapt to emerging fraud patterns. In addition to analysing transaction patterns, banks may also employ geolocation, geofencing, and IP controls to enhance security measures," she says.

How do banks know which is a fraudulent transaction?
There is a dedicated analytics team that uses technology to detect and prevent a fraudulent transaction. However, sometimes this team may catch a genuine transaction also which may be outside the usual transaction pattern of the individual.

According to Agrawal, "HDFC Bank has been the first bank to implement a 24/7 monitoring set up wherein any suspicious patterns observed are alerted and accordingly customer confirmation is sought to ascertain the genuineness of the transaction."

A customer of ICICI Bank shares a real-life story of this fraud prevention measure in action. "My son stays in the UK and is an aspiring musician. So, he frequently buys music software and others using my credit card. However, a few months back he had set up an auto-pay subscription on my card for a music software subscription and told me about this. However, I didn't know that this company is based out of the USA, hence when they charged my credit card for the software's subscription after its free trial period was over, I got a call from ICICI Bank asking for confirmation. Now I know that my son uses my credit card for transactions in the London area, Europe and I use it in India, but never in the USA."

This transaction got picked up for transaction confirmation because it fell outside the usual geolocation pattern of the customer. "Geofencing is a technique that allows banks to set virtual boundaries or perimeters around specific geographic areas. If a transaction is initiated from outside the defined area, it may trigger additional scrutiny or verification. This helps prevent unauthorised transactions that may occur when a customer's card or account information is stolen and used in a different location," says Pradeep Janardanan, Director and team member of Standard Chartered GBS (Global Business Services).

Another case study can be where banks use geolocation to identify possible fraudulent transactions. For example: Suppose you transact usually in Delhi, Kolkata, and Bengaluru using UPI, debit cards, credit cards, etc. However, a transaction got initiated from Jamtara, a city in Jharkhand where you have never initiated any transaction. So, this could raise some red flags and the bank may call you for transaction confirmation.

"Geolocation refers to determining the physical location of a device or user based on their internet connection or mobile network. By comparing the location of a transaction with the customer's usual location, banks can identify suspicious activities," says Janardanan.

Janardhan shares an insight into how banks use the internet protocol (IP) address of their customers to prevent fraud. "IP controls involve monitoring the IP address from which a transaction is initiated. Banks maintain a database of known fraudulent IP addresses and compare them with the IP addresses of incoming transactions. If a suspicious IP address is detected, the transaction may be flagged for further investigation or verification," he says.

Experts think that this feature- transaction confirmation can significantly help in eliminating fraudulent transactions, although some customers might think it's an inconvenience. "From a customer's perspective, these measures may initially seem like an inconvenience as they add an extra step to the transaction process. However, they are crucial in protecting them from potential financial loss due to fraud. While it may require a few extra minutes to confirm a transaction, the peace of mind and protection provided outweigh the inconvenience," says Bhardwaj.

[The Economic Times]

Read more on:
Don't miss an update!
Subscribe to our newsletter