 |
| Well, not only their fathers. Their banks might also be left with some explanation in case one turned up as the other. |
As usual, it is an insider job - not surprising seeing that many crimes usually involve insiders, plus crime seems to be quite a widespread problem in Kenya, including the less mentioned but high occurrence blue collar crime.
What happens in bank fraud is that bank staff identify a number of potential target accounts. Such accounts will normally have more than KSh. 100,000 in deposits. They then print a statement of the account, the owners photo and the owner's signature.
The then go to cartels who they work with, and issue them the three items - statement, photo and signature. The cartel then looks amongst themselves, of also amongst people, for a person who somehow resembles one of the account owners. Once a person is identified and is ready to take part in the "business", they are then coached on the bank statement. They are also coached on the owner's signature, and practice till they have something close.
The fraudster then walks into a bank branch and asks to withdraw, say KSh. 200,000. The signature they give might be a little different from the account owners, but most of us have inconsistent signatures. Bank staff will normally allow you to carry out a transaction with a signature close to that in the file for this matter.
For the withdrawal, the cashier will normally approach the bank manager to approve the withdrawals as it will be above their standard limit. The bank manager might approve, and this is where the two end up becoming liable to the transaction once the fraudster withdraws the cash.
The issue will crop up later when the actual account owner raises a complaint on the fraudulent withdrawal. Sometimes, such fraudulent withdrawals are usually targeted at dormant bank accounts where the owner has not interacted with the account for a while.
For banks, I believe that technology can come in handy in sorting such issues. An audit system should track all actions that involve a bank account. Audit logs on an account hit by fraud should be combed through and should reveal issues such as which bank staff accessed the details and even who printed out details. A red flag should be raised if the account was accessed from a branch rarely frequented by the account owner.
Additionally, audits can reveal a pattern, such as a common bank staff on accounts hit by fraudsters. Additionally, the bank system should warn bank managers when approving large withdrawals for accounts than barely withdraw such figures, or if the withdrawal is in a branch that does not fall in the normal places frequented by the account holder.
Additionally, controls can be implemented on transactions to make them safer. Account holders might get a text, or even a phone call for large withdrawals. This however might also ran into issues. M-Pesa fraudsters have been known to instruct users to press certain keys on their phone. Safaricom says you can bar all calls (and SMS on some phones) by dialling #35*0000 . The possibility of fraudsters calling you and asking you to press a series of keys, including the above set, to "clear a problem" with your phone is not remote.
Comments