Digital security and fraud

Digital credit is subject – in a way that conventional lending is not – to the full range of security and fraud issues that affect the cybersphere. These continue to increase as smartphone and digital credit use grow. They include:

  • Transaction (repayment) failure when the network is slow or down.
  • Weakness and breaches of mobile app security
  • Frauds by third parties such as unauthorized charges and misuse of client data.
  • SIM swap fraud.
  • Social engineering scams, e.g., phishing or spoofing (fake SMS or websites that mimic legit lenders’ sites to harvest personal data); smishing or vishing (phishing via text or voice call); and QR code or mobile app frauds that promise easy access to digital loans.
  • Authorized push payment scams, i.e., when a fraudster tricks a consumer into sending money to a criminally controlled account, for example, to pay a loan application or processing fee.
  • Identity frauds, where a criminal gains control of a consumer’s phone number or identity data through: SIM swaps; biometric identity frauds where a fraudster breaches data storage to obtain copies of a consumer’s biometric data (e.g., fingerprints, photos); or synthetic identity frauds where new identities are created by blending elements from different persons. Fraudsters can then obtain new digital loans, renew them, or increase their amount.1

Recommendation: Regulators can combat cyber risks with tools including rules on customer due diligence, data protection and security standards applied to providers, institutional governance (e.g., risk management) standards, and penalties related to financial fraud and malpractice. Market monitoring can help financial authorities to detect significant risks or occurrences of digital credit-related fraud that can inform further development of regulations. It is also vital to secure the active cooperation of other authorities with jurisdiction over frauds – criminal investigators and prosecutors as well as data and ICT regulatory bodies.

The difficulty of holding fraudsters to account makes it critically important for authorities to collaborate in setting up mechanisms to mitigate the effects on consumers and to encourage digital lenders and other firms in the digital sphere to invest in fraud prevention. It should be a priority for financial regulatory and other cooperating agencies to stay up to date on digital loan-related fraud and other cybersecurity developments, strengthen staff training and recruitment, increase information exchange, and leverage initiatives (e.g., ICT authorities’ SIM registration and authentication).

Ensuring some recompense to fraud victims is important in building consumer trust. One component of this is framing rules to allocate legal and financial responsibility among digital lenders, third parties and customers for consumer losses due to fraud. These provisions typically appear in clauses that apply broadly to fraud, consumer protection, consumer finance, and electronic payments – the latter because digital credit-related frauds are perpetrated via electronic payment systems and the associated communications networks. Another aspect of fraud mitigation is to create a funding vehicle for victim compensation – a heavy lift for most resource-constrained countries.

Notes:

1. Izaguirre et al. 2025 forthcoming [link]

Country examples of fraud prevention and mitigation frameworks

Link to Malaysia case studies
Malaysia
Read More
Link to Malaysia case studies
Malaysia

The National Scam Response Centre was set up in 2022 as an operational center to coordinate rapid response to online financial fraud. It involves the National Anti-Financial Crime Centre, the police, the central bank, the telco authority, FSPs, and telcos. Its hotline has received over 120,000 calls in two years, and its National Fraud Portal has helped FSPs and authorities rapidly identify, trace, and freeze stolen funds. In 2024, loan scams represented 15% of financial frauds reported to the police.1

Notes:

1. https://nfcc.jpm.gov.my/index.php/en/about-nsrc ; https://www.bnm.gov.my/documents/20124/17493532/ar2024_en_book.pdf/

Close
Link to United Kingdom case studies
United Kingdom
Read More
Link to United Kingdom case studies
United Kingdom

The Payment Systems Regulator now mandates full reimbursement of up to US $112,000 for victims of authorized push payment (APP) frauds, including loan fee scams. The sending firm shares liability equally (50/50) with the receiving firm. The fraud victim must be reimbursed within five business days (with limited exceptions), although grossly negligent consumers may be denied compensation. Consumers may seek redress with the Financial Ombudsman if unsatisfied with the settlement.1

Notes:

1. https://www.psr.org.uk/media/kwlgyzti/ps23-4-app-scams-policy-statement-dec-2023.pdf

Close
Link to United States case studies
United States
Read More
Link to United States case studies
United States

The Dodd-Frank Act provided for a Civil Penalty Fund as part of CFPB. The Fund’s governing regulation (the Consumer Financial Civil Penalty Fund Rule), adopted in 2013, empowers the CFPB to pay compensation to victims of federal consumer finance law violations, including illegal online lending practices. The Fund allows the CFPB to make harmed consumers whole even when FSPs cannot compensate them.1

Notes:

1. https://www.ecfr.gov/current/title-12/chapter-X/part-1075

Close
PREVIOUS TOPICGender
VIEW ALL TOPICS
NEXT TOPICOutsourcing