AFC Thoughts

Money Laundering in South Africa: The Power of Information Sharing

Site Logo
Tookitaki
31 May 2023
8 min
read

Money laundering, the process by which criminals disguise the illegal origins of their wealth and protect their asset bases, poses a significant risk to the economic and political stability of countries and their social fabric. This clandestine act continues to evolve, with perpetrators adopting increasingly sophisticated methods to bypass traditional detection measures. In this blog, we delve into the state of money laundering in South Africa, exploring the importance of and barriers to effective information sharing in this context and how modern solutions like Tookitaki's Anti-Financial Crime (AFC) Ecosystem can facilitate this process to curb the tide of financial crime.

According to the Global Financial Integrity report, South Africa loses approximately $10 billion per year due to illicit outflows, a substantial portion of which can be attributed to money laundering. Additionally, the country is ranked 70th out of 180 on the Corruption Perceptions Index by Transparency International, which suggests a significant prevalence of corruption and financial crime.

Money laundering in South Africa is not just an economic concern but has widespread societal implications. It can destabilize the financial system, exacerbate income inequality, and undermine social and political institutions. Addressing money laundering is not merely a financial imperative; it's a moral and social one too. In order to tackle this pressing issue effectively, the need for robust and cutting-edge solutions cannot be overstated. This blog aims to shed light on these aspects, focusing on the potential of information sharing in strengthening anti-money laundering efforts and how Tookitaki's AFC Ecosystem can serve as a crucial tool in this fight. Stay with us as we navigate this complex landscape, exploring the challenges and solutions at hand.

The Current State of Money Laundering in South Africa

The reality of money laundering in South Africa is a somber tale that warrants our undivided attention. This illicit activity remains a persistent issue, leaving lasting effects on the nation's economic integrity and social stability.

South Africa has seen numerous high-profile cases demonstrating this problem's extent. One case that made international headlines involved the notorious Gupta family, who were accused of siphoning billions of Rand from state coffers, exploiting public resources, and employing complex money laundering schemes to mask their activities. These allegations, though not isolated incidents, exemplify the far-reaching tentacles of money laundering and its intersection with systemic corruption in the country.

The methods employed in money laundering are increasingly sophisticated and multi-layered, making them hard to detect and even harder to prosecute. Common tactics include trade-based laundering, where trade transactions are manipulated to disguise the movement of money; layering, where illicit funds are concealed through complex layers of financial transactions; and the misuse of digital currencies, a recent trend that capitalizes on the anonymity of these platforms.

The impact of money laundering extends far beyond the financial realm. From an economic perspective, money laundering can distort market competition, compromise financial institutions, and deter foreign investment, which can stifle economic growth and development. The World Bank has warned that these activities could even lead to a country's financial crisis if left unchecked.

In a societal context, money laundering facilitates and perpetuates crime and corruption. Providing a safe haven for the proceeds of crime incentivises criminal behaviour, which undermines public trust in institutions, exacerbates social inequality, and hampers the nation's progress towards its developmental goals.

Furthermore, the ramifications of money laundering aren't confined within South Africa's borders. Given the interconnected nature of the global financial system, money laundering threatens regional and international financial stability, creating a domino effect that can impact economies worldwide.

{{cta-afc}}

The Power of Information Sharing

In the face of growing financial crime, particularly money laundering, the role of information sharing cannot be underestimated. A comprehensive and transparent exchange of information can bridge gaps in understanding, identify new patterns, and expedite the detection of illicit activities. 

At its core, information sharing in the context of anti-money laundering (AML) involves the exchange of data among various stakeholders. This can include financial institutions, regulatory bodies, law enforcement agencies, and even across different countries. The type of information shared could range from suspicious activity reports, typologies or methods used in money laundering to trends and new schemes being observed.

The primary goal is to enhance collective knowledge and leverage it for proactive risk mitigation. It can help identify new threats, anticipate criminal shifts in methodology, and contribute to the overall efficacy of AML efforts. By combining insights, institutions can stay one step ahead, preventing rather than just detecting illicit financial activity. This is not just beneficial at an individual level, it significantly strengthens the broader financial system, making it more resilient to criminal threats.

An example of successful information sharing can be seen in the European Union. The 5th Anti-Money Laundering Directive of the EU mandates financial institutions to share data related to suspicious transactions across member states. The goal is to foster a united front against financial crime across the continent.

Barriers to Effective Information Sharing in South Africa

Despite the proven benefits of information sharing in the battle against money laundering, several barriers in South Africa hinder its effective implementation.

  • Firstly, privacy laws and concerns around data protection can sometimes inhibit the seamless exchange of information. Banks and other financial institutions are rightfully cautious about sharing customer data due to regulations such as the Protection of Personal Information Act (POPIA), which places stringent controls on the processing and disseminating personal information.
  • Secondly, there's a technical challenge. Financial institutions often operate on different technological platforms, making sharing and interpreting data across these disparate systems difficult. This lack of standardization and interoperability impedes the efficient exchange of critical anti-money laundering information.
  • Lastly, there are organizational and jurisdictional silos. Financial institutions, regulatory bodies, and law enforcement agencies often operate in silos, which can create a fragmented approach to tackling money laundering. Moreover, cross-border information sharing is challenging due to differences in laws, regulations, and protocols across countries.

Overcoming these barriers requires a multi-faceted approach. Legal clarity around data privacy laws, specifically in the context of AML activities, can reassure institutions about the legality and security of information sharing. Technological solutions can help address interoperability issues. Adopting standard data formats and protocols and investing in shared digital platforms can significantly improve the ease and speed of data exchange.

Introducing Tookitaki's AFC Ecosystem

In our quest to overcome the barriers to effective information sharing, an innovative solution has been making strides in this field: Tookitaki's Anti-Financial Crime (AFC) Ecosystem.

What is Tookitaki's AFC Ecosystem?

Tookitaki's AFC Ecosystem is a community-based platform designed to facilitate seamless information sharing in the fight against financial crime. It provides an interactive and collaborative space for financial institutions, regulatory bodies, and risk consultants worldwide to share their knowledge and experiences.

The Typology Repository and AFC Network

At the heart of this ecosystem lie two main components: the AFC Network and the Typology Repository. The AFC Network is a global network of subject matter experts who contribute the latest typologies—essentially, methods used in financial crime. These experts provide real-time insights into emerging trends and patterns, enhancing the community's collective intelligence.

The Typology Repository, on the other hand, serves as a vast federated database of money laundering patterns. This exhaustive, ready-to-use database is contributed to and validated by experts from around the globe, encompassing a broad range of typologies from traditional methods to emerging trends.

A pictorial representation of a typology is shown below. 

Typology social media post


Features and Benefits of Tookitaki's AFC Ecosystem

The AFC Ecosystem offers a range of features designed to facilitate the creation, sharing, and use of typologies.

  • The Typology Database, part of the Typology Repository, is a readily accessible source of rules and typologies. It's regularly updated with emerging trends, breaking down informational silos with its federated structure.
  • The Typology Developer Studio provides a 'No Code' drag and drop interface for rule creation, decoupling rules from threshold values, and automatically converting them to risk indicators or rules.
  • Further, the ecosystem allows for efficient management of typologies. Users can categorize typologies under various themes like business lines or geography for easy search and download. Parameters of typologies can be edited and reconfigured based on individual needs.
  • Importantly, the AFC Ecosystem is privacy-protected. It only contains typology parameters and doesn't store any personally identifiable information (PII) or sensitive client data.


The benefits of using Tookitaki's AFC Ecosystem are substantial. By fostering an expert community and providing access to a vast, regularly updated typology database, it empowers institutions to stay ahead of emerging financial crime trends. The result is enhanced risk detection, robust compliance, and the ability to turn these into a strategic advantage in the business landscape.

Tookitaki's AFC Ecosystem is not just a technological solution; it's a community-driven initiative geared towards strengthening the global fight against financial crime. By enhancing the power of information sharing, it opens up new opportunities for collaborative, proactive, and effective AML efforts.

How Tookitaki's AFC Ecosystem Can Help South Africa

Given the current state of money laundering in South Africa and the associated challenges, Tookitaki's AFC Ecosystem presents a highly relevant solution. This community-based platform has the potential to address South Africa's specific money laundering issues in a number of ways.

  • Addressing Data Privacy and Technical Challenges: Tookitaki's AFC Ecosystem has been designed with a focus on privacy protection. Its operations rest on patterns and typologies, not personal or sensitive data. This means that South African financial institutions can leverage its database without compromising on customer confidentiality or infringing upon the stringent requirements of the POPIA.
  • Breaking Down Silos: The AFC Ecosystem helps break down organizational and jurisdictional silos, one of the key barriers to effective information sharing in South Africa. By facilitating interactions among a global network of experts, it encourages a unified approach to combating money laundering. The ecosystem provides a space where various stakeholders - financial institutions, regulators, law enforcement, and more - can connect and collaborate.
  • Staying Ahead of Emerging Threats: South Africa, like any other country, faces the challenge of keeping up with the evolving tactics of money launderers. The AFC Ecosystem can prove instrumental in this respect. Its Typology Repository is regularly updated with emerging trends and methods, equipping users with the knowledge they need to stay one step ahead.

By enhancing the accessibility and usability of shared information, the AFC Ecosystem can significantly strengthen South Africa's defences against money laundering. As more South African entities participate in this global community, the region's collective intelligence against financial crime will grow stronger, contributing to safer financial systems and more secure society.

Leveraging Information Sharing for a Financially Secure Future

The battle against money laundering is a global challenge that requires our collective effort and intelligence to overcome. A crucial part of this fight lies in information sharing - the ability to pool knowledge on illicit financial behaviours, methodologies, and trends. With this knowledge, we can react to money laundering activities and proactively prevent them. South Africa, grappling with significant money laundering concerns, stands to benefit immensely from enhancing information-sharing mechanisms. In this context, innovative solutions like Tookitaki's Anti-Financial Crime (AFC) Ecosystem present a significant opportunity.

By fostering a global network of experts and providing a comprehensive, ever-evolving database of typologies, the AFC Ecosystem can help South African institutions stay one step ahead of financial criminals. It offers the ability to circumnavigate barriers of data privacy and technical challenges while breaking down informational and organizational silos. As more South African stakeholders join this ecosystem, we expect to see a growth in collective intelligence and a strengthening of the country's defences against financial crime. This, in turn, will contribute to a more secure financial system and a safer society.

We invite all anti-financial crime experts, risk consultants, regulators, and financial institutions to explore the potential of Tookitaki's AFC Ecosystem. Join us in this global, collaborative initiative to stay ahead of financial crime trends, uncover hidden risks, and turn compliance from a necessity to a strategic advantage.

By submitting the form, you agree that your personal data will be processed to provide the requested content (and for the purposes you agreed to above) in accordance with the Privacy Notice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to Streamline Your Anti-Financial Crime Compliance?

Get Started

Our Thought Leadership Guides

AFC Thoughts
18 Jul 2024
4 min
read

Typology Tales July 2024: Account Takeover Surveillance

We are pleased to share the latest edition of "Typology Tales" for July 2024. This edition highlights the new typologies that our Anti-Financial Crime (AFC) community has carefully analysed and selected. Our community's collective efforts are crucial in staying ahead of evolving financial crime threats, and we are grateful for your continued participation and contributions.

AFC Community’s Role

Each month, our dedicated AFC community comes together to analyze and evaluate newly created typologies, selecting those that can significantly enhance the ecosystem's ability to prevent and combat financial crime. The typologies chosen for publication are those that offer the most promise in terms of effectiveness and applicability across various scenarios.

Key Highlights from July 2024 

These typologies have been meticulously curated to ensure they provide robust and actionable insights, ultimately helping to safeguard the financial ecosystem.

Theme of the Month: Account Takeover Fraud (ATO)

Theme of the month

Account takeover fraud (ATO) is a type of cybercrime where unauthorised people access a user's account and use it for harmful purposes. This dangerous activity has increased significantly in recent times, posing a growing threat to both individuals and organisations. 

In this edition...

In this edition of Typology Tales, we delve into two typologies that compliance professionals can incorporate into their transaction fraud monitoring systems to proactively prevent account takeover in real time.

Typology 1: Surge in Multi-Party Transactions in Sizeable Values

Typology-multiple counterparty

A pattern of multiple parties making high-value transactions with one entity in a short period of  time suggests possible account takeover fraud. This requires a strategic review of transaction behaviours.

How It Works

  • The typology monitors transactions involving a single customer who receives or transfers funds with multiple parties within a short time span.
  • To identify potential account takeover risks, the typology groups transactions by the unique identifiers of senders and receivers within a specified time frame. By tracking these identifiers over a defined period, it can determine how many different parties have transacted with a particular entity.

  • Simultaneously, the typology aggregates the transaction amounts linked to unique senders and receivers.

  • It flags any entity that engages in transactions with a large number of different parties and exceeds a cumulative transaction threshold. This signals potential account takeover risks due to unauthorised access and high-value transactions.

Typology 2: Monitoring High-Value Transactions Across Multiple Payment Modes

15 - 2024 July Edition TT Typology tales-1-1-1-1

Financial institutions may implement advanced monitoring to detect high-value transactions between senders and receivers through various modes, aiming to uncover potential account takeover fraud.

How It Works

  • To effectively oversee the flow of funds, the typology tracks and aggregates transaction amounts based on the mode of transfer.
  • Transaction amounts, including those made through cash or alternative payments, are further aggregated by the unique identifiers of the sender and receiver over a specific period.
  • Entities showing high-value transactions across multiple payment modes over specified time frames are potentially flagged as suspicious. This increased activity may indicate that an account has been compromised and is being used to funnel funds illegally.

From the Media: Account Takeover Attacks Overtake Ransomware as Leading Security Concern

Research by cybersecurity firm Abnormal Security highlights that account takeover (ATO) attacks have become a top concern for security leaders. The 2024 State of Cloud Account Takeover Attacks report reveals that 83% of organisations experienced at least one ATO incident in the past year. 

Over 75% of security leaders rank ATOs among the top four global cyber threats, with nearly 50% facing more than five incidents annually and around 20% encountering over ten incidents. ATOs are now considered more significant than other threats such as spear phishing and ransomware.

Read More

Unite in the Fight Against Financial Crime

Financial crime is a pervasive issue that requires a collective, centralised approach to intelligence gathering. That's why we have created the Anti-Financial Crime (AFC) Ecosystem, a network of experts who work together to share knowledge and develop strategies for combating financial crime.

If you are an AFC expert, we invite you to join our efforts and help us grow the AFC Ecosystem. And if you know any other AFC experts, please refer them to us so we can continue to expand and strengthen our network. Together, we can make a real difference in the fight against financial crime.

Typology Tales July 2024: Account Takeover Surveillance
AFC Thoughts
01 Jul 2024
3 min
read

Account Takeover Fraud: Monitoring Entities Incorporated Long Back

In the evolving landscape of financial crime, financial institutions need to intensify their scrutiny of transactions from entities with a long history of incorporation but sporadic or recent activity. This increased vigilance aims to detect and thwart potential account takeover fraud within savings accounts, ensuring the safety and integrity of financial systems.

Given below is a typology from Tookitaki's AFC Ecosystem. It details how to ensure your monitoring system triggers alerts transactions from entities with a long history of incorporation

Understanding the Typology

Setting Up Entity Historical Profiles

Financial institutions employ a function known as the "Incorporation Date of the Entity" to track and record the incorporation dates and transaction activities of entities. This function helps identify entities that have been established long ago but have shown recent or sudden transaction activities, which could be indicative of fraud.

Function Configuration and Data Aggregation

  • Aggregate Fields: The system aggregates data on 'sender incorporation date' and 'receiver incorporation date.'
  • Aggregate Function: Using the collect_set function, the system compiles a unique set of incorporation dates for each sender and receiver, providing a comprehensive historical perspective of each entity's transaction timeline.
  • Group By: Transactions are grouped by unique identifiers like 'sender_hashcode' and 'receiver_hashcode,' linking each entity’s transaction history to specific account profiles.

Monitoring and Anomaly Detection

The system continuously monitors the transaction activities of these entities, comparing current transactions against historical data. Entities that have shown no or minimal transaction activities for a significant period since their incorporation are closely watched. A sudden spike in transactions, especially those of significant volume or frequency, triggers an alert. This scrutiny is particularly heightened if the entity's previous activity has been minimal or non-existent for years.

Group 16190-1

Flagging and Review Process

Transactions involving long-dormant entities resuming activity are flagged as high-risk. These flagged transactions undergo a detailed review to ascertain the legitimacy of the activity and to rule out any potential account takeover or other fraudulent intentions.

Investigative Measures

For flagged transactions, financial institutions conduct thorough investigations involving:

  • Background Checks: Verifying the entity's background.
  • Transaction Legitimacy: Confirming the legitimacy of the transaction.
  • Entity Ownership: Ensuring the entity's ownership and operational status.

Preventative Actions and Customer Interaction

If fraudulent activity is confirmed, financial institutions take immediate steps to:

  • Block further transactions.
  • Secure the affected accounts.
  • Possibly reverse fraudulent transactions.
  • Contact entity representatives for further clarification and to ensure all parties are informed of the situation.

Compliance and Reporting Obligations

All suspicious activities are documented and reported in compliance with regulatory requirements. This ensures that the institution remains compliant with anti-fraud regulations and aids in broader efforts to combat financial crime.

{{cta-ebook}}

Enhancement of Monitoring Systems

Based on findings and trends observed from monitoring these entities, financial institutions continually refine their detection algorithms and update their monitoring systems to better identify and prevent potential fraud.

By closely monitoring the activities of entities incorporated long ago but recently active, banks can effectively spot unusual patterns that may indicate fraudulent activities, such as account takeovers. This proactive approach helps safeguard customer assets and maintain the integrity of the financial system.

Final Thoughts

Financial institutions must remain vigilant and proactive in monitoring and analyzing transaction activities, especially those involving historically dormant entities. This typology, sourced from Tookitaki's AFC Ecosystem, highlights the importance of advanced monitoring techniques in detecting potential fraud.

We encourage anti-financial crime professionals to join the AFC Ecosystem to access unique typologies and leverage community-driven insights for enhanced fraud detection and prevention. Together, we can strengthen our defenses against financial crime and protect the integrity of our financial systems.

Account Takeover Fraud: Monitoring Entities Incorporated Long Back
AFC Thoughts
22 May 2024
3 min
read

The Globalization of Fraud: The Rise of Transnational Scams

In an increasingly interconnected world, the borders that once confined criminal activities are rapidly dissolving, aided by the rise of digitalisation and the pervasive reach of online platforms. The stark reality we face today is a landscape where fraudsters exploit digital payment systems to target individuals across the globe, particularly in the Asia-Pacific region. Organised fraud syndicates are not just local threats; they operate on an international scale, executing sophisticated scams that often outpace current preventative measures.

Case Study: A Transnational Crackdown on Job Scams

On 20 March 2024, a significant breakthrough came when the Commercial Affairs Department (CAD) of the Singapore Police Force and the Bukit Aman Commercial Crime Investigation Department of the Royal Malaysia Police joined forces in Kuala Lumpur. This joint operation was the culmination of extensive cross-border investigative efforts aimed at dismantling a formidable job scam syndicate.

Between October 2023 and January 2024, this syndicate deceived over 3,000 individuals, accumulating illicit gains of approximately $45.7 million. These scams primarily targeted Singaporeans, promising lucrative job opportunities that required victims to make upfront payments or divulge sensitive information under the guise of securing employment. The rapid escalation of these scams prompted an intensive collaborative investigation, which eventually led to the arrest of five Malaysians involved in laundering the proceeds from these fraudulent activities.

This operation not only highlights the severity and reach of transnational scams but also underscores the urgent need for global cooperation and shared strategies to combat these crimes effectively.

Job Scam

The Imperative of a Collaborative Approach

As we witness a surge in transnational fraud, the isolation of financial institutions in their silos makes them particularly vulnerable. The complexity and rapid adaptation of fraud strategies require that defences be equally dynamic and interconnected.

Collective Intelligence and Shared Responsibility

To counteract the evolving menace of cross-border fraud effectively, a collaborative approach is indispensable. The AFC Ecosystem initiative represents a commitment to fostering industry-wide cooperation and information sharing. Through this collective intelligence, we aim to establish a robust defence mechanism that not only identifies but also anticipates fraudulent activities, ensuring safe and secure societies. This shared responsibility is vital in creating an impenetrable barrier against the sophisticated mechanisms of modern financial criminals.

Considering the Typology of the AFC Ecosystem

Drawing from the AFC Ecosystem's insights, let's delve into the typology of transnational job scams. This framework is instrumental in understanding how these frauds operate and what measures can be employed to thwart their attempts.

Detailed Analysis of the Typology

Transnational job scams represent a highly organized and rapidly proliferating threat that exploits the aspirations of job seekers worldwide. These scams are not just about deceit regarding employment opportunities but involve intricate financial manipulations that siphon funds across international borders.

Operational Mechanics

  • Initial Recruitment: The scam begins with contact through social media or other digital platforms, where victims are lured with high-return, low-effort job offers.
  • Deceptive Promises: The roles are advertised as lucrative yet simple enough to attract a wide demographic, from students to the unemployed.
  • Financial Prerequisites: Victims are persuaded to make upfront payments or provide personal information as a part of the onboarding process.
  • Expeditious Expansion: To maximize profits before any potential crackdown, these operations quickly scale and replicate across various regions.

{{cta-ebook}}

Granular Red Flags and Risk Indicators

To effectively monitor and prevent these scams, it is crucial to recognise the following detailed risk indicators:

  • Value: Transactions often involve small amounts that are usually perceived as low-risk by victims, making them less likely to raise immediate alarms.
  • Volume: A high frequency of transactions complicates tracking and analysis, as the sheer number of transactions can overwhelm standard monitoring systems.
  • Velocity: The rapid succession of payments, coupled with potential chargebacks or cancellations, creates a chaotic financial trail that is difficult to follow.
  • Channels: Scammers predominantly use digital payment platforms, online banking, and occasionally cryptocurrencies to maintain anonymity and complicate tracing.
  • Anonymity: There is often a mismatch between beneficiary details and the purported employer, signalling a red flag for transactions.
  • Recurrence: Victims are frequently solicited for multiple payments under various pretexts, each justified as necessary for job commencement or continuation.
  • High-risk Geos: Payments are directed to accounts in high-risk jurisdictions or to those that are otherwise unrelated or suspicious, lacking any logical connection to the job or employer.
  • Geographical Inconsistencies: The involved countries often have no direct connection to the alleged job or employer, exploiting the complexities of international law and jurisdictional boundaries.

Harnessing Collective Efforts for Enhanced Security

The fight against transnational fraud is not a battle that can be won in isolation. It requires the concerted efforts of financial institutions, regulatory bodies, law enforcement, and the public. By adopting the typology provided by the AFC Ecosystem and vigilantly monitoring the detailed risk indicators, we can forge a path towards a more secure and resilient financial environment. This collective approach is our best defense against the sophisticated and ever-evolving landscape of global fraud.

The Globalization of Fraud: The Rise of Transnational Scams
AFC Thoughts
18 Jul 2024
4 min
read

Typology Tales July 2024: Account Takeover Surveillance

We are pleased to share the latest edition of "Typology Tales" for July 2024. This edition highlights the new typologies that our Anti-Financial Crime (AFC) community has carefully analysed and selected. Our community's collective efforts are crucial in staying ahead of evolving financial crime threats, and we are grateful for your continued participation and contributions.

AFC Community’s Role

Each month, our dedicated AFC community comes together to analyze and evaluate newly created typologies, selecting those that can significantly enhance the ecosystem's ability to prevent and combat financial crime. The typologies chosen for publication are those that offer the most promise in terms of effectiveness and applicability across various scenarios.

Key Highlights from July 2024 

These typologies have been meticulously curated to ensure they provide robust and actionable insights, ultimately helping to safeguard the financial ecosystem.

Theme of the Month: Account Takeover Fraud (ATO)

Theme of the month

Account takeover fraud (ATO) is a type of cybercrime where unauthorised people access a user's account and use it for harmful purposes. This dangerous activity has increased significantly in recent times, posing a growing threat to both individuals and organisations. 

In this edition...

In this edition of Typology Tales, we delve into two typologies that compliance professionals can incorporate into their transaction fraud monitoring systems to proactively prevent account takeover in real time.

Typology 1: Surge in Multi-Party Transactions in Sizeable Values

Typology-multiple counterparty

A pattern of multiple parties making high-value transactions with one entity in a short period of  time suggests possible account takeover fraud. This requires a strategic review of transaction behaviours.

How It Works

  • The typology monitors transactions involving a single customer who receives or transfers funds with multiple parties within a short time span.
  • To identify potential account takeover risks, the typology groups transactions by the unique identifiers of senders and receivers within a specified time frame. By tracking these identifiers over a defined period, it can determine how many different parties have transacted with a particular entity.

  • Simultaneously, the typology aggregates the transaction amounts linked to unique senders and receivers.

  • It flags any entity that engages in transactions with a large number of different parties and exceeds a cumulative transaction threshold. This signals potential account takeover risks due to unauthorised access and high-value transactions.

Typology 2: Monitoring High-Value Transactions Across Multiple Payment Modes

15 - 2024 July Edition TT Typology tales-1-1-1-1

Financial institutions may implement advanced monitoring to detect high-value transactions between senders and receivers through various modes, aiming to uncover potential account takeover fraud.

How It Works

  • To effectively oversee the flow of funds, the typology tracks and aggregates transaction amounts based on the mode of transfer.
  • Transaction amounts, including those made through cash or alternative payments, are further aggregated by the unique identifiers of the sender and receiver over a specific period.
  • Entities showing high-value transactions across multiple payment modes over specified time frames are potentially flagged as suspicious. This increased activity may indicate that an account has been compromised and is being used to funnel funds illegally.

From the Media: Account Takeover Attacks Overtake Ransomware as Leading Security Concern

Research by cybersecurity firm Abnormal Security highlights that account takeover (ATO) attacks have become a top concern for security leaders. The 2024 State of Cloud Account Takeover Attacks report reveals that 83% of organisations experienced at least one ATO incident in the past year. 

Over 75% of security leaders rank ATOs among the top four global cyber threats, with nearly 50% facing more than five incidents annually and around 20% encountering over ten incidents. ATOs are now considered more significant than other threats such as spear phishing and ransomware.

Read More

Unite in the Fight Against Financial Crime

Financial crime is a pervasive issue that requires a collective, centralised approach to intelligence gathering. That's why we have created the Anti-Financial Crime (AFC) Ecosystem, a network of experts who work together to share knowledge and develop strategies for combating financial crime.

If you are an AFC expert, we invite you to join our efforts and help us grow the AFC Ecosystem. And if you know any other AFC experts, please refer them to us so we can continue to expand and strengthen our network. Together, we can make a real difference in the fight against financial crime.

Typology Tales July 2024: Account Takeover Surveillance
AFC Thoughts
01 Jul 2024
3 min
read

Account Takeover Fraud: Monitoring Entities Incorporated Long Back

In the evolving landscape of financial crime, financial institutions need to intensify their scrutiny of transactions from entities with a long history of incorporation but sporadic or recent activity. This increased vigilance aims to detect and thwart potential account takeover fraud within savings accounts, ensuring the safety and integrity of financial systems.

Given below is a typology from Tookitaki's AFC Ecosystem. It details how to ensure your monitoring system triggers alerts transactions from entities with a long history of incorporation

Understanding the Typology

Setting Up Entity Historical Profiles

Financial institutions employ a function known as the "Incorporation Date of the Entity" to track and record the incorporation dates and transaction activities of entities. This function helps identify entities that have been established long ago but have shown recent or sudden transaction activities, which could be indicative of fraud.

Function Configuration and Data Aggregation

  • Aggregate Fields: The system aggregates data on 'sender incorporation date' and 'receiver incorporation date.'
  • Aggregate Function: Using the collect_set function, the system compiles a unique set of incorporation dates for each sender and receiver, providing a comprehensive historical perspective of each entity's transaction timeline.
  • Group By: Transactions are grouped by unique identifiers like 'sender_hashcode' and 'receiver_hashcode,' linking each entity’s transaction history to specific account profiles.

Monitoring and Anomaly Detection

The system continuously monitors the transaction activities of these entities, comparing current transactions against historical data. Entities that have shown no or minimal transaction activities for a significant period since their incorporation are closely watched. A sudden spike in transactions, especially those of significant volume or frequency, triggers an alert. This scrutiny is particularly heightened if the entity's previous activity has been minimal or non-existent for years.

Group 16190-1

Flagging and Review Process

Transactions involving long-dormant entities resuming activity are flagged as high-risk. These flagged transactions undergo a detailed review to ascertain the legitimacy of the activity and to rule out any potential account takeover or other fraudulent intentions.

Investigative Measures

For flagged transactions, financial institutions conduct thorough investigations involving:

  • Background Checks: Verifying the entity's background.
  • Transaction Legitimacy: Confirming the legitimacy of the transaction.
  • Entity Ownership: Ensuring the entity's ownership and operational status.

Preventative Actions and Customer Interaction

If fraudulent activity is confirmed, financial institutions take immediate steps to:

  • Block further transactions.
  • Secure the affected accounts.
  • Possibly reverse fraudulent transactions.
  • Contact entity representatives for further clarification and to ensure all parties are informed of the situation.

Compliance and Reporting Obligations

All suspicious activities are documented and reported in compliance with regulatory requirements. This ensures that the institution remains compliant with anti-fraud regulations and aids in broader efforts to combat financial crime.

{{cta-ebook}}

Enhancement of Monitoring Systems

Based on findings and trends observed from monitoring these entities, financial institutions continually refine their detection algorithms and update their monitoring systems to better identify and prevent potential fraud.

By closely monitoring the activities of entities incorporated long ago but recently active, banks can effectively spot unusual patterns that may indicate fraudulent activities, such as account takeovers. This proactive approach helps safeguard customer assets and maintain the integrity of the financial system.

Final Thoughts

Financial institutions must remain vigilant and proactive in monitoring and analyzing transaction activities, especially those involving historically dormant entities. This typology, sourced from Tookitaki's AFC Ecosystem, highlights the importance of advanced monitoring techniques in detecting potential fraud.

We encourage anti-financial crime professionals to join the AFC Ecosystem to access unique typologies and leverage community-driven insights for enhanced fraud detection and prevention. Together, we can strengthen our defenses against financial crime and protect the integrity of our financial systems.

Account Takeover Fraud: Monitoring Entities Incorporated Long Back
AFC Thoughts
22 May 2024
3 min
read

The Globalization of Fraud: The Rise of Transnational Scams

In an increasingly interconnected world, the borders that once confined criminal activities are rapidly dissolving, aided by the rise of digitalisation and the pervasive reach of online platforms. The stark reality we face today is a landscape where fraudsters exploit digital payment systems to target individuals across the globe, particularly in the Asia-Pacific region. Organised fraud syndicates are not just local threats; they operate on an international scale, executing sophisticated scams that often outpace current preventative measures.

Case Study: A Transnational Crackdown on Job Scams

On 20 March 2024, a significant breakthrough came when the Commercial Affairs Department (CAD) of the Singapore Police Force and the Bukit Aman Commercial Crime Investigation Department of the Royal Malaysia Police joined forces in Kuala Lumpur. This joint operation was the culmination of extensive cross-border investigative efforts aimed at dismantling a formidable job scam syndicate.

Between October 2023 and January 2024, this syndicate deceived over 3,000 individuals, accumulating illicit gains of approximately $45.7 million. These scams primarily targeted Singaporeans, promising lucrative job opportunities that required victims to make upfront payments or divulge sensitive information under the guise of securing employment. The rapid escalation of these scams prompted an intensive collaborative investigation, which eventually led to the arrest of five Malaysians involved in laundering the proceeds from these fraudulent activities.

This operation not only highlights the severity and reach of transnational scams but also underscores the urgent need for global cooperation and shared strategies to combat these crimes effectively.

Job Scam

The Imperative of a Collaborative Approach

As we witness a surge in transnational fraud, the isolation of financial institutions in their silos makes them particularly vulnerable. The complexity and rapid adaptation of fraud strategies require that defences be equally dynamic and interconnected.

Collective Intelligence and Shared Responsibility

To counteract the evolving menace of cross-border fraud effectively, a collaborative approach is indispensable. The AFC Ecosystem initiative represents a commitment to fostering industry-wide cooperation and information sharing. Through this collective intelligence, we aim to establish a robust defence mechanism that not only identifies but also anticipates fraudulent activities, ensuring safe and secure societies. This shared responsibility is vital in creating an impenetrable barrier against the sophisticated mechanisms of modern financial criminals.

Considering the Typology of the AFC Ecosystem

Drawing from the AFC Ecosystem's insights, let's delve into the typology of transnational job scams. This framework is instrumental in understanding how these frauds operate and what measures can be employed to thwart their attempts.

Detailed Analysis of the Typology

Transnational job scams represent a highly organized and rapidly proliferating threat that exploits the aspirations of job seekers worldwide. These scams are not just about deceit regarding employment opportunities but involve intricate financial manipulations that siphon funds across international borders.

Operational Mechanics

  • Initial Recruitment: The scam begins with contact through social media or other digital platforms, where victims are lured with high-return, low-effort job offers.
  • Deceptive Promises: The roles are advertised as lucrative yet simple enough to attract a wide demographic, from students to the unemployed.
  • Financial Prerequisites: Victims are persuaded to make upfront payments or provide personal information as a part of the onboarding process.
  • Expeditious Expansion: To maximize profits before any potential crackdown, these operations quickly scale and replicate across various regions.

{{cta-ebook}}

Granular Red Flags and Risk Indicators

To effectively monitor and prevent these scams, it is crucial to recognise the following detailed risk indicators:

  • Value: Transactions often involve small amounts that are usually perceived as low-risk by victims, making them less likely to raise immediate alarms.
  • Volume: A high frequency of transactions complicates tracking and analysis, as the sheer number of transactions can overwhelm standard monitoring systems.
  • Velocity: The rapid succession of payments, coupled with potential chargebacks or cancellations, creates a chaotic financial trail that is difficult to follow.
  • Channels: Scammers predominantly use digital payment platforms, online banking, and occasionally cryptocurrencies to maintain anonymity and complicate tracing.
  • Anonymity: There is often a mismatch between beneficiary details and the purported employer, signalling a red flag for transactions.
  • Recurrence: Victims are frequently solicited for multiple payments under various pretexts, each justified as necessary for job commencement or continuation.
  • High-risk Geos: Payments are directed to accounts in high-risk jurisdictions or to those that are otherwise unrelated or suspicious, lacking any logical connection to the job or employer.
  • Geographical Inconsistencies: The involved countries often have no direct connection to the alleged job or employer, exploiting the complexities of international law and jurisdictional boundaries.

Harnessing Collective Efforts for Enhanced Security

The fight against transnational fraud is not a battle that can be won in isolation. It requires the concerted efforts of financial institutions, regulatory bodies, law enforcement, and the public. By adopting the typology provided by the AFC Ecosystem and vigilantly monitoring the detailed risk indicators, we can forge a path towards a more secure and resilient financial environment. This collective approach is our best defense against the sophisticated and ever-evolving landscape of global fraud.

The Globalization of Fraud: The Rise of Transnational Scams
Discover All