AFC Thoughts

How the AFC Ecosystem Enhances AML/CFT Efforts for Thai Businesses

Site Logo
Tookitaki
04 May 2023
8 min
read

As one of Southeast Asia's largest economies, Thailand has been facing significant challenges in combating money laundering and terrorist financing activities. With its rapidly growing financial sector and increasing adoption of digital payment systems, the country has become a potential target for financial criminals. Thai authorities have implemented several regulatory measures in response to these challenges, including the establishment of the Anti-Money Laundering Office (AMLO) and enacting the Anti-Money Laundering Act (AMLA) and the Counter-Terrorist Financing Act (CFTA). Despite these efforts, financial institutions in Thailand continue to face complex and evolving threats that require advanced solutions to mitigate risks effectively.

In order to protect their reputation, maintain customer trust, and avoid hefty fines or legal consequences, it is essential for Thai financial institutions to have robust AML/CFT measures in place. Effective AML/CFT strategies help institutions comply with local and international regulations and contribute to the global fight against financial crime. Furthermore, strong AML/CFT measures enable financial institutions to understand their customers better and manage risks, thereby facilitating sustainable growth and promoting a stable financial environment.

Tookitaki's Anti-Financial Crime (AFC) Ecosystem is an innovative, comprehensive platform designed to help financial institutions enhance their AML/CFT efforts. By leveraging expert insights and industry collaboration, Tookitaki's AFC Ecosystem offers Thai financial institutions a powerful method to stay ahead of evolving threats and bolster their AML/CFT strategies.

Understanding the AML/CFT Hurdles in Thailand's Financial Sector

Thailand's financial sector has been grappling with various AML/CFT challenges that pose significant risks to the stability and integrity of the country's economy. This section aims to shed light on the unique hurdles that Thai financial institutions face in their ongoing fight against financial crime.

  • Diverse and Evolving Threats: Thailand's geographical location, along with its thriving economy, attracts a wide range of financial criminals, including drug traffickers, human smugglers, and terrorist financiers. This diversity of threats requires financial institutions to be agile and adaptive in their AML/CFT efforts.
  • High Cash Usage: Despite the growing adoption of digital payment methods, cash remains the dominant mode of transaction in Thailand. The extensive use of cash in the economy makes it more challenging for financial institutions to track and monitor suspicious activities.
  • Informal Financial Channels: Thailand is known for its informal financial channels, such as hawala, which money launderers and terrorist financiers can exploit to move funds without detection. These parallel systems can circumvent traditional AML/CFT controls, complicating efforts to combat financial crime.
  • Technological Advancements: The rapid adoption of digital banking and payment technologies, including e-wallets and cryptocurrencies, introduces new vulnerabilities that financial criminals can exploit. Financial institutions must stay updated with the latest technological developments and implement robust measures to address the associated risks.
  • Regulatory Complexity: Thai authorities have been working to enhance their AML/CFT framework to comply with international standards. During 2019-2022, the Anti-Money Laundering Office (AMLO) issued new regulations and guidelines for reporting entities (REs) to enforce the law more strictly. Thai financial institutions must comply with a multitude of local and international AML/CFT regulations, such as the AMLA, CFTA, and FATF recommendations. Navigating this complex regulatory landscape can be challenging and resource-intensive for financial institutions.
  • Limited Access to AML/CFT Expertise: Although the Thai government has made efforts to strengthen AML/CFT competencies, the country still faces a shortage of skilled professionals in this field. Financial institutions may struggle to find and retain the right talent to manage AML/CFT risks effectively.
  • Compliance with FATF Recommendations: Thailand is expected to comply with the FATF 40 Recommendations to strengthen its AML/CFT system. The country has faced assessment by the Asia/Pacific Group on Money Laundering (APG) to determine its level of compliance and effectiveness.

By understanding these unique challenges, Thai financial institutions can develop tailored strategies to bolster their AML/CFT efforts and contribute to the global fight against financial crime.

How a Community-based approach can address AML/CFT challenges

A community-based approach to addressing AML/CFT challenges involves collaboration among various stakeholders, including financial institutions, regulators, law enforcement agencies, and other entities in the financial system. This approach aims to enhance the effectiveness of AML/CFT measures and promote financial transparency. While the provided web search results do not specifically discuss a community-based approach, we can infer some benefits of this approach by analyzing the available information:

  • Flexibility and adaptability: A community-based approach fosters flexibility and adaptability to the dynamic financial inclusion agenda and the growing understanding of FATF standards that impact financial inclusion and exclusion.
  • Promoting innovative solutions: Encouraging collaboration among stakeholders can lead to adopting innovative technology-based solutions that improve AML/CFT measures. This can help both industry and government overcome the challenges associated with the cost-benefit analysis of adopting new technologies for AML/CFT purposes.
  • Sharing information and best practices: A community-based approach facilitates information sharing among stakeholders, enabling them to stay updated on emerging AML/CFT trends and challenges. This can help financial institutions adopt more effective strategies to combat financial crime.
  • Risk-based supervision: By working together, financial intelligence units, regulators, and other supervisors can better assess risks in the sectors they oversee and adapt their resources accordingly. This enables a more targeted and efficient use of resources in combating money laundering and terrorist financing.
  • Strengthening the risk-based approach: In a community-based approach, stakeholders can collaborate to strengthen risk-based AML/CFT measures, such as utilizing adverse media screening to enhance due diligence on ultimate beneficial owners (UBOs).

In summary, a community-based approach can address AML/CFT challenges by fostering collaboration, promoting innovative solutions, sharing information and best practices, implementing risk-based supervision, and strengthening risk-based measures.

{{cta-afc}}

Regulatory Compliance and Tookitaki's AFC Ecosystem

Tookitaki is a global leader in financial crime prevention, dedicated to building a safer and more secure world through innovative technology, strategic collaboration, and a distinctive community-based approach. Since its inception in 2015, it has been on a mission to transform the battle against financial crime by dismantling siloed AML approaches and uniting the community through its groundbreaking Anti-Money Laundering Suite (AMLS) and AFC Ecosystem.

The AFC Ecosystem is a community-based platform that facilitates sharing of information and best practices in the battle against financial crime. Powering this ecosystem is our Typology Repository, a living database of money laundering techniques and schemes. This repository is enriched by the collective experiences and knowledge of financial institutions, regulatory bodies, and risk consultants worldwide, encompassing a broad range of typologies from traditional methods to emerging trends.

The AFC Ecosystem is comprised of carefully vetted and experienced AML experts. Each member undergoes a thorough selection process to ensure that they have the knowledge, skills, and background required to contribute effectively to the community.  

AMLS collaborates with the AFC Ecosystem through federated machine learning. This integration allows the AMLS to extract new typologies from the AFC Ecosystem, executing them at the clients' end to ensure that their AML programs remain cutting-edge. The AMLS is designed to be flexible and customizable, allowing you to adapt the system to your specific needs while benefiting from the collective knowledge of the AFC Ecosystem.

Instead of sharing sensitive data, federated learning allows the AMLS to access the latest typologies from the AFC Ecosystem and execute them locally at the client's end. This unique integration enables financial institutions to stay ahead of the curve and maintain cutting-edge AML programs while preserving data privacy and security.

The AFC Ecosystem's members play a crucial role in uncovering hidden money trails that traditional methods may not detect. The AFC Ecosystem board carefully reviews new scenario suggestions from the members. Only approved scenarios are incorporated into the ecosystem, ensuring that financial institutions that are part of the network benefit from the most effective strategies without worrying about inadequate coverage.

Tookitaki AMLS and AFC Ecosystem

The AFC Ecosystem: Components and Benefits

Typology Repository

The Typology Repository is a core component of Tookitaki's AFC Ecosystem. It is a comprehensive, up-to-date, and dynamic library of financial crime typologies that help financial institutions understand and detect various types of money laundering, terrorist financing, and other illicit activities. The repository consists of risk indicators, red flags, and money laundering patterns that have been identified through extensive research and real-world case studies.

The Typology Repository offers several advantages to Thai financial institutions. By providing a detailed understanding of various financial crime typologies, it enables institutions to better detect and prevent suspicious activities. This leads to a more effective and efficient transaction monitoring process and reduces the risk of regulatory penalties. Additionally, the repository is continuously updated to reflect emerging trends and typologies, ensuring that financial institutions stay ahead of the evolving threat landscape.

No-Code Typology Design Studio

The No-Code Typology Design Studio is another key component of Tookitaki's AFC Ecosystem. This innovative feature allows financial institutions to create, test, and deploy custom typologies without the need for coding or extensive technical expertise. The intuitive drag-and-drop interface enables users to design and implement their typologies based on their unique risk profiles and business requirements.

The No-Code Typology Design Studio offers significant advantages to Thai financial institutions. By enabling the creation of customized typologies, institutions can tailor their AML/CFT efforts to address specific risks and threats unique to their business. This leads to more accurate detection and prevention of financial crimes and improved regulatory compliance. Furthermore, the user-friendly design of the studio allows for rapid implementation and adaptation, which is crucial in an ever-changing regulatory environment.

Privacy-protected shared industry platform

Tookitaki's AFC Ecosystem also features a privacy-protected shared industry platform, which facilitates collaboration among financial institutions. This platform allows institutions to securely share anonymized data related to financial crime typologies, risk indicators, and detection techniques. This collective intelligence enables the identification of new and emerging threats and the development of best practices to combat financial crime.

The privacy-protected shared industry platform offers substantial benefits to Thai financial institutions. By fostering collaboration and information sharing, institutions can better understand the financial crime landscape and develop more effective AML/CFT strategies. The platform also promotes industry-wide resilience against financial crime and reduces the overall compliance burden by streamlining detection and prevention efforts. Additionally, the privacy-protection mechanisms ensure that sensitive data remains secure and compliant with data protection regulations.

Navigating the Changing Landscape of Financial Crime in Thailand

As Thailand continues strengthening its financial sector, the financial crime landscape constantly evolves. New technologies, increased globalization, and emerging typologies present both challenges and opportunities for Thai financial institutions. To stay ahead of these trends and maintain compliance with local and international regulations, it is crucial for institutions to adopt advanced AML/CFT solutions that are flexible and adaptable.

Tookitaki's AFC Ecosystem is poised to play a pivotal role in combating financial crime in Thailand. By offering a comprehensive and dynamic suite of tools and features, the AFC Ecosystem empowers financial institutions to detect and prevent money laundering, terrorist financing, and other illicit activities more effectively. As financial crime threats continue to evolve, Tookitaki's AFC Ecosystem will remain at the forefront of innovation, ensuring that Thai financial institutions are well-equipped to manage and mitigate risk.

To maintain a robust and resilient financial sector, it is essential for Thai financial institutions to embrace innovative AML/CFT solutions like Tookitaki's AFC Ecosystem. By adopting this cutting-edge technology, institutions can enhance their compliance efforts and contribute to the broader fight against financial crime. It is time for Thai financial institutions to take a proactive approach to combating financial crime and securing their future by investing in Tookitaki's AFC Ecosystem. Contact us to learn more about the AFC Ecosystem and how it can help build robust financial crime compliance programs. 

By submitting the form, you agree that your personal data will be processed to provide the requested content (and for the purposes you agreed to above) in accordance with the Privacy Notice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ready to Streamline Your Anti-Financial Crime Compliance?

Get Started

Our Thought Leadership Guides

AFC Thoughts
18 Jul 2024
4 min
read

Typology Tales July 2024: Account Takeover Surveillance

We are pleased to share the latest edition of "Typology Tales" for July 2024. This edition highlights the new typologies that our Anti-Financial Crime (AFC) community has carefully analysed and selected. Our community's collective efforts are crucial in staying ahead of evolving financial crime threats, and we are grateful for your continued participation and contributions.

AFC Community’s Role

Each month, our dedicated AFC community comes together to analyze and evaluate newly created typologies, selecting those that can significantly enhance the ecosystem's ability to prevent and combat financial crime. The typologies chosen for publication are those that offer the most promise in terms of effectiveness and applicability across various scenarios.

Key Highlights from July 2024 

These typologies have been meticulously curated to ensure they provide robust and actionable insights, ultimately helping to safeguard the financial ecosystem.

Theme of the Month: Account Takeover Fraud (ATO)

Theme of the month

Account takeover fraud (ATO) is a type of cybercrime where unauthorised people access a user's account and use it for harmful purposes. This dangerous activity has increased significantly in recent times, posing a growing threat to both individuals and organisations. 

In this edition...

In this edition of Typology Tales, we delve into two typologies that compliance professionals can incorporate into their transaction fraud monitoring systems to proactively prevent account takeover in real time.

Typology 1: Surge in Multi-Party Transactions in Sizeable Values

Typology-multiple counterparty

A pattern of multiple parties making high-value transactions with one entity in a short period of  time suggests possible account takeover fraud. This requires a strategic review of transaction behaviours.

How It Works

  • The typology monitors transactions involving a single customer who receives or transfers funds with multiple parties within a short time span.
  • To identify potential account takeover risks, the typology groups transactions by the unique identifiers of senders and receivers within a specified time frame. By tracking these identifiers over a defined period, it can determine how many different parties have transacted with a particular entity.

  • Simultaneously, the typology aggregates the transaction amounts linked to unique senders and receivers.

  • It flags any entity that engages in transactions with a large number of different parties and exceeds a cumulative transaction threshold. This signals potential account takeover risks due to unauthorised access and high-value transactions.

Typology 2: Monitoring High-Value Transactions Across Multiple Payment Modes

15 - 2024 July Edition TT Typology tales-1-1-1-1

Financial institutions may implement advanced monitoring to detect high-value transactions between senders and receivers through various modes, aiming to uncover potential account takeover fraud.

How It Works

  • To effectively oversee the flow of funds, the typology tracks and aggregates transaction amounts based on the mode of transfer.
  • Transaction amounts, including those made through cash or alternative payments, are further aggregated by the unique identifiers of the sender and receiver over a specific period.
  • Entities showing high-value transactions across multiple payment modes over specified time frames are potentially flagged as suspicious. This increased activity may indicate that an account has been compromised and is being used to funnel funds illegally.

From the Media: Account Takeover Attacks Overtake Ransomware as Leading Security Concern

Research by cybersecurity firm Abnormal Security highlights that account takeover (ATO) attacks have become a top concern for security leaders. The 2024 State of Cloud Account Takeover Attacks report reveals that 83% of organisations experienced at least one ATO incident in the past year. 

Over 75% of security leaders rank ATOs among the top four global cyber threats, with nearly 50% facing more than five incidents annually and around 20% encountering over ten incidents. ATOs are now considered more significant than other threats such as spear phishing and ransomware.

Read More

Unite in the Fight Against Financial Crime

Financial crime is a pervasive issue that requires a collective, centralised approach to intelligence gathering. That's why we have created the Anti-Financial Crime (AFC) Ecosystem, a network of experts who work together to share knowledge and develop strategies for combating financial crime.

If you are an AFC expert, we invite you to join our efforts and help us grow the AFC Ecosystem. And if you know any other AFC experts, please refer them to us so we can continue to expand and strengthen our network. Together, we can make a real difference in the fight against financial crime.

Typology Tales July 2024: Account Takeover Surveillance
AFC Thoughts
01 Jul 2024
3 min
read

Account Takeover Fraud: Monitoring Entities Incorporated Long Back

In the evolving landscape of financial crime, financial institutions need to intensify their scrutiny of transactions from entities with a long history of incorporation but sporadic or recent activity. This increased vigilance aims to detect and thwart potential account takeover fraud within savings accounts, ensuring the safety and integrity of financial systems.

Given below is a typology from Tookitaki's AFC Ecosystem. It details how to ensure your monitoring system triggers alerts transactions from entities with a long history of incorporation

Understanding the Typology

Setting Up Entity Historical Profiles

Financial institutions employ a function known as the "Incorporation Date of the Entity" to track and record the incorporation dates and transaction activities of entities. This function helps identify entities that have been established long ago but have shown recent or sudden transaction activities, which could be indicative of fraud.

Function Configuration and Data Aggregation

  • Aggregate Fields: The system aggregates data on 'sender incorporation date' and 'receiver incorporation date.'
  • Aggregate Function: Using the collect_set function, the system compiles a unique set of incorporation dates for each sender and receiver, providing a comprehensive historical perspective of each entity's transaction timeline.
  • Group By: Transactions are grouped by unique identifiers like 'sender_hashcode' and 'receiver_hashcode,' linking each entity’s transaction history to specific account profiles.

Monitoring and Anomaly Detection

The system continuously monitors the transaction activities of these entities, comparing current transactions against historical data. Entities that have shown no or minimal transaction activities for a significant period since their incorporation are closely watched. A sudden spike in transactions, especially those of significant volume or frequency, triggers an alert. This scrutiny is particularly heightened if the entity's previous activity has been minimal or non-existent for years.

Group 16190-1

Flagging and Review Process

Transactions involving long-dormant entities resuming activity are flagged as high-risk. These flagged transactions undergo a detailed review to ascertain the legitimacy of the activity and to rule out any potential account takeover or other fraudulent intentions.

Investigative Measures

For flagged transactions, financial institutions conduct thorough investigations involving:

  • Background Checks: Verifying the entity's background.
  • Transaction Legitimacy: Confirming the legitimacy of the transaction.
  • Entity Ownership: Ensuring the entity's ownership and operational status.

Preventative Actions and Customer Interaction

If fraudulent activity is confirmed, financial institutions take immediate steps to:

  • Block further transactions.
  • Secure the affected accounts.
  • Possibly reverse fraudulent transactions.
  • Contact entity representatives for further clarification and to ensure all parties are informed of the situation.

Compliance and Reporting Obligations

All suspicious activities are documented and reported in compliance with regulatory requirements. This ensures that the institution remains compliant with anti-fraud regulations and aids in broader efforts to combat financial crime.

{{cta-ebook}}

Enhancement of Monitoring Systems

Based on findings and trends observed from monitoring these entities, financial institutions continually refine their detection algorithms and update their monitoring systems to better identify and prevent potential fraud.

By closely monitoring the activities of entities incorporated long ago but recently active, banks can effectively spot unusual patterns that may indicate fraudulent activities, such as account takeovers. This proactive approach helps safeguard customer assets and maintain the integrity of the financial system.

Final Thoughts

Financial institutions must remain vigilant and proactive in monitoring and analyzing transaction activities, especially those involving historically dormant entities. This typology, sourced from Tookitaki's AFC Ecosystem, highlights the importance of advanced monitoring techniques in detecting potential fraud.

We encourage anti-financial crime professionals to join the AFC Ecosystem to access unique typologies and leverage community-driven insights for enhanced fraud detection and prevention. Together, we can strengthen our defenses against financial crime and protect the integrity of our financial systems.

Account Takeover Fraud: Monitoring Entities Incorporated Long Back
AFC Thoughts
22 May 2024
3 min
read

The Globalization of Fraud: The Rise of Transnational Scams

In an increasingly interconnected world, the borders that once confined criminal activities are rapidly dissolving, aided by the rise of digitalisation and the pervasive reach of online platforms. The stark reality we face today is a landscape where fraudsters exploit digital payment systems to target individuals across the globe, particularly in the Asia-Pacific region. Organised fraud syndicates are not just local threats; they operate on an international scale, executing sophisticated scams that often outpace current preventative measures.

Case Study: A Transnational Crackdown on Job Scams

On 20 March 2024, a significant breakthrough came when the Commercial Affairs Department (CAD) of the Singapore Police Force and the Bukit Aman Commercial Crime Investigation Department of the Royal Malaysia Police joined forces in Kuala Lumpur. This joint operation was the culmination of extensive cross-border investigative efforts aimed at dismantling a formidable job scam syndicate.

Between October 2023 and January 2024, this syndicate deceived over 3,000 individuals, accumulating illicit gains of approximately $45.7 million. These scams primarily targeted Singaporeans, promising lucrative job opportunities that required victims to make upfront payments or divulge sensitive information under the guise of securing employment. The rapid escalation of these scams prompted an intensive collaborative investigation, which eventually led to the arrest of five Malaysians involved in laundering the proceeds from these fraudulent activities.

This operation not only highlights the severity and reach of transnational scams but also underscores the urgent need for global cooperation and shared strategies to combat these crimes effectively.

Job Scam

The Imperative of a Collaborative Approach

As we witness a surge in transnational fraud, the isolation of financial institutions in their silos makes them particularly vulnerable. The complexity and rapid adaptation of fraud strategies require that defences be equally dynamic and interconnected.

Collective Intelligence and Shared Responsibility

To counteract the evolving menace of cross-border fraud effectively, a collaborative approach is indispensable. The AFC Ecosystem initiative represents a commitment to fostering industry-wide cooperation and information sharing. Through this collective intelligence, we aim to establish a robust defence mechanism that not only identifies but also anticipates fraudulent activities, ensuring safe and secure societies. This shared responsibility is vital in creating an impenetrable barrier against the sophisticated mechanisms of modern financial criminals.

Considering the Typology of the AFC Ecosystem

Drawing from the AFC Ecosystem's insights, let's delve into the typology of transnational job scams. This framework is instrumental in understanding how these frauds operate and what measures can be employed to thwart their attempts.

Detailed Analysis of the Typology

Transnational job scams represent a highly organized and rapidly proliferating threat that exploits the aspirations of job seekers worldwide. These scams are not just about deceit regarding employment opportunities but involve intricate financial manipulations that siphon funds across international borders.

Operational Mechanics

  • Initial Recruitment: The scam begins with contact through social media or other digital platforms, where victims are lured with high-return, low-effort job offers.
  • Deceptive Promises: The roles are advertised as lucrative yet simple enough to attract a wide demographic, from students to the unemployed.
  • Financial Prerequisites: Victims are persuaded to make upfront payments or provide personal information as a part of the onboarding process.
  • Expeditious Expansion: To maximize profits before any potential crackdown, these operations quickly scale and replicate across various regions.

{{cta-ebook}}

Granular Red Flags and Risk Indicators

To effectively monitor and prevent these scams, it is crucial to recognise the following detailed risk indicators:

  • Value: Transactions often involve small amounts that are usually perceived as low-risk by victims, making them less likely to raise immediate alarms.
  • Volume: A high frequency of transactions complicates tracking and analysis, as the sheer number of transactions can overwhelm standard monitoring systems.
  • Velocity: The rapid succession of payments, coupled with potential chargebacks or cancellations, creates a chaotic financial trail that is difficult to follow.
  • Channels: Scammers predominantly use digital payment platforms, online banking, and occasionally cryptocurrencies to maintain anonymity and complicate tracing.
  • Anonymity: There is often a mismatch between beneficiary details and the purported employer, signalling a red flag for transactions.
  • Recurrence: Victims are frequently solicited for multiple payments under various pretexts, each justified as necessary for job commencement or continuation.
  • High-risk Geos: Payments are directed to accounts in high-risk jurisdictions or to those that are otherwise unrelated or suspicious, lacking any logical connection to the job or employer.
  • Geographical Inconsistencies: The involved countries often have no direct connection to the alleged job or employer, exploiting the complexities of international law and jurisdictional boundaries.

Harnessing Collective Efforts for Enhanced Security

The fight against transnational fraud is not a battle that can be won in isolation. It requires the concerted efforts of financial institutions, regulatory bodies, law enforcement, and the public. By adopting the typology provided by the AFC Ecosystem and vigilantly monitoring the detailed risk indicators, we can forge a path towards a more secure and resilient financial environment. This collective approach is our best defense against the sophisticated and ever-evolving landscape of global fraud.

The Globalization of Fraud: The Rise of Transnational Scams
AFC Thoughts
18 Jul 2024
4 min
read

Typology Tales July 2024: Account Takeover Surveillance

We are pleased to share the latest edition of "Typology Tales" for July 2024. This edition highlights the new typologies that our Anti-Financial Crime (AFC) community has carefully analysed and selected. Our community's collective efforts are crucial in staying ahead of evolving financial crime threats, and we are grateful for your continued participation and contributions.

AFC Community’s Role

Each month, our dedicated AFC community comes together to analyze and evaluate newly created typologies, selecting those that can significantly enhance the ecosystem's ability to prevent and combat financial crime. The typologies chosen for publication are those that offer the most promise in terms of effectiveness and applicability across various scenarios.

Key Highlights from July 2024 

These typologies have been meticulously curated to ensure they provide robust and actionable insights, ultimately helping to safeguard the financial ecosystem.

Theme of the Month: Account Takeover Fraud (ATO)

Theme of the month

Account takeover fraud (ATO) is a type of cybercrime where unauthorised people access a user's account and use it for harmful purposes. This dangerous activity has increased significantly in recent times, posing a growing threat to both individuals and organisations. 

In this edition...

In this edition of Typology Tales, we delve into two typologies that compliance professionals can incorporate into their transaction fraud monitoring systems to proactively prevent account takeover in real time.

Typology 1: Surge in Multi-Party Transactions in Sizeable Values

Typology-multiple counterparty

A pattern of multiple parties making high-value transactions with one entity in a short period of  time suggests possible account takeover fraud. This requires a strategic review of transaction behaviours.

How It Works

  • The typology monitors transactions involving a single customer who receives or transfers funds with multiple parties within a short time span.
  • To identify potential account takeover risks, the typology groups transactions by the unique identifiers of senders and receivers within a specified time frame. By tracking these identifiers over a defined period, it can determine how many different parties have transacted with a particular entity.

  • Simultaneously, the typology aggregates the transaction amounts linked to unique senders and receivers.

  • It flags any entity that engages in transactions with a large number of different parties and exceeds a cumulative transaction threshold. This signals potential account takeover risks due to unauthorised access and high-value transactions.

Typology 2: Monitoring High-Value Transactions Across Multiple Payment Modes

15 - 2024 July Edition TT Typology tales-1-1-1-1

Financial institutions may implement advanced monitoring to detect high-value transactions between senders and receivers through various modes, aiming to uncover potential account takeover fraud.

How It Works

  • To effectively oversee the flow of funds, the typology tracks and aggregates transaction amounts based on the mode of transfer.
  • Transaction amounts, including those made through cash or alternative payments, are further aggregated by the unique identifiers of the sender and receiver over a specific period.
  • Entities showing high-value transactions across multiple payment modes over specified time frames are potentially flagged as suspicious. This increased activity may indicate that an account has been compromised and is being used to funnel funds illegally.

From the Media: Account Takeover Attacks Overtake Ransomware as Leading Security Concern

Research by cybersecurity firm Abnormal Security highlights that account takeover (ATO) attacks have become a top concern for security leaders. The 2024 State of Cloud Account Takeover Attacks report reveals that 83% of organisations experienced at least one ATO incident in the past year. 

Over 75% of security leaders rank ATOs among the top four global cyber threats, with nearly 50% facing more than five incidents annually and around 20% encountering over ten incidents. ATOs are now considered more significant than other threats such as spear phishing and ransomware.

Read More

Unite in the Fight Against Financial Crime

Financial crime is a pervasive issue that requires a collective, centralised approach to intelligence gathering. That's why we have created the Anti-Financial Crime (AFC) Ecosystem, a network of experts who work together to share knowledge and develop strategies for combating financial crime.

If you are an AFC expert, we invite you to join our efforts and help us grow the AFC Ecosystem. And if you know any other AFC experts, please refer them to us so we can continue to expand and strengthen our network. Together, we can make a real difference in the fight against financial crime.

Typology Tales July 2024: Account Takeover Surveillance
AFC Thoughts
01 Jul 2024
3 min
read

Account Takeover Fraud: Monitoring Entities Incorporated Long Back

In the evolving landscape of financial crime, financial institutions need to intensify their scrutiny of transactions from entities with a long history of incorporation but sporadic or recent activity. This increased vigilance aims to detect and thwart potential account takeover fraud within savings accounts, ensuring the safety and integrity of financial systems.

Given below is a typology from Tookitaki's AFC Ecosystem. It details how to ensure your monitoring system triggers alerts transactions from entities with a long history of incorporation

Understanding the Typology

Setting Up Entity Historical Profiles

Financial institutions employ a function known as the "Incorporation Date of the Entity" to track and record the incorporation dates and transaction activities of entities. This function helps identify entities that have been established long ago but have shown recent or sudden transaction activities, which could be indicative of fraud.

Function Configuration and Data Aggregation

  • Aggregate Fields: The system aggregates data on 'sender incorporation date' and 'receiver incorporation date.'
  • Aggregate Function: Using the collect_set function, the system compiles a unique set of incorporation dates for each sender and receiver, providing a comprehensive historical perspective of each entity's transaction timeline.
  • Group By: Transactions are grouped by unique identifiers like 'sender_hashcode' and 'receiver_hashcode,' linking each entity’s transaction history to specific account profiles.

Monitoring and Anomaly Detection

The system continuously monitors the transaction activities of these entities, comparing current transactions against historical data. Entities that have shown no or minimal transaction activities for a significant period since their incorporation are closely watched. A sudden spike in transactions, especially those of significant volume or frequency, triggers an alert. This scrutiny is particularly heightened if the entity's previous activity has been minimal or non-existent for years.

Group 16190-1

Flagging and Review Process

Transactions involving long-dormant entities resuming activity are flagged as high-risk. These flagged transactions undergo a detailed review to ascertain the legitimacy of the activity and to rule out any potential account takeover or other fraudulent intentions.

Investigative Measures

For flagged transactions, financial institutions conduct thorough investigations involving:

  • Background Checks: Verifying the entity's background.
  • Transaction Legitimacy: Confirming the legitimacy of the transaction.
  • Entity Ownership: Ensuring the entity's ownership and operational status.

Preventative Actions and Customer Interaction

If fraudulent activity is confirmed, financial institutions take immediate steps to:

  • Block further transactions.
  • Secure the affected accounts.
  • Possibly reverse fraudulent transactions.
  • Contact entity representatives for further clarification and to ensure all parties are informed of the situation.

Compliance and Reporting Obligations

All suspicious activities are documented and reported in compliance with regulatory requirements. This ensures that the institution remains compliant with anti-fraud regulations and aids in broader efforts to combat financial crime.

{{cta-ebook}}

Enhancement of Monitoring Systems

Based on findings and trends observed from monitoring these entities, financial institutions continually refine their detection algorithms and update their monitoring systems to better identify and prevent potential fraud.

By closely monitoring the activities of entities incorporated long ago but recently active, banks can effectively spot unusual patterns that may indicate fraudulent activities, such as account takeovers. This proactive approach helps safeguard customer assets and maintain the integrity of the financial system.

Final Thoughts

Financial institutions must remain vigilant and proactive in monitoring and analyzing transaction activities, especially those involving historically dormant entities. This typology, sourced from Tookitaki's AFC Ecosystem, highlights the importance of advanced monitoring techniques in detecting potential fraud.

We encourage anti-financial crime professionals to join the AFC Ecosystem to access unique typologies and leverage community-driven insights for enhanced fraud detection and prevention. Together, we can strengthen our defenses against financial crime and protect the integrity of our financial systems.

Account Takeover Fraud: Monitoring Entities Incorporated Long Back
AFC Thoughts
22 May 2024
3 min
read

The Globalization of Fraud: The Rise of Transnational Scams

In an increasingly interconnected world, the borders that once confined criminal activities are rapidly dissolving, aided by the rise of digitalisation and the pervasive reach of online platforms. The stark reality we face today is a landscape where fraudsters exploit digital payment systems to target individuals across the globe, particularly in the Asia-Pacific region. Organised fraud syndicates are not just local threats; they operate on an international scale, executing sophisticated scams that often outpace current preventative measures.

Case Study: A Transnational Crackdown on Job Scams

On 20 March 2024, a significant breakthrough came when the Commercial Affairs Department (CAD) of the Singapore Police Force and the Bukit Aman Commercial Crime Investigation Department of the Royal Malaysia Police joined forces in Kuala Lumpur. This joint operation was the culmination of extensive cross-border investigative efforts aimed at dismantling a formidable job scam syndicate.

Between October 2023 and January 2024, this syndicate deceived over 3,000 individuals, accumulating illicit gains of approximately $45.7 million. These scams primarily targeted Singaporeans, promising lucrative job opportunities that required victims to make upfront payments or divulge sensitive information under the guise of securing employment. The rapid escalation of these scams prompted an intensive collaborative investigation, which eventually led to the arrest of five Malaysians involved in laundering the proceeds from these fraudulent activities.

This operation not only highlights the severity and reach of transnational scams but also underscores the urgent need for global cooperation and shared strategies to combat these crimes effectively.

Job Scam

The Imperative of a Collaborative Approach

As we witness a surge in transnational fraud, the isolation of financial institutions in their silos makes them particularly vulnerable. The complexity and rapid adaptation of fraud strategies require that defences be equally dynamic and interconnected.

Collective Intelligence and Shared Responsibility

To counteract the evolving menace of cross-border fraud effectively, a collaborative approach is indispensable. The AFC Ecosystem initiative represents a commitment to fostering industry-wide cooperation and information sharing. Through this collective intelligence, we aim to establish a robust defence mechanism that not only identifies but also anticipates fraudulent activities, ensuring safe and secure societies. This shared responsibility is vital in creating an impenetrable barrier against the sophisticated mechanisms of modern financial criminals.

Considering the Typology of the AFC Ecosystem

Drawing from the AFC Ecosystem's insights, let's delve into the typology of transnational job scams. This framework is instrumental in understanding how these frauds operate and what measures can be employed to thwart their attempts.

Detailed Analysis of the Typology

Transnational job scams represent a highly organized and rapidly proliferating threat that exploits the aspirations of job seekers worldwide. These scams are not just about deceit regarding employment opportunities but involve intricate financial manipulations that siphon funds across international borders.

Operational Mechanics

  • Initial Recruitment: The scam begins with contact through social media or other digital platforms, where victims are lured with high-return, low-effort job offers.
  • Deceptive Promises: The roles are advertised as lucrative yet simple enough to attract a wide demographic, from students to the unemployed.
  • Financial Prerequisites: Victims are persuaded to make upfront payments or provide personal information as a part of the onboarding process.
  • Expeditious Expansion: To maximize profits before any potential crackdown, these operations quickly scale and replicate across various regions.

{{cta-ebook}}

Granular Red Flags and Risk Indicators

To effectively monitor and prevent these scams, it is crucial to recognise the following detailed risk indicators:

  • Value: Transactions often involve small amounts that are usually perceived as low-risk by victims, making them less likely to raise immediate alarms.
  • Volume: A high frequency of transactions complicates tracking and analysis, as the sheer number of transactions can overwhelm standard monitoring systems.
  • Velocity: The rapid succession of payments, coupled with potential chargebacks or cancellations, creates a chaotic financial trail that is difficult to follow.
  • Channels: Scammers predominantly use digital payment platforms, online banking, and occasionally cryptocurrencies to maintain anonymity and complicate tracing.
  • Anonymity: There is often a mismatch between beneficiary details and the purported employer, signalling a red flag for transactions.
  • Recurrence: Victims are frequently solicited for multiple payments under various pretexts, each justified as necessary for job commencement or continuation.
  • High-risk Geos: Payments are directed to accounts in high-risk jurisdictions or to those that are otherwise unrelated or suspicious, lacking any logical connection to the job or employer.
  • Geographical Inconsistencies: The involved countries often have no direct connection to the alleged job or employer, exploiting the complexities of international law and jurisdictional boundaries.

Harnessing Collective Efforts for Enhanced Security

The fight against transnational fraud is not a battle that can be won in isolation. It requires the concerted efforts of financial institutions, regulatory bodies, law enforcement, and the public. By adopting the typology provided by the AFC Ecosystem and vigilantly monitoring the detailed risk indicators, we can forge a path towards a more secure and resilient financial environment. This collective approach is our best defense against the sophisticated and ever-evolving landscape of global fraud.

The Globalization of Fraud: The Rise of Transnational Scams
Discover All