Welcome to this month’s LTT.
You work for a mobile operator in a country with a very high corruption perception index, as defined by Transparency International. The marketing team is planning to launch their latest product, a Mobile Money service, which allows customers to remit money overseas. Customers “cash-in” their money at service kiosks, and the same amount is credited to their eWallet. When a customer wants to send money to an overseas recipient, they receive an SMS with a unique 16 digit code. The recipient then goes to their nearest “cashing-out” facility, and presents the teller with the SMS and they receive the cash.
All of the “cash-in” received is deposited into a holding account at the local bank.
The marketing team want you to put some controls in place to detect any fraud, so you ask them for the product service description, and technical solution design documents. Unfortunately, since the business has been in such a hurry to get the service launched before the other operator, these documents do not exist. The launch day is tomorrow, so you need to act quickly.
With the limited information you know about the service, you decide upon the following key controls.
- A daily cash-in reconciliation: all the money collected at the service kiosks matches the total amount credited to the eWallet, and is deposited to the company’s holding account
- A daily eWallet reconciliation: (opening balance) – (closing balance) + (cash-in) – (cash-out) = 0
- A daily balance reconciliation: eWallet balance = holding account balance at the bank
If these high-level controls are performed and everything reconciles, is it still possible for any fraud to be committed without being detected by these controls?
- A = Yes
- B = No
If your answer is A = Yes, please state how the fraud could be committed.
Please send your response to [email protected] – the most comprehensive answer received will be published on Monday 26 January.
A=YES, Fraud can be committed if the cash out SMS gets in the hand of the wrong person. for a case the phone of the individual is stolen and then duplicate sim is issued. The sim issued is now used by the second person to claim the money.
To control these scenarios there should be ‘identity’ that should be included with the transaction and not available on the SMS. This ID should also have the photo if possible and the teller at the cash out facility should match the ID with the ID provided by the personnel. This process should be included as part of the regular workflow.
There are other scenarios as well which might be appealing the teller background check, the disbursal amount from different tellers should be almost equal (some kind of a scale can be built to identify risks) . The teller specially if is a third party franchise then there should be a reporting of all the franchises day to day disbursal amount trends and when they are not as per the averages the transactions should be monitored.
In this scenario i am suspecting that the teller has some kind of a deal with the person cashing out.
Dear Ankur,
You are correct the answer is A, it is still possible for a fraud to be committed and you have provided valid reasons. Sadly the time has expired on this particular LTT, however, LTT-15 is still open for answers, and so far I have not received a correct answer. Good luck.