Fraud prevention
Fraud has become a more and more pervasive and evolving threat that affects individuals, businesses, and organisations across the world. Fraud can take various forms, including identity theft, financial scams, cyber-attacks, insurance fraud, and more. Its impact extends beyond financial losses, causing emotional distress, reputational damage, and eroding trust in institutions and systems.
Fraud prevention is not only essential for protecting one's finances and personal information but also for safeguarding businesses, institutions, and the economy. By being aware of fraud, noticing it, and reporting it, we can collectively create a safer, more secure environment for everyone.
What is Strong Customer Authentication (SCA) and why is it important?
Strong Customer Authentication (SCA) is a European regulation, introduced by the Payments Services Directive 2 (PSD2), designed to make online payments more secure and to reduce the risk of fraud. It ensures that transactions can only be approved by the authorized user, adding an extra layer of protection for your payments.
SCA works by requiring you to verify your identity using at least two out of three factors:
- Something you know (e.g., a PIN or password).
- Something you own (e.g., a smartphone, card).
- Something you are (e.g., fingerprint, facial recognition).
By combining these factors, SCA ensures that only you can authorize a transaction, significantly reducing the chances of fraud.
Additionally, SCA mandates that every payment is securely linked to the exact amount and the correct recipient. Before confirming a transaction, you will see these details displayed in the authentication window (e.g., in Smart-ID, Mobile-ID, or your bank’s authentication tool), allowing you to verify that everything is correct before proceeding.
Why is SCA Important?
- Enhanced Security: It prevents unauthorized access to your accounts and ensures that only you can approve transactions.
- Fraud Prevention: SCA reduces the risk of fraudulent transactions by adding extra verification steps.
- Regulatory Compliance: SCA is required by EU regulations, ensuring that all online payments within Europe follow the highest security standards.
Remember to always verify the details of a transaction and complete authentication only if you initiated the payment yourself.
Authentication Tools
There are various ways to authenticate yourself securely, such as Smart-ID, Mobile-ID, ID-card, or through your bank’s authentication system. It's essential to keep these authentication tools secure at all times. Here are some key tips:
- Never share your PINs, passwords, or login credentials with anyone.
- Only complete the authentication process if you initiated it yourself.
- Keep your devices and software up to date to ensure your security.
While financial institutions may request additional information from you, such as your date of birth, citizenship, or residency status, due to Anti-Money Laundering laws or sanctions, they will never ask for personalized security features like PINs or passwords. Stay vigilant and protect your information!
Most common scams and how to notice them
DATA GROOMING
It aims to steal your personal data and payment details, other confidential data, to confirm fraudulent transfers of funds.
How to spot fraudsters?
- Fraudsters may pose as representatives of financial institutions, law enforcement agencies, parcel delivery company employees, a manager of the company where you work, a business partner, a buyer, a seller, etc.
- The most common contact methods are by phone, email, SMS, WhatsApp, Viber or other chat apps.
- Scam messages emphasise urgency and the negative consequences of failing to respond or take specified actions, e. g. threatening to close a bank account, sue, seize assets, etc.
- Internet banking login or other personal information is often requested.
- Messages sent by fraudsters often contain errors in grammar, spelling and logic. It is very important to carefully check the authenticity of the email addresses of the senders and of the links they provide (often the name of the bank is not given in full, or numbers or other letters or characters are inserted), and the attachments to the email are often documents with strange formats or titles.
How to protect yourself?
- In all cases, read the information first and don't make rash decisions.
- Do not disclose your payment instrument login details - PINs, payment card CVV code, card number, e-banking user ID, etc.
- Don't click on any suspicious links without first checking their reliability, and buy only from verified e-commerce sites. Always access the websites of financial institutions directly, not through links in an email.
- Check the content of Smart-ID messages - they often specify the transaction being authorised.
- Remember that financial institution staff never call their customers, or ask for online banking, account or payment card details.
- If you are unsure whether the call is really from the bank, it is best to hang up immediately and call your bank on the number published on the bank's website. Never call back the number from which the call was made.
INVESTMENT FRAUD
Fraudsters offer very attractive investment opportunities, all you need to do is to transfer funds into the fraudster's account. The simulated investment initially generates a small "investment" return, then encourages more funds to be transferred, but then the fraudsters are no longer available and the funds are embezzled.
How to spot fraudsters?
- They promise fast and unrealistic earnings without any risk.
- Aggressive advertising using fake success stories of famous people or using well-known brands or institutional names.
- Such advertisements can be found on websites or social network accounts. Ignore them, do not click on the fake links provided and do not leave any personal or contact information under any circumstances.
- Check whether the company offering the investment is authorised to do so. You can do so here. Be sure to check carefully that the company is licensed and not another company with a similar name.
How to protect yourself?
- Be critical of promises of guaranteed returns or high earnings from investment platforms, and ask about all the terms and conditions of investment.
- Check whether the company offering the service has a licence or permit from the Bank of Lithuania to provide these services. You can do it here.
- Check that the website is not listed as an illegal financial services provider here.
What should you do if you got involved in a scam?
- Do not "invest" more funds and stop all contact with fraudsters - they may try to contact you to persuade you to continue investing. Ignore calls and emails.
- Report the fraudsters to the Lithuanian Police and the Bank of Lithuania (prieziura@lb.lt) - the Bank of Lithuania has the power to block websites offering illegal investment services.
- Contact law enforcement authorities investigating fraud.
MONEY MULES
People who "lend" their bank account for a fee to withdraw money or transfer it to another account, open an account in their own name and let others use it.
How to spot fraudsters?
- Money mules are "recruited" through supposedly legitimate job advertisements (e.g. "Money transfer agent job"), offering to apply for an attractive job with high pay via private message. These adverts usually do not describe the exact tasks, education or experience requirements, but promise a substantial reward in exchange for a small contribution.
- These adverts are also available on social networks (Facebook posts in closed groups), and personal offers (enquiries) can be made by email or through correspondence apps (Whatsapp, Viber).
- The victims are persuaded that such activities are completely risk-free and are promised higher pay if they involve their friends.
How to protect yourself?
- Avoid vague job offers.
- Always check the publicly available information about the person or company offering you a job and assess the risks involved.
- If you become a money mule, you could be considered an accomplice to a crime and prosecuted.
- If you suspect that you have become a money mule, immediately stop any payment transactions on your account that have been instructed by potential criminals and report them to your payment service provider and the police.
This information was prepared in accordance with the material published by the Bank of Lithuania. More information might be found here.
Please see the EBA warning to consumers on virtual currencies, provided here.
E-COMMERCE FRAUD PREVENTION
E-commerce fraud has grown significantly as online shopping becomes more popular. Fraudsters exploit digital transactions, leading to substantial financial losses. Thus, we recommend to have fraud prevention measures in place for the Merchants as well.
Merchants can protect their businesses from online payment fraud by taking the following steps:
- Using a Secure Payment Gateway. Use a reputable and secure payment gateway that complies with industry standards and offers robust fraud detection features.
- Encrypting: Ensure that all sensitive data transmitted between customers and your website is encrypted using SSL or TLS protocols.
- Requiring for Two-Factor Authentication (2FA): Require customers to use 2FA, such as one-time passwords (OTP) or biometric verification, to add an extra layer of security to their accounts.
- Monitoring and limiting the number of transactions from a single IP address within a specific time frame.
- Making Blacklists: Maintain a list of known fraudulent IPs or emails to block or flag suspicious activities automatically.
- Monitoring for Anomalies: Set up alerts for transactions that deviate from normal patterns, such as unusually large purchases or multiple transactions from different locations.
- Training the employees: Educate your staff on identifying and handling potential fraud attempts.
- Regularly auditing: Conduct periodic audits of your payment systems and review their effectiveness.
- Staying informed: Follow the latest fraud trends and techniques through industry reports and news sources.
- Educating customers: Educate your customers about potential fraud risks and advise them on best practices to protect their payment information.
- Implementing Strong Password Policies: Encourage customers to use strong, unique passwords and avoid sharing sensitive information.
Although no single measure can guarantee complete prevention of online payment fraud, employing a combination of the practices listed above and being aware is the key to effectively combating fraud and maintaining the trust of your customers.
WHAT SHOULD I DO IF I SUSPECT FRAUD?
For the Payer:
If you suspect that the merchant or online store might be involved in fraudulent activity, please reach out to us at support@montonio.com or aml@montonio.com as soon as possible. Kindly provide all the details you have about the merchant, your order, and the reasons for your suspicion.
To assist our investigation, we recommend sharing any relevant documents, such as:
- Order confirmation,
- Proof of payment (bank confirmation),
- Copies of your communication with the merchant.
These details will help us address your concern quickly and efficiently.
For the Merchant:
If you suspect the payer might be involved in fraud, please inform us immediately via support@montonio.com, aml@montonio.com, or through our chat on PartnerSystem. Share as much information as possible about the transaction and your concerns.
We strongly recommend withholding the shipment of products or provision of services until the issue is resolved. This will allow us to investigate and take appropriate action.