Enterprise Fraud & Risk

Management (EFRM)
Retail Payment Options

UPI Internet
Debit/Credit/ E-Wallets
Banking
Prepaid cards

Aadhaar Enabled
Payments IMPS Mobile Banking
Apps
Key aspects of secured Digital Payments

RMN – Registered Mobile Number 2FA – Two Factor Authentication

SMS alerts Ensures genuine user has

access
OTP
Precursor to Fraud

• Easy money
GREED • Too good to believe schemes

• Bank account will get blocked

FEAR • Your SIM will get blocked

• Hurry to move on with things

IGNORANCE • Grievance sharing on social media

People Trust easily

One survey highlights 1 in 4 Another survey shows India pegged

digital customers in India at 8.1 points on digital frauds as
have been a victim of fraud compared to Asia average of 5.5
Prominent Frauds Types

Skimming

SIM Swapping

Vishing
SMS spoofing
Conventional
Frauds Modern Day
Phishing frauds

Remote
access apps
ATM tampering
Card Skimming

Modus – Card Skimming CPP Identification Process: (Based on fraud reporting)

1) The act of using a skimmer (a
small electronic device) to
illegally collect data from the
magnetic stripe of a credit, Cardholder Cardholder F
debit or ATM card. This A Issuer 6
information, copied onto Issuer 1 29 Jun 2020
29 Jun 2020
another blank card's magnetic
stripe, is then used by an
identity thief to make
purchases or withdraw cash ABC
in the name of the actual POS/ATM
account holder.
(CPP )
2) PIN is captured by using a Cardholder E
pinhole camera within ATM Cardholder B Issuer 5
Issuer 2 29 Jun 2020
premises. 29 Jun 2020
3) Skimming can happen at any:
Cardholder C Cardholder D
• ATM Issuer 3 Issuer 4
29 Jun 2020 29 Jun 2020
• POS
SIM swap – Modus Operandi

Fraudster will then

Victim remains
activate the new SIM
unaware of fraudulent Probable Indication
on his device with
transactions since (customer’s version)
victim’s mobile
number SIM is deactivated
Unauthorized
transactions during no
network
SIM de-activation
Subsequently service message
Fraudster procures
of victim’s SIM will
blank SIM cards Non-receipt of debit
stop
SMS alert
Change in email ID of
victim (eSIM)

Fraudster convinces
the victim to SMS Fraudster also takes
19/20 digit new SIM bank credentials from
number to the service customer DOT circular on barring incoming and outgoing SMS for
provider. 24 hours post new SIM activation
SMS Spoofing – Modus Operandi

Probable Indication
Fraudster also takes (customer’s version)
Fraudster transacts
bank credentials from
using victim’s account Probable indication
victim through customer’s
version
SMS forward by customer
Details shared by
Token (string value) is Victim gets intimated customer
generated on Fraudster’s device of fraudulent debit on
fraudsters mobile gets linked with receipt of SMS alerts,
while initiating device victim’s RMN checking bank
registration statement
SIM Active

Victim sends the

Fraudster convinces
token received from
victim to send this Airplane SIM data
fraudster to SMS
token from RMN mode is and not on
gateway
off Wi-Fi
Remote Access Tool – Modus Operandi

Victim also shares Fraudster having

App access control of device may
passcodes along with also delete debit SMS Probable Indication
banking credentials / notifications
Customer’s version
App Passcode sharing
Victims are unaware
Fraudster convinces of fraudulent debits
Fraudster now is in
victim to download until realization by
control of victim’s
remote access tool in further notification,
device and credentials checking bank
mobile
statement

Recommended
Victim shares RAT Fraudster executes
credentials through transaction using RASP
which fraudster gains victim’s device and
access to victim’s compromised banking
mobile credentials
Expectation from Banks & Digital players to prevent fraud

Banks / Digital players

Have easy options for customer to block channels

Have regular customer awareness campaigns especially in regional language

In-App debit notification

Have detail SOP for investigation of Disputes / Frauds

Ensure robust monitoring of transactions on real time basis

Use AI & ML to profile customers & accordingly authorize transactions

Populate correct IP & geo location details

Extend necessary support for LEA’s in terms of data

Enterprise Fraud & Risk Management (EFRM)

Select Menu - CREATE MANUAL CASES

 Artificial Intelligence / Machine Learning based model scoring for each transaction
 Bank empowered to
- Create / Delete users
- Reset password for user
- Define New Bank specific Rules / Modify deployed Rules
- Single Master rule list for all NPCI default rules i.e. @ NPCI no need to create default rules in individual banks
- Activate or Deactivate existing Rules in EFRM as per requirement
- Generate Adhoc / Scheduled Reports
- Maintain Hotlist / Whitelist
 Immediate Deployment of Rules with Simulator

 All Products of NPCI covered in EFRM (Phase-wise)

 Transaction monitoring from Issuer/Remitter & Acquirer/Beneficiary perspective

 Online Fraud reporting by all member banks

 CPP Analysis through FRM system at Network level (in subsequent phase)

 Bank can also route their onus transactions to NPCI for rule evaluation (subject to evaluation)
Enterprise Fraud & Risk Management (EFRM)

Select Menu - CREATE MANUAL CASES

Sr. No. Score Range Score Type Advice Description
1 001 to 900 Model Sent to Bank Switch
2 001 to 900 Rule Alert Detective Rule
3 901 to 990 Rule RTD Preventive Rule (Sent to Bank Switch)*
4 991 to 999 Exception Scenarios 995 – EFRM Offline
999 – EFRM Timeout

Every transaction will be assigned an AI / ML based model score which will be sent to Bank switch (Range 001 – 900).

Further each transaction on meeting the defined rule conditions (NPCI or Bank defined rule) will be assigned a rule score basis the
rule priority (Range 001 – 900).

*If the transaction triggers a RTD rule then the rule score will be sent to Bank switch (Range 901 – 990).

Both the model score & rule score for the transaction along with Rules triggered for that transaction can be viewed in the case
management screen.
Enterprise Fraud & Risk Management (EFRM)

Select Menu - CREATE MANUAL CASES

Velocity
based
Abnormal
BIN based
Time Usage

Merchant
Category History based
based

Country
Zone Hopping
specific

Unusual
MID/TID
Transaction
Pattern based
Cumulative
amount based
User Creation / Deletion in EFRM

EFRM User Creation - 1 Select Menu - CREATE MANUAL CASES

Enterprise Fraud & Risk Management (EFRM)

EFRM Fraud Tagging-1

EFRM Fraud Tagging-1 Then enter all mandatory details as
EFRM User Creation - 2 highlighted below.
Enterprise Fraud & Risk Management (EFRM)

EFRM User Creation - 3 Approve pending request

Enterprise Fraud & Risk Management (EFRM)

EFRM User Creation - 4 Check all details and click on Approve

Enterprise Fraud & Risk Management (EFRM)

EFRM User Creation - 5 View all users for your bank

EFRM Fraud Tagging

Select Menu - CREATE

1 MANUAL CASES
Then select Channel,
organization, Enter PAN Number, 22
Select Date and Time and Search
click on Dropdown and Then
3 Select Create

Select Menu - ASSIGN

MANUAL CASES
4
Select Date , Organization
5 And Channel

Click Dropdown and

Select VIEW on Case ID
6
Tick on RRN THEN Click on Dropdown,
7 Select CONFIRMED FRAUD Then Select
Fraud Type , Mention Noted And Submit
Enterprise Fraud & Risk Management (EFRM)

EFRM Fraud Tagging-1 Select Menu - CREATE MANUAL CASES

Enterprise Fraud & Risk Management (EFRM)
Then select Channel, organization, Enter PAN
EFRM Fraud Tagging-2
Number, Select Date and Time and Search
Enterprise Fraud & Risk Management (EFRM)

EFRM Fraud Tagging-3 Click on Dropdown and Then Select Create

Enterprise Fraud & Risk Management (EFRM)

EFRM Fraud Tagging-4 Select Menu - ASSIGN MANUAL CASES

Enterprise Fraud & Risk Management (EFRM)

EFRM Fraud Tagging-5 Select Date , Organization And Channel

Enterprise Fraud & Risk Management (EFRM)

EFRM Fraud Tagging-6 Click Dropdown and Select VIEW on Case ID

Enterprise Fraud & Risk Management (EFRM)
Tick on RRN THEN Click on Dropdown, Select
EFRM Fraud Tagging-7
CONFIRMED FRAUD Then Select Fraud Type ,
Enterprise Fraud & Risk Management (EFRM)
Then Select Fraud Type, Mention
EFRM Fraud Tagging-8
Noted And Submit
Bulk Fraud Tagging
Click on Menu, then Case Management & Bulk
Bulk Fraud Tagging-9
Fraud Tagging
Enterprise Fraud & Risk Management (EFRM)
Download template, prepare and upload bulk
Bulk Fraud Tagging-10
fraud tagging file in csv format
Enterprise Fraud & Risk Management (EFRM)

Bulk Fraud Tagging-11 ATM & UPI Sample Formats

Enterprise Fraud & Risk Management (EFRM)
To approve, click on Menu, then Case
Bulk Fraud Tagging-12
Management & Manage Bulk Fraud Tagging

• Click on ‘View’ under column Case Details – If any data format validation has failed will be displayed
Queue Management
Queue Management-13 Then Select Create Queue
Enterprise Fraud & Risk Management (EFRM)

Queue Creation- 14 Select Channel & Organisation

Enterprise Fraud & Risk Management (EFRM)
Select Condition/ rule or both and
Queue Condition- 15
click Submit
Enterprise Fraud & Risk Management (EFRM)
Select Newly Created Queue & Under
Approve Queue – 16
Action select Approve
Enterprise Fraud & Risk Management (EFRM)

Manage Queue – 17 Select Assign Queue

Enterprise Fraud & Risk Management (EFRM)

Assigning Queue - 18 Select Details & Click Submit

Enterprise Fraud & Risk Management (EFRM)
Approve assigned QUEUE - 19 Under Action Click Approve
Case Management
My Cases TAB - 20 Login Application or Click on Menu and
Case Management
Enterprise Fraud & Risk Management (EFRM)
My Cases TAB - 21 Click on My Cases for alerts
Enterprise Fraud & Risk Management (EFRM)
Case Details - 22 Action Case as per below steps
Manage List
Manage List- 23 Rule Management and Click on Manage List*
Manage List
Manage List- 24 For addition go to Rule Management and Click
on Manage List click on Add To List
Enterprise Fraud & Risk Management (EFRM)
Bulk Insertion-25 Select Insertion Type for BULK and upload data
Enterprise Fraud & Risk Management (EFRM)
Approving List-26 Click on Manage List and Approve the list by
following steps
EFRM Reports
Reports-27 Creation of Reports
Enterprise Fraud & Risk Management (EFRM)
Reports-25 Creation of Reports

After clicking on Submit, Report gets generated and will be saved in WINSCP
Enterprise Fraud & Risk Management (EFRM)
Sample Mail ID & SFTP-28 Auto mailer after creation of report and
WINSCP path

After clicking on Submit, Report gets generated and will be saved in WINSCP
Thank You