Back in 1994, the Russian Ponzi scheme “MMM” collapsed and robbed millions of investors of their savings. The scheme defrauded investors by issuing joint-stock company shares that were advertised through aggressive TV campaigns, featuring ordinary characters that appealed to the public.
But in a case that shows how the nature and scale of consumer risks have evolved in the digital age, MMM has reemerged over the last decade and launched new cryptocurrency-based schemes in developing countries, including Colombia, India, Kenya, Nigeria, Philippines and South Africa. Claiming to be a “mutual aid network” like the informal savings groups many people are familiar with in such countries, MMM encourages contributions in Bitcoin, touting the cryptocurrency’s independence from government and banks (which many in developing countries distrust). Of course, transacting in cryptocurrency makes it harder for countries like Nigeria, which have tried to shut MMM down, to control the company.
MMM is not alone, and the incidents of digital financial services (DFS)-based fraud are on the rise globally. New CGAP research outlines dozens of threats that should be on the radar of policy makers.
In 2015, CGAP highlighted seven DFS consumer risks faced by mobile money users. Since then, new digital products and delivery channels have emerged and transformed consumer risk exposure, especially for inexperienced and vulnerable DFS users. Moreover, COVID-19 has accelerated DFS adoption — in some cases, without actors considering the consumer risk implications. While some reports have cited risks introduced by new digital finance products and delivery channels, we are not aware of any comprehensive analysis at the global level of the changing nature and scale of DFS consumer risks. Against this backdrop, CGAP launched a global study to understand the evolving nature and scale of DFS consumer risks since 2015.
Based on a review of literature and discussions with over 70 global, regional and country experts, we have identified over 60 consumer risks, some of which have evidently increased in scale over the past few years. The most notable new risks relate to data misuses and fraud. These include mobile app fraud, which may occur when fraudsters create fake mobile applications; synthetic identity fraud, which involves creation of new identities by blending personal information from multiple individuals; biometric identity breach, which may result in theft of physical or behavioral human data; algorithmic bias, which may happen when a computer program creates unfair outcomes such as discrimination against certain groups of people; and authorized push payment scams, which may happen “when a customer is coerced into transferring their money to an account controlled by the fraudster, on the pretext of them being a legitimate payee.”
Other consumer risks, such as data breaches, SIM swap fraud, aggressive marketing and debt collection practices, poor dispute resolution and liability allocation risk are not new but have worsened due to the modularization of the financial services industry and the expansive reach of digital technologies.
What is worrying is that the increase in some risks has surpassed the rate of technological adoption and digital financial inclusion. For instance, between 2015 and 2020, the number of records exposed globally increased by 4,550% (from 800 million to 37.2 billion), while the data created over the same period increased by 314% (from 15.5 zettabytes to 64.2 zettabytes). In three of the past five years, annual percentage increase in the number of records compromised has been larger than the increase in the amount of data generated. Excluding 2016, which was an outlier, the average annual percentage increase in records exposed was 80%, compared with a 38% annual average increase in volume of data created. Additionally, between 2019 and 2020, the increase in records exposed globally (142%) and data created globally (57%) both surpassed the increase in the global smartphone penetration rate (4.6%) and the increase in number of active mobile money accounts (17%).
It is noteworthy that the massive variations in volume of records exposed point to the possibility of data breaches contributing to the next global “black swan” event. Some of the records compromised are not even reported, and the average time to identify and contain a data breach has increased from 275 days in 2015 to 287 days in 2021.
SIM swap fraud is another concerning global issue, with higher frequency in developing countries. According to the South African Banking Risk Information Centre report, SIM swap fraud incidents in the banking sector increased by over 90% between 2017 and 2019, while the number of mobile cellular subscribers increased by 9.6% over the same period. Unfortunately, due to the paucity of global data on SIM swap fraud, we could not assess the evolution of this risk at the global level.
Since 2015, there have also been numerous reports in China, India, Indonesia, Kenya, Nigeria and Philippines regarding emerging digital credit products and delivery channels, such as mobile apps and peer-to-peer platforms, that have exposed consumers to various risks. These risks include mobile app fraud, privacy intrusion and abusive debt collection practices, which may result in over-indebtedness. As evidence from Kenya and Tanzania has shown, over-indebtedness affects the resilience of low-income people because victims often adopt negative coping strategies, such as reducing their food purchases or failing to pay children’s school fees.
Evolving risks in digital finance call for a new approach to consumer protection
It is evident that DFS consumer risks can change rapidly and that they are interrelated. For instance, when a data breach occurs, criminals may steal customers’ data and use it to commit various kinds of fraud. Similarly, network downtime caused by a distributed denial of service attack may lead to data theft or cause customers transacting through agents to engage in risky behavior, such as leaving their phone with an agent to complete a transaction when the network is restored. In addition, a combination of several digital consumer risks may result in negative customer outcomes, such as over-indebtedness.
DFS have indeed helped to boost financial inclusion. But based on emerging evidence, DFS have introduced new consumer risks, which if not addressed may reverse the gains made in financial inclusion. DFS consumer risks may also undermine the financial sector’s most valuable currency, which is trust.
The evolving nature and scale of DFS consumer risks calls for a new approach to consumer protection. Building on the evidence and data we have gathered, we have developed market monitoring tools for supervisors (forthcoming in November 2021) and proposed ways to elevate the consumer voice in financial regulation. Our recent study in India also highlighted how analysis of social media data using natural language processing (NLP) can help to detect DFS consumer risks. We have also launched research in the West African Economic and Monetary Union to get a deeper understanding of the DFS consumer risks there.
Watch out for CGAP's forthcoming market monitoring toolkit (November), which will include detailed guidance for supervisors on the best market monitoring tools available, how to select which tools to use, and examples of how the tools are being used around the world. Interested in learning more about this work? Contact Majorie Chalwe-Mulenga here.