FX compliance managers in Britain beware! Bank details of 100,000 people being sold on the internet for £1.67
The ambiguity surrounding the origins of deposits and the legitimacy of bank transfers into the custodial accounts of FX brokerages is every compliance manager’s nightmare. Today, it has emerged that the already very complex and highly sophisticated method of clearing customer funds across multiple jurisdictions safely into a retail trading account and ensuring that all […]
The ambiguity surrounding the origins of deposits and the legitimacy of bank transfers into the custodial accounts of FX brokerages is every compliance manager’s nightmare.
Today, it has emerged that the already very complex and highly sophisticated method of clearing customer funds across multiple jurisdictions safely into a retail trading account and ensuring that all of the required checks are completed and that customer assets are safe and originate from the correct source has just become even more difficult.
In Britain, one of the world’s largest and most highly respected regions for electronic trading, a company under the name of Bestvalid.cc has been operating nefariously by selling the stolen bank details of high net worth individuals including doctors, lawyers and bank executives for as little as £1.67.
The website in question, Bestvalid.cc, has been in operation since June 2015 and thus far, absolutely no action has been taken against it.
The site operates illegally and does not operate on the dark web, which is usually the pinnacle of such behavior.
The ‘dark web’ contains content that exists on darknets, which are overlay networks which use the public internet but which require specific software, configurations or authorization to access, however in this case, Bestvalid.cc has been operating on the public internet in the regular web space and is available to all and sundry.
This security hole has attracted the attention of Britain’s government officials, and has prompted Keith Vaz, Home Affairs Select Committee chairman, to explain The Times that the site’s ability to sell this information unchecked was ‘deeply disturbing’.
He said:
“The National Crime Agency must act immediately to get this site closed. I will be writing to the NCA to bring this issue to their attention.”
Compliance procedure within firms in the electronic trading sector in reputable and highly regulated regions such as Australia, most of Western Europe, all of North America and parts of the Asia Pacific region such as Hong Kong and Singapore often dictates that all deposits, whether from a new customer or existing one, must be accompanied by not only specific identification material such as national ID cards, bank statements or utility bills, but also subject to a completed ‘know your client’ form and in full compliance with anti-money laundering policy.
Within the ‘know your client’ procedures which are set out by many regulatory authorities, the ability to understand complex online investments and electronically traded instruments is one of the criteria with regard to product suitability, and indeed occupation is one of the factors taken into account, which is a concern bearing in mind that the demographic of the individuals whose bank details have been stolen and are being offered so cheaply in this case are bankers, lawyers, and doctors, all of whom are within the higher socio-economic categories and are highly educated, thus fitting the requirements for understanding online trading and passing that aspect of a compliance check.
With credit card deposits, this was always relatively straight forward, as credit card depositors and the receiving FX company are protected by the merchant services company that handles the transaction (in most cases Visa or MasterCard) which will automatically refund the amount to its source if the compliance related documents do not stack up.
With bank transfers, things are a deal more difficult because once the funds are received, there is little that can be done to return them without contacting the owner of the bank account, in which case the bank itself will often either self-insure against fraud or have a policy which can be claimed on in which circumstances the victim whose bank account had been emptied in this manner would receive a refund to that value by their bank, however the FX company would then be stuck with this deposit and if it was clear that it did not match the documents provided, this presents a bureaucratic and potentially difficult problem.
Additionally, it may create consumer discomfort with regard to using bank transfers online, or indeed making transactions which could cause their bank details to be picked up by fraudsters, and resorting to the security of a merchant services-backed credit card, however should this fraudulent scheme make its way to the other side of the Atlantic, US based brokers would find this to be an obstacle to onboarding new clients as the National Futures Association (NFA) banned the use of credit cards for the purposes of funding FX trading accounts some time ago.
So widespread is this crime now that even British Police Minister Mike Penning has admitted that even his own bank account was targeted by criminals last year.
If any advice with regard to this matter could be proffered to brokerages, it would be that it is worth ensuring that this is borne in mind by compliance officials, and reported to the Financial Conduct Authority (FCA) in Britain should any suspect activity arise, and to consider the use of algorithmic payment processing solutions which are offered by many PSPs which can proactively detect fraudulent transactions and not process them, therefore removing the potential bureaucracy of having to deal with such matters on a widespread scale.
In this case, it is a matter of Caveat Vendor!
