SAMA, the Saudi Central Bank, has directed banks in the kingdom to put a stop to the opening of online accounts for individuals or institutions as part of new security measures.
As per the new measures that will take effect starting April 10, accounts are to be opened through branches only. Other measures include limits on daily electronic transfers and holding the international transfers for 24 hours.
SAMA also asked banks to stop allowing non-Saudi customers to add beneficiaries online and instead do it in person.
Banks are requested to apply more than one criterion to verify identity on the request to establish electronic services, change the password, issue and activate cards, and confirm the request through another channel such as a phone call.
Measures also include applying more multi-factor authentication standards for each money transfer transaction for pre-added customers, and customers must manually enter the temporary password or OTP.
The new decisions came as an increase in fraud has been observed recently, through impersonation of platforms that sell goods or provide services, with names of official entities, to obtain access data on electronic banking services, SAMA explained in the circular.
Due to the significant and rapid development in the financial services provided by banks through traditional and electronic channels, financial fraud has increased, with different methods and forms, for illegal financial gain, SAMA added.
Impersonation, fictitious recruitment, phantom investment, fake web pages or platforms, and internal fraud are among the most prominent bank fraud operations.
The circular revealed many challenges that contributed to increasing the fraud operations in the Kingdom.
The weakness in process control systems created a challenge in the early detection and reduction of fraud cases, with insufficient investment in the infrastructure of anti-fraud systems using artificial intelligence and customer behavior study.
More than 4.8 million accounts were opened remotely without verifying that the customer’s identification number matches the identity number of the user on the mobile. This constitutes 55 percent of the total accounts opened remotely.
Also, there are no procedures to verify that the IBAN and the name of the beneficiary match, the circular added.
SAMA also called banks to present a plan for other measures within five days to be implemented within two months. Those measures include investment in the infrastructure of anti-fraud systems.
SAMA has accelerated its efforts recently in fighting fraud and scams. Last year, it formed a team to investigate a scam through bogus recruitment.