Managing Digital Wallet Fraud at XetaPay

Abstract

XetaPay is a fictitious company similar to the many fintech start-ups making a foray in digital wallet business. The case study describes two fraud events that hit XetaPay – the first case is that of SIM cloning and the second case is a phishing attack. On the surface, the origin of both these attacks is beyond the purview of XetaPay. Yet XetaPay has to bear the responsibility and impact of the fraud events. The attacks forestall XetaPay’s plans to launch improvements in the XAPP wallet. It thwarts their progress on the technical development and implementation of the XAPP features. The entire organization is compelled to shift its focus to fraud response for avoiding recurrence of similar events in future. The fraud events open the managements’ eyes on the need for a comprehensive risk management program involving all stakeholders and making risk-aware decisions a consistent and constant practice at the firm. The case study attempts to illustrate the importance and need for a comprehensive risk and fraud management process in fintech companies and all companies offering financial services. The case study also focuses on the implementation of AI/ ML-based solutions for effective fraud detection and prevention and shows that the gamut of risk management in an organization is not only limited to the internal processes and people, but it also encompasses peripheral services, partners, and the operating environment.