Fraud Policy

Purpose of Fraud Policy

This policy outlines the responsibilities of employees and management regarding the reporting of fraud or suspected fraud within the organization.

Scope of Fraud Policy

This Fraud Policy applies to any irregularity or suspected irregularity involving the company’s users, employees, consultants, vendors, contractors, outside agencies doing business with the organization, or employees of such agencies, and any other parties having a business relationship with the organization. The term ‘employee’ includes external consultants, contractors, and agency personnel.

Definition of Fraud

Fraud is broadly defined as an intentional act of deceit to obtain an unjust or illegal advantage. For the purposes of this policy, fraud includes, but is not limited to:

• Fraudulent transactions conducted on the platform by users.
• Theft or misappropriation of assets owned or managed by the company.
• Submitting false claims for payments or reimbursement.
• Accepting or offering bribes or gifts under circumstances that might influence an employee’s decision-making.
• Blackmail or extortion.
• Off-the-books accounting or making false or fictitious entries.
• Knowingly creating and/or distributing false or misleading financial reports.
• Paying excessive prices or fees without proper documentation.
• Wilful negligence intended to harm the organization’s material interests.
• Dishonourable or reckless acts against the interests of the organization.

Fraud Prevention

To prevent fraud, the following measures are in place:

Card Payments

• An in-house monitoring system, which combines traditional rules with machine learning, is used to detect unusual or out-of-pattern behaviours.

Transactions are monitored against:

• Daily, weekly, and monthly transaction count limits per user.
• Maximum and minimum value limits for individual transactions.
• Total daily, weekly, and monthly transaction value limits per user.
• Limits on the number of unique card numbers a user can use, with unused cards removed after 3 days of inactivity.
• Blocking unique cards after three failed transactions within a day.
• Blocking card numbers reported as stolen or lost by the acquirer.
• Alerts when the total daily value of all card transactions reaches a configurable threshold.
• Alerts for BIN/user country mismatches and users using cards from multiple BIN countries.
• Alerts for multiple failed transactions per user.
• Blocking deposits from users whose IP addresses are in a specified list of countries.
• Alerts for single transactions significantly higher than the user’s previous largest deposit.

Machine Learning Alerts

• Patterns indicating attempts to clear transactions from stolen cards.
• Patterns indicating users attempting multiple cards over long periods or evading system rules.
• Common fraud behaviours like ‘patterning’ and ‘smurfing’.
• New or unusual behaviours that could indicate fraud.

Suspected Fraud

Transaction limits will block individual transactions from occurring. Depending on the severity, alerts may:

• Notify the MLRO of the customer account, triggering a review.
• Lock the user’s account pending review in severe cases.

Monitoring and Reporting of Fraud

Confirmed fraud will be recorded in a Fraud Log on the same day it is confirmed. The Fraud Log should include:

• Customer Name
• Public key of the user account
• Public key of other involved accounts (if any)
• Last 4 digits of the payment method
• Amount Disputed
• Currency
• Date of Transaction
• Date of Customer Notification
• Date W/H Refunded
• Comments

The Fraud Log will be reviewed weekly by the board to ensure all confirmed fraud is properly identified. Each fraud case will be included in performance and incident reports. If thresholds are crossed, internal escalations will ensure senior management and the governance team are notified to investigate and make decisions.