Fraud Policy

Policy purpose

The purpose of this manual is to raise awareness about the methods used by fraudsters against our money transfer system. This manual is addressing Hafiz Broz Travel & Money Transfer Limited employees. Managing fraud risks is a key objective for Hafiz Broz Travel & Money Transfer Limited, Firstly, there is the obligation to protect our system from becoming an instrument for fraudulent activities and there is the obligation to warn our customers for such activities. Secondly, Hafiz Broz Travel & Money Transfer Limited wants to protect its reputation as a reliable global provider of money transfer services. Our company will take action against any form of criminal activity, whether it is money laundering, the financing of terrorism, or fraud.

In this manual, we provide you details about potential fraud schemes. Practical examples of how fraudsters operate will be also discussed. Finally, we will give you some important tips to secure yourself and your customers from becoming a fraud victim.

These manual provide details on statistical data on fraud related to different means of payment that Hafiz Broz Travel & Money Transfer Limited have to report to FCA, as well as the aggregated data that the FCA have to share with the EBA and the ECB, under Article 96(6) of Directive (EU) 2015/2366 (PSD2).

OUR METHOD

All internal external instigated frauds will be dealt with the utmost urgency and the measures to counter the threat of any future reoccurrence of these frauds. Fraud identification and shielding business and customers using payment services is our utmost concern and as such, industry has to constantly fight and stay vigilant.

As a payment service provider, it has been in our core to ensure and stay vigilant on identifying and reporting and placing corrective measures to identify and mitigate the risks to our business, clients and partners continuously.

• PAYMENT STEPS

• Payment can be made by any major personal (not commercial) prepay, credit or debit card or through an electronic payment account as explained on the order form.
• By placing an order, you consent to payment being charged to your prepay/debit/credit card account or electronic payment account as provided on the order form.
• Payment will be debited and cleared from your account before the provision of the Service to you.
• When you pay for your order by card, we carry out certain checks which include obtaining authorisation from your card issuer to ensure you have adequate funds and for security reasons. This may involve validating your name, address and other personal information supplied by you during the order process against appropriate third party databases including the card issuer, registered credit reference agencies and fraud prevention agencies.
• By accepting these Conditions you:
  1. Undertake that all the details you provide to us for the purpose of purchasing the Services are correct and that the payment card you are using is your own and that there are sufficient funds to cover the cost of the Services ordered
  2. Undertake that any and all Services ordered by you are for your own private or domestic use only and not for resale
  3. Authorise us to transmit the payment and delivery information provided by you during the order process (included any updated information) for the purpose of obtaining authorisation from your card issuer to ensure you have adequate funds, to authenticate your identity, to validate your payment card and for other security reasons, such as fraud prevention
• We shall contact you should any problems occur with the authorisation of your card.
• We will take all reasonable care, in so far as it is in our power to do so, to keep the details of your order and payment secure, but in the absence of negligence on our part, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide when accessing or ordering from our Website/App.

FALSIFIED MANIPULATION OF MONEY TRANSFERS

Fraud related to money transfers is committed against two different victims:

•           Our customers who transfer money to a fraudulent beneficiary

•           Employees working for Hafiz Broz Travel & Money Transfer Limited.

The first group, our customers, is the most targeted victim. Customers can become the victim of various schemes used by fraudsters to illegally appropriate money from the customer or to steal money from others through the customer. In addition, the person operating the Hafiz Broz Travel & Money Transfer Limited system to conduct orders for our customers can be the victim of fraud. In this case, fraudsters try to access to the money transfer system abusing your system password.

HAFIZ BROZ TRAVEL & MONEY TRANSFER LIMITED CATALOGUING OF FRAUDULENT ACTIVITY:

By passing regulatory compliance and KYC requirements Hafiz Broz Travel & Money Transfer Limited classify the fraud by following variable and indicators.

1. Deception and fraud of identify
2. Fraud of the payment instrument
3. Fraud on the stolen debit/credit card information
4. Fraud of tempering the sender or beneficiary information
5. Changing the metadata of transactional data
6. Changing beneficiary information either by internal staff
7. Accessing or stealing data client sensitive by internal or external adversaries
8. Maliciously act or sabotage by internal or external adversaries

WHAT IS FRAUD?

No precise legal definition of fraud exists; many of the offences referred to as fraud are covered by the Theft Acts in England and Wales, and under Common Law in Scotland. The term is used to describe such acts as deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, concealment of material facts and collusion. More sector-specific laws such as those that prohibit corruption or create offences related to companies or financial services create other offences.

For practical purposes, fraud may be defined as the use of deception with the intention of obtaining an advantage, avoiding an obligation, or causing loss to another party. This most often occurs in the context of a relationship with a customer, client, or colleague on an individual or organizational basis.

There are four basic ingredients, which are necessary for a fraud to occur:

• Assets to acquire
• People to carry out fraud
• Intent to commit the fraud
• Opportunity

While some people would never contemplate perpetrating a fraud, others might do so if they think they can get away with it. Fraudsters are usually alert, plausible and calculating. You can deter a fraudster who might want to take advantage of you personally, or your business, by being alert to the possibilities. Alertness and effective controls will increase the chances of being caught and will thus act as a deterrent.

In business, some frauds arise because of a system weakness, such as a lack of proper control over placing of purchase orders. Other frauds are the result of failures to follow proper control procedures. It may be carelessness in carrying out a check. It may be that too much trust has been placed in one individual with no effective separation of duties. Frauds that result from collusion may be more difficult to prevent. A computer can be instrumental in the perpetration of the fraud because of the absence of human review of transactions. The lack of human involvement may allow transactions to be processed that would have been queried in a manual system.

An organization can therefore be exposed to the risk of fraud in a number of different ways. For the purpose of this guide, we can divide fraud into three categories:

Internal fraud:

This is fraud committed by individuals inside the organization and do staffs that have access to liquid or moveable assets, such as cash or stocks, carry out most often. It is likely that the risk of fraud and its scale will increase if the member of staff is able to conceal the irregularities by also having access to accounting records. It may be opportunistic, though it may also be planned and committed over a long period.

External Fraud

This is fraud which is perpetrated by individuals outside the organization and covers activities such as theft, deception and computer hacking. It is very often committed because of inadequate safeguards.

CATEGORIES OF FRAUD

Frauds is categorized by the type of victim involved. The most common groups of victims encountered by investigators include:

• Investors
• Creditors
• Businesses
• Banks or other financial institutions
• Central or local government
• Fraud by manipulating financial markets

Frauds can also be categorized by the technique or activity used by the fraudster. These include:

• Advance fee frauds
• Bogus invoices
• Computer hacking of information or property
• Corruption and bribery
• Counterfeiting, forgery, or copyright abuse
• Credit Card fraud
• False Accounting - manipulation of accounts and accounting records
• Fraudulent bankruptcy - exploitation of cross-border corporate structures
• Insurance fraud
• Internet online scams - auctions, credit card purchases, investment scams
• Investment fraud
• Long Firm fraud
• Misappropriation of assets
• Money laundering
• Mortgage Fraud
• Payroll fraud
• Principal agents - failure of systems to restrict key individuals
• Pyramid schemes
• Unsolicited letter frauds

ASSORTMENT OF DATA SOURCE

Hafiz Broz Travel & Money Transfer Limited will collect data required according to the following level of detail:

• Data breakdown that differ depending on services and type of method used, geo locations and currency involved.
• Breakdown all data into difference levels with common denominator

Hafiz Broz Travel & Money Transfer Limited will collect data with the same level of detail and would not provide FCA to record all fraudulent transaction cases implying weak information for a supervisory purpose.

The level of data breakdown will Customers and beneficiary (bank account details), Transactional data and amounts, sources of origination, type of payment service, channel, instrument, jurisdictions and currencies involved.

The Scope of Assortment

Hafiz Broz Travel & Money Transfer Limited will collect the entire life cycle of the transitions and will cover the entire spectrum of channels, source on point of origination, point of processing and point of settlement and distributions, all personal and touch points where the state of the transactions change. Requisition will include.

• Internal Systems and Staff
• System providers and data centre 
• System Login        
• Audit Logs of action in the systems
• Audit logs of server with Sessions

Means of data collection

Means of data collection as per Hafiz Broz Travel & Money Transfer Limited set parameter as under:

• Internal Systems and application logs
• Server and operating systems level logs
• Information gathered from the customer’s profiles
• Information gathered from the 3rd party system providers i.e. secure trade etc.

FCA REPORT

Requirement

Hafiz Broz Travel & Money Transfer Limited will submit REP017 Payments Fraud Report through GABRIEL to FCA on half-yearly basis.

The information will help the FCA to understand whether Hafiz Broz Travel & Money Transfer Limited has appropriate systems and controls to adequately protect users against fraud and financial crime and to understand the security risks faced by the industry as a whole.

WHY USE DATA ANALYSIS FOR FRAUD?

The primary reason to use data analytics to tackle fraud is that many internal control systems have serious control weaknesses. In order to effectively test and monitor internal controls, organizations need to look at every transaction that takes place and test them against established parameters, across applications, across systems, from dissimilar applications and data sources.

OUR CONFIDENTIALITY OBLIGATION

Hafiz Broz Travel & Money Transfer Limited is committed to respecting and protecting the privacy of our customers. We value their trust and want them to understand how we collect, protect, use and disclose the personal information they share with us.

This privacy statement applies to personal information we obtain anytime a customer interacts with Hafiz Broz Travel & Money Transfer Limited such as when they visit our website at   https://www.hafizbros.com / complete transaction forms or contact Hafiz Broz Travel & Money Transfer Limited. We want to ensure they are aware of our practices for collecting and processing personal information, which is information about a person that can be used to identify that person.

HOW WE USE IT

We use personal information to complete the transaction, administer any problems that may arise in effecting the transaction, to better understand and manage our ongoing relationship with the customer, to assure good service, to prevent fraud and abuse and other potential prohibited or illegal activities, and otherwise with consent or as permitted or required by law. Hafiz Broz Travel & Money Transfer Limited may store personal information on databases used by Hafiz Broz Travel & Money Transfer Limited for these purposes, including our ongoing relationship with the customer, in accordance with applicable laws.

WHO WE SHARE IT WITH

We may share all of the information, as described above, with our affiliates to assist us in our business activities for the uses described in “How we use it “, and for other purposes as permitted or required by applicable law and international conventions and treaties. Disclosures permitted or required by law and international conventions and treaties may include cooperation with criminal or government investigations, fraud prevention and detection, and responses to a court order or subpoena. In limited situations, our affiliates may use information about the customer to offer products and services to the customer in compliance with their privacy policy.

Hafiz Broz Travel & Money Transfer Limited’s affiliates are bound by appropriate data safeguarding obligations. Our affiliates may be located outside the European Economic Area. Hafiz Broz Travel & Money Transfer Limited may disclose some or all of the personal information to service providers for the purposes of processing requested transactions or to perform business support functions on our behalf. Our agreements with these service providers contain confidentiality provisions and restrictions on using this information for any other purposes. If Hafiz Broz Travel & Money Transfer Limited becomes involved in a merger, acquisition or any form of sale of some or all its assets, we may disclose personal information to third parties in connection with the evaluation of the transaction. The surviving company would have access to personal information which would continue to be subject to this privacy statement.

ACCURACY & ACCESS

Hafiz Broz Travel & Money Transfer Limited wants to ensure that the information we obtain and use about the customer is accurate for its intended purpose and therefore we have processes to help maintain the accuracy of the personal information we collect. The customer can request access to their personal information or help us maintain accurate records by using one of the methods listed under “Contacting Hafiz Broz Travel & Money Transfer Limited “at our website.

We will also take reasonable steps to verify the identity before granting a customer access or enabling the customer to make corrections. Hafiz Broz Travel & Money Transfer Limited will retain personal information only for the time needed for business purposes or as required by law and will ensure secure destruction thereafter.

DATA SANCTUARY

Hafiz Broz Travel & Money Transfer Limited is fully complying with Data Protection Act in order to be allowed and processed, record and process data. Data for these purposes include practically all information on consumer, which a staff can expect to have to handle, and requirements applied whether the data is stored electronically or retained in manual format.

Hafiz Broz Travel & Money Transfer Limited uses physical, electronic and procedural security measures to protect against loss, misuse, and alteration of personal information under our control. Hafiz Broz Travel & Money Transfer Limited uses Industry–standard practices and security measures to safeguard such information.

Access to personal information is restricted to employees and service providers who need to have access to that information as described in this privacy statement, in accordance with applicable laws.

Our service providers are required to observe standards for the security, collection, uses and sharing of personal information, and to comply with applicable law.

Hafiz Broz Travel & Money Transfer Limited staff is prohibited from deleting information from Hafiz Broz Travel & Money Transfer Limited system or files without the prior written consent of Manager Compliance / MLRO.

ANTI FRAUD TECHNIQUE:

Internal control programs should be monitored and revised on a consistent basis to ensure it is effective and current with technological and other advances. Fraud can be very from one transaction to another based upon on all of the circumstances surrounding the transaction, or group of transactions.

However, in general trigger refers to any transaction or group of transactions about which doubts arise with the registered person concerning their link to money laundering and terrorist financing through their unusual size, repetition, nature, conditions and circumstances surrounding them, their unusual pattern that does not involve a clear economic objective or an obvious legal purpose. Activity of the persons involved in the fraud do not conform to their normal activities, or the domicile of such activity is situated in countries that do not adequately apply measures for prohibition.

In brief, the factors involved in determining whether transactions are fraudulent, including the amount, the location of business, comments made by the customer, the customer’s behaviour.

ASSESSING AND ACTION STEPS FOR FRAUD TRIGGER:

Incidents of suspected fraud will be investigated as follows:

• Upon reporting or triggering of the fraudulent activity, an immediate team came into action to take the situation further.
• Team consist of Manager compliance, Manager Operation, Manager IT
• Internal fraud control team will conduct investigation deemed appropriate.
• The fraud control team will investigate and prepare report based on the criticality of the acutance.
• Report then submitted to BOD and MLRO about the outcome to the report for further review and action.
• Based on the report represented by fraud control team, management of Hafiz Broz Travel & Money Transfer Limited will decide by keeping in view the parameter of criticality to further authority notification
• Fraud control team along with compliance team will trigger the process

WHOM TO REPORT FRADULENT ACTIVITY REPORTED

In case of any fraudulent activity, such as through a customer complaint or other means (detect by Compliance/Technical team). Officer will report to Internal Fraud Section. The Key members of Internal Fraud Section will review the case and engage the relevant head of department to investigate further.

If case have potential and reasonable grounds to prove fraud and Money Laundering & Terrorist financing, then MLRO will report to the followings:

• FCA
• NCA – National Crime Agency 
• ACUK - Action Fraud UK

INTERNAL FRAUD SECTION

Internal fraud section consists of key members of key functional department. This basic purpose of this section to monitor the following areas.

1. the location where the fraud takes place in the payment chain.
2. the authentication method that failed to prevent the fraudulent payment.
3. the payment channel in which the transaction took place.
4. the way in which the fraudster gained access to the sensitive payment data.