In a nutshell:
- They can feel like a bit of a nuisance at the time, but all the ID verification hoops you have to jump through to set up a new bank or investment account are an important part of protecting Kiwi customers against money laundering attempts.
- Squirrel adheres to strict anti-money laundering (AML) regulations, which means we have a range of measures in place to help prevent our customers from falling victim to scams and hackers.
- Over the past 12 months, there have been three instances where individuals have attempted to channel laundered funds—from a compromised bank account—through the Squirrel platform. The Squirrel platform was not compromised as part of these scenarios.
- In each instance, Squirrel's AML systems worked exactly as designed, enabling us to identify and intercept the fraudulent transactions, and return all funds to the hacking victims.
Setting up a new financial services account can be such a pain, can’t it?
First off, you have to submit a whole bunch of documents just to verify that you are who you say you are. Then—the cherry on top—you’re asked a series of ‘invasive’ questions to prove your money’s coming from legitimate sources.
It’s a lot of hoops to have to jump through.
But while these measures might feel like a nuisance, they’re all an important part of a global effort (involving various central governments, including New Zealand’s) to prevent money laundering.
One which has become increasingly important with the rise of digital scams and phishing.
Here at Squirrel, we adhere to anti-money laundering (AML) regulations as part of our effort to keep our customers—and other Kiwi—safe from scammers.
To the best of our knowledge, there have been three instances over the last 12 months where individuals have attempted to funnel laundered funds (from a customer’s compromised bank account) into a Squirrel On-Call account.
(Please note, Squirrel’s platform has not been compromised as part of these events.)
Fortunately, in each of these scenarios, our systems and processes worked exactly as they’re designed to—stopping all three, and allowing the scamming victims to get ALL of their money back (which is pretty rare!).
Here’s a quick outline of what happens in a phishing attack that’s linked to a money laundering scenario:
- Step 1: A hacker gets control of someone’s bank account. Typically, the victim doesn’t yet know this has happened.
- Step 2: Either the hacker, or one or more of their accomplices, a.k.a. mules sets up other accounts (in this case, a Squirrel account) to move money through. Mules are generally promised a payday by the hacker, with some money left in the account for them to do with as they wish.
- Step 3: The hacker initiates payments from the unwitting Kiwi’s bank account to a mule account and then onward to another account before attempting to send the money overseas. Speed is of the essence for the hacker and for the those trying to prevent the money disappearing.
- Step 4: The money then exits New Zealand, and the chances of recovery at this point drop to <10%.
In each of the scenarios mentioned above, a hacker/mule set up an On-Call account with Squirrel thinking we’d be an easy ‘transit’ account.
At first, these accounts all appeared to be legit—in the sense that there was a real Kiwi behind them who completed our registration and verification process (i.e. taking a selfie and submitting their ID, etc.) and made an initial deposit to activate their account.
But here’s where things get interesting.
Some time after the account was set up, a ‘dodgy’ deposit arrived, where the name on the bank account used didn’t match the name on the Squirrel account.
As some of you will have expereinced, we don’t automatically process these transactions to the underlying On-call Account.
Instead, we interrogate them, usually by getting in touch with the Squirrel account holder for proof that they’re authorised to access the bank account involved in the flagged transaction.
In all three situations, this alone was enough to stop the fraudulent transfer in its tracks, as the hacker / mule couldn’t provide the necessary evidence—although one of them tried to bluff their way through.
We then worked with the various banks involved to get the money returned to the hacking victim, once they’d regained access to and secured their bank account.
Moral of the story: while the rules and systems Squirrel has in place might (at times) seem painful and frustrating, they’re an important part of how we work to stop bad things happening to good Kiwi.
So stay cyber safe out their team, and in the meantime, you can count on Squirrel to be working hard to help protect you and your money.