SoFi’s (NASDAQ: SOFI) brokerage division will be required to pay a $1.1 million penalty to the Financial Industry Regulatory Authority (FINRA) for alleged fraud detection shortcomings which reportedly enabled fraudsters to create SoFi Money accounts by using fake or stolen identities online.
SoFi Securities allegedly failed to establish and then satisfactorily maintain proper customer identification and identity theft programs for SoFi Money.
SoFi Money is the Fintech’s cash management brokerage account which included features such as a debit card and check writing options. This, according to FINRA‘s comments from the order issued this past Thursday.
SoFi has been using an automated process to verify clients’ identities and then proceed to approve the opening of SoFi Money accounts. This is described as a system which has been potentially vulnerable to fraudulent activities, according to FINRA.
Amongst the key issues was that SoFi allegedly failed to prevent ex- customers whose loan / investment accounts were closed for potential fraud from opening new accounts.
From the month of December 2018 to April 2019, bad actors reportedly created around 800 SoFi Money accounts by using fake and/or compromise identities. These bad actors reportedly used those accounts to send out $8.6 million from customers at other financial institutions without obtaining their permission.
Around $2.5 million of this money had been withdrawn by the cybercriminals from these accounts, FINRA has revealed.
Along with these major vulnerabilities in its user identification process, SoFi has also failed to implement a written identity theft prevention process, FINRA has stated.
SoFi had in 2019 increased its professional staff who have reportedly been trained to monitor fraudulent activity alerts, made enhancements to its user identification and identity theft processes. In addition, there were changes to its customer verification system to reject applicants with a certain profile.
The firm worked with a third-party in order to review various fraud alerts that were issued by its systems, FINRA stated.