Fraud and financial crime issues discussed at an in-person roundtable with Feedzai and ACFCS in Australia

Feedzai’s Dan Holmes recently joined Casey Nelson, Senior Director of Training Solutions for the Association of Certified Financial Crime Specialists (ACFCS), at the Lessons Learned from Fighting Scams Across the Regions in-person executive roundtable in Australia. Here are the key takeaways from the discussions with the senior executive leaders in financial institutions across Australia.

Australia is Following the UK’s Liability Example

Scams have been a dominant force in the UK, with citizens losing £754 million to scams so far this year, according to UK Finance. Scams are now so prevalent that UK banks will soon be required to fully reimburse customers who are deceived by authorized push payment (APP) scams. Liability will also be split between the beneficiary and sending banks for the first time ever  

Across the globe, Australian banks are facing the same situation. As such, banks must address the same decisions regarding how to compensate scam victims. It appears some Australian banks will likely take the same position as their UK counterparts. One attendee noted they had spoken with the UK’s TSB Bank, which has offered customers a full refund if they are scammed for several years prior to the latest requirement. 

Fraudsters are Heavily Targeting the Australian Market

Australian banks will continue to face these liability questions as the nation sees a rise in scam activity. This is likely because Australian citizens have been underexposed to educational campaigns about how scams operate. This has left many unprepared to identify a scam and resulted in nearly $300 million AUD in losses in the first half of 2022. This figure unfortunately further supports the ongoing trend that customers are the weakest part of the chain in a scam.

Nelson pointed out that fraud is almost always more rudimentary than most people imagine. “You picture these darknet hackers sitting in a back room. But really, it’s just a phone call to somebody half the time or a text message; it’s basic social engineering,” he said.

Regardless of how they engage online, Nelson said banks should both increase their communication and the quality of education to reach their audiences where they spend the most time. Nelson added that banks should educate customers using the most appropriate channels to raise awareness of scams. Younger people, for example, are more active on social media platforms like YouTube and TikTok where many scams originate. Therefore banks need to push educational materials onto these channels to help younger customers stay safe. 

“Firms have to get more creative,” said Nelson. “They’re going to have to diversify their communication. For one set of demographics, doing things using YouTube, Twitter, and even TikTok and whatever else is the newest thing.”

At the same time, banks can’t forget about older customers who are more likely to encounter phishing attempts via email. They should also warn customers about the risks of number spoofing in which fraudsters call from a number that looks like their real bank.

“Don’t forget about your other demographic and the traditional ways they’re used to receiving communication,” Nelson said.

Engage with Big Tech, Telcos, and Law Enforcement

Customers are not the only ones to educate about fraud risks. Big Tech also plays a role in connecting fraudsters with their targets. As such, banks and governments should educate large tech companies on how their services play a role in fraud and scams.

Take the telecom sector, for example. Fraud often passes through several technological channels before it reaches customers. Fraudsters use telecom providers, for example, to reach their targets via email, spoofed numbers, and SMS. Meanwhile, social media platforms like Meta and Alphabet have become launchpads for scams thanks to fake ads. Banks can gather information about how these scams reached their customers using Big Tech and Telco services.

Meanwhile, scams have become so prolific that many law enforcement agencies are struggling to respond to them. But banks can take steps to strengthen their relationships with their local law enforcement officials and communicate the types of fraud and scams they’re seeing. By law, banks must report suspicious activity to law enforcement. Through this process, they can also provide supporting documentation to help law enforcement with their reports and investigations. 

Fraudsters Are Coordinating, Banks Should Too

One speaker relayed a story about a former fraudster who spoke at a separate event. The ex-fraudster offered an important insight into why fraudsters are becoming so sophisticated: they are forming communities online and in chatrooms to exchange ideas.  

Fraudsters form these groups using platforms in open source forums, including WhatsApp, Telegram, and Reddit. They join these spaces to share the latest trends and educate each other. Some even have access to the dark web and educate other bad actors on their tactics. This enables a game of cat or mouse that leaves banks reacting to the latest fraudster typology.

But banks can also put their collective intelligence together to react to scams and fraud faster. Banks should share their knowledge with other financial institutions to find ways to bolster their defenses. They should also consider expanding communication with private and public entities and engaging with industry associations. These partnerships will empower bank staff to engage with other professionals and may open new avenues to fight fraud differently. 

Collaboration should also be an internal process, too. Banks should look for opportunities to break down data silos within their organization. Making it easier for fraud prevention teams to share relevant data with anti-money laundering (AML) teams, will give banks a broader view of fraud and a better way to manage their risks.

Banks should also empower their customers and employees to report any suspicious activities that they see – even if they don’t click phishing URLs or learn their account was breached. “Tipping off” is one of the most impactful mitigating efforts. Giving customers a way to provide tips empowers them to join in the bank’s anti-fraud effort. 

Compliance Training Has to be Sexy to be Impactful

In a conversation after the event, Nelson shared something one participant brought up in the discussion. For compliance efforts to be effective, they must also be sexy. 

“For training to be impactful, you have to cut through the noise, so it’s not just one extra email that they have to read and it just gets tossed aside,” Nelson said.

Banking staff are already inundated with numerous regulations, laws, and obligations. A new approach is necessary for compliance efforts to be memorable and not just another email for staff to read. Banks and financial institutions must get creative to make their training and educational initiatives effective – especially when new fraud trends and patterns are already fascinating. 

Nelson added that the difference between a good data analyst and a great one is the latter understands the problem they aim to solve. Banks should also provide examples of what happens when things go wrong. This means putting a human face to fraud. Explain how fraud affected an elderly person’s ability to pay their bills, for example. Or if someone fell for a romance scam, show staff how it harmed the person – both financially and emotionally. Calling attention to the real scenarios and the weakest links can help bank staff understand what went wrong and understand how to address the vulnerability.