Illustration of RiskOps protecting bank customers from global scams

Richard Harris speaks with Dan Holmes about the global rise of scams, why scams are a favorite tactic with fraudsters, and three things banks can do to protect their customers.

Richard Harris: Hello! And welcome to the pilot episode of Feedzai’s RiskOps Stories. With me here in the studio, I have Dan Holmes from Feedzai. Dan, welcome.

Daniel Holmes: Thanks, Rich. Good to be here.

Richard Harris: Scams is very much the hot topic. In the last year, scams cost banks more than card fraud. I mean, that’s a massive change in the industry. Can you talk us through how we got here?

Daniel Holmes: If you rewind four or five years, account takeover or third-party compromise was the primary threat to industry. And as a result, the banks responded to that, right? So the banks brought in new technology, device recognition, behavioral biometrics, malware detection, locational analytics, all to augment what they were already doing from a transaction monitoring perspective. 

Daniel Holmes: And that gave the banks a really good opportunity to recognize third-party compromise. So it was pretty easy for me as the bank to say, “This isn’t Rich’s usual device. His behavior looks fundamentally different to what I expect to see from Rich. And the location that he’s coming from today is also very different.” That’s conducive for a good risk strategy around account takeover. Banks were able to get their detection levels up to 80, 90%. So the fraudsters were failing far more frequently than they were succeeding. 

Daniel Holmes: Fraudsters are a resourceful group. They go away, and they think about, “How do I give myself the advantage?” The conclusion that they reached was that the fraud’s prevention ecosystem is no longer the weakest part of the chain. The weakest part of the chain is now the customer themselves. So they target the customer, and that’s how scams become the prominent threat. And clearly now it’s on the banks to respond and think about how to get themselves back on the front foot. 

Richard Harris: I’ve noticed that myself with the banks that I use. When I’m adding new payees or sending money to people that I’ve not interacted with previously, I’m now seeing quite a lot of additional noise and messages and clicks that I have to do to accept the fact that I’m either taking an additional risk in the transaction or that I’m acknowledging that I’m sending money to a new payee, and I understand the risk of a scam, et cetera, and I am to tick a box. Is that everything that the industry is doing, or is more happening behind the scenes?

Daniel Holmes: So there’s a lot more happening. If I’m in the bank’s hot seat, and I’m the one responsible for scam detection, I’m thinking about a combination of two things: it needs to be adopting new technology, purpose-built for scam detection. But it also needs to be putting a different lens on your existing data capabilities to make sure that how you’re looking at that data and how you’re utilizing it allows you to stop scams as well as the historic fraud typologies. 

Daniel Holmes: Secondly, it’s about data consolidation and making sure that you’re utilizing those data capabilities in the right way. What we often see through speaking to banks is that you’ve got four or five point solutions or islands of fraud tools, and they’re not interacting with one another. You need to make sure that you’re not just taking insights from four products individually or four data sources individually. You’re driving them together in the way that allows you to get the most out of that data. 

Daniel Holmes: And then thirdly, it’s education and awareness. If you think back through the last three or four years, education and awareness in a mobile app or an online banking platform was hidden away in the corner. You had to actively go looking for it. Whereas to your point, now banks are actively bringing that back into the session. So education and awareness has got to take on a whole new meaning. It’s got to be real-time, it’s got to be dynamic, and it’s got to be presented at the moment of risk. 

Daniel Holmes: Typically, when you think about the profile of a scam victim, you might think about an older, perhaps more vulnerable, customer. Data shows that it’s not just older, more vulnerable customers who are likely to fall for a scam. We’ve seen younger generations, we’ve seen middle-aged generations, we’ve seen extremely intellectual professionals all fall for modern, sophisticated scams. And your education and awareness strategy has got to reflect that. You’ve got to appeal to all levels of consumers, both in-channel at the right time, but also engaging through platforms that banks have typically avoided in the past. We’ve seen TV adverts on primetime TV slots, we’ve heard radio adverts, we’ve seen banks start to engage with younger customers through YouTube and other social media platforms. 

Richard Harris: I noticed through the pandemic, you’ve seen an entire generation of customers suddenly become native digital bankers. What are the vectors and the challenges that are happening to the other demographics out there? 

Daniel Holmes: What it’s done is it’s enabled them to consume their bank services more easily. But as more people have come online, what that’s done is it’s widened the risk exposure for the banks. What the data analysis shows, the younger population are almost as vulnerable as the older population. You almost end up with a bathtub-type view. 

Richard Harris: A u-shaped curve, yeah. 

Daniel Holmes: Exactly. You’re hypothesizing around why this is. My personal opinion on this is that they’ve come through in a generation where it’s just more normal to interact and share data and share stories online. And the scams reflect that as well. No longer do scams take the form of bogus lottery wins like you might have assumed ten or 15 years ago. They often play on what we call “fear or reward.” So fear of my accounts are at risk and I need to secure my accounts now and move money to a so-called safe account. 

Richard Harris: We’ve seen that with a “Your account has been compromised”-type approach. 

Daniel Holmes: They often play on current events, whether that be economic turmoil, whether that be COVID-19. We’ve heard examples of, I call you and say, “Hey Rich, I’m from your bank. There’s a transaction to Apple in the last 20 minutes for $1,000, was this you?” You say, “No.” I say, “Right, OK, what we need to do is secure your accounts. I’ve set you up a safe account over here. Please transfer all your funds there while we investigate this suspicious transaction.” You unwittingly go ahead and do that. 

Daniel Holmes: But often what will happen before you commit to making that transaction is you almost want a sense of validation that you are speaking to the right person. And some examples of how we’ve seen the fraudsters tackle that is that they’ll say, “Rich, look, I know I’ve called you out of the blue. Let me give you some comfort. Call the number on the back of your card. Make sure that you‘re speaking to the bank. Let me give you that confidence. Then we’ll proceed with the conversation. I can quite easily leave the line open so that when you dial back, I’m still on the other end of the phone.” 

Daniel Holmes: And what we’ve also seen is, I could play a false IVR. I could give you options of “Press four because you’ve received a call relating to fraud.” It just creates that extra level of assurance from your perspective. And even things like, when you do connect back to me, I might give you to somebody else and say, “I was speaking to this guy Dan, can you connect me back to him?” And they’ll do that, and they’ll be call center noises playing in the background. 

Daniel Holmes: Scams are sophisticated. You mentioned at the start that scams have cost the UK industry more than card fraud for the first time ever. This isn’t just a UK problem. This is a global problem. We’re hearing from banks in APAC who are experiencing this challenge. North America. This is a challenge that’s truly global. And what I’d also love to see more of is dialogue between banks in different parts of the world sharing experience around the learnings that they’ve taken away in this space, and how we can almost create a global ecosystem when it comes to sharing best practice. 

Richard Harris: This is going to be a big U.S. problem. It is already a big problem in APAC, so getting ahead of the curve, getting tools in place and solutions in place to be able to combat this is going to be critical. OK, that’s great. Thank you. 

Daniel Holmes: OK, thanks.

If you are looking for a fraud solution that provides strong protection from scams, we’d like to help you. Schedule a demo with us today to see how our experts and our technology can help establish digital trust for you and your customers.