Iain Swaine, Head of Cyber Strategy EMEA, BioCatch
How the UK is championing global security in Preventing APP Scams
The focus on authorised-push-payment (APP) scams (where the scammer poses as a respectable person or institution) increasingly centres around whether banks should reimburse their customers for money successfully stolen by scammers. In this regard, we can learn a lot from how financial institutions in the UK tackle this type of fraud, as they remain ahead of counterparts in other jurisdictions.
First, British banks established a standardised reporting system. This is a fundamental first step that every financial institution should take to grasp the full scope of how financial fraud affects banking consumers. Banks may disclose the sort of fraud, the amount of money stolen, and the bank measures used to prevent the scam from occurring. A centralised view brings the true scope of the scam into focus.
Second, the UK has developed strategies to identify scams and reduce their losses. The regulator added a slew of new controls to banks, including confirmation of payee, scam and transaction-specific interventions, and money mule account controls. Before regulation, not every financial institution had implemented these controls, providing an uneven playing field. Banks outside the UK should not wait for regulators to mandate controls like these. They should do it on their own accord to prove they realise the magnitude of the scam problem and the severity of its impact on bank customers.
Improved consumer financial scam controls should be a minimum requirement for financial institutions in 2024. These controls should cover: authorised push payment behavioural analysis, money mule behaviour around both account opening and account activity, and analysis of both inbound and outbound transactions. Detecting and then closing money mule accounts – used by fraudsters as an intermediate stop between the victim’s account and the final destination for the stolen funds – is absolutely critical, as they serve as the backbone for every consumer-based financial scam.
The third? Getting involved. Banks need to integrate themselves with industry and trade associations – such as the FS-ISACs and GASA (Global Anti Scam Alliance). These associations provide opportunities to network with peer institutions and others in the fraud value chain to share scam information and learn from each other.
A practical assessment of effective strategies for fraud prevention
Many banks use anomaly detection and behavioural biometrics to notify them when a fraudulent transaction takes place. Financial institutions in the UK often issue actionable alerts to clients in real-time. Santander UK, for example, now asks customers if they have seen the item in person before approving a payment through Facebook Marketplace. For online account opening, there are good solutions for bot-detection to prevent automated bots from opening new accounts, behavioural biometrics to detect suspicious patterns of data entry, and solutions that can analyse the customer KYC data. A secondary benefit of strong account opening controls is the reduction of operational costs to close bogus accounts.
For detecting existing money mule accounts, traditionally it required tracking both the inbound and outbound transaction activity and looking for anomalies (e.g. high value in and then immediately transferred out). Now, user behaviour anomalies – such as changes in the user’s mouse activity or navigation preferences – may indicate a change in account control before the suspicious transactions take place.
Eliminating threats to customers: What will the future of the financial industry do?
Ever since the UK introduced faster payments, the region has become a laboratory for the rest of the world. Despite an increase in regulation, eliminating threats to customers and their hard-earned money remains difficult. Governments and international groups are starting to identify and take down some of these organisations, but there may be hundreds of thousands of scammers and coerced individuals involved in these intricate schemes. Financial institutions must take a prominent role in combating the problem. Understanding how scammers get their customers to initiate these authorised payment transactions provides a major challenge to financial institutions, but understanding the psychology behind how scams work is an essential element to incorporate into the bank’s solutions. Financial institutions must be able to look back in a few years’ time and answer ‘yes’ to the question: Did we do enough to help eliminate consumer financial scams?