The threats presented by bad actors and scammers are not being ignored. In the financial sector in particular, organizations are taking strong measures to protect their business, their customers – and by inference, their reputations.
But fraud still happens on a daily basis. Fraudsters will use every tactic at their disposal, from advanced social engineering techniques to simply preying on inexperienced users who are forced into digital interactions by circumstance rather than choice.
Despite far-reaching email campaigns, embedded adverts and in-app messages that are all being used to raise the awareness of the ever-present and ever-evolving danger presented by scammers, it’s hard to shake the sense that, now more than ever, customers are actually more vulnerable to scams than they have been.
The communication problem
The unwavering message of the last decade or so – in every avenue – has been the importance of effective communications. In the arena of fraud prevention, this has certainly been the case, where the position generally is that, in the battle against scammers, a good defense is the best offense.
But the forms and methods of communication have evolved rapidly and continue to do so. With many businesses shifting elements of their operating models online, there is the risk of less digital-savvy customers being left behind. Banks, for example, have been pushing ahead with carbon-friendly communication forms, such as paperless statements.
The COVID-19 pandemic has acted as an accelerant. Banks have been forced to further reduce their physical presence, taking the in-branch option off the table for the vast majority of customers. This has resulted in an uptick in customers who are unfamiliar with the digital realm and are facing a steep learning curve, both in terms of communications and actual banking.
New scenarios are bringing new challenges and attack vectors. Employment fraud is on the rise, with job seekers displaced by cutbacks being asked for advance fees; there has been a steady increase in scams related to PPE and vaccinations; and across the board, there has been a rise in scams related to cross-border business, many of which are related to the recent changes in Europe.
A fraying safety net?
Despite the wide variety of approaches and targets, there are common factors to all of these scams – factors that make it difficult for banks to provide watertight security for their customers.
One example is the fact that existing safety nets often offer a one-size-fits-all approach, with messages embedded into the user journey, regardless of whether it’s safe (or not). It’s compounded by the fact that different territories adopt different positions on the default responsibilities for fraud. These can range from putting the onus firmly on the customer, to the UK approach of a voluntary code that offers additional protection to customers.
Whilst methods such as the voluntary code helps offer consumers some protection, they don't prevent scams and the real problem lies in the fact that they are hard to detect.
Where fraud relies on social engineering, much of the malicious work is done before an approach is made to the bank. And fraudsters are very good at this – even well-informed customers can be taken in by frauds that are only getting more persuasive. In instances such as authorized push payment (APP) fraud, when it’s actually the customer who is making the payment in many of these cases, how does a bank then intervene to warn them that they’re being coerced over the phone?
Prioritizing fraud prevention
There’s little value to be had from assigning blame or pointing fingers. The simple fact is, you need to prevent, not just detect. In some (but not all) cases, money can be recovered; but this is seldom a process that’s straightforward or painless. It’s far better for all concerned to ensure that it doesn’t go out of the door in the first place.
Education is an important factor. Making customers aware of the risks can go a long way to mitigating them. But this is where the communication issue comes into play. Simply sending the same email to every customer isn’t the answer; different customers need different degrees of guidance.
And whilst banks are increasingly adopting and seeing benefits from providing smooth user journeys, it doesn’t mean that friction should be abandoned altogether – but it needs to be timely, contextual and appropriate. The key is to provide messages that won’t be ignored, ideally dispatched only when they are needed – warnings that are tailored to the individual customer and each individual event.
But how can this be achieved?
The Callsign approach to preventing scams
The answer is to adopt a passive approach. Callsign’s technology checks for signs of danger and alerts the customer only when behaviors change or transactions veer away from the norm. Effective fraud detection and prevention needs a holistic view, one that considers all of the scam risk factors, not just indicators in isolation: warnings and education are critically important parts of the equation.
Callsign provides a solid defense against these often-sophisticated scams, without adding undue friction to the customer journey – reducing risk, losses and customer vulnerability.
With behavioral biometrics– the solution recommended by both UK Finance and the SCA – Callsign monitors for threats, passively and behind the scenes, and only intervenes when there’s a high likelihood of danger. Warnings can be contextualized to the exact scenario and the factors that influence it: if a customer looks to be a victim of a scam, a message warning them that they could be dealing with a bad actor can be displayed.
Those interventions can be customized to best fit every interaction: whichever is the most appropriate at the time. And because Callsign is designed to seamlessly integrate with existing systems, it means that risk gaps in authentication and identity can be quickly and easily closed.
As technology (and indeed society) continues to change and evolve, fraudsters will always be quick to identify and exploit new opportunities – and new victims. The definition of a vulnerable target is constantly changing; but that doesn’t mean that they have to remain vulnerable. Callsign puts identity and authentication at the heart of customer journeys, providing safety and security to organizations and customers alike.
Sometimes a passive solution is the best defense against active threats.