Of all the risks that financial institutions (FIs) are managing today, none rely more on the intuition and efforts of an actual human being than that of scams. Whether that is pushing education on customers who may never even read it, or phone calls from a bank associate warning those customers that they may be lining the pockets of a scammer – today’s approaches to mitigating scams either don’t work or are far from cost effective. Which is why it is no wonder that banks and credit unions have resisted taking on liability for scams affecting their customers and members. After decades of refining their fraud detection, financial crime, security, and overall compliance efforts to improve efficiencies they are being presented with tackling a new and complex challenge almost entirely from scratch.
The problem is not as burdensome as it seems, though, as it can be argued that bankers have a unique opportunity to meet regulatory requirements while also winning over customers and controlling costs. Because while bankers can deploy effective, modern technology to improve their ability to detect scams, consumers also have clear preferences as to the controls they would like to see deployed in the fight against scammers. And it just so happens that by combining both, the result is greater than the sum its parts. So read on to learn more about how FIs can better meet their regulatory burden while also bolstering the relationship with their customers – turning a what feels like an impending threat into an opportunity for a win-win.
When Phone Calls and Education Falter
As evidenced by the shifting regulatory landscape, scam detection is increasingly becoming a shared responsibility between financial institutions (FIs) and consumers. This is true not only in markets like the UK and Australia, but also in the U.S. as the Protecting Consumers from Payment Scams Act (S. 4943/H.R. 9303) seeks to limit consumer liability and shift it to financial institutions. Clearly it is time for FIs everywhere to think about how they are going to up their scam detection game, and how they can do that in a way that doesn’t make life even harder for their customers.
If banks and credit unions want to insulate themselves from the impact of this regulatory shift, one of the first things that will need to change is the difference in detection rates between consumers and their FIs. According to a recent BioCatch study, only 15% of scam victims discover scams through bank alerts, while a staggering 64% of scams are detected by consumers themselves. This disparity elucidates a risk for FIs as many are not currently able to deliver on the type of detection and partnership strategies needed to meet consumer or regulator expectations. Instead, they are sending out countless, unread educational emails or worse still, being driven to engage victims after the fact – meaning via customer service inquiries that are more likely than not to end acrimoniously, and which cannot scale to the size of the problem without driving immense costs.
So, What Comes Next?
Now that the regulatory winds have shifted, these bankers can no longer rely on consumers to detect scams and accept the losses that come with them. Regulators are basing their expectations on the notion that financial institutions will have access to advanced technology that can significantly enhance scam detection efforts. And they are not wrong, with AI and machine learning solutions, behavioral biometrics, and real-time transaction monitoring, they have powerful tools to identify and prevent scams.
While actioning those solutions may sound like a recipe for increased costs and even greater customer friction, FIs can amplify or otherwise supplement the value of these technologies by empowering consumers with the preferred tools that will help them not just better detect scams, but also can create a virtuous feedback loop with the institution.
Based on the perspective of actual scam victims from the same BioCatch study, these include:
Verification of Communication Authenticity: Consumers that have been victimized realize just how difficult it is to detect a scam which is why tools that verify the authenticity of communications from banks and credit unions are highly valued, with 86% finding them useful.
Confirmation of Payee: Tools that verify that payee information matches that of the intended recipient are useful to 82% of scam victims. This is critical as the sending institution has no control over the identity verification of payees, who are customers of other banks or credit unions with their own onboarding processes.
These preferences contrast sharply with their desire (or absence thereof) for the more typical avenues that FIs may considering using to mitigate the risk of a scam, both of which are exactly the types of steps that increase friction and drive customer inquiries:
Daily Payment Limits: While 61% of scam victims find daily payment limits useful, they can cause inconvenience for legitimate transactions.
Payment Holds: Payment holds for up to 48 hours are useful to 58% of scam victims but may delay necessary transactions and cause frustration.
Combining Self-Service Controls & Advanced Enterprise Solutions with a Human Backstop
This is also not to say that bankers should eschew engaging directly with the customer by phone or chat. High-quality customer service support is crucial, with 84% of scam victims valuing guidance during times of need – meaning when things go wrong. But rather than simply calling every customer involved in a potential scam with vague or overly wonkish explanations as to why something might be malicious, only to have them push back and demand that payment be issued, FIs can now utilize a digital-first alternative.
That means leveraging the initial detection to drive – or even mandate – the utilization of customer controls. In that way, bankers are implementing a far more efficient, automated system: one that does not require bank staff to pick up a phone and argue with a customer, but instead delivers clear explanations via a self-service experience in digital channels that are memorialized for both parties.
Consider that when those advanced enterprise solutions, such as behavioral biometrics, detect a scam, they could enable the very controls customers want to see. And some of these same self-service controls could influence the decisions rendered by those enterprise solutions. Better still, by bringing them together, FIs will be able to check one of the most challenging compliance boxes from a customer experience standpoint – notifying the customer of a potential scam and having a record in the event the customer chooses to move forward with the transaction anyway.
The Time is Now
Regulators have indicated that they will no longer stand by and let consumers shoulder the burden alone. For financial institutions, the signs could not be clearer that they need to move quickly to develop and implement a plan to better manage scam detection. Transitioning from a manual, education-first approach to one that brings together the types of digital controls consumers will respond to with the best enterprise tools available will neither be fast or easy. But it will synergistically reduce risks for both parties.
The key for consumers will be making things intuitive and integrated in the moments when they need them most. While daily limits and payment holds offer protection, and pre-payment alerts offer a tempting balance of security and convenience, bankers can and must go even further. And they need to start now, even in markets like the US before liability shifts greatly increase future financial and reputational risks.
The facts are clear:
Education doesn’t stop scams.
The phone calls don’t scale.
Scammers are winning.
Regulators are watching.
Your customers are waiting.
The time for fighting scams with only education and phone calls is over. We can no longer pretend that the problem is under control. A more deliberate, technology-oriented approach is needed. And the time to act is now.
As originally published by BioCatch.
Al Pascual - Scamnetic
Romance Scams in Brazil: Warning Signs and Prevention
Experts from Brazil discuss how romance scams work, their emotional impact, and how victims can protect themselves online.
De Viena a la Acción: GASA México y UNODC México Cierran Brechas Operativas
GASA México y UNODC México formalizan un Acuerdo de Intercambio de Comunicaciones, convirtiendo los compromisos globales de Viena en acción coordinada contra el fraude.
What the UN Global Fraud Summit Discussions Tell Us About What Comes Next
Watch expert discussions from the UN Global Fraud Summit on the industrialisation of fraud, global collaboration, public–private frameworks, and next steps for implementation.
Game Over for Scammers: Regional Defenses Against Online Gambling–Related Scams
Experts from INTERPOL, ACMA, and DGOJ examine how gambling-related scams operate and how global enforcement is responding.
What 22,000 Fraud & Cyber Crime Operator Signals Reveal About the State of Bank Attacks
Falkin's analysis of 22,661 fraud operator signals shows how bank attacks are evolving across regions, typologies, and AI-driven scam infrastructure.
Reinventing Fraud Detection Through Digital Fingerprinting and Link Analysis
A Microsoft white paper examines how digital fingerprinting and link analysis shift fraud detection from isolated events to connected, network-level intelligence.
On the Frontlines: Fighting AI-Powered Scams & Fraud
Experts from Microsoft, OpenAI, Google and C4ADS share how AI is shaping scams and how to fight back.
Telecoms on the Front Line: GASA at the Stimson Center Dialogue on Combating Scams
According to GASA’s Global State of Scams Report, telecommunications channels—voice and SMS in particular—remain a predominant “front door” for scams.