Scams can happen to anyone, regardless of their job, education, or how well they think they can spot a scam. Case in point, a UK businesswoman was scammed out of £4,900 by an imposter scam in which a fraudster pretended to be her bank.

Why are scams such a scourge for financial institutions worldwide? Scams – arguably more so than any other category of financial crime – threaten the trust between customers and their banks. That’s why banks must protect their customers’ trust and finances with a layered approach to scam prevention.

The State of Scams

Banks and consumers worldwide are grappling with a scams epidemic. If that sounds hyperbolic, consider this: scam losses reached an estimated $1.02 trillion USD, according to the latest Global Anti-Scam Alliance (GASA) figures. That’s a figure that’s roughly equivalent to the GDP of some countries.

The rise in scams can be traced back to banks’ efforts to protect customers from unauthorized fraud attacks. These can include phishing, smishing, or vishing attacks that trick customers into revealing sensitive information about their bank account (including usernames and passwords). Fraudsters can also use SIM swapping to access legitimate users’ phones, thereby gaining access to their calls, text messages, and one-time passcodes (OTPs). Armed with this information or capabilities, fraudsters can commit account takeover fraud and transfer funds to accounts they control.

Banks have made considerable strides in stopping unauthorized fraud in recent years. However, fraudsters only shifted their tactics to the next most vulnerable link in the chain: customers themselves. Fraudsters are now employing various scam tactics to bypass bank security measures and manipulate customers into transferring funds on their behalf.

The shift from unauthorized fraud to authorized fraud has clearly created new opportunities for scammers. Because transactions are authorized by customers, banks are often reluctant to reimburse for losses – unless they are required to by local regulations. This deception by a scammer, coupled with disappointment in a victim’s bank, threatens to undermine customers’ trust in their financial institutions.

Why Scams Succeed

Scams succeed by preying on their target’s vulnerabilities. Bad actors can easily learn about victims using social engineering and tailor their schemes accordingly. Some of the most common schemes include:

• Impersonation Scams: Impersonation scams are among the costliest types of scams for banks and customers. Scammers pretend to be authority figures that their victims are inclined to trust. This includes law enforcement, government officials, or even bank representatives. Under this pretence, scammers scare their victims into believing they are in trouble and instruct them to transfer money to avoid serious consequences. Bank impersonation scams can be particularly harmful because customers think they are following their actual bank’s instructions.

• Romance Scams: In a romance scam (sometimes known as “catfishing”), a scammer convinces someone looking for romantic companionship that they have romantic feelings for them. They often meet victims on online dating platforms. Social engineering can make romance scams more convincing by reviewing their interests or photos on social media. If a person is recently widowed or a widower, they can prey on that feeling of loss to their advantage. Once they’ve gained their victim’s trust, scammers pretend to need money for a medical emergency or to visit their victim in person. After the victim sends them money, however, they disappear.

• Investment Scams: These scams prey on a victim's fear of missing out by urgently demanding money for a once-in-a-lifetime opportunity. Fraudsters often promise fast profits for a bit of money down. However, as with all things that seem too good to be true, they usually are.

These are just some of the most common scams affecting banks and customers. Regardless of their tactic, these scams all present complications for banks because there is no sign of a breach. Instead, it’s a legitimate customer making the transfer under manipulation.

A 3-in-1 Approach to Scam Prevention

Scams are soaring. Banks need a game-changer to detect scams as they happen, protecting their customers’ finances and trust simultaneously.

The only way to determine if a scam is underway is to observe a customer’s normal behaviour. Feedzai employs a layered approach to scam prevention that analyses a customer’s behavioural biometric patterns and interactions with their devices and enriches data.

This unique scam prevention strategy combines three critical prongs. Here’s how they work in tandem.

1. Device & Network Behaviour: First, banks and financial institutions should review all available information about the device, including its geolocation and network involved in the transaction. This includes whether the device—a laptop, smartphone, or desktop computer—and the WiFi or cellular network are already recognized. Attempted logins from unknown devices, unfamiliar locations, or suspicious IP addresses can trigger additional security measures.
   

2. Monitor Customer and Transactional Behaviour: One important factor to consider is how users access their online accounts. Another question is how they behave once they log in. Feedzai reviews behavioural biometric data such as how quickly a person enters their name, if they type on their keyboard faster than usual, or if a phone call is active while tapping their smartphone screen. These insights are critical to detecting any duress that indicates a customer may be falling for a scam.
   

3. Enrichment Data: Banks can look at third-party data to better understand the intent behind the transaction. For example, is the transfer directed to another known or suspected money mule account? Or has the receiving account been accessed by a device that scammers or fraudsters have used previously?

What makes Feedzai’s approach to scam prevention unique is the fact that all three prongs exist within a single solution. Some vendors can provide one or two of these capabilities. This means banks must get some solutions from one vendor and others from a different vendor, creating redundancy, overlap, and inefficiency. This is how our strategy stands apart.

More Kill Chain Opportunities

Combining these three prongs creates a “kill chain” for banks. If a scam progresses past one part of the prong, banks have multiple other chances to stop it before the point of transaction. The more information banks can access from a customer’s device and behaviours, the more points in the kill chain to stop the scam.

Looking at the full range of insights can help banks catch scams in progress. With this knowledge, banks can quickly intervene to stop the scam with a tailored customer message. This message should not be a generic “did you intend to make this purchase” communication. Instead, it should speak to the specific scam (romance, impersonation, etc.) targeting the victim. Delivering a specific message to victims gives them a moment to pause and reconsider sending the money.

Scams can deceive anyone. Banks need a multi-layered approach to tackle a complicated financial crime challenge. Combining transaction and customer behaviour data into a single view allows banks to respond in real-time to scams while a scam activity is in progress. Stopping scams before money is lost is critical for banks to protect their customers’ trust.

About the Author: Laurie Gentz, Senior Solutions Consultant, Feedzai

Laurie Gentz is a Senior Solutions Consultant at Feedzai for fraud and financial crime. She works with clients in North America to understand their current fraud and AML challenges and recommend solutions to assist them. Laurie's background incorporates the experience of working for a financial institution where she was responsible for financial crime compliance and payments fraud application management, solution consultant positions working for leading global technology providers, and managing effective implementations for a range of financial services clients and Fintechs. Laurie is recognized as a thought leader in financial crime and fraud, is CAMS certified, and holds an MBA from Kent State University.