Australians have experienced a surge in scams, with losses amounting to a staggering $3.1 billion in the past year alone. From false billing scams – responsible for more than $22 million in losses in 2023, to payment redirection trickery and more, the impact on both individuals and businesses cannot be underestimated. The growth of real-time payments has only exacerbated the problem, creating a fertile ground for cybercriminals to exploit vulnerabilities.
From a cybersecurity perspective, traditional anti-fraud analytics won’t stem the rising tide of scams.
In this article, we will cover five key considerations for the finance sector as it faces an urgent imperative to fortify defences and protect customers with advanced analytics and strategies that can keep pace with the relentless rise in cyber scams.
How Is a Scam Different To Fraud?
Before diving deeper, let’s distinguish between scams and fraud. Fraud involves a third party orchestrating deceptive actions to defraud a victim, often behind their back and without their knowledge. When it comes to fraud, the criminal is the one that takes the action. In the retail banking space, a typical fraud transaction results in an Unauthorised Payment, given that a third party makes the payment.
In contrast, a scam tricks a victim into willingly transferring funds to a fraudster. The victim is the one that takes the action. With scams such as Authorised Push Payment crimes, it is the bank account holder who authorises the payment and that’s one of the reasons why organisations across the finance sector are rapidly updating their methods.
5 Considerations as the Financial Sector Adapts to Battle Scams
Adapting to Authorised Push Payments and other Scams
Traditional anti-fraud analytics focus on identifying third-party fraudulent activities. A fulsome and forward-looking cybersecurity strategy must also effectively monitor for, address and work to prevent situations where consumers and businesses fall victim to scams causing them to make payments to fraudulent recipients.
This reframing will extend from the way people within the business approach the problem to the development of advanced analytics used to spot and address scam activities right through to the adaptation of digital tools consumers use to make payments.
Understanding the Customer’s Perspective
Criminals can be quite convincing as they establish fear in their victims. Whilst an institution might be highly confident that a payment is the result of a scam, the customer may believe strongly that the payment must be made and have an expectation that it will be made quickly – especially if they are using a real-time payment method. When banks block such payments, customers often insist the payment is legitimate. This makes it more difficult to stop transactions.
Financial institutions can be guided by this understanding as they communicate with customers about scams and take steps to either prevent them or reverse the resulting payments. Where such messaging is automated as part of a digital service or transaction tool, great care must be taken to provide the right message at the right time.
Balancing Risk Management with Customer Expectations
Indeed, the proliferation of real-time payments has set new standards and expectations for digitisation, speed, and convenience on the part of consumers, merchants, and financial institutions.
On the flip side, customers and regulators expect banks and financial services providers to step up their game in terms of fraud, scam, and cybercrime prevention. The Australian Banking Association has endorsed the need for a “higher standard across the industry in preventing and disrupting scams and protecting customers” and is working on new standards. The Australian Securities and Investment Commission (ASIC) is working to implement a cross-industry code that will hold banks, telcos, and social media platforms responsible for scam safety and make them liable to reimburse people who lose money through scams.
With zero time to clear a transaction or payment, anti-scam, cyber security, and anti-fraud efforts must not hamper service delivery, speed, customer experience. Balance will be found by appropriately deploying AI to create systems that are radically quicker to recognise fraudulent transactions.
Real-Time Risk Assessment
When detecting third-party fraud, the first line of defence is identity authentication. This is supported by AI and machine learning that looks for behavioural signals that indicate that the person making a transaction is not the legitimate account holder.
When a scam is in play, identity authentication cannot help. After all, the person making the transaction is the account holder. However, because they are under the influence of a fraudster, their behaviour will be different to what is normal for them. AI models can look for such outlier behaviour. For example, protecting real-time payments from scam-related activity requires analytics that look for changes in customer behaviour such as using accounts or devices outside of their usual habits, making a transfer at an odd time-of-day or increased frequency of a type of transfer.
Models designed specifically for scams detection can differentiate between behavior that indicates third-party fraud and that which indicates a scammer is active. Being able to separate the third-party fraud from the scams is vital as both require different treatments to turn detection into prevention.
With AI and Machine Learning, financial institutions and service providers can accurately risk-score transactions, applications, and vendors in real time. Rapid modelling must determine whether the transaction can receive a near-instant customer experience or whether it presents an elevated risk that might require additional digital confirmation or review by the fraud team.
Inserting Intelligent Friction
There has been a drive towards a ‘frictionless customer experience’ so that the user can complete the desired task without unnecessary interruption such as requests for confirmation. However, introducing the right amount of friction into the process is essential for risk management. A warning asking customers to confirm a large or unusual transaction, or flagging the first time a person is making a transfer to a particular recipient, can add a layer of security without causing frustration.
With the increased financial sector focus on customer centricity and hyper-personalisation, it is important that such communications are individual to the customer and the transaction they wish to make and that they are issued in the customer’s preferred channel.
Displaying the same generic warning every time a customer tries to make a payment will result in friction fatigue and the warning is likely to go unheeded. Simple rules-based analytics models tend to raise far too many alerts causing customers to be annoyed or – worse – to ignore security steps.
Relevant and personalised communications are more likely to be acceptable and to gain the attention of the customer. Powerful modelling capabilities can ensure the friction happens when appropriate, in real time, adding real value, and able to be quickly resolved or flagged for the necessary investigation.
Cross-Functional Collaboration Required
Running anti-fraud and cyber security in silos will weaken an organisation’s overall security stance. Legal teams, financial crimes investigators, data scientists, product leaders, and digital experience teams must have processes and tools that enable them to work together to create strategies that protect both customers and the institution.
In the end, collaboration, adaptability, and innovation will be the cornerstones of success in the ongoing battle against cyber scams, ensuring that Australians can enjoy the benefits of modern financial services while remaining protected from those who seek to exploit vulnerabilities in the digital age.