By: Gemma Staite, Threat Analytics Lead at BioCatch
The world of financial services is fighting against record amounts of fraud. According to a recent UK Finance survey, there will be a 151% increase in fraud in 2022 compared to last year’s offences.
Two primary factors are causing the impending “scampocalypse.” The emergence of peer-to-peer payment apps, as well as the sudden displacement of labour and a hurriedly planned stimulus strategy at the start of the pandemic, has increased the number of scammers. So, what’s behind the dramatic increase in social engineering bank account scams, and what can financial institutions (FIs) do to avert a scampocalypse?
Scams for beginners
A functional definition of what constitutes a scam is essential for banks to tackle the scam problem. While the definition differs depending on who you ask, most financial institutions agree that a scam is a social engineering attack aimed to trick the victim into providing essential information or directly paying the attacker.
It’s helpful to divide the universe of scams into those that exist for the primary purpose of coercing the victim into making a fraudulent payment and those that exist primarily for the purpose of harvesting sensitive information in support of fraud attacks that may take place later.That gives us two categories of scams: Harvesting scams and payment fraud scams.
Harvesting scams – An attacker uses a harvesting scam to trick the victim into disclosing information such as login credentials or financial and personal information.The attacker then holds on to the information to use for future bank account scams — primarily account takeover fraud.
Payment fraud scams – Payment fraud scams, such as authorised push payment (APP) fraud, occur when an attacker coerces a victim into making an authorised bank transfer or sending money in real time over a P2P payment network. Because of the increased acceptance of digital banking and payments, as well as the convenience with which it may be done, this type of scam approach is flourishing.
Who is accountable if you are scammed?
The first place scam victims frequently go for compensation is their bank. When a victim calls their bank, the customer service team will act quickly to prevent the user from losing any additional money.
APP fraud makes it harder to recover stolen funds if the account owner sent money to someone because they were duped in a scam.Although not required, most UK banks will agree to repay lost funds voluntarily if a customer unknowingly falls for a manipulative scam. However, the customer may be asked to present additional evidence to prove they are truly a victim. This may include the customer being asked to prove:
- If they obeyed any security warnings sent by the bank
- That they believed the transaction was legitimate
- They were not acting careless when the payment was made
In the UK, where a “scampocalypse” of sorts began in 2013, the APP Contingent Reimbursement Model Voluntary Code, dubbed “The Code,” provides some protection. Recent changes to the reimbursement code, specifically “confirmation of payee” checks which require a user to input a person’s first and last name and account details before sending them money, may help reduce the impact of scams. In addition, the UK government has stated that legislation will be introduced to help combat this specific type of fraud, but it hasn’t happened yet, and there is still uncertainty of what it will look like.
The question of accountability
When the topic of reimbursement is brought it up raises the question of accountability. This year, victims were fully paid in 73% of cases of bank and credit account fraud, 64% of cases of advance fee fraud, and 46% of cases of consumer and retail fraud in the United Kingdom.
While there may be no legal consequences for FIs who refuse to refund a victim following a payment fraud scam, it severely damages the faith that customers hold in them. In addition to being robbed, falling prey to a scam causes tremendous emotional damage, which is only made worse when a victim calls their bank and is told they will not be reimbursed. It adds a feeling of betrayal to an already terrible situation. Ignoring this issue only sets FIs up for failure in the long run; the industry is based on trust, and customers will leave their FI for another if they don’t feel their money is being protected.
Getting out of the rough
While the prospect of a “scampocalypse” is terrifying, there are strategies available to avoid even real-time scams, allowing institutions to protect their consumers from becoming victims. Behavioural biometrics is a preventative measure implemented by FIs that can be used to detect social engineering scams before funds are transferred and lost
Since a person under duress behaves differently than one banking under normal conditions, behavioural biometric models catch on and helpprevent payment fraud scams as they happen. It’s critical to remember that there is a human element to this problem. Some customers stand to lose their life savings to one of these attacks. In an industry where trust is everything, it makes sense for FIs to get ahead of the problem and do their best to prevent their customers from becoming victims.
Whether or notregulatory actions influencing reimbursement models are undertaken, banks can be proactive in resolving the scam problem before it negatively impacts customers. The only certainty is that FIs and customers will have to work together to avert a total scam catastrophe.