The art of preventing APP scams
Falling victim to authorised push payment (APP) scams can happen in a matter of minutes, but combatting it is a much more complex challenge.
For example, as reported by The Guardian in November, the UK’s biggest fraud investigation, which involved the shutting down of a website called iSpoof that helped scammers steal using fake bank phone calls, took a year and a half (from June 2021) to complete and saw 100 people charged.
These scams can take a myriad of forms, from romance and money remittance to cryptocurrency scams, but the basic premise is almost always the same. Manipulating the account holder to facilitate part of the scam themselves either by actioning the payment or compromising their personal details.
To improve their defences against APP scams, banks need to get more insights from more data. The more data a bank can process, the more knowledge they have of what their customers’ genuine behaviour looks like compared to criminal activity or customers dealing with extreme uncertainty or emotional duress.
Increasing the amount and variety of data being fed into a bank’s fraud prevention systems and machine learning models makes it easier to spot anomalies and stop scams.
Criminal action vs genuine user activity
The immediate question for banks and the payments industry is not ‘how do we stop the criminals who thrive on exploiting customers and tricking people into sharing private information?’, but rather ‘how can technology and data be used to prevent the scam from happening at all?’. All data can be useful, but when it comes to weeding out criminal action from genuine end user activity, behavioural data is key.
Behavioural biometrics, powered by machine learning, can help identify illegitimate transactions from legitimate ones. Profiling and analysing transactions can take banks much closer to combatting APP scams. This can only work if banks are collecting and analysing the most customer data possible. Solutions that use behavioural biometrics can profile user behaviour, including mouse movements, typing cadence and swiping patterns to differentiate between genuine user and criminal activity.
The insights and intelligence gathered from this data, such as the hand or finger the user is using to type, can help create a passive authentication layer. And when compared to previous good and bad behaviour, it can be used to look for signs of an unauthorised user or unusual behaviour by a genuine user.
Perfecting scam prevention is the key
The ultimate aim is to build a more accurate understanding of genuine customers so that fraudulent behaviour is easier to spot. Not only to help detect new fraud patterns, which are increasingly changing and evolving with consumer trends, but also to encourage informed decision-making when it comes to prevention. Most of the data needed already exists, what is needed now is for both initiating and receiving banks to integrate that data with the right controls.
Increased behavioural intelligence can help slow down the transaction process, when intervention is necessary, to give customers a chance to reconsider their payments. Instant two-way communication can also be used to warn or educate customers on the risks of their behaviour. If banks detect that transactions are deemed as ‘risky’, SMS messages can be sent in real-time to the customer.
The majority of banks are already somewhere along the APP scam prevention journey. However, banks need to truly master the art of stopping or preventing APP scams and integrate fraud prevention as a positive part of their customer experience, which will retain and protect customers.
APP scams can take many forms, and will continue to evolve alongside changing consumer trends, but in essence, they are all the same. In order to properly and effectively tackle this kind of fraud, banks need to leverage more insights from more data, specifically behavioural biometrics, to drive machine learning-enabled profiling of both positive and negative transactional behaviour. With this approach, fraud prevention systems will identify fraudulent activity and make informed, real-time decisions to stop it.