Earlier in May it was announced that bank account holders who are tricked into transferring money to fraudsters could be entitled to reimbursement in certain circumstances under a new voluntary industry code, whilst TSB has gone further; and is already promising to refund customers who lose money through any type of fraud under its fraud refund guarantee.
A particularly concerning stat is that according to UK Finance’s annual fraud report ‘Fraud the Facts 2019’, Authorised Push Payment (APP) fraud was up by a staggering 44% last year and this trend is set to continue. So are banks doing enough to prevent fraud in the first place?
Chris Stephens, Head of Banking Solutions at Callsign, explains why APP fraud is only going to increase, and what banks need to do to combat the issue now before they risk losing their profits.
“Although new legislation such as Secure Customer Authentication (SCA) has been designed to protect the consumer, it may inadvertently have created more problems that it has solved, one impact being an increase to APP fraud. Yes, SCA will mean initially accessing account information will be harder for criminals (fraudsters use personal and transactional details they have harvested online to gain a customer’s confidence that they are calling from the bank), however the rise of Third-Party Payment Providers (TPPs) fuelled by Open Banking, such as Yolt who utilise screen scraping, complicates the authentication landscape.
Although new legislation such as Secure Customer Authentication (SCA) has been designed to protect the consumer, it may inadvertently have created more problems that it has solved
“Ultimately, if a consumer hands over information about all their various accounts to one TPP, and that provider then gets compromised, all of that individual’s accounts are at risk – you are only as strong as your weakest link. What’s more, this surge of new payment providers and services will mean there are a wider range of sources for criminals to use to gather victim’s information.
“In terms of improving authentication, SCA will not have effect on reducing APP fraud, purely because this type of deception occurs when the customer is manipulated to unknowingly move money to a fraudulent account. In addition, if new regulation such as PSD2 does makes other forms of account takeover that much harder, it is only logical that fraudsters will look to easier scam methods, such as APP fraud.
“Enforcing new regulation to improve identification and authentication is one thing. But, clearly APP fraud is a real challenge and could rise exponentially unless banks take a more holistic view of their security policies. Financial institutions must be able to see the full picture so can get an understanding if their customers may have been socially engineered. This includes phone calls or emails that they may have received from fraudsters. Intelligence from both telcos and email providers will make a big difference here. For example, by incorporating data from a telco it is possible to see if the customer has received a stream of calls from a random number, a number which has also targeted many other people.
“Furthermore, if you have visibility of emails being sent to a customer which say an organisation’s account details have changed – by piecing that together with other information and behavioural insights means the bank can build up a more complete view of fraudulent activity.”