Do the Right Thing: Banks need to take responsibility for Impersonation Scams
When you think of a bank, what sort of imagery does that evoke? For many of us, at least one of the things our minds conjure up is a safe, which makes sense because we’ve long been taught to trust that financial service providers will keep our money and data out of the wrong hands. That is exactly why scams are now amongst the most meaningful threats to retail banking: their proliferation is undermining that expectation. Fortunately, some well-informed bankers are taking ownership of the scam problem, but not every one of them is following suit. There are those who resist taking ownership and instead hoist the responsibility back onto customers. What they are failing to consider is the implications of when scammers succeed. The scam problem is everyone’s problem, even if they can’t see it especially the communications that come in acting as that bank (impersonation scams).
Why Scams Demand Attention: Impersonation Scams
Whenever a financial institution (FI) introduces new products and services, the bad guys are ready and willing to take advantage. This happens because there is often a rush to put a product or service into the market to gain a competitive advantage, or to simply keep pace, and preparing for criminal activity is not a priority. In the case of digital banking and payments, many bankers choose to deliver their customers the benefit of greater convenience – and the reduced servicing costs that come with it – without the requisite controls.[1] This leads to a bevy of problems that are directly related to scams, including a proliferation of mule accounts and a misuse of real-time payment applications.
It’s funny because FIs want consumers to view them as trusted stewards of their financial security. And don’t get me wrong, consumers generally believe in the capabilities of their own banks and credit unions. In fact, 69% of consumers trust their primary FI with their information, but at the same time, 87% would stop doing business if they were concerned with their security practices. [2],[3] You can take them at their word. When bad guys got access to their accounts, customers were more likely than not to switch banks, even if reimbursed.[4] Trust betrayed is a relationship lost.
It is true, though, that scams are a different type of security threat than identity theft or fraud attempts. The legitimate customer is right at the center, rendering all those identity verification and authentication controls ineffective. ‘But surely there is a role for the customer to play in all of this’, you say? There certainly is – I’m not saying there isn’t – but many bankers have given into the natural tendency to blame victims, and simply refuse to do anything about it. That in turn, has drawn the ire of legislators and regulators around the globe – creating the specter of growing compliance costs.
All of this is not to mention the impact of scams on bank brands. Consider that the brand most likely to be used in text scams is that of a financial institution.[5] That undermines the perception of customers, which is a big problem as they place trust at the top of their list when shopping for a new financial institution – even more so than convenience.[6] Which makes sacrificing security for speed to market, or simply ignoring it altogether, seem kind of boneheaded. It also means that customer acquisition costs – ranging from $800 to $2000, depending on type of account – will grow for those FIs that don’t pass muster as they are forced to throw even more capital at incentives and marketing campaigns to overcome the impact.[7] We’ve all seen it happen.
What Taking Ownership Looks Like: Impersonation Scams
Simply put, taking ownership means understanding the effect that scams are having on your institution and approaching the problem in the same way as other recognized security threats. Ideally that involves a holistic approach that empowers the customer to be an effective first line of defense, deploying technology behind the scenes that detect and prevent scammers from being successful, and being ready to engage the customer to limit the damage when things do go wrong.
In the best of cases, the consumer who receives a bogus message purporting to be from a trusted FI is contacting that institution before responding to the message – generating $4 in customer service costs each time.[8] In the worst case, the scammer has already deceived the customer and funds have already left the account. This makes efforts like the one at Santander Bank an excellent example of an FI tackling the problem from all sides. In addition to an educational campaign that helps customers spot scam messages, Santander’s Break the Spell team investigates on the customer’s behalf – collecting, and then presenting, clear evidence that helps the customer to realize they are being misled.[9],[10]
At the same time, FIs should fight back against scammers within their own perimeter. Leveraging behavioral data to identify customers who may be interacting with scammers gives FIs a chance to save customers from themselves – which is exactly what Westpac is doing. The bank intercepts suspicious transactions and initiates a dialogue with customers, helping them discern if they are taking actions at the behest of scammers.[11] And if the scammer happens to succeed at another institution, they will attempt to transfer their ill-gotten gains to mule accounts, which makes using behavioral biometrics to spot this type of activity an important tool in ending the cycle of scams.
A Solvable Problem Where Everyone Wins: Impersonation Scams
It may feel like scams are a customer problem, but for the enlightened banker they represent an opportunity to keep a promise. Scams that are imitating FIs and misusing their infrastructure are taking billions of dollars out of the pockets of consumers – truly destroying lives. Financial institutions that stand out as partners to consumers in the fight against scams will be speaking to that long-held expectation of security. They will be the trusted provider that consumers want and that regulators expect. It is as pragmatic an issue as it is an existential one for the reputation of the financial services industry. But more than anything, it is a human one and addressing it starts with recognizing that we are all in this together.
This is published with permission from BioCatch
Learn more about KnowScam and protecting yourself!
- [10] https://www.thisismoney.co.uk/money/beatthescammers/article-11595389/We-join-bank-staff-protecting-victims-life-savings-romance-scams.html
- [11] https://www.youtube.com/watch?si=76uSm32TmfZuNKTy&v=iIZZpteeem8&feature=youtu.be
- [1] https://www.forbes.com/sites/alanmcintyre/2019/06/24/banks-have-thrown-1-trillion-at-digital-do-shareholders-care/?sh=4c8dc4a42121
- [2] https://www.mx.com/blog/three-keys-to-building-consumer-trust/
- [3] https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-consumer-data-opportunity-and-the-privacy-imperative
- [4]https://www.theregister.com/2017/02/17/us_post_bank_fraud_churn_study/#:~:text=Researchers%20at%20Carnegie%20Mellon%20University,and%20did%20not%20lose%20money.
- [5] https://www.ftc.gov/news-events/news/press-releases/2023/06/new-ftc-data-analysis-shows-bank-impersonation-most-reported-text-message-scam
- [6] https://www.pymnts.com/news/banking/2023/nearly-70-pct-consumers-prioritize-trust-over-convenience-choosing-bank/
- [7] https://tearsheet.co/data/why-customer-acquisition-is-so-difficult-for-financial-startups/
- [8] https://www.bain.com/insights/bank-branch-call-center-traffic-jam/
- [9] https://paymentexpert.com/2023/09/04/love-hurts-campaign-launched-by-santander-to-combat-romance-fraud/