Seth Ruden, Director of Global Advisory at BioCatch, on how the UK’s financial institutions can be better prepared to deal with authorised push payment (APP) scams

The focus on authorised push payment (APP) fraud scams – where scammers impersonate reputable individuals or institutions – has increasingly shifted to whether banks should reimburse customers for funds stolen by scammers. We can gain valuable insights from the approaches taken by financial institutions in the UK. They are leading the way with their cybersecurity efforts compared to their counterparts in other regions.

First, British banks established a standardised reporting system and typology. This is a fundamental first step that every financial institution should take to grasp the full scope of how financial fraud affects banking consumers. Banks may disclose the type of fraud, the amount of money stolen, and the bank measures used to prevent the scam from occurring. This centralised view brings the true scope of the totality of scams into focus.

Three ways the UK’s financial institutions are leading in the fight against fraud

Second, the UK has developed strategies to identify specific scams and reduce their losses. The regulator added a slew of new controls to banks, including confirmation of payee, scam and transaction-specific interventions, and money mule account controls for those receiving the illicit funds. Before regulation, not every financial institution had implemented these controls, providing an uneven playing field and allowing scams to flourish. Banks outside the UK should not wait for regulators to mandate controls like these. They should do it on their own accord to prove they realise the magnitude of the scam problem and the severity of its impact on bank customers.

Improved consumer financial scam controls should be a minimum requirement for financial institutions in 2024. These controls should cover: authorised push payment behavioural analysis, money mule behaviour around both account opening and account activity, and analysis of both inbound and outbound transactions. Furthermore, detecting and then closing money mule accounts – used by fraudsters as an intermediate stop between the victim’s account and the final destination for the stolen funds – is absolutely critical, as they serve as the backbone for every consumer-based financial scam.

The third? Getting involved. Banks need to integrate themselves and participate with industry and trade associations – such as the FS-ISACs and GASA (Global Anti Scam Alliance). These associations provide opportunities to network with peer institutions and others in the fraud value chain to share scam information and learn from each other.

Effective Fraud Prevention: A practical assessment of Key Strategies

Many banks today use precision anomaly detection and behavioural biometrics to notify them when a fraudulent transaction takes place. Financial institutions in the UK often issue actionable alerts to clients in real-time. Santander UK, for example, now asks customers if they have seen the item in person before approving a payment through Facebook Marketplace. For online account opening, there are good solutions for bot-detection to prevent automated bots from opening new accounts, behavioural biometrics to detect suspicious patterns of data entry, and solutions that can analyse the customer KYC data. A secondary benefit of strong account opening controls is the reduction of operational costs to close bogus accounts.

For detecting existing money mule accounts, traditionally it required tracking the circulation of funds, both the inbound and outbound transaction activity and looking for anomalies (e.g. high value in and then immediately transferred out). Now, user behaviour anomalies – such as changes in the user’s input/output device activity or navigation preferences – may indicate a change in account control before the suspicious transactions take place.

Protecting Customers: What the future holds for Financial institutions

Since the UK’s introduction to faster payments, the region has become a centre of research for the rest of the world. However, eliminating threats to UK customers and their money has remained difficult despite an increase in regulation. While Governments and international groups are starting to identify and take down some of these organisations there are still hundreds of thousands of scammers and coerced individuals involved in these intricate schemes. A key challenge for financial institutions is understanding how scammers get their customers to initiate authorised payment. However, these challenges can be combatted by understanding the psychology behind how scammers work which can be a prominent factor in tackling the problem. Financial institutions must ensure that, in a few years’ time, they can confidently answer ‘yes’ to the question: Did we do enough to help eliminate consumer financial scams?

  • Cybersecurity in FinTech

Related Stories

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.