Tackling APP fraud with the FCA Digital Sandbox

Rachel Bentley

Tags:

Banking & Finance | Research & Insights | Fraud & Scams | Risk detection & analysis | FCA

Callsign recently participated in the FCA and City of London Digital Sandbox pilot, where we worked alongside industry experts to develop our approach to tackling APP fraud.

The Digital Sandbox Pilot, which ran from November 2020 to February 2021, was set up to support innovative firms looking to tackle challenges presented by the Coronavirus pandemic. The pilot focused on three areas: Fraud and Scams, Vulnerability and SME Lending.

Callsign was excited to be selected as one of 28 out of nearly 100 applicants to take part in the pilot, focusing on the Fraud and Scams use case, and specifically the challenges associated with Authorized Push Payment (APP) fraud.

Support was provided to sandbox participants through a range of features including access to synthetic data assets, an Application Programming Interface (API) marketplace and a collaboration platform to facilitate cooperation across participants and industry experts.

The growing threat of APP fraud

One of the unfortunate consequences of the COVID-19 pandemic is that while we have all been forced to carry out more of our day-to-day activities online rather than in-person, fraudsters have been taking advantage of this trend and turning their attention to target the massive global increase in online transactions.

APP fraud in particular, where victims are tricked into making a payment to another account, has seen a substantial rise in cases. The use of social engineering tactics to defraud people in APP scams increasing during the pandemic. UK Finance recently revealed that almost 150,000 cases of APP fraud were reported in 2020, with losses amounting to £479 million.

It’s a type of fraud that is notoriously difficult to detect and prevent, and one that the industry has been trying to tackle. But it’s clear that more needs to be done.

Collaboration was a key element of the sandbox, and one that we leveraged throughout the pilot. Working alongside our global banking partner, industry representatives and subject matter experts, we gained a deep understanding of the challenges faced in relation to tackling APP fraud and the limitations of existing approaches.

Fraud warnings risk becoming a "tick box" exercise


We are all familiar with the warning messages that come up when carrying out an online transaction. How often is it simply a case of ticking the box and continuing through to make the payment? Do customers really read and acknowledge these warnings and truly understand the risks that are present? Fraud messages have become generic and easily ignored.

Furthermore, repeatedly presenting the same warning messages during low risk, legitimate journeys can erode their effectiveness in higher risk situations.

The generic and static nature of warning messages is also playing directly into the fraudsters’ hands. Fraudsters are familiarizing themselves with banks’ journeys and, in social engineering-led scams, are able to coach customers through warning screens as they are presented. Rather than having the desired warning effect, this can in fact increase the legitimacy of the fraudster, who shows pre-emptive knowledge of the bank’s processes.

Simply increasing the number and frequency of warning messages is not the answer.

Existing solutions can’t keep pace with the fraudsters

Fraudsters are also constantly adapting their methods of attack, as demonstrated throughout the Covid-19 pandemic, cruelly exploiting any possible avenue to trick their victims - from vaccination payment scams to cryptocurrency investment fraud, taking advantage of the surge in Bitcoin price.

Financial institutions are limited by existing technology capabilities and are simply unable to respond quickly enough to these new attack vectors and the ever-evolving methods used by fraudsters.

Banks need to be able to assess the fraud landscape, identify new scams as soon as they emerge, and modify their fraud prevention strategies appropriately. Fraud prevention solutions must enable this, with easy-to-adapt customer journeys and warning messages that can be managed directly by the banks’ fraud teams.

Technology-based detection can help address the balance of responsibility

Current fraud prevention methods are heavily reliant on the customer needing to recognize a fraudulent situation. There is too much onus on the inexperienced consumer versus the professional fraudster.

While customer education is critical and ongoing efforts to educate the public are much needed, software-based detection capabilities should be used to tackle fraud from all angles and help address the balance of responsibility, away from the customer.

Callsign's solution

Reflecting on these findings, and working alongside our banking partner, we were able to develop and validate our technology solution. Our Dynamic Fraud Intervention product has been developed to tackle the challenges we identified.

We believe fraud monitoring should take place passively and behind the scenes, triggering interventions only when there’s a likelihood of danger. By looking for anomalies in the customer journey and unusual behavior patterns, we can bring together risk factors and assess the possibility that a scam is underway.

Dynamic interventions can then be customized to best fit each journey, with whichever action is most appropriate at the time. Warnings are contextualized to the exact scenario and the factors that influence it: if a scam appears to be underway, a message warning the customer that they may be dealing with a bad actor, and why, can be displayed. This makes it much more meaningful for the customer.

By giving banks the ability to quickly adapt customer journeys and warning messages themselves, in response to emerging threats, we can make things significantly more challenging for the fraudsters. It is much harder to convincingly coach victims through the transaction when you don’t know what’s coming up next

The industry needs to move beyond static, generic warning messages that have limited impact in the prevention of scams. A more intelligent and effective approach is needed, working passively to detect and stop scams before they take place.

Callsign’s Dynamic Fraud Interventions provide a robust and adaptable solution that will keep pace with, and combat, the constantly evolving threat of APP scams.


Explore Callsign's solution in more detail in our fraud prevention whitepaper.












 



Tell a friend or colleague: