14 May Cyber security – tackling the internet scammers
Chris Stephens, head of fraud & security analytics at Callsign looks at the rise of internet scams and how to prevent them
Fraud costs the global economy US$5 trillion each year, which is around $700 per person worldwide, according to accounting firm Crowe. The rise of scams has been getting worse as banks’ and retailers’ customers have been steadily moving towards being exclusively online – a trend that the COVID-19 pandemic has only exacerbated.
In the UAE authorities have intensified their cyber patrols to crack down on fake F&B and shopping websites that steal cash from victims’ bank accounts. The fraudsters use fake websites with the names of well-known restaurants and shopping centres in the emirates to lure unsuspecting customers to part with their cash.
The internet has allowed organisations to offer slick, friction-free services that give customers more control over their money. But it’s also a prime culprit for the stratospheric rise in the amount of money being lost to fraudsters on a daily basis.
While big banks and retailers have the means to spend billions on security and put processes and procedures in place to mitigate risk, the public is largely oblivious to the dangers that lurk in the shadows. And those dangers are only growing more and more complex and refined.
Detecting and preventing scams is extremely hard. Million-pound scams don’t happen often, but low-value transactions from regular customers are harder to detect for banks, retailers, and the victims themselves. Scammers even coach their victims to navigate warning messages and security measures. This means that even if the scam raises an alarm, it’s still difficult to convince the victim not to let it happen.
But whose responsibility is it?
Based on a survey of 1,500 people globally which aimed to get a sense of how much people are thinking about fraud when they’re online and what they expect banks, retailers, and governments to do about it, the survey revealed that 71% of people think they’re responsible for avoiding scams. 65% of those said it was their banks’ responsibility, and 56% also put the onus on online shops.
The reality is that both sides have a part to play. So, how to we prevent fraud and scams? Banks and retailers spend a lot of time and money on campaigns to raise awareness about the dangers, and most of the major players drop warnings directly into the user journey too. Some have gone even further and started offering compensation.
The question is though, is it actually working? Our survey showed that a quarter of people haven’t even noticed the warnings banks and retailers put in front of them. Of those who did claim they had seen warnings, 58% said they hadn’t done anything differently as a result.
Why won’t they listen?
Detecting scams is hard but making people listen to and remember educational messages is even harder. This happens because when people see the warnings and advice, they are in what is called a “cold” state: calm, dispassionate, bored. But when they are actually at risk, they are in a “hot” state: emotional, stressed, angry.
When we are in a cold state, we struggle to imagine how we’ll behave in a hot state (and vice versa). So, when we are calm, it’s more than possible that we’ll read a scam warning and make a mental note to be careful. But when the scam is in progress and we are stressed, all that preparation disappears. We tend to overestimate our own abilities. Our survey results echoed this: 50% of people claimed it was easy to avoid fraud online because it’s just “common sense”. Moreover, the harder you work to protect people, the more risks they take. Fraud and scams are on the rise, but people are incentivised not to worry too much about avoiding them. And the more banks and retailers do to protect their customers, the more risks those customers take.
So what can be done?
One of the best ways to protect against risk is to put as many barriers between it and the potential victims as possible. The idea is that if the threat manages to get through one of the barriers, there’s another one there to stop it going any further. Right now, there are plenty of obstacles between customers and scammers, but if a criminal convinces a customer to legitimately transfer their money, those barriers go away. This means there is only a key obstacle: education, but it should be part of the solution rather than the whole solution. The industry must continue to educate customers about the risks they face when making online transactions. And with a little behavioural savvy, it’s possible to make these campaigns and communications really resonate.
Where do we go from here?
The ideas we have outlined will give banks and retailers a chance to get on top of this digital pandemic, but not every idea will work every time. The key is to test and improve, rather than to set an agenda and always stick with it. And to build your approach with more barriers rather than fewer.
A successful strategy for battling fraud is having fraud people and customer experience teams working side by side, rather than at odds with one another.
Callsign’s new Dynamic Interventions software takes a three-part approach to tackle scams:
1. Diagnosis and detection – it’s always in the background, looking out for malware and unusual behaviour.
2. Intervention – when it spots a potential attack, it intervenes, asking the customer questions to complete the diagnosis.
3. Action – if it’s satisfied there’s an attack going on, it can either send a message to the user explaining what to do or put a stop to it.
The software brings fraud and customer experience teams together to define the approach with just enough friction to stop customers in their tracks, but not so much that it gets in the way of a good experience, and it’s set to have a huge impact on tackling fraud and scams worldwide.