By Amir Nooriala, Chief Commercial Officer, Callsign
UK Finance published their 2020 half-year report on 25th September 2020, which found that scams steadily rose during the first six months of the year, with a total of £207.8 million lost due to authorised push payment (APP) fraud.
Voluntary scam code
To provide consumers with greater protection against such scams, the APP voluntary code was launched in May 2019, which included the reimbursement of funds to consumers who have fallen victim. As a result of the introduction of the code, banks have dramatically improved their efforts to educate their customers about fraud. It is now fairly common to receive a pop-up message on a banking app warning the customer of potential fraud when adding a new payee, for example. However, there are two challenges hindering banks’ success at getting customers to take notice: the messages are being delivered at the wrong time and customers ignore them – considering the message as an annoyance. Customers are now having to navigate an environment that consists of generic and impersonal emails and pop-ups when making online transactions, meaning the code has actually harmed the user experience. Banks are trying their best to inform their customers about the risks; however, they are often simply ignored.
While the code is a fantastic step in the right direction, there is still work to be done. So, what can banks do to better alert their customers to APP fraud, without harming the user experience, all while reducing the frequency of pay-outs they have to make as a result of the voluntary code?
Leverage greater intelligence
Firstly, organisations should look to leverage greater intelligence around user behaviour to identify and combat threats in real-time. This involves implementing a solution that collects thousands of data points about the customer such as behavioural, device, locational and telecoms to correlate identity traits. The individual’s data is then combined with other threat detection tools (e.g. is there any malware present on the user’s device?) analysed using machine learning and intelligence models to provide a confidence score that the user is who they say they are and that their activity appears normal when making the transaction.
Passive behavioural authentication for minimal friction
For minimal impact on the user experience, passive behavioural authentication is the most effective way of gathering this intelligence, without imposing undue friction on the customer. Recently approved by the European Banking Authority (EBA) for strong customer authentication in compliance with PSD2, passive behavioural authentication such as keystroke dynamics and mouse movement analysis help to confirm the identity of the user without the need for additional active authentication checks. This provides the right balance of usability and security by removing the need for intrusive authentication steps unless a cause for concern is raised.
When a concern is raised or fraud suspected, banks should look to tailored messaging that is personable and customised to the specific customer’s action at that point in time. This type of real-time messaging can be triggered and curated based on the methods mentioned previously to ensure that the consumer only encounters friction when appropriate. Instead of being faced with an annoying pop-up, this type of approach ensures that consumers are more likely to pay attention when presented with a warning. In turn, the customer feels more reassured which helps consolidate brand loyalty and trust that lasts for the long-term. Also, with customers more likely to pay attention to these curated fraud warnings, banks’ efforts to educate customers about fraud such as APP, will have more impact.
While the code has helped to protect the consumer against fraud, this has come at the sacrifice of user experience. However, this shouldn’t be the case. If banks use passive biometrics and intelligence to deliver real-time tailored messages, users can be better warned and protected, instead of irritated by poorly executed fraud alerts. As well as providing a superior user experience, this approach will also reduce fraud losses as banks will stop bad actors in their tracks before the damage has been done, and regulatory compliances will be met. With APP growing at a staggering rate, organisations must action these practices immediately so that they have a reimbursement that is both more accurate and user-friendly.