Published by Jessica Weisman-Pitts
Posted on February 29, 2024
4 min readLast updated: January 30, 2026
In January 2024, Citigroup was sued for its weak security measures against fraud. In the civil complaint, it was alleged that the financial institution did nothing to protect their customers and further denied account holders the right to reimbursements after they lost money following a link that seemed to be sent via an official Citibank message.
These scams are a dime a dozen, and as such, banks must become more proactive in the fight against fraudulent acts. Some scammers call clients or send SMSes to swindle customers, but others create spoofed websites that look identical to the official website of financial institutions with the sole purpose of stealing sensitive data, which is then used to lift money out of the accounts of victims.
In order to fight against these increasingly convincing scams, a new act, called the UK’s Financial Services and Markets Act, was introduced in 2024 that legally requires financial institutions to reimburse the victims of authorized push payment scams. Previously, banks were not legally obliged to compensate the victims of fraud, but with this new implementation, it would not only protect customers, but it would also heighten the industry standards of security.
The United States has made it the responsibility of service providers to follow certain regulations to fight against fraud, with the SEC handing out fines to regulated entities that prioritizes reputation over transparency, “by intentionally minimizing incidents or not reporting them” – as was reported by Grewal, the agency’s enforcement director.
Lackluster security measures aren’t just harmful to customers, but it also hurts the company as a whole. While companies might not have any choice in the matter of spoofed websites, it does not stop users from losing faith in them following an attack, even if no money was stolen. It isn’t hard to believe that customers might stop engaging with a brand online after an attack or drop them altogether – moving on to a different, more reliable and trustworthy brand.
So far, the most effective and common solution has been to warn users to always double check the URL of the website they are visiting, but there are also more innovative solutions that can combat these fraudulent websites.
There are numerous companies on the rise striving to create a more secure digital world by providing security solutions that can be easily integrated into everyday practices
Memcyco, for example, has developed a solution for detecting website spoofing in real time and provides immediate security measures to vulnerable customers until the fake site is taken down. A Red Alert warning is issued to customers that visit a fake website of a brand, discouraging them from spilling their data by interacting with the page.
A.I is becoming increasingly useful in these modern times especially when it comes to cyberdefense. Detecting brand impersonators or spoofed websites before they have a chance to strike is the definition of ‘prevention is better than cure’, and there are more platforms out there offering such services.
BlueVoyant is another solution provider that is gaining momentum in the circle of cyber security. Digital Risk Protection is endorsed by federal agencies in the United States, and the company works together with governments to ensure that banks are fully informed on their cybersecurity risks through detecting and eliminating threats before they even have a chance to impact their customers.
Nipping any potential risks in the bud is a good approach to combat fraud, but educating customers with the most updated and relevant information can also help fight against scammers. According to the Federal Trade Commission, scams are often presented either as a problem or a prize and scammers will oftentimes pressure their victims by creating a sense of urgency. When it comes to scammers, ignorance is dangerous, and it would be beneficial for all if financial institutions arm their users with key information on how to recognize a scam.
Having a high level of awareness of what the latest scams are is very important, but it is even more important to stay one step ahead of them, whether by providing information or installing safeguards. Upgrading security systems and taking proactive steps can help ensure that customers are well informed on what is happening and can play a key role in combating scams.
Fraud is a wrongful or criminal deception intended to result in financial or personal gain. In banking, it often involves unauthorized transactions or identity theft.
Security measures are protocols and practices implemented to protect sensitive information and assets from unauthorized access, theft, or damage.
Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks, which can lead to data breaches and financial loss.
Customer education involves informing and training customers about products, services, and potential risks, particularly in recognizing and avoiding scams.
An authorized push payment scam occurs when a fraudster tricks a victim into authorizing a payment to them, often through deception or impersonation.
Explore more articles in the Finance category
