Protecting bank customers from Authorised Push Payment (APP) fraud
Authorised Push Payment (APP) scams are one type of fraud that has become increasingly prevalent. This scam involves the fraudster tricking their victims into making bank transfers to them, often using social engineering techniques and persuasion tactics to convince the target. APP fraud is highly complex and problematic for banks to detect and prevent, according to LexisNexis Risk Solutions, a global data and analytics company, because fraud detection technology is typically only designed to stop accounts being compromised by third parties. In the case of APP scams, it’s the genuine customer accessing the account and making the payment themselves. Official figures from industry body UK Finance show that APP fraud led to losses totalling almost £250 million in the UK in the first half of 2022.
To tackle this worrying and costly problem, LexisNexis Risk Solutions says it has combined artificial intelligence (AI) with a range of new and existing fraud signals read from a user’s device, to more confidently predict when an online banking user is about to send a payment to a criminal.
It adds that trials of this new technology with two major UK banks achieved a 120% increase in detection of in-progress APP fraud among online banking customers. This initiative also resulted in a 90% increase in the monetary value of fraud prevented and saw false positive rates more than halve.
Tom Garner, LexisNexis Risk Solutions head of engagement for Threatmetrix – its tool for tackling APP fraud – says: “For a number of years APP scams have been steadily increasing, particularly during Covid-19 when more consumers moved to online channels. Now fraudsters are looking for new avenues, and one is to capitalise on the cost of living crisis. For example, they will send out text messages or emails claiming to be from the government or another organisation that can help people with the crisis.”
While APP scams clearly come with a financial cost, Garner explains that the consequences are even more wide-ranging. “There’s the reputational cost of the bank to consider as well,” he says. “On a daily basis there are stories in the media about fraud victims. In the UK, banks currently reimburse around half of fraud victims, but legislation is moving towards them being liable for paying back all victims of APP scams.
“There’s also a wider piece around education that the banking industry is continually focusing on. While previously, it tended to be the less tech-savvy, often older customers, who were most often defrauded, criminals today are now so good at what they do, that they can catch any one of any age out. The problem for banks is how to tell whether a customer’s intentions are genuine, or are they being manipulated.”
LexisNexis Risk Solutions explains that to solve the problem, it introduced two new data sources – Active Call detection and Global Beneficiary Information – to provide additional insights that can help spot potential fraudulent behaviour in customer transactions. If an active call is detected, it tells banks their customer is speaking to someone on the phone while making a mobile banking payment. One in four APP scams involve a live call. Global Beneficiary Information can help detect whether the account a customer is trying to pay into, could belong to a fraudster.
The company says that it combines these two data sources with a range of other fraud signals and the advanced machine learning capability of LexisNexis Threatmetrix.
Garner says: “We have a multi-layered approach to identifying scams. We look at the end-to-end customer journey and the behavioural patterns of the individual. This allows the system to ‘learn’ to recognize how an individual interacts, so we can spot key identifiers that show a customer may be acting differently under duress during a scam. We may identify, for example, that a customer is on call while they’re logging onto their banking APP which could be a sign a fraudster is talking them through the money transfer.
“Alongside that analysis we look at digital intelligence and take a network view that can check for things like whether it’s a risky beneficiary that a customer is trying to set-up a new payment to. We bring all the intelligence together to provide a specific scam score based on multiple identifiers. We therefore take a single customer view covering every touch point they have with the bank.”
LexisNexis Risk Solutions works with all the main banks, including the LexisNexis UK banking consortium, and ensures its offering keeps pace with any regulatory changes.
Looking ahead, Garner refers to the proposals from the Payment Systems Regulator (PSR) to shift liabilities - with the aim of bringing in more protection against APP scam losses - as a focus for this year. Reimbursement of victims would be mandatory, quicker, and banks would be expected to do more to prevent fraud.
Garner concludes: “We’re also continually working on additional features or data sources that can be used to identify scams and we’ll continue to concentrate on behavioural biometrics. The UK banking consortium members share data in real time and we’re working with them to identify and combat money mules. If you identify the mules, it helps stop the scams.”
For more information: https://risk.lexisnexis.co.uk/