Callsign launches Dynamic Interventions to tackle authorized push payment fraud

News Desk -

Share

Callsign has announced Dynamic Interventions, which are managed by its Orchestration Engine. This technology enables organizations to detect social engineering scams in real-time and intervenes when fraud is detected, delivering contextually relevant and personalized messages that protect users from becoming victims of fraud.

The phenomenon of social engineering has emerged as a way for fraudsters to psychologically manipulate consumers into transferring money to accounts held by the fraudsters. Known in the industry as authorized push payment (APP) fraud it is hard for banks to detect as the authorized customer is making the payment.

‘Scams like authorized push payments are a digital fraud problem requiring a digital solution. With real-time and faster payment systems becoming the global norm, banks and financial service organizations need to look beyond conventional fraud detection and actively detect, intervene and protect. With APP, static fraud warning messages to customers have become ubiquitous and easy to ignore. Fraudsters anticipate static messages and coach users past those warnings, but Callsign’s Dynamic Interventions detects threats to consumers in real time, intervenes and alters digital journeys appropriately, introducing new controls or steps to protect customers,’ said Chris Stephens, solutions engineer, EMEA, Callsign.

APP fraud has increased dramatically in the last 18 months. According to Forrester research, authorized push payments are viewed as a major issue by 66% of financial services and consumer banking organizations worldwide (APAC 66%, Middle East 67%, North America 56%, UK 72%). Organizations agree that a combination of threat detection, dynamic fraud warnings, and behavioral biometrics can aid in the resolution of this problem.

With faster or real-time payments in place around the world, it’s impossible to recover money once it’s been sent, raising the costs of fraud for financial institutions or consumers. Zelle, a peer-to-peer banking app in the United States, recently made headlines due to APP fraud on the platform. It is estimated that $490 billion will be sent by consumers and businesses over the Zelle network in 2021, and because transactions are instant and irreversible, the platform has attracted fraudsters.

In Asia, 40% of banks identified social engineering as the top fraud concern for real-time payments, with 25% of consumers reporting encounters with social engineering scams.

According to UK Finance research, customers in the UK will lose £583.2 million in 2021 after being duped into transferring money into accounts controlled by fraudsters. 97% of those losses were paid using the UK’s Faster Payments system.

The Callsign platform understands recurring behavioral patterns of users when they make online payments using machine learning and uses that knowledge to detect if the user is acting under coercion. Dynamic Interventions, when combined with threat and malware detection, intervene the moment a customer may be in danger, delivering intelligent, contextual, and timely fraud messages to the consumer or stopping payments entirely. Importantly, these messages will not be displayed to genuine users who are engaged in recognized activity. This prevents users from becoming message fatigued.

The platform works in unison and identifies threats by asking these questions:

  • Is the session secure?
  • Is the user human? Is there any malware present on the user’s device or has their device been compromised by a bad actor? 
  • Is this user authorized? Is the user allowed to make the transactions they wish to make? 
  • Is the user being tricked? Are they performing any actions that are unusual, such as making a big transfer to a suspicious account? Does their behavior indicate that they are under some sort of duress or being coached?
  • How can we manage the risks and user experience? What user journeys do we need to orchestrate?

A bad actor, for example, may attempt to launch an impersonation attack against a genuine user by posing as a bank representative and demanding a large payment. As the legitimate user attempts to initiate the payment, Callsign’s Orchestration Engine detects something is wrong by screening the genuine user’s device to ensure that a fraudster isn’t using remote access software to take over the account – or that malware was running, preventing the fraudster from fooling the technology by turning it off at specific stages in the digital journey.

From here, the genuine user’s typing cadence and mouse movements are monitored – for example, they may be slower and more ponderous, indicating they are on the phone receiving directions. Before the payment is approved, Dynamic Interventions powered by Callsign’s Orchestration Engine asks the user about the payment they are making, prompting them with multiple contextual questions. Based on customer answers, threat detection and customer behavior, the technology establishes if a bad actor is directing them. The answers confirm to Callsign they are under attack, the Orchestration Engine would advise them it is likely that they are under the influence of a bad actor, and to not comply with their instructions, or would intervene to prevent payment taking place.

When contrasted with the current setup that requires users to read and consent to generic messaging in a challenging user interface, this approach is more targeted, user friendly, and engaging. Organizations can customize the interventions to suit their sector and their customers’ needs and can be deployed with just a few clicks of a mouse without any need for coding. Consequently, fraud teams can establish interventions to counter new attacks quickly and efficiently, ensuring that bad actors aren’t successful.

Regulation needs to play a key role when it comes to enforcing consumer protection. Forrester’s research revealed that almost half of the financial services and consumer banking industry see regulatory issues as a significant challenge when trying to detect and prevent scams such as APP fraud. The impact of regulatory compliance has been cited as most significant in both the US and the UK, whereas organizations in the Middle East and Asia Pacific said the cost of victim reimbursement has significant impact for their organizations.

With the rise in APP fraud and consumer losses, regulators all over the world are taking action. The Consumer Financial Protection Bureau (CFPB) in the United States recently revised guidance on unauthorized electronic fund transfers (EFTs), and the UK Government and Payment Services Regulator (PSR) intend to improve APP fraud scam victim reimbursement. While the Monetary Authority of Singapore is still updating the framework for equitable shared losses through scams for consultation this year, it does not yet include APP fraud.

It’s clear a new approach to combatting online scams is needed, and the best result for organizations in all sectors is layering solutions, for example using a combination of threat detection, dynamic fraud interventions and behavioral biometrics, to ensure genuine users are protected.


Leave a reply