Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
How Australia Slashed Scam Losses by 30% & What’s Missing in the U.S., A Conversation with Ken Palla, Former Director, MUFG Union Bank image

How Australia Slashed Scam Losses by 30% & What’s Missing in the U.S., A Conversation with Ken Palla, Former Director, MUFG Union Bank

S1 E37 · Scam Rangers
Avatar
291 Plays18 days ago

In this episode of ScamRangers, host Ayelet Biger-Levin welcomes back fraud and financial crime expert Ken Palla to discuss the evolving global response to scams. They dive into Australia’s groundbreaking Scam Prevention Framework, lessons from the UK’s Contingent Reimbursement Model and Online Safety Act, and why the U.S. lags behind in fraud prevention. Ken shares insights on the need for ecosystem-wide collaboration, financial institutions' role in scam prevention, and the regulatory challenges hindering progress in the U.S.

Tune in to learn:

  • How Australia reduced scam losses by nearly 30% in one year
  • The UK’s mandatory scam reimbursement regulation and its implications
  • Why financial institutions must take a proactive role in scam prevention
  • The challenges and opportunities for data sharing and fraud controls in the U.S.
  • The rise of AI-driven scams and what banks can do to protect their customers

Links Mentioned in This Episode:

  • Ken Palla on LinkedIn: https://www.linkedin.com/in/ken-palla-09b585/
  • Ken Palla’s Blog on the California Senate Hearing: https://www.biocatch.com/blog/california-senate-scam-prevention
  • Aspen Institute Financial Health Task Force : https://fraudtaskforce.aspeninstitute.org/
  • Latest FTC Scam Statistics Report?: https://www.ftc.gov/news-events/news/press-releases/2025/03/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024

This podcast is hosted by Ayelet Biger-Levin, who has spent the last 15 years building technology to help financial institutions authenticate their customers and identify fraud. She believes that when it comes to scams, the story starts well before the transaction. Ayelet created this podcast to talk about the human side of scams and to learn from those dedicated to advocating for scam victims and taking action against fraud.

Be sure to follow Ayelet on LinkedIn: https://www.linkedin.com/in/ayelet-biger-levin/
Learn more about her work at RangersAI: https://www.rangersai.com/

Recommended
Transcript

Introduction to Scam Rangers Podcast

00:00:00
Speaker
They put a lot of controls in place. They have that whole of ecosystem. And it's amazing that they went from $2.7 billion in 2023 to just over $2 billion in 2024. Now, again, as Stephen Jones said, the war's not over, but for a one-year activity, that's very impressive.
00:00:18
Speaker
And so it's it's a message of if you join the fight and you add controls and there are effective controls, you will see a result. And we want to see these scams dropping.
00:00:29
Speaker
And we can look to Australia right now, for how that works well when everybody gets together. It's a serious effort and there can be an effective result, a positive result.
00:00:44
Speaker
Scam Rangers, a podcast about the human side of fraud and the people who are on a mission to protect us. I'm your host, Ayedit Bigger Levine, and I'm passionate about driving awareness and solving this problem.
00:01:03
Speaker
Last year, criminals scammed consumers around the world into making over $100 trillion dollars in payments. The financial and emotional impact on victims is immense, and in some cases ruins lives and it can even lead to suicide.
00:01:18
Speaker
Scamming has become a massive industry of organized crime. Over 200,000 people have been trafficked and are working in call centers in Southeast Asia, Latin America, and other countries where they are focused on executing crypto scams and romance scams and others.
00:01:36
Speaker
In Cambodia, 100,000 scammers were reported to generate $12.8 billion, dollars which is half of their the country's whole GDP. This is now a national threat in multiple and economies around the world.
00:01:50
Speaker
With the advancement of AI, with deepfakes and voice cloning, things are only going to get worse. And the question is, what are we going to do about it? Some countries have already taken measures to combat scams.

Global Efforts in Scam Prevention

00:02:01
Speaker
Others have grassroots initiatives driven by consumer groups. And today we will unpack all of this with our returning guest, Ken Pala. Ken, it's so great to have you on the podcast again.
00:02:12
Speaker
Well, thank you for inviting me back. It's always fun to be here and have a good conversation. I'm really looking forward to this one, and the most impactful topic will be at the end, so we'll keep you in some suspense here where we talk about financial institutions. But I wanted to start with a really fascinating evolution of action, i would say, in Australia and UK and what we can take from it here into the US.
00:02:39
Speaker
So we know that Australia just recently passed the Scams Prevention Framework. but have already been working together as an industry in a voluntary manner to drive change ah with their scam safe accord. So let's talk about the regulation for a second. You've been very attentive. You're following, you posted many, i would say maybe four or five papers on this topic following very, very closely. You woke up in the middle of the night your time.
00:03:05
Speaker
So tell us a little bit, maybe in a nutshell on, tell us about what's been happening in the last few months in Australia. and how it came into play. And I think what's interesting here is I'm just going to go back a little bit in time, but it was basically back in 2022 where there was a new Australian government, the Albanese government came into power.
00:03:26
Speaker
And that was really the beginning of what can be done to help prevent scams in Australia. And so in that short period from 2022 to just a February here of 2025,
00:03:38
Speaker
we have the scam prevention framework legislation was passed. And so this is very significant, and I think it's very unique in that it involves the bank's digital platforms and the telco providers, as well as the government, to come together in a whole of ecosystem approach to try to stop scams.
00:03:57
Speaker
And so that's what makes it you know quite significant. The law did pass. It probably won't go into effect until

Australia's Collaborative Approach

00:04:03
Speaker
probably early next year. So there's still some time ah before it becomes real.
00:04:08
Speaker
And there's also some work that the Australian Treasury has to do to define sector-specific codes that are specific kind of specific requirements that the banks, telcos, and digital platforms have to do.
00:04:20
Speaker
So still more work ahead. It does involve controls, and it does involve a level of reimbursement, which we can talk about later as well. Mm-hmm. I think what I find most interesting, and as you said, it's going to take about 18 to 24 months or twelve at least 12 to 18 months for all the codes to be set in place for the different institutions across industry to implement. But what is really interesting about Australia is even before this regulation passed and even before the codes are implemented, they already have put controls as an industry or as multiple industries, these three controls.
00:04:58
Speaker
pillar ah pillars of the industry, namely the banks, the social media platforms and telcos have already started, especially the banks and the telcos to work together to reduce scams. And the recent reports talk about an almost 30% reduction of reported scams or scam losses in Australia.
00:05:24
Speaker
And I'm wondering, we see ah very similar pattern in the UK, which we'll talk about in the second. What are some of the learnings that we can take from Australia and what the banks and telcos did there into what we could possibly do here in the U.S.?

Data Sharing and Innovation in Scam Prevention

00:05:43
Speaker
So I think the first thing to realize is that, you know as I mentioned, the Albanese government in Australia was very concerned and wanted to put controls in place. And so as they announced that, we started to see more voluntary accords come about.
00:05:58
Speaker
So in November of 2023, we had the ScamSafe Accord, which was the Australian Banking Association and COBA, which i believe is the consumer-owned banks, um came out and said, we're going to announce here are six things we're going to do and we're going to start to do them And we're going to do them in 2024.
00:06:15
Speaker
Now, that was done coincidentally just a week before the Australian government announced that they were going to have a consultancy or announced a consultancy, in fact, about scam reduction.
00:06:28
Speaker
So I think there's there's government fingerprints on these voluntary accords. And of course, before the ScamSafe Accord came out, one of the Australian regulators said,
00:06:39
Speaker
had an in-depth report published in early 2023 raking the Australian banks over the coals for having weak controls around scams. But the bottom line is we're seeing progress. So regardless of how it happened or what caused it, we have seen that the banks jump in. There's also a voluntary accord from the digital platforms and also from the telcos.
00:07:01
Speaker
um And so a lot of people are doing a lot of things in Australia, and that is to the benefit of the Australian consumer. And what we did see was just this week, the Australian, the National Anti-Scam Center announced the statistics for 2024, and basically scam losses went from 2.7 billion 2023 to
00:07:24
Speaker
down to just a little bit over 2 billion in 2024. A dramatic drop, and almost, in fact, the numbers for 2024 are close to what they were back in 2021.
00:07:36
Speaker
So Australia has had a a significant drop. As the Minister Stephen Jones said, the war is not over, but we've had some significant progress and we have to continue.
00:07:47
Speaker
And as Stephanie Tonkin from one of the Consumer and consumer Action Law Center said, but we still have $2 billion dollars in losses. I think that's kind of the summary of that.
00:08:00
Speaker
Yeah. So I want to dive into some specifics in terms of what they did, what the financial institution, telco salters did. So I think um ah like learning also from the Australian Banking Association, we've heard a few things around, ah one, implementing confirmation of pay systems,
00:08:20
Speaker
um selfie verification and digital ID verification of account holders, intelligence sharing, mandatory information sharing about threats, and a fraud reporting exchange.
00:08:33
Speaker
Specifically, what I think was challenging, just like any other banking ecosystem, was how do we do data sharing? And one of the things that they did is they asked the regulator for ah blanket exempt for data sharing across banks,
00:08:48
Speaker
which enabled them to share data between banks. And today I know there's a lot of discussion in the U.S. about the ability to share data among financial institutions. And what they did there um with their reporting exchanges, then when a customer is scammed and they report to the bank, the bank actually, their bank, the the sending bank, can report directly to the receiving bank rather than the consumer having having to go and report to two banks directly.
00:09:16
Speaker
Um, so that's definitely helpful in that sense. And, and the ability to share data for this purpose has accelerated their ability to, to prevent and detect and prevent scams.

Challenges in the US Scam Prevention Framework

00:09:29
Speaker
Well, and they actually have a group in Australia called the Australian Financial Crime Exchange or AFCX, which in 2024 introduced a near real-time data sharing program. So they really have a focus and they have people kind of in the middle of this to make it happen.
00:09:44
Speaker
Um, Right. you know And that's the same thing they're trying to do similarly in the UK is to allow more data sharing. And so they're trying to put things in place to be able to do that. um And here in the US, we still have the concern about the FinCEN and 314B, although...
00:09:59
Speaker
although FinCEN did come out a couple years ago with a FAQ and it said, look, it's okay to share financial you know crime data. They specifically called it up, but they did it in a kind of a careful way where it really still seems to address using 314B.
00:10:15
Speaker
And 314B was really put together and and any of the solutions you see associated with that are around anti-money laundering sharing of data, which is not real time.
00:10:28
Speaker
The whole thing of AML is is much more in weeks and months types of thing. Whereas when we're talking about fraud and scams, we're talking about seconds and trying to share information. So we still have a real problem, I believe, in the United States.
00:10:41
Speaker
Some people don't think so, but I think we do. And I think people are just concerned that FinCEN has a powerful stick. And if you if you go against them in some way, you could be penalized heavily. So other countries seem to be addressing this and and putting changes in laws to make it happen.
00:10:58
Speaker
ah Just but one one more topic I wanted to cover with regards to Australia is the tel telecom sector and what they've been doing and how they've been collaborating. And one of the things I think that has come up in in many conversations is how is that we allow international calls to be presented to consumers as as as local calls here in the US. So if someone is calling from, from i don't know, from Philippines, I see a local US number with nine digits rather than an international number. So that's something that they have implemented in Australia.
00:11:32
Speaker
And so where international calls cannot be presented as local calls, and they they do present as an international calls. Yeah, I know different countries, I'm not quite familiar with Australia per se, but I know there are different countries like Sweden, Finland, India have put some controls in place where you can basically help identify ah calls coming from overseas and also calls spoofing domestic numbers.
00:12:01
Speaker
ah What's interesting at the California Senate hearing that I was at last week, that question was asked of Josh Bursu from the U.S. Telecom Association. um And the question was, is there a way for American consumers to be told that a telephone call or a text message is coming from overseas?
00:12:21
Speaker
And in that hearing, Josh Bursh, who said, based on how the U.S. telecom system is set in place, there really isn't a way to do it, that basically all these calls go through a lot of hops and a lot of technical response. But the answer was no.
00:12:35
Speaker
But we do see that overseas, at least to stop spoofing, of of domestic calls, but coming from overseas. So we're seeing a number of countries have put controls in place.
00:12:47
Speaker
ah So ah we'll see. But you know in the US, we've not seen that. To summarize, I think it was really interesting to see in Australia how, yes, government had come out and said, we're we're starting to work. We're announcing the National Anti-Scam Center. We see this as a national security threat.

UK's Regulatory and Tech Company Initiatives

00:13:08
Speaker
And we're going to take action, which drove the different parts of the public of the private sector sorry to take action, and and start working together to reduce and and do the right thing to reduce the amount of scam losses. And ah obviously there's a lot more work to do.
00:13:24
Speaker
In the UK, actually the The voluntary code, which was really also pushed by government, started much earlier, 2019, right? We had the financial institution with the contingency reimbursement model already reimbursing consumers for scams in different, you know, various percentages. Each bank had their own policy policies.
00:13:49
Speaker
But that's something that started a while ago and then eventually turned into um mandatory bioregulation. That came out in or started, ah came into effect in October of 2024.
00:14:03
Speaker
We don't have much data on how that's been going yet, um although the financial institutions definitely need to provide half-year report, so we'll probably see some data coming out soon.
00:14:14
Speaker
um But what's interesting in addition in the UK is that There was a pledge signed by tech companies, social media companies with the UK government to implement measures that apply to their companies within six months. That was in November 2023.
00:14:31
Speaker
We haven't heard much about that. Overall, there was some reduction in scams in the u k ah but definitely not as significant as we've seen in Australia.
00:14:44
Speaker
Yeah, I don't think, I haven't seen anything on that voluntary code that the digital platforms put together as to what they've done. What we do know is there's the Online Safety Act that was passed in in the UK, and it's coming into effect this month.
00:14:59
Speaker
And so the Ofcom, which is the telecom regulator and also responsible for the Online Safety Act, has started to remind digital platforms of things that they need to do to remove offensive material, which could be things having to do with criminal activity or, you know, child porn or other kinds of things.
00:15:18
Speaker
Yeah, there's a broad definition of what, you know, bad material is. ah But that comes into effect this month. And so I think what we're going to see is is action against the Online Safety Act and digital platforms taking action because of the Online Safety Act, as opposed to that voluntary code, which...
00:15:37
Speaker
If they've done anything, I failed to see anything published where anyone's trying to take credit for some exciting things that they've done. But the Online Safety Act is real now. It took a while because that, I believe, was also passed in 2023.
00:15:49
Speaker
But we're now into March where things are supposed to start happening. um And so hopefully we'll see some change there because the digital platforms, from what I've seen, unless there's regulatory pressure, there's not much they do.
00:16:02
Speaker
Like back to Australia, last month Meta started to vet ah financial ads and they vetted them against some type of a government list. And if it doesn't meet that list, they won't put it on their sites.
00:16:15
Speaker
But that took, you know, government regulation for that to happen. Why the digital platforms don't do it on their own and the dating sites and so on, it's It's a problem. It's a real problem.
00:16:27
Speaker
Yeah. ah one One other interesting thing about Australia and and their approach, and Toby Evans, who was on this podcast a few months ago, talked about it as well, is their their approach is if you don't play with us, then you don't play in Australia. um Like, for example, the cryptocurrency market.
00:16:44
Speaker
changes If they don't implement KYC and the right controls for verification and ensuring their customers are legitimate, then they can't act in Australia. So they've been starting to implement those controls. And i think that's that's really powerful. Yeah.
00:17:02
Speaker
um One of the things in the UK, so back to the UK, so a few additional, so banks have been taking action in the UK in terms of, we've heard or heard a lot about the break the spell teams that financial institutions have been deploying.
00:17:16
Speaker
a lot of consumer awareness has gone into and into really teaching and and and educating the population about scams. We've also seen a lot of deployment of technology to detect scams.
00:17:31
Speaker
And then, in addition, there's the scam signal, which is um information about ah calls provided by the telecom industry to financial institutions and others.
00:17:43
Speaker
And then there's a regulation, of course, now, which... by definition, hopefully will mandate financial institutions to put more controls in and hopefully not just setting aside a bucket of money to pay the scammers bow or to pay the consumers back what scammers took from them, but actually regulation to drive action, to drive controls and reduction in scams.

Scam Liability and Ecosystem Challenges in the US

00:18:05
Speaker
One interesting thing, though, that happened, and I would love your take on this, is in the UK, we have the Financial Conduct Authority and the Payment Systems Regulator. And these two um government or these two bodies have worked in order to drive regulation.
00:18:22
Speaker
and the PSR has really been the champion of this new ah scams regulation that came out. And they would just announce that these two bodies are going to be merged. What is your take on that?
00:18:33
Speaker
Well, they they basically announced that they were axing the PSR, the Payment Systems Regulator, ah and taking the people and putting them in within the Financial Conduct Authority, FCA. um the The PSR was actually housed within the FCA building already, so they had a lot of interaction going on.
00:18:52
Speaker
ah But what's interesting is the British labor government, Keir Starmer, ah is all about having the regulators help improve innovation, so more innovation and less regulation.
00:19:04
Speaker
That's what they want to see out of the regulators. ah Sounds familiar. it's interesting. Yeah. Yes, it does. What's also interesting is that just prior to the scam reimbursement going into effect in October, you may recall the limits were at about 415,000 pounds. Reduced to 85,000 pounds. Yeah, it was reduced. There was some very intense pressure to the new labor government to get that lowered.
00:19:31
Speaker
in the months prior to October. And that pressure was effective, and so the limits were lowered. ah And so there are some people, um guess the way to phrase this, there are some people who are quite happy that the PSR has been axed in the UK. Other people think it's just moving ships, moving chairs on the ship deck.
00:19:52
Speaker
ah I think the the key is, one, the PSR did a lot of good and there was only 160 people. So I think when you look at the PSR and what they've done over the past couple years, they've put a lot of content out.
00:20:04
Speaker
I think, you know, their initial thing when they were established, which was only around 2015, was to allow for innovation in payments. And now it's being said they're going to remove the PSR because they want to allow innovations and payments by having less regulators.
00:20:19
Speaker
So I don't understand that. But what i what I do think we have to watch for ah is what happens at the end of the one-year review of the payment reimbursement, the whole APP scam reimbursement, because it's mandated that there be a one-year review.
00:20:35
Speaker
My own personal view as an outsider to the UK is I think we'll see the limits reduced again. And I know the Payments Association wants to see them reduced to something around 30,000 pounds.
00:20:48
Speaker
And I think that's what we could see. you know Why the PSR was the first regulatory body to be axed and kind of blended into something, I don't think that was by accident. I think there were a lot of people unhappy with the hard push that the PSR had for that large dollar amount.
00:21:05
Speaker
Now, what I'm saying, there are a lot of people disagreeing with me in the UK today. And there's been some you know back and forths on on LinkedIn about that.
00:21:16
Speaker
I think one of the things that will be interesting to see is how the UK will look at to Australia. I know that Australia, when they came to implement or or suggest the framework for dealing with scams, they definitely looked at what's happening in the UK. I'm wondering if the UK will go go now and say, maybe we need to take more of an ecosystem approach but In a sense, they have a whole of ecosystem approach indirectly because now they have the Online Safety Act.
00:21:44
Speaker
So that's basically legislation that says the digital platforms have to contribute to this scam prevention program, along with other things. You also have the British telecoms have done a number of things to help reduce scams.
00:21:57
Speaker
So although they don't they didn't pull it together in one document that says it's a whole of ecosystem, I think the UK is doing a lot of things. ah And one of the things happening, if if we can now maybe shift into the U.S., is financial institutions, I think that the liability shift discussion is happening. is It's been going around for a while.
00:22:18
Speaker
We know that Zelle implemented some degree of of reimbursement, but Zelle is a fraction of scams going on. It's a... It's happening in Zelle, but it's happening in many different payment rails as well.
00:22:31
Speaker
So financial institutions are asking why why only us? What about the telco industry? What about social media platforms? What about law enforcement? What about everyone else? So that's kind of the the the big discussion here.
00:22:47
Speaker
And why should we financial institutions go and implement something when it has to be an ecosystem approach? ah The U.S. is kind of interesting because, to be honest, there's not much being done.
00:22:59
Speaker
i mean, the closest that you might see is the, you know, the telecom association, u telecom, would say that, you know, we have been adding the ability to block calls and block text messages, and we've done quite a bit of that.
00:23:12
Speaker
ah The FCC has put some regulations out there. But unfortunately, the reality is I still get the scam messages. I still get the scam calls. So more has to be done there.
00:23:23
Speaker
Digital platforms, that's a you know a pretty weak area. There really isn't too much that I'm aware of going on. We have the U.S. Asthma Institute project, which we'll talk about later. ah And we have the banks, but even even the banks have not taken us a step forward.
00:23:39
Speaker
ah I know from discussions I have with the trade associations, People are talking about the problem of scams, but as far as coming up with scam strategies and and saying the the the U.S. banking industry will add scam controls and scam strategy to its game plan, I don't see that.
00:23:59
Speaker
You'll see some banks doing that. As an example, last week, Chase was one of the people presenting at the California Senate, and they talked about a number of things that they were doing, that they have you know have added risk risk controls and models to to help detect scams.
00:24:16
Speaker
ah They've hired ARP to teach their branch staff about scams and how to interact with customers because of the emotional impact the customers go through when they're in the middle of these scams.
00:24:28
Speaker
So Chase is an example of what they have publicly said. They're doing things. But I know a lot of other banks aren't doing anything. Money mule management systems controls, for the most part, not taking place.
00:24:40
Speaker
So the banks talk about why are we the only ones, but I'll step up and say, banks, you're not doing it. You're far from being the poster child of how to attack scams.
00:24:52
Speaker
So I think we have a real a real mismatch and a real gap in the United States and a real unwillingness of anyone to really step up and do it right.

Role of Banks in Scam Prevention

00:25:03
Speaker
So I want to talk about your recommendations to banks. But before that, I just want to note something. The FTC just recently came out with the new numbers for 2024 stats. So ladies and gentlemen, the situation is really bad. Scams have gone up.
00:25:19
Speaker
ah Last year, the FTC reported $10 billion. This year, it's $12.5 billion. at twenty There was a 25% increase from previous years. The losses from cryptocurrency-related scams are really mounting quickly.
00:25:33
Speaker
And we all know what's going on because we all get these text messages about the job scams, the toll scams, everything is is really, ah it seems like they're putting controls in other countries. So we're suffering from everything funneling here. So as an industry, we definitely need to take action.
00:25:53
Speaker
And I'll ask you, why financial institutions? um and And I'll start by answering, but I love your thoughts on this. First of all, customers come to financial institutions to put their money, to safeguard their money and make sure it's safe. So financial institutions, by definition, are supposed to be protectors of money.
00:26:13
Speaker
And that's a perception that consumers have of financial institutions. And the second one, and I'm going to do a whole podcast episode about this one, but the cost of scams. And typically we think about the liability costs, but, or the reimbursement costs of what we pay back to customers. But you know, there's the operational cost, there's the attrition costs, and then finally the deposit losses. So there is definitely a high cost of scams.
00:26:39
Speaker
And ah another element is trust. Customers want to trust their bank. They want to see that the bank is doing the right thing. Any additional thoughts about the why before we dive into the how? So,
00:26:50
Speaker
If you look at it, you know the the why about the banks is that most of this money moves across the bank payment rails. So when a scam occurs, it's been occurring for for months between the scammer and the and the victim, but then there's a point where money moves.
00:27:04
Speaker
And the money is typically leaving money the bank accounts, the DDA account or whatever. And so it's going across as a wire. It's going across as some kind of ah of a payment. It might be moved to a crypto exchange. Of course, as you mentioned, a lot of this activity is occurring with cryptocurrencies, but it's the bank payment rails.
00:27:24
Speaker
And these are large amounts of money. And so when we look at this, we have the situation where and the victim is is is giving money to the scammer for one reason or another, but it does go across the payment rails.
00:27:36
Speaker
This becomes a banking safety and soundness issue because customers put their money with banks because they want it to be safe. And now we're seeing, unfortunately, a number of situations where the customer loses their money indirectly because they had it in a bank account.
00:27:53
Speaker
Again, going back to the California Senate hearing last week, there was a representative from one of the ah scam victim nonprofit groups, and they were talking about the concerns of customers losing money because it might be a retail wire ah that they send. And a retail wire, even an unauthorized transaction, is not covered under Reg E. Or there could be check fraud, where they send a check to their Uncle Bob, the fraudster grabs it, changes the amount, deposits it, and it comes against the customer's account, or of course these scams.
00:28:24
Speaker
So that's why the banks have to be involved. And because the banks can see the transaction, that's where they have an opportunity to possibly stop the scam. And so quite frankly, they they have to play in the game.
00:28:38
Speaker
Yes, the digital platforms and the telcos have to also play and help prevent, but banks are front and center and they have to do something to help stop the scams. Will they be 100% effective? Absolutely not.
00:28:52
Speaker
but can they do more? Can they do more to, to train the cut there, their, their branch platform staff or the fraud team that when they interact with these customers, because it's a scam situation, can those people be better trained to interdict?
00:29:06
Speaker
They absolutely can. It's a very serious activity going on and it's very well orchestrated by the scammers. you know we know there's the several hundred thousand people in the scam pound compounds in Malaysia, uh, Myanmar, and so on.
00:29:21
Speaker
ah And so the scammers are very, very effective at what they do. And the stories that we hear demonstrate that. It's not just one-off stories that you might say that one story is really kind of odd.
00:29:34
Speaker
It's happening again and again across the country. So it just and demonstrates how it's repetitive. and And the scammers have figured out how to, in effect, manipulate the American public into these massive amounts of money transfer.
00:29:49
Speaker
So let's talk about the what. um You published a blog, and I would like to break it down, where you really detail, and we'll put the link, of course, in the show notes, where you really detail on the continuum of what I call the scam lifecycle from the moment of initial contact via phone, pop-up ad, text message, and all the way through the steps of convincing to the payment itself, and then finally reporting recovery.
00:30:19
Speaker
So you divide it into where boom is the payment, left of boom is everything that happens before, and then right of boom is everything that happens after. So maybe walk us through what you recommend banks take on in terms of really holistically protecting the customer and how they can actually even gain visibility into what happens outside the payment rails.
00:30:42
Speaker
Okay. And I want to give credit to Ken Westbrook for the boom and left of boom concept. Ken Westbrook, as ah let's just give a little more information from Stop Scams Alliance, um has also been in the NSA for many years. So he's definitely ah focused on intelligence collecting and prevention and has been talking about what we need to do left of boom as an industry from a government perspective.
00:31:07
Speaker
So when we talk about what banks can do, when I've talked to some of my my banking friends, they have had kind of an epiphany when they do the following. They'll take and collect statistics for about a three to four month period on what's happening to customers at their bank as far as scam losses their customers encounter.
00:31:25
Speaker
this will occur because they'll be calling the bank trying to get wires back or get money back or whatever. And so the bank is able to to keep track of this. So by tracking that, the banks understand for the first time how much their customers are losing.
00:31:40
Speaker
And in many cases, they're quite surprised by that amount. One of the other things I learned from one of my banker friends is that when they did that analysis, they found that, number one, all age groups were being infected by these scams. So whether you're 20 or 70, you're being affected by the scams. It spreads across the age spectrum.
00:31:58
Speaker
But the dollar losses are in the elderly. If you look at 60 plus in one bank, it was like over 90% of the dollars were lost by the elderly. ah So that helped.
00:32:09
Speaker
That was like a big eye opener for them as well, that this is, you can narrow it down to where the big money is really leaving the bank as a scam. So if you do that first, that helps to give you Statistics and information that you can go to your executives and say, look, our customers have this problem.
00:32:29
Speaker
Yes, it's not something we have to reimburse for, although occasionally sometimes banks might, but this is a serious problem our customers are having, and it's because of the bank account and the bank payment rails.
00:32:41
Speaker
And so there is something we should do. So hence, putting together the business case. And this is something um I've been working with the Noble on to come up with a pro forma business case that banks can use.
00:32:52
Speaker
So watch for that in the next couple months to come out if you're a Noble member and it's free to join if you're a financial institution. So you could get this sample business case for free. ah But once you do that, then you start to say, okay, now what do I do?
00:33:06
Speaker
So the next thing you want to put together is a written scam strategy. So as a bank, just like you have a written fraud strategy, have a written scam strategy. What are your goals and objectives and what controls you need to have in place?
00:33:20
Speaker
and And basically walk through the the left of boom, which is what can the bank do before the money leaves the leaves the bank, leaves the customer's hands? And so from that standpoint, from my perspective, one of the first things you can do and one of the cheapest is to train your your branch staff, anybody who's going to interact with a customer on one of these scams, train them and train them in the psychological from a psychological perspective of how these scams occur.
00:33:49
Speaker
Because when you contact the customer, you have to realize that they're in a different mental state than you might think of just calling and saying, did you intend to do this transaction? which is what we've been trained to do in the banking world, is let's call the company first,
00:34:03
Speaker
Yeah, it's the account takeover thing. And they'll say, no, I didn't do that transaction. What are we talking about? Ah, we have an account takeover. Whereas in this case, the customer is going to say, yes, I did. I did do the transaction. I'm sending it to my boyfriend.
00:34:16
Speaker
And if you just leave it at that, you haven't stopped the scam. But you have to understand what they're thinking in order to have a meaningful conversation, a meaningful interdiction at that point. So hence, there's that kind of training.
00:34:28
Speaker
In fact, Chase actually has a psychologist on staff to help with that. And I believe that person is going to be presenting at the Fraud Fighters Club, which I think you're going to be going to next month, ILA.
00:34:39
Speaker
So you'll get a chance to meet her and maybe she'll be on one of your podcasts. But it's it's that level of seriousness for the training. Then the next thing you have to do is you have to come up with what controls can I put in place?
00:34:50
Speaker
And so here we can look to what's happened in the UK and Australia because they have a big jump on the US and not that some US banks don't have scam controls. I want to be clear of that some banks have taken this seriously, but clearly in Australia and the UK, there's a lot of things going on.
00:35:06
Speaker
So you can look at things like confirmation of payee, where you can take the name and the name and the the account where the money's going to go to and do a verification if that's actually the name on the account at the receiving bank.
00:35:19
Speaker
There's some behavioral biometrics that's being used by a number of banks in Australia and the UK to help identify transactions that look anomalous from a behavioral standpoint.
00:35:30
Speaker
You can also look just from an anomaly standpoint if a person's never done a retail wire and now they're doing one for $60,000,
00:35:40
Speaker
That's kind of unique for that customer. You can also look at, the they have you you talked about the scam signal in the UK. A number of countries have a way where you can tell, is someone on a phone call while they're doing an online transaction?
00:35:53
Speaker
Because that's also indicative. So there really are a number of these kinds of, of transactions. Data sharing is another part of control. you know We're seeing that being deployed in in the UK and Australia.
00:36:05
Speaker
ah That would be really good in the US if we had more freedom to do it, I think. So they're really therere the bottom line is there are controls that you can put in place that will help this. And if you can alert this before the money goes, that's good.
00:36:21
Speaker
Scams is 90% about social engineering, emotional manipulation, and really convincing the the victim that something really bad is going to happen or something really good is going to happen or that they're in a relationship or um so many different approaches to the social engineering component. And I think one of the challenges is that the financial institutions only see that moment of transaction.
00:36:45
Speaker
And as you said, there are some anomalies to look at, but if we could actually do more and block scam calls and help identify text messages and really you really empower consumers to protect themselves, which is something that I've been saying all along. That's another aspect of of controls that banks can put in place and help their customers.
00:37:05
Speaker
There are some different solutions where there are some vendors out there talking about identifying when you get a scam message, what it is you might be able to do so you can get a warning.
00:37:16
Speaker
And so there's a couple of different solutions. I know you you have one. Scamnetics has another one. um And so that's important. And also I heard from another group just this week where once a customer or even before a customer gets scammed, the opportunity to download some software to basically look for remote access software that might be on a person's computer.
00:37:41
Speaker
Or for tech support scams, yeah. for tech support scams it's similar to what we used to do and still do ah for commercial customers online where there was software you can download on your pc to look for for malware and and be able to remove it so we are seeing a couple solutions like that it could be interesting for banks to consider as part of their control deck that maybe it's software you can give to the customer to possibly help in those cases of detecting remote access or also on your on your mobile phone to to be able to kind of assess a text message that comes through.
00:38:16
Speaker
ah Google has also announced something that they're doing to help customers of using the Android application. And what about the receiving bank? What is their responsibility? Well, and one other the thing that's very important is money mule controls. So as the receiving bank, I believe there's responsibilities for the receiving bank to help stop these scams as well.
00:38:36
Speaker
and And that's another whole area. And I tend to think of it as scam controls, but money mule management the anomaly detection on inbound activity coming in. And we're actually seeing, NACHA just recently put out some new requirements that banks have to have to look at inbound NACHA ACH transactions and have some controls there.
00:38:56
Speaker
And ah we also just saw this week where in Australia, they're announcing that the receiving banks also have a responsibility when we talk about the scam prevention framework.
00:39:08
Speaker
And so they're going to have to look to make sure that they have proper controls in place as well. um But so anyway, there there are a lot of controls around the the outbound transactions and also the inbound transactions that banks should be paying attention to.
00:39:23
Speaker
the The point of the boom, this is where you have to interdict with the customer, and that's where this training comes into place. And you hope that you're able to get them to stop the transaction.
00:39:33
Speaker
I know when the in Australia, they've had some examples where by having some real-time alerting to the customers, it's caused customers to cancel transactions. So we talked about left of boom. We talked about the transaction itself. What happens after if the money has been transferred?
00:39:49
Speaker
Sure. ah So the next thing, once you get to the boom, then beyond that is the right of boom. And this is where the customer has the loss. And at some point they realize they've been scammed and they'll come to the bank, they'll come to law enforcement.
00:40:03
Speaker
So here's where the banks have to be proactive, in being able to help the customer for recovery. And so a lot of times this involves hold harmless documents and other things that is the bank is now dealing with the receiving bank to try to get the, get the funds coming back.
00:40:19
Speaker
ah But also some of this will involve cryptocurrency because you've sent the money to a cryptocurrency exchange. And there, the banks really don't have any visibility on that. And that becomes much more difficult. I know some law enforcement organizations are getting trained so that if a customer happens to go to one of those specific law enforcement entities, they might have the ability to do recovery.
00:40:44
Speaker
ah But you also want to have them make sure they report this to the FBI's IC3 and the FTC. You want to make sure they do go to law enforcement and file a police claim.
00:40:57
Speaker
um There's a number of things like that. um And then there's a question of victim support. and And here there are a number of victim support organizations. One of the things that I heard this week, I was talking to the deputy district attorney down in San Diego, who also presented at the California Senate last week.
00:41:15
Speaker
And he was saying one of the things that they do, the law enforcement in San Diego County, I think there's like 19 law enforcement agencies that is they've been focusing on trying to get wire recovery. And so they'll help to engage in that with the customer and they'll help to work through the seizure documents. So you have to have, you know, government law enforcement seizure documents.
00:41:35
Speaker
But one of the other things that they've focused in on are these couriers who come to people's home to pick up money, part of these help desk scams. It could be cash or it could actually be ironically gold bullion.
00:41:48
Speaker
And they've been able to, the the customer, maybe on the fourth one, realizes this is a scam and they go to the police and the police will set up a a scam of the scammer.
00:41:59
Speaker
And so when the courier comes to pick up the box, the police are there to arrest them. So that's something that they've they've been focused on in San Diego, trying to figure out what they can do to arrest people within San Diego County and bring them to trial.
00:42:13
Speaker
So to summarize, you talked about, first of all, building a business case. And I i see a number of financial institutions, the larger ones mostly, coming out with scam programs, scam centers, scam groups, yeah and really providing more focused effort on creating policy and implementing controls to fight scams.
00:42:36
Speaker
I know that smaller financial institutions sometimes don't even have fraud teams. and not to mention really using taxonomy that is different between account takeover fraud and scams.
00:42:49
Speaker
they can't They don't necessarily distinguish in the call center between these two. So even for small financial institutions, the case, it doesn't matter what your size is, the percentage ah of a tax are probably pretty proportionate in terms of, because these scams are not necessarily bank impersonation scams. They're All over, mostly focused on crypto and job and toll. And it's not they're not looking to see what bank you're banking with.
00:43:14
Speaker
So even if you're small, there is a business case for scams. And as we mentioned earlier, the numbers are rising. So building that business case, tracking what is happening with your customers for a few months to support that.
00:43:28
Speaker
ah consumer education, training your staff so they can interject in real time, ah implementing scam controls on the payment rails and really asking those questions. Do you know the person you're transferring money to?
00:43:43
Speaker
avoid scams, those types of notifications. There's a balancing act between friction and consumer and usability, which we always need to strike that balance in fraud. But it's important to ensure that you're supporting customers and and really doing the the things that they intend to do and not supporting the transaction of the scam.
00:44:03
Speaker
We also talked about supporting with these um different controls and tools to detect either scam messages, empowering consumers to protect themselves, with driving education, really partnering with law enforcement, different controls to help with a recovery with data sharing, which is is really going to be key.
00:44:23
Speaker
So we did cover a lot. One thing I'd like to leave in closing, and first of all, thank you very much for having me on again.

Future of Scam Regulation and Recommendations

00:44:29
Speaker
But with that California Senate hearing, there was a question of what will the California Senate do about consumer scams?
00:44:36
Speaker
And it's probably discussion for another podcast. But since it appears that there will not be much new regulation coming from the federal government level. Okay. California has an opportunity to protect their own customers. And so I'm a Californian, and I would like to see banks and other people have more scam controls. So we'll have to watch and see, as a result of these hearings, what action might might occur from the state of California.
00:45:03
Speaker
And I expect we'll see other states taking the charge in that sense, if there's no federal initiative going on, which is yet to be seen. But we did mention one thing earlier, you mentioned the Aspen Institute. So I wanted to maybe take a moment to talk about that before we wrap up. And maybe that's a topic for another conversation. I might invite them to speak later.
00:45:24
Speaker
on the podcast. It's a really great initiative that was actually stemmed from one of the financial institutions, the largest financial institutions. They have a financial health task force that's focused on scams and what the industry can do to combat scams. And they're going to put out a set of recommendations at the end of the year.
00:45:43
Speaker
to really outline what the industry should do. So it's kind of almost the opposite of what Australia is doing in terms of what are the codes and specifics that ah different players in the industry can do.
00:45:55
Speaker
They're going to come out with those recommendations as well without the regulatory framework pushing for it.
00:46:03
Speaker
yeah and it'll be interesting because the recommendations, that will be good. That will be a piece of paper. But unfortunately, what I've seen, and it isn't until you have the regulatory stick that you see what's occurred that we so successfully describe in the UK and we so successfully describe in Australia.
00:46:21
Speaker
So it remains to be seen here. Um, what the ah Aspen Institute document will do. And I guess my, my one perspective on that is there are some very significant players who are in the Aspen Institute group. But all of those people could be doing things on their own. So you have digital platforms, they could be adding controls to protect their customers.
00:46:43
Speaker
The banks could be adding controls. Telcos could be doing more. I mean, if we look at what other what happens in other countries. So that's the part I'm a little bit puzzled by. And without regulatory control, what will take place?
00:46:56
Speaker
And I'm fearful that next year when we're sitting here and we're reading the 2025 FTC Sentinel report, that the number that was $12.5 billion in 2024...
00:47:07
Speaker
big in in twenty twenty four We'll probably go up to maybe 15 billion. And we know that there's so much unreported. So that the 12.5 is just the reported amount.
00:47:19
Speaker
um The numbers are much bigger. So I'm i'm troubled. And also just the other thing in closing, we forgot about it, but it's the elephant in the room. And that's the powerful impact of Gen AI from the fraudster's perspective. It really enhances their ability for these romance scams and investment scams because of the way that they can impersonate who they are or who they want you to they are in real time.
00:47:46
Speaker
and And that's going to be devastating. and And that's really going to be seen in 2025. You know, it's occurred somewhat in 2024, but in 2025, big time, the impact of Gen AI as to how the scammers do their job.
00:48:02
Speaker
And so we just, that's, it's going to be devastating. I agree. I'm not very hopeful about that because everything that we talked about is table stakes for what we've seen so far. But when it comes to deep fakes in real time, voice cloning, and that's definitely going to pick up. So I'm fearful that you're right about the numbers that we'll see next year, but we need to act quicker to turn the tide on scams.
00:48:26
Speaker
Well, we have to. And I think the good news is, if we come back to Australia for my final, final comment, they put a lot of controls in place. They have that whole of ecosystem. And it's amazing that they went from 2.7 billion in 2023 to just over billion.
00:48:43
Speaker
in 2024. Again, as Stephen Jones said, the war's not over, but for a one-year activity, that's very impressive. And so it's it's a message of if you join the fight and you add controls and they're effective controls, you will see a result.
00:48:58
Speaker
And we want to see these scams dropping. And we can look to Australia right now for how that works well when everybody gets together. It's a serious effort and there can be an effective result, a positive result.
00:49:12
Speaker
Thank you so much. I don't want to add anything to what you just said. So thank you so much for joining me today, for sharing your thoughts and knowledge, and for being such a strong advocate and researcher in this in this ecosystem and providing your insights.
00:49:28
Speaker
Well, thank you very much and have a good day. Thank you.