Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Is Fraud Prevention the New Customer Service? A Conversation with Karen Boyer, SVP Financial Crimes and Fraud Intelligence, M&T Bank
560 Plays9 months ago
In the first episode of Season 2 of Scam Rangers, we dive into the perspective of a Fraud Strategy leader in a US financial institution. What is the difference between dealing with traditional account takeover fraud (unauthorized payments) and online scams (authorized payments) from the perspective of serving and retaining customers? What are the considerations leadership should take into account and how do financial institutions create the right level of friction while protecting their customer from online scams? We also explore a bank's standpoint regarding forthcoming regulations on a global scale and the much-needed but often overlooked aspect of cross-industry collaboration in the United States. Lastly, Karen sheds light on the demanding role of fraud analysts who often double as customer service representatives and therapists, a challenge faced by many members of fraud operations teams
This podcast is hosted by Ayelet Biger-Levin who spent the last 15 years building technology to help financial institutions authenticate their customers and identify fraud. She believes that when it comes to scams, the story starts well before the transaction. She has created this podcast to talk about the human side of scams, and to learn from people who have decided to dedicate their lives to speaking up on behalf of scam victims and who take action to solve this problem. Be sure to follow her on LinkedIn and reach out to learn about her additional activities in this space. https://www.linkedin.com/in/ayelet-biger-levin/
ScamRanger: https://scamranger.ai/
Recommended
Transcript
Balancing Real-Time Payments and Fraud Prevention
00:00:00
Speaker
The expectation is, well, we can't delay the payment because the expectation is real time. We don't want to stop the payment because if we put too much six steps, if we put five introduction steps, then we're going to lose that customer. They're going to go to bank B because they only have three introduction steps. So that's kind of the challenges that we're getting at. I feel like that we need to, as an industry, understand that fraud prevention is the new customer service.
00:00:26
Speaker
and that fraud is the new friction. And that's part of what we're getting to, to tell our executives and our business partners is it's a much more costly conversation to take a call that says, oh my God, I just lost millions. How could you make this, let this happen? Versus, oh, I'm really upset. This is the fourth time I had to enter an OTP. Why don't you believe it's me?
00:00:56
Speaker
Scam Rangers, a podcast about the human side of fraud and the people who are on a mission to protect us.
Introduction to 'Scam Rangers' and Guest Karen Boyer
00:01:05
Speaker
I'm your host, Ayere Figur Levine, and I'm passionate about driving awareness and solving this problem. Today's Scam Ranger has been in financial services for a long time. Karen Boyer,
00:01:24
Speaker
is an SVP Financial Crimes and Fraud Intelligence at M&T Bank. And she's also involved in many industry organizations such as ABA Fraud Advisory Board, IAFCI, and others. I'm really excited to have Karen on today because she brings unique perspectives on how fraud teams should handle online scams and how different online scams are from the traditional new account and account takeover fraud.
00:01:51
Speaker
Hi, Karen. Welcome to the first episode of season two of Scam
Karen Boyer's Journey in Fraud Prevention
00:01:55
Speaker
Rangers. So great to have you on the podcast. Thank you. Thank you. It's a pleasure to be here. I'm so excited to hear from you today. I think we often talk about online scams and reimbursement and
00:02:09
Speaker
I'm wondering what those two things have to do together, fighting online scams and reimbursing customers. So we'll dive into that today. But before we do that, I really wanted you to tell me about your journey to become a fraud fighter. I think it's a really interesting one and please share it with us.
00:02:25
Speaker
Oh wow. Okay. Yeah, absolutely. So as a lot of the fraud fighters that we are, especially in the banking industry, I, I started off boots on the ground in the, um, as a teller. I was 17 actually. Um, so about five years ago, right. So, so I was in the, in the branches from there, I went on to operations, the supervisor in the branch and assistant branch manager.
00:02:50
Speaker
I went into back office at that time. I did a lot of reconciliation for branches and ATMs. At that time, the bank that I was working at also was just starting their fraud mitigation team, which I didn't know too much about. I just knew that it was starting up around the same time. I was doing the ATM reconciliations and noticed that there was an embezzlement about $42,000. And I quickly was like, something's off here, check the cameras and
00:03:19
Speaker
That was part of my first investigation, but I wasn't a crime fighter at that time. But nonetheless, I got the attention of the woman who was
Evolution of Fraud: Traditional to Online Scams
00:03:29
Speaker
starting up the fraud mitigation team. And I was also finishing my work a bit quickly. So I was doing half day on fraud, half day on GLs. And after some time just became full time on the fraud side. So I did a lot of
00:03:44
Speaker
uh, what we called account monitoring. And again, this was back early 2000. So a lot of the digital threats weren't even existing at that time. And I actually started the online fraud program at that bank with bank to bank transfers. One of the first scenarios that we called it external transfers at that time. But again, we had a customer who had money transferred from account or bank a to a bank of America, if you will.
00:04:11
Speaker
And she claimed she didn't do it. And she didn't, I should say. But nonetheless, that was the first time that a product was launched. And people were like, oh, wait, fraud could happen with this, you know? I just saw a cartoon today that someone posted online with someone going to a bank and kind of pointing a gun to the teller and the teller saying and handing over money and saying, you can do this all online today.
00:04:34
Speaker
Yeah, yeah, exactly. Then from there, I went to another bank and I started the online program there as well as I was doing bank-to-bank transfers, bill pays, online identity theft.
00:04:48
Speaker
I started kind of hearing whispers about the other activity that was going around around me. My boss is obviously very supportive and nonetheless grew into the lead manager of that department and
Scams on Social Media and Fraud Detection Challenges
00:05:00
Speaker
then continued to really kind of accelerate in my career as a leader of fraud operations, but also my forte is fraud strategy. So right now I'm in charge of the majority of the
00:05:13
Speaker
fraud prevention and detection strategies for an NT bank, as well as the apps teams that go in that. I'm also very involved in industry groups as well. So I'm on the PI steering committee, ABA fraud advisory council, chair for the FDX fraud task force, and a co-chair for the cyber fraud working group for the IAFCI.
00:05:37
Speaker
it's busy but it's lovely and I say that in a way also as a kind of disclosure for myself that the items that I talk about are not necessarily of any bank or any opinion if I of the bank I work in now or any banks that I used to work at is strictly my observations from the industry
00:05:56
Speaker
that's really amazing and i'm so glad that you know we were able to have you here because your breath and depth of not only experience but also what you see constantly in the industry being involved in so many groups will really i think shine a light for us on on what we're
00:06:13
Speaker
going to talk about today, which is online scams. And one of the first questions I had is, you know, I've seen research by Iten, now Datos Insights, and other industry analysts talking about top of mind fraud trends for financial institutions. What do you see as recent trends? I know that check fraud has been totally on the rise, but what are recent trends? What is kind of top of mind and how do online scams play into that?
00:06:41
Speaker
Well, first of all, it's almost all online scams. And if there is anything that is not an online scam, exactly, check fraud.
00:06:49
Speaker
it usually starts from an online scam. So one of the biggest things that have kind of shifted in the industry, in my opinion, has been instead of the use of the dark net and all these nefarious actors are on the tour browser and you have to be vetted by other Russian speaking friends, if you will, in order for them to vouch to get on those forums. And not just Russian speaking, but in general, we've shifted to
00:07:18
Speaker
social media, telegram, Facebook, and Twitter, Instagram, TikToks. And that's not new. I know there's plenty of people in the industry. I know Gary Warner has been consistently attempting to kind of call out to Facebook, even LinkedIn, of the fake accounts that are actively recruiting scam victims. So it's not new, but
00:07:42
Speaker
In my opinion, it was that was more catered around with more of the organized crime, if you will, that are trying to fly under the radar and recruit their membership. And I think now really seeing the rise in telegram and how brazen it is. And I cringe myself when I see like David Maemon, who's another gentleman who's actively researching the telegram and, as I call it, the light net, if you will, because it's all social media.
00:08:12
Speaker
I find it cringe-worthy that a lot of times there's anti-fraud industry people that see it and then they're like, oh, LOL. And they start laughing like, oh my God, how could this guy post his face on telegram? He's a fool. Joke's on us. Yeah, they have the money. And how likely is it that they're going to get arrested is slim to none.
00:08:36
Speaker
If they are, they're just one piece of a bigger puzzle. And that is not by any means a shot against law enforcement because they're in the same struggle of their case workers building, they're trying their hardest, and we're all under bandwidth issue. So I just wanted to put that out there too. And their partnership has been excessively helpful.
00:08:57
Speaker
That's a really good point. And I want to distinguish here between two things and kind of double click into that. One is what, as a financial
Regulation and Liability in Fraud Prevention
00:09:05
Speaker
institution fraud fighter and fraud leader and strategy leader, what you need to care about on a day-to-day basis and what your responsibility and priority is, and then what your customers are going through. And hopefully there's a huge overlap there.
00:09:24
Speaker
But, but I would say that with the discussion around our customers now are suffering from online scams.
00:09:32
Speaker
We're not necessarily liable to reimburse them. We are liable to reimburse them for online fraud under Reg E. So we will put all the controls in place to adhere to Reg E because we're mandated to, we'll get, you know, we'll have, we have to return that money that is stolen. And I think the bank tools and systems, and generally speaking, it would become really, really good at detecting new account fraud, account
00:09:55
Speaker
takeover fraud and the different modes of operation, all that with all the technology that goes into that. However, when it comes to online scams, it's really hard because it is the legitimate user. They can pass all forms of multifactor authentication. It's really hard to detect a scam. And there's no liability. So from a priority perspective, what are the top concerns of a financial institution?
00:10:21
Speaker
as it pertains to fraud in general, and how does online scam prevention play into that? So high level, in my opinion, again, there is a difference between the historical loss prevention mentality and fraud prevention mentality. And again, historically, it was very focused on losses. It's P&L, bottom line, like banks are taking losses.
00:10:51
Speaker
I am hoping that we start making a shift in understandably so to fraud prevention. And that's part of like a lot of the scenarios that I've been involved in. For example, we have a meal detection team.
00:11:03
Speaker
We have first party, we look at other traffic that doesn't necessarily substantiate a loss to the bank, but we're still understanding that fraud is transpiring. Now, with that said, easier said than done, especially again with bandwidth issues. I don't know any fraud department or any bank
00:11:24
Speaker
any telecom, any fraud department in the industry that can say, oh yeah, I'm fully staffed. And so that's the problem that we have of prioritizing that work. Now, shifting to scams versus loss,
00:11:39
Speaker
Yes, obvious elephant in the room is the liability whispers in the shifting of UK to the US. And I don't think that that's unfacetious that that's going to happen. We're still seeing whispers about it. We're seeing kind of introductory
Industry Collaboration to Combat Scams
00:11:54
Speaker
scenarios, for example, EWS and other issues that are being rose in to regulators and
00:12:04
Speaker
banks are saying, hey, we're trying here. And we are. But to your point, as an anti-fraud practitioner, I think that scam, scam, detection, scam prevention is top of the list for FIs of what they want to for several reasons. One, obviously there's a reputational risk. You don't want to be in the headlines that
00:12:27
Speaker
You allow all these victims to fall victim to a scam. And then, of course, there's that delicate conversation of paying versus not paying. Don't really want to touch into that too much. But nonetheless, there is that. But bottom line is there's still people behind the transactions. And as a bank, it's beyond
00:12:48
Speaker
Like, are we taking the loss or not? It's, we don't want that person to lose trust in us as a bank, as well as the fact that not only are you my customer, but like, again, you're human and you have feelings. And if there's a way that I could prevent you from losing your life savings, I, as well as I'm sure any anti-fraud person would say, would love to step in and prevent you.
00:13:16
Speaker
There's challenges though, you know, on the cyber side, if you see threat actors and nefarious actors attempting to access your network on cyber, you know, CSOCs and network penetration, you shut it down, no questions asked. And it's like, oh my God, you saved the day. Thank you guys. You know, on BSA, if you will, like nefarious, like, like money movement. Yes, it's regulated. Maybe that's a solution. I don't want to put that out there that that I have my name on that. But nonetheless, um,
00:13:45
Speaker
You know, it shut down, you know, thank you for preventing trafficking or terrorist financing. It's very, very clear to identify the perpetrator and just shut it down and very. Right. And then on the fraud side, though, like the there's I unless you're in the actual fraud shoes, I don't think people understand the challenge that there is to balance
00:14:08
Speaker
Well, we have product teams that don't want to lose customers. We have compliance teams that don't want us to restrain, or legal teams that want us to restrain too many accounts. And we have that fine balance where, yes, we probably do have, as you mentioned before, technology or ways to interdict payments, slow payments down, stop, call the customer, did you do this? And it's one challenge if after all of that, they still say, well, yes, I did. And then it's my money.
00:14:37
Speaker
And again, there's some most of them are being coached, please let it go through. Okay, fine, let it go through, then come back and, and worry about the repercussions of well, you should have known, you know, there's that scenario. But then there's the other scenario where, even if we can't interdict a payment to the point, call the customer say, Hey, I think you're being scammed. And let's say it's a success story. That's great. But we're still balancing that with product teams, where
00:15:04
Speaker
The expectation is, well, we can't delay the payment because the expectation is real time. We don't want to stop the payment because if we put too much six steps, if we put five interdiction steps, then we're going to lose that customer. They're going to go to bank B because they only have three interdiction steps. So that's kind of the challenges that we're getting at. But I've said it a couple of years ago, but it's becoming more and more like I feel like that we need to, as an industry, understand that fraud prevention is the new customer service.
00:15:34
Speaker
and that fraud is the new friction. And that's part of what we're getting to, to tell our executives and our business partners is it's a much more costly conversation to take a call that says, oh my God, I just lost millions. How could you make this, let this happen? Versus
00:15:55
Speaker
Oh, I'm really upset. This is the fourth time I had to enter an OTP. Why don't you believe it's me? So even though people think that that secondary call is very frictionless, it's the primary call when somebody actually has fraud trace firing in the call that are on their account that I think we should focus on. That's what we're trying to stop. I really love how you are diving into that. Those are the nitty gritty details that matter, right? It's not so simple and financial institutions are putting all these
00:16:25
Speaker
questions along the way to make sure it's you and delaying the transaction all those dilemmas and how to optimize identification of a scam and how to proactively detect that someone is being scammed because you know there you might ask them questions but by the time they go through the emotional manipulation by the criminal they will answer
00:16:45
Speaker
properly and quote unquote properly to all the questions because someone is guiding them. And I read articles about people who are running around and, you know, the gift card scam, when someone's manipulating someone to get out of the house, go to the store, get a gift card and give them the numbers on the back, right? Buy a purchase gift cards. So much energy goes into that. It's really hard to stop it with a simple sign saying like, are you being scammed? There's this gift card scam. No, I'm buying it because my boss asked me to and they're guiding me there. They can't answer the phone. They're on a meeting.
00:17:15
Speaker
So how really to put those control points in this scenario is really hard.
Role of Technology and Regulation in Fraud Prevention
00:17:22
Speaker
I wanted to talk a little bit about regulation. You mentioned both the UK regulation that's coming into place in 2024, where in October, all financial institutions will be mandated to reimburse customers for scams, half of it are 50% by the rescinding bank and 50% by the receiving bank. You also mentioned that Zelle, the Zelle network or EWS has mandated
00:17:44
Speaker
reimbursement for scams since June. It was a big secret, but everybody knew in November when Reuters came out with the news. And that is on the receiving bank, which kind of dives into money meals and etc. And I heard you in the past talk about liability. And I wanted to ask what your opinion and I know it doesn't represent M&T Bank, I'll kind of bring that up again. But what your personal opinion just being
00:18:10
Speaker
in the industry for so long, when it comes to mandating liability for online scams, do you think that will, in my mind, when I hear about liability, I said, well, from my experience, when there is regulation, it drives technology to combat the problem. I'm just wondering, what is your perspective here? The liability, I don't think that liability shift is going to stop the problem. I think in general,
00:18:39
Speaker
the industry needs to identify the root causes of the problem. That's going to stop it, not finger pointing who's paying for it. And unfortunately,
00:18:50
Speaker
It's going to sound harsher than I intend to, but I think that if we start reimbursing every customer for every scam, and that's a slippery slope because like, what is that scam definition? I know the Fed is working on that as we speak, but then the customer awareness is going to basically kind of like bypass itself because people are going to just assume, well, I don't have to be careful because I'll just be reimbursed.
00:19:20
Speaker
Now the other scenario which I don't think is completely fair is I think there needs to be a better understanding of who would be liable and why. If it's a blatant money mule account that's housed at a bank then yes shame on you how did you let this happen but
00:19:42
Speaker
In the UK, and correct me if I'm wrong, because you're probably more versed on this than I am, but they're, they're, yes, they're instilling the, the code, I believe it's called and they've been working on it for years. But what, what they have versus what we have is that they have. Telecom partners, they have industry partners, they have partners that are working together to identify and stop scams. And then in conjunction working with that liability.
00:20:11
Speaker
I feel in the US, we're not there yet. We're just back to kind of finger pointing, well, who's going to pay? Like classic example is the majority of these scams that we're seeing are really bank impersonations. And it runs the entire gamut from your card was declined to log in and send a wire. And the scenario on that side, in my opinion, is
00:20:37
Speaker
Why don't we go to Apple and why don't we go to Google and Google Play Store and start taking those free or even $5 a month apps that allow you to spoof a phone number, spoof a voice, deep fake, like we're creating our own problems. That's the root cause. Why is nobody focusing on that? And everybody's focusing on banks paying.
00:20:59
Speaker
for transactions that are simply out of their control. We could look at what's happening in our ecosystem, but we can't necessarily understand what has transpired before that. And why is it fair that we pay for the entire scenario when we could only see that last part of it?
00:21:19
Speaker
I think you're absolutely right in the fact that there are, I call it unwitting accomplices across the scam lifecycle, right? So you have the telcos that allow the text messages to happen. And then you have the operating system, you know, Apple and Google that allow the apps to be there. And then you have the social media platforms that allow all the messaging to happen. And then, and then you have the banks and you as banks have limited visibility into the whole, you only have the bank systems.
00:21:48
Speaker
that you've been looking into to identify risk. And that collaboration that you mentioned earlier is really critical to combat this whole scampocalypse. And if we don't drive that collaboration,
00:22:01
Speaker
then we won't be able to stop the scams. And yes, banks will suffer if liability shifts happen. But I'm wondering if this will drive financial institutions. I just saw this in the UK. You mentioned the UK. The minute this regulation became serious, one of the banks, I believe it was TSB, was start finger-pointed Facebook for have or meta groups for having
00:22:25
Speaker
8 out of 10 scams coming from meta platforms. So instead of finger pointing, really, how do we drive this collaboration? Oh, geez. I wish I had an answer for that. I guess, awareness to some extent. And I know that there's so much conversation around customer awareness, and people think that's the silver bullet.
Fraud Prevention as Customer Protection
00:22:52
Speaker
Well, teach customers about scams and then they won't fall for one. And to your point, I let it before, the problem is when somebody's so involved in a scam, they don't think they're being scammed.
00:23:05
Speaker
So you could teach somebody about scams all the time, but that trust has built over so long with the, with the scammer that the bank is the bad guy that's trying to interdict, interdict. Yeah. And I know that that's a little bit off subject from, from your, your question, maybe because I don't know how to answer it, but, but, um, I think that there needs to be,
00:23:30
Speaker
And again, regulation is such a strong word and I don't want my name attached to it, but nonetheless, to your point, that is what drives change. Unfortunately, so be it. And again, if we're going to be the next UK, then I would hope that regulators understand before pointing their finger at the money movement that they could understand we need everybody at the table to A, determine
00:23:59
Speaker
the part everybody plays in scams, but also what is that liability percentage? And I know that there's been some significant work with Facebook, for example, or Meta, of taking down some large rings that on the outside are obvious, but on the inside, for whatever reason, data analytics doesn't pick up on it.
00:24:25
Speaker
But I think you did mention regulation. If regulation is in place or in discussion to mandate financial institutions, maybe this is a good opportunity to think cross-functional, to think how maybe have regulation drive this collaboration across industries.
00:24:44
Speaker
to do a better job. And again, going back to the UK, there was just recently an agreement between more than 10 large tech companies, including Meta and Google and many others to work together to combat scams. Now, I'm hearing opinions about that, that it's just marketing, that it's not real. We'll see. Because every one of these players has
00:25:09
Speaker
motivation not to collaborate with this, right? They're losing money on ads, they're losing money on users, all that. So that's the challenge here. But I think that's an opportunity for regulation to come and play and mandate taking care of consumers. Yeah, I completely agree. And then I also would
00:25:35
Speaker
hope that the opportunity would be for some advocacy groups, if you will, on the consumer side to understand a restraint on an account is not necessarily bad if you're preventing or if you're protecting that customer. And then on top of it, it's challenging if that customer doesn't know or doesn't believe, if you will, that they need protection. That's like that fine line of, well,
00:26:04
Speaker
you know, we're damned if we do, damned if we don't. And I mean, I know there was a bank in the headlines
Complexities in Fraud Detection Across Networks
00:26:10
Speaker
that had massive account closures for mule accounts. Kudos to them. But then at the same time, there was another bank in the headlines that had their hands slapped for restraining too many accounts. And it's just, again, that balance of
00:26:31
Speaker
how do we get regulators to understand the bigger scope of the problem and that the ways that we can prevent it are not necessarily disruptive to consumers, they're benefiting them. But again, that's very high level speaking. And I'm not saying that, I don't know the logistics of either side of those news stories. I'm sure there's more than what's written out there, but that's a challenge that I see or have seen
00:26:59
Speaker
not just where I am now, but in the past and hearing from other banks as well. It'd be nice to have a happy balance. I think one of the challenges, as I mentioned earlier, is when it comes to account takeover fraud or new account fraud and everything that you mentioned earlier with the clear cut
00:27:18
Speaker
infiltration that is easier to stop is when it comes to scams, you really do have limited visibility. So your ability to detect is really dependent on collaboration with the customer, asking them questions or really understanding their behavior or educating them. So I'm wondering,
00:27:38
Speaker
You know, what, what are the things that you guys are thinking about in order to work with customers to protect them? And at the end of the day, a customer puts their money in the bank to safeguard the money, right? How are you thinking about working with customers to empower them to protect themselves?
00:27:55
Speaker
your work as well, I mean, if there's maybe some other vendors out there, but I've, again, I've been very impressed, but there's ways that we could build technology into maybe our apps or even our website that allows us
00:28:13
Speaker
kind of insight to maybe more on the phone or the device beyond the app. Now of course then you have compliance, you have legal, you have privacy like boxes you have to check off left and right understandably so. But if we could
00:28:29
Speaker
as a bank or as any institution showcase hey you're getting some emails in that look like scams or hey here's a text message like don't answer that um like that not only
00:28:45
Speaker
Would help obviously like the bank as a customer, but I mean there's nothing to say that that you know if I bank at M&T for example that I don't also Bank of Chase or Bank of America or TV and perhaps like
00:29:02
Speaker
One app on my phone could prevent me from losing money from any of those institutions so that's like i feel as an industry we need to get better at collaborating in general and and i've said it before like on the authentication side but similarly like authentication should never be a competitive advantage and
00:29:21
Speaker
and scam technology and or scam awareness should never be a competitive advantage because fraud is the only industry I don't want to say only but relatively the only industry in a competitive business market that we are teamed against these same people so
00:29:40
Speaker
It's to save you. And just because I saved you from making that wire at M&T, that job isn't necessarily done as a human, that I'm not preventing you from making that wire now a chase. And because guess what? That wire is going to go to another country. And that's going to be, that's money laundering, possibly terrorist financing. Nonetheless, that- You want trafficking impact on the economy? Yeah.
00:30:08
Speaker
Exactly. And that's the bottom line. It's not, it's not that you're a, you're a bank A customer, bank B customer, that it's the fact that you as a human are not only losing money, which could cause you so much grief, mental anguish. I mean, I want to state the obvious, but we've all heard the horror stories of, of people that fall into depression after they fall through these scams. And in, but that monetary amount is also enriching
00:30:38
Speaker
threat actors beyond our country, that's what we should be focused on. And I wanted to ask you about the networks, right? In the U.S. there are different networks, like you mentioned EWS, the credit card issuers, they all have consortium data. I know there's a lot of discussion on information sharing across networks, but
00:31:03
Speaker
Do you think that when it comes to, and I know they play a role when it comes to fraud, do you think they have a role when it comes to online scams or they can contribute to the, you know, the war against online scams?
00:31:16
Speaker
I completely agree that they do. I mean, they're the ones that see the traffic. You know, kind of back to what I was referencing before where like I could see my traffic, I could see bank A traffic. I can't see the traffic that happens from bank A to bank B to bank C, whether that is Zell, whether that is MasterCard, whether that is Visa.
00:31:39
Speaker
um even in open banking with aggregators and and and plaid and yieldly like i feel that the people that could see the traffic from the troposphere if you will i am a weather geek so so high up again in the elevation the people that could see the traffic there have
00:31:58
Speaker
I don't want to say the most, but they have, they definitely have a chunk of responsibility in preventing, detecting, sharing that data. Now a lot of them, yes, do come to the banks that they offer their service and they advertise it as that consortium. And, you know, but it's, again, it's up to the bank to ingest and it's up to the bank to pay. And, and it's a little, you know, personal opinion. Um,
00:32:24
Speaker
Why do I have to pay to ingest the signals when you guys could just stop it? I'm very high level speaking, but you guys could just stop it. Yeah, it's like the right thing to do. Right, right. And then there's a lot of, like we talked about the Zelle changes.
00:32:47
Speaker
you know, it's it is a lot and white and scams are scenario. So, you know,
00:32:56
Speaker
Bank A said Bank B is a recipient of fraud funds.
Building Trust with Customers in Fraud Prevention
00:33:02
Speaker
Shame on you, Bank B. But then Bank B is like, well, wait a second. My account is also a victim of a scam they sent into Bank C. And even though they're band-aids to, I don't even say fixed a problem, they're band-aids to state that a problem is being addressed. I feel like we need a better solution than that.
00:33:27
Speaker
Yeah, I think that's definitely one of the things that's not getting a lot of attention in the conversation.
00:33:35
Speaker
We talk about who should bear the liability. Should it be banks? And is it the receiving bank or the sending bank? And let's look at the model in the UK. But I really feel that there's not a lot of conversation about who really has the pieces of the puzzle to complete this whole picture and really stop the masses, not stop case by case, but really stop the masses and be able to identify this.
00:34:00
Speaker
You know, we talked about a lot of challenges and I learned a lot from you today and really the nuances that it's a whole paradigm shift from classic fraud detection that is very clear cut. It's really easy to investigate and I'm wondering, you know, how much does that impact your team?
00:34:18
Speaker
or your teams in terms of the time it takes to investigate these very, very cumbersome cases. It's probably a lot more because it's not, you know, is the IP address different, is the location different, these device different or whatever changes that are very clear cut, but it's really, you know, deep dive investigation. Is this first party fraud? Is this a scam? All these questions that you have to ask, how does that change the analysis of
00:34:48
Speaker
of scams. Immensely because to your point
00:34:54
Speaker
I don't want to say before scams. Scams are always here, but like the shift was always kind of like focused on is this Jane Smith logging into her account? No. Okay. Let's focus on how to detect it's not right. And so to your point, it was very much stop at the front door. Now the focus and detection in general is at the transaction level. That's going to tell the story that that's the scam, not the login because the login is typically our customer. Again,
00:35:24
Speaker
Maybe we can get there with a front door scenario if we have some transparency into what happened prior to that login fine, but the shifting in in detection again goes from Front door to living room if you will and then
00:35:45
Speaker
you almost always have to have that conversation with a customer. And to get really granule how difficult it is, here we are talking about scams that are like, don't believe anybody that calls you pretending to be the bank. You know, I'm again, high level speaking. It's like, so, hey, there's a scam going on. It says, hey, I'm Karen. I'm calling from the fraud department. I just want to warn you that this is a fraudulent transaction. And guess what the exact conversation is? Like, hey, I'm Karen. I'm here to validate some activity on your account.
00:36:14
Speaker
And so even that's a challenge where we're telling customers on the education side of, you know, we're not going to call you. And again, we're saying we're not going to ask for your pin. We're not going to ask for your password. We're not going to ask for that. But typically, customers just resonate like, banks don't call me. Banks don't call me. And then we have that hurdle that says, no, it really is me. I am calling you.
00:36:35
Speaker
I know somebody probably called you before, said it was me, but now it's really me. So to your point, the investigation is extensively longer. Now, now there's even that conversation of, I mean, back to as you were saying before.
00:36:52
Speaker
Hey, hey, I let did you do that thousand-dollar zelle? Oh my god. I didn't think you did Let me fill out a claim, you know account table or now on the scam. It's like so I know you sent that money Can you tell me more about it? Who are you talking to? It's a very much longer conversation because first of all, you're trying to understand
00:37:11
Speaker
the order of operations, what happened for a couple of reasons. One, on the detection side in general, because maybe you can detect that from happening to the next customer, but also for understanding how to navigate the conversation for depending on how you answer it. So we end up essentially being therapists as well, because you don't want to come out like blazing saying, your life's not real, this person's not real. I know you've been
00:37:41
Speaker
married to them for three years, and who am I, but I promise you, you know, you have to navigate it to build that trust in that customer that they've already been built with the threat actor for so long, and you only have a short period of time to do it.
00:38:00
Speaker
Again, that's like a 50-50 sometimes if they believe you or not. Now, hopefully, out of that 50-50%, sometimes they hang up and they're very angry. And how dare you? How dare you defame my husband? How dare you defame my wife? How dare you call me that I fell victim for something? Because that's why scams are so underreported anyway. People are embarrassed, right? And so there's that fine line that hopefully out of 50% of that 50%, they call back and they're like, you know, I thought about it and you're right.
00:38:30
Speaker
And even just from my experience, even just a couple years ago, they were like, I sent 50,000. I sent all this. And people don't realize you become their therapist now.
00:38:46
Speaker
I'm not saying it in a bad way. I'm just saying it in a way of time. It's that operational overhead that now you have 10 people on the team that are reaching out to customers and trying to investigate, and they're fraud experts, and they're spending all this time navigating the conversation to get the customer to realize the truth, which is, as you said, psychology.
Future of Fraud Prevention: Collaboration and Strategies
00:39:09
Speaker
So half the team has to be a psychologist, maybe. It's really tricky.
00:39:15
Speaker
So it is very time now. I know a lot of banks have invested in like a scam group so that like they're literally fraud therapists.
00:39:25
Speaker
And that's actually a cool title. Maybe I should go, but you have a few, a few nice, uh, expressions here that we'll, we'll recap later. Yeah. That's trademark. Yeah. Um, but, but I don't think that's far off from what is needed from the way that we're going, you know, and that, and again, that's not about liability shifts. That's about being a human. Right.
00:39:49
Speaker
Thank you so much for sharing the complexities. I have one last question. I am now realizing how big of a shift it is to handle online scams. And it sounds like it's a really big change for maybe the last 15 years. We're all about new account fraud, account takeover fraud, and now it's a huge shift in everything. How do you feel we're doing and what are you hopeful about in this journey?
00:40:17
Speaker
I think we are doing pretty good. I'll say that because I've said this before, but as you referenced, we came from new account fraud, we came from account takeover, and here we are talking about when the customer is doing a transaction. But in any fraud shop, you can't stop looking at new account fraud, you can't stop looking at account takeover, you can't stop looking at check fraud.
00:40:37
Speaker
So I think as anti-fraud, we breed to be dynamic and because you can never stop looking at old fraud just doesn't go away, you need to continue to build down, right? And so I think as long as we have a passion for it and a passion for making the world a better place as I've said before, that's the whole full part that you need to have that mindset that it's not about widgets, it's about literally
00:41:05
Speaker
helping whoever's at the other point of the transaction. I mean, even with first party fraud, if you navigate a conversation, hopefully you could steer them on a better path. And that has happened in the past. I am pretty hopeful. I don't have silver bullets. Still working it out, but I think we're in a good spot. Karen, thank you so much for joining us today. It was a pleasure. I learned a ton. I'm sure our listeners as well. And I'm really happy that we finally did this.
00:41:34
Speaker
Like, but thank you so much. Thank you. This episode is brought to you by ScamRanger. ScamRanger enables you to empower your customers to protect themselves against online scams. Go to scamranger.ai to learn more.