One of the pain points that financial institutions continue to struggle with is what to do about scam phone calls (vishing) and text messages (smishing). In these scenarios, a fraudster initiates a call or text to the customer, and as a result, the customer undertakes a financial action that causes the loss of money. According to the Wall Street Journal, “A study published last month by the Federal Trade Commission found that 24% of adults over age 60 who reported losing money to a scam in 2021 said it started with a phone call— the largest percentage of any method, including email, text, and mail. For victims 80 and older, phone calls were behind 40% of scams.” And we know that most Zelle scams start with bogus text messages.
What will make these scam phone calls and text messages even more effective will be the use of AI by fraudsters. In the past few months, there has been much discussion of ChatGPT and how it can create very effective phrases and even marketing documents and college papers in English or other languages. This type of AI will create very believable scam phone calls and text messages. It can even re-create a person’s voice with only 3-5 seconds of the real person speaking. So, think of the grandparent scam or the BEC voice call. It will all sound quite believable. So, a fraudster in Nigeria or Russia can quickly create scripts in English, French, Portuguese, or Spanish to enhance the effectiveness of their messages.
The sad part of these financial telco scams is that oftentimes, the customer will not get reimbursed by their financial institution because the fraudulent transaction is one “authorized” by the customer because of trickery.
For the most part, financial institutions view these phone calls and text messages as a problem that is outside of their control. Maybe all they can do is educate their customers. But the reality is the industry can start to take some actions. There are efforts underway in the U.S. by the Federal Communications Commission (FCC) and the mobile carriers. US Telecom I The Broadband Association runs a Traceback service (The Industry Traceback Group) that goes to the source point of the call to stop vishing/robocalls from being initiated. The CTIA, representing the US wireless communications industry, has started a secure messaging initiative to help block scam messages. The CTIA also has a list of mobile apps that are available to help customers block spam calls.
There are efforts underway in other countries as well. In the UK, Ofcom has initiated rules where phone companies will be required to identify and block ‘spoofed’ calls, where feasible. In Finland, the Finnish Transport and Communication Agency (Trafcom) is looking for ways to block spoofed calls, especially international spoofed calls. In Australia, the introduction of the Reducing Scams Call Code 2020 has resulted in nearly 550 million blocked scam calls since its introduction.
There are also telco vendors coming up with solutions. Several vendors offer mobile carriers firewall protections that leverage AI to block smishing text messages. Other vendors are helping legitimate companies sign their text messages and phone calls so these can be easily identified as legitimate by the customer. Mobile carriers have an incentive to also solve this problem, as they make significant revenue from delivering marketing/security calls/messages to their customers.
With all of these activities occurring, my point is that with spam calls and text messages being a real pain point for consumers, financial institutions have an opportunity to become involved in working with their trade associations or cybersecurity groups to help shape these solutions. By working collaboratively with the telco ecosystem, financial institutions can make a direct impact in minimizing fraud due to scam calls and text messages. Educating customers with actionable information is still important as well. Here is a three-step education process to share with consumers:
1. Add friends, family, and key service providers (e.g., doctor and dentist) phone numbers into your contact list on your mobile phone.
2. Never answer a phone call from a phone number you do not recognize. Just let it go to voicemail. There you can listen to the message. If it is from someone that claims to be from your bank, call them back from a phone number you have on file, the number that appears on the back of your credit card or on the bank’s website.
3. Never respond to a text message from a phone number or short code you do not recognize. Especially a message that appears to be sent in error (e.g., thanks for a great weekend or I enjoyed seeing you at the charity event on Saturday). These messages are just trying to start a false dialogue. If it appears to be from a bank (e.g. Did you just send a $2,000 Zelle transaction?), follow the instruction in step 2.
I will leave you with one final thought. Some of the most difficult problems to solve today can be best described as “What is impossible to do, but if it could be done, would fundamentally change ____.” You can fill in the blank. A real-world example involves helping victims of investment scams called ‘pig butchering.’ Deputy District Attorney Erin West, in the California Santa Clara County District Attorney’s Office, was getting frustrated in tracking down criminals using crypto as the payment rail. The criminals were mainly located overseas. But then she said if she can’t arrest the crook, what is the second best thing for the victim—get the money back. But most of it was crypto on the blockchain/mixers, etc. The consensus was that it would be impossible to recover crypto payments. But her persistence paid off, and she is helping to recover crypto assets for victims. She now trains other law enforcement staff around the U.S. on how to do this.
Imagine the mountains that could be moved by applying this same mindset and persistence to solving the problem of scam phone calls and text messages. Who is on board?