Recently, many of the more technically advanced financial institutions have worked to develop anomaly detection capabilities to detect financial scams (authorized transactions initiated by the real customer). These scams are inherently difficult to detect as it is the real customer doing the transaction. Legacy controls, such as known IP address, device fingerprint, and mobile phone location, all indicate that the real customer is doing the transaction.

Some financial institutions, working with vendors, have developed effective solutions to detect these scam transactions. So, half the battle is won with scam transaction alerts that have a decent false positive ratio. Now the financial institution must decide what to do next to turn the alert into a confirmed scam case or get the customer on their own to stop the transaction. A payment not sent is a scam loss prevented.

Let’s look at the bank customer as part of the next step.

Recently, I spent some time talking with Dr. Tim McGuinness, Director of Society of Citizens Against Relationship Scams, Inc. (SCARS), and Debby Montgomery Johnson, also a Director of SCARS and a former scam victim herself. Dr. McGuinness has spent time analyzing the emotional manipulation of scam victims covering the range of short-con scams, such as the Zelle bank impersonation and the grandparent scam, to the long-con scams of romance and investment scams. These are categorized as relationship scams. The key point is a “trust” relationship is created between the fraudster and victim (but more so in a romance scam or a bank impersonation scam than with a government imposter scam).

On the short-con scams, the fraudster induces fear (e.g. “Your granddaughter caused a car accident”) to get the victim to initiate a transaction. On the long-con, the fraudster works to develop emotional rapport that induces the person to change some of their key beliefs, such as meaning and purpose, identity and belonging, and emotional significance. In essence, the fraudster is controlling the victim. So, when the bank reaches out to the customer, the customer is in a difficult mental condition.

The Important Role of the Fraud Analyst in Combatting Scams

The fraud analyst has quite a challenge to overcome because banks have been telling customers to watch out for someone calling or texting them and claiming to be from the bank. Now, someone is calling or texting them claiming to be from the bank. So, what should the fraud analyst do to reach out to a customer to discuss an alert?

Dr. McGuinness and Johnson suggest the bank send an email message (and/or a text message) to the customer with suggested language such as: “There is a problem with your bank account. Please reach out to the bank by calling the phone number listed on the bank’s website or log in to your online account and read the secure message we sent you.” They also recommend that there should be no mention of anything about a possible scam in the email/text message. The online secure message should contain the fraud department’s phone number, and the fraud analyst would have added a comment to the customer’s account.

When the customer reaches the fraud analyst, Dr. McGuinness notes that how the fraud analyst talks to the customer is so critical. Think of this as an intervention with the customer, and if it is a real scam, to convince them not to do the transaction. So instead of coming right out and saying, “We think you are possibly being scammed,” Dr. McGuinness suggests taking a softer approach by using language such as, “We noticed you are doing things differently” or “We have some concerns about recent activity in your account.”

Don’t be too fast to confront the customer. You could turn them off, and they shut you down. The whole goal is to be non-judgmental, get them to provide information about the transaction, and help them see these transactions are a problem. Ask the customer to explain the transaction and explain who is receiving the transaction (the actual mechanics of the transaction). If the customer starts to talk about a romance relationship, ask if they have a photo of their boyfriend/girlfriend they can send. Explain your concern and do a reverse image scan to see how often this image is on the internet. This could help convince them of a romance scam. (While this might sound aggressive, some top global banks are already doing this. Santander has created a Break the Spell team to deal specifically with the issue of romance scams).

According to Dr. McGuinness and Johnson, it would be helpful if the fraud analyst can convince the customer to come into the local branch. If they are willing to do this, the Branch Manager can meet with the customer, and the fraud analyst could join on a video Zoom call. Dr. McGuiness said the fraud analyst would be a ‘second voice of authority’ and could be quite effective. Also, if the customer sent a photo of their boyfriend/girlfriend, the fraud analyst could show the results of the reverse image search on the screen. Potentially very convincing.

Drawing on her experiences as a scam victim, Johnson stated that if she had been asked to come into the branch, she probably would have come in.

Dr. McGuinness and Johnson both agree this approach only works if fraud analysts are properly trained to, in effect, do an intervention with the customer/possible victim. This requires three key skills:

• How to interview
• How to interrogate (in a positive way)
• How to detect deception

The Last Resort to Break a Scammer’s Influence

Dr. McGuiness offered another suggestion to help break the scammer influence. Explain to the customer that if this is fraud, it could mean a violation of federal law involving financing terrorism, funding a criminal organization, and other Anti-Money Laundering offenses. Then ask the customer to sign a document certifying they are not violating these possible criminal offenses.

Johnson, who formerly served in the U.S. military, said she would have most definitely paused before signing such a document because she would not want to knowingly finance terrorism or other crimes. In asking Johnson if it was essential to have the customer sign such a form, she responded, “Definitely yes!”

This approach could be viewed as strong action, but the reality is financial institutions need to come up with some way to help the victim realize they are being scammed BEFORE they are forced to release the payment/funds.

Dr. McGuinness also suggested a financial institution could put a hold on the transaction, perhaps overnight and subject to banking regulations on holds for suspected fraud or AML. Such a delay could also give the customer time to rethink what the bank is saying. This approach will work better on a short-con.

In closing, Johnson stated, “Always treat the customer with respect and show concern for them.”

The SCARS Mission

The SCARS organization serves two primary goals:

• Save lives (as some scam victims will commit suicide). In the UK, Action Fraud reports receiving over 300 calls a year from victims at risk of suicide.
• Prevent the scam victim from becoming a victim more than once. Dr. McGuinness notes the average victim will be scammed 4 1/2 times.

These two goals help create a vivid picture of what scam victims go through and why it is important for financial institutions to effectively train their staff on how to work with potential victims and help stop the payment transactions before the damage is done to the customer.

Stay tuned for the second part of this blog series which will focus on what some banks do after they get alerted to a potential scam and suggestions from Dr. McGuinness on customer education.