BioCatch Blog Channel

Browse Topics

Scam-safe banking: Searching for clues in both victim and recipient behavior

Written by:

Ben O’Brien

Scam-safe banking: Searching for clues in both victim and recipient behavior featured image

In 2023, Australian banks, the government, technology partners, and many others worked together to reduce scam losses in the country by 13%. This is an incredible result of inter-bank and customer-industry collaboration that’s made Australia a more difficult target for scammers. And yet, retail-banking customers in the country still lost $2.4 billion to cybercriminals last year, according to Scamwatch. The recipients of that stolen money likely put it toward funding various forms of organized crime, such as call centers staffed by victims of human trafficking. 

To fight back, the Australian Banking Association (ABA) and the Customer Owned Banking Association (COBA) co-released the Scam-Safe Accord in November. Every member of both groups agreed to the accord, ensuring all Australian banks – regardless of their size – do their part to protect Australians from scams. 

A two-faced problem 

Every scam transaction has two sides: 

1.) The victim sends the money. 

2.) The criminal receives the money. 

But we can get even more specific. There are also two types of scam victims:  

1.) Those whose mid-scam behavior appears out-of-character and matches known criminal patterns. 

2.) Those whose behavior remains within expected patterns of everyday activity.  

Did you know you’re a tax evader? 

An example of the first category is a customer who receives a call from someone claiming to work for the Australian Taxation Office (ATO) asserting the soon-to-be victim has an overdue tax payment. The caller says if this payment is not made immediately, law enforcement will be sent to the victim’s address to take them into custody. This is enough to raise anyone’s blood pressure, no matter one’s confidence in their most recent tax return.  

Many times, the victim then logs into their device, panicked and rushed. They may even provide remote access to the caller. They’ll enter payment information from short-term memory, with frequent pauses as the caller dictates the recipient’s account information.   

The way they move their mouse or swipe their device’s touch screen will indicate nervousness and distraction. These changes in behavior are subtle and often go unnoticed. After more than a decade of monitoring scam activities globally, BioCatch has developed models to associate these subtle clues with known criminal patterns. All of this raises red flags for banks employing BioCatch’s behavioral biometric intelligence (which nine of the top 10 Australian financial institutions now do).  

You’ve got mail 

The other category is much more difficult to detect, both for the victim and their bank. Let’s take, for example, a small business owner who receives an emailed invoice asking for a regular payment to a supplier. The victim fires up their laptop, opens the invoice, and logs into their online banking service just like any other day.  

They calmly enter the payment details from the invoice. It’s a new bank account for this supplier, but it’s not uncommon for this business account to make payments to new accounts for large sums of money. The victim then completes the payment the same way they would complete any other payment. Their behavior is not unusual because this is not an unusual payment.   

What the victim doesn’t realize is that the supplier hasn’t actually moved their accounts to a new bank. The emailed invoice has been intercepted and altered. The money is paid to a criminal’s bank account, and it is not until the supplier contacts the victim, noting that they are in arrears, that the victim knows anything has gone wrong. 

The more things change… 

BioCatch has spent the last several years focusing on what banks can do to detect subtle changes in behavior that take place when a victim makes a payment as part of a scam. We’ve made great progress at detecting many scam types, but the unfortunate reality is that during certain scams (like the Business Email Compromise scam described above), user behavior does not deviate from regular patterns. In these instances – even if the bank speaks with the victim – they may not recognize any signs of fraud. The scam is that good. 

This leads us to the other side of the scam: the money mule. 

Mules gonna mule  

While not every scam-victim’s behavior changes, every scam payment is directed to a money mule account 

Scammers have a significant challenge when it comes to conducting their business, and unfortunately, it’s not necessarily the number of victims they can convince to make a payment. An equally challenging problem is finding a ready supply of bank accounts to receive the proceeds of their scams.  

As soon as scam victims reach out to their sending bank to tell them what happened, the sending back then contacts the receiving bank, which promptly shuts down the account that received the scam payment. This means money mules have a limited window of opportunity to use a bank account before it gets “burned.”  

As a result, we have historically seen money mules repeatedly open new accounts after established accounts are shut down. With the reduction of customer friction through the digitization of the account-opening process, money mules have been able to open accounts with sufficient ease that they can readily replace every burned account. There is risk with this approach that banks can identify when a new account is being opened online and intervene before a large payment is received. This has led money mules to consider a second strategy: using genuine, established accounts for money mule-ing.  

The perfect job doesn’t exist 

The optimal mule account is one that doesn’t look like a mule account. Many of us have received SMS or WhatsApp messages making promises of flexible work arrangements and easy cash. In reality, the only credential required for these “jobs” is often an established bank account owned by someone who doesn’t look like a criminal.  

Applicants are asked to receive funds into their bank account and then distribute those funds to another account under the guise of some legitimate business operation.   

Scam-safe

When a payment of $100,000 is made to a bank account opened five or more years ago and recently used to pay for groceries, electricity bills and Uber Eats, it appears much more legitimate than a brand-new account with only a few small transactions.  

This type of account is a gold mine for money launderers. It is a lot more work to convince this kind of mule victim to become their “employee,” but it’s worth it, as these accounts are best positioned to receive and then re-distribute large transactions from the proceeds of crime. 

Two heads are better than one 

In order to truly disrupt scams, we must be able to protect retail-banking customers whose behavior becomes erratic and out of the ordinary, while also protecting those consumers targeted by scams so pernicious that their victim’s heartrate barely budges when they make the payment.   

Australia’s Scam-Safe Accord asks its adhering banks to adopt an “Anti-Scams Strategy.” At BioCatch, we believe financial institutions must ground this strategy in concepts identifying both unusual behaviors of the victim and a specific risk analysis of the receiving bank account. The good news is that BioCatch can help identify risky victim behavior as well as the behavior of criminals operating mule accounts. Tackling both sides of the payment means we can protect victims regardless of the scam type.   

How low can we go? 

There are many important lessons that can be learned from how Australia has begun to turn the tide on scam losses.  

1.) Teamwork makes the dream work: A “Team Australia” approach means that instead of moving the problem between banks, the criminal ecosystem is disrupted at a country-wide level. 

2.) Fight fire with fire: We know that criminals are using artificial intelligence to plan and execute their operations. In order to stay ahead, banks need to deploy technology that can learn from and respond to evolving threats in real time.

3.) Better customer experience, better criminal experience: Introduction of real-time payments and online applications have made banking quicker and easier for genuine customers and criminals alike. Targeted friction in the form of payment holds or calibrated warnings during the payment flow are critical. Understanding which customers are at risk allows for friction to be presented only where required and avoid desensitizing customers to this messaging. 

We know that fraud and scams can never be truly stopped, but as an industry we have an opportunity to continue to make a tremendous dent in the suffering inflicted by this crime in Australia.  

Over the next several years, we have the opportunity, the capability and indeed the duty to reduce scam losses to well below their pre-pandemic levels and move Australia from one of the most attractive targets for scammers to one of the least.  

As an innovator in the fight against fraud, financial crime, and scams, BioCatch will continue to analyze human behavior to find the subtle hints of coercion or criminal activity and partner with banks in Australia, and around the world, to do its part in achieving these goals. 

Recent Posts

Como um Fraud Fighter (quase) foi vítima de golpe Behavioral Biometrics
May 15, 2024 Como um Fraud Fighter (quase) foi vítima de golpe
Read article
Swedish Government and Banker’s Association Announce Plans to Stop Scams Fraud Prevention
May 14, 2024 Swedish Government and Banker’s Association Announce Plans to Stop Scams
Read article
Understanding and Addressing the Emotional Impact of Financial Fraud Fraud
May 14, 2024 Understanding and Addressing the Emotional Impact of Financial Fraud
Read article