As I’ve previously blogged, the state of scams in Sweden has been a hot topic in the media over the past few months, not least due to a show on Swedish SVT where an investigative journalist followed a criminal gang who used social engineering to convince elderly people to transfer their savings through a hybrid smishing and vishing campaign.
Within days, the Prime Minister summoned banks, police and others to a meeting to discuss this growing problem, and urged the banks to take action.
Fast forward 3 months, and the government reconvened May 13 where the Banker’s Association presented their plan to tackle social engineering fraud.
The plan includes giving customers the ability to choose their own transaction limit, and a proposal to provide the ability for a second (trusted) person to be required for payment approval was also made. While details are scarce, slowing down transactions was also discussed as one of the measures the banks intend to introduce.
These measures will be implemented over roughly the next year.
This seems a positive first step towards tackling a problem that has a huge financial as well as emotional impact. It’s great to see that banks have been able to put together such an action plan in a relatively short space of time, and I’m sure there will be other measures included in the plan which for obvious reasons weren’t shared with the public (including - no doubt - the scammers) watching the press conference.
Banks will of course need to educate their customers on how to make these changes to their accounts in a simple way to ensure those who are less tech-savvy will be able to protect themselves.
To make further progress on this problem we also need to see a greater level of data sharing – Again, another point that was mentioned during the press conference, and I’m eager to know how this will be operationalised. As we say often at BioCatch: Bad guys share information and best practices to commit financial crime, so we good guys need to do the same to stop them.
Another factor that banks should add to their armoury is their ability to use data based on customer interactions during payment flows. Being able to detect when a customer is under stress, or is being coached through a payment flow (just as we saw in the documentary) is a powerful way to intervene before any money is transferred – Keeping both banks and consumers safe. We’ve seen this approach being taken in other countries, who are now bucking the trend of escalating scam losses and actually seeing a reduction.
We’re approaching a turning point where over the next few years regulation will require banks to refund customers where the scammer impersonates their bank, and at the same time will be required to process payments within 10 seconds – In stark contrast to the latest idea to slow payments down to a day or more.
Just as fraud evolves, so must the banks. Everyone working in fraud already knows that no two days are the same, and I see a period of dramatic change over the coming years – for the sake of Swedish society, hopefully for the better!
