A trio of BioCatch fraud fighters got together to unpack what other geographies might learn from Australia, where National Australia Bank Limited (NAB, a BioCatch customer and BioCatch Trust™ founding member) recently announced it prevented nearly $50 million in scam payments in just two months.

In the U.S. and Canada:

Seth Ruden

If you can remember back to 2015, you might have a bit of a moment in terms of where we were and what was happening in the rest of the world. This was the year to which Marty and Doc traveled in Back to the Future II. We were told we’d have hoverboards, a Cubs World Series victory (which, to be fair, did come to fruition in 2016), and flying cars. There was profound disappointment when none of that materialized.

Three things I recall did happen (let’s keep it light): My favorite TV show, TopGear, was suspended (for valid reasons), Windows 10 came out, and the United States finally adopted EMV standard for cards, making chips a regular thing in wallets and heralding the end of wide-scale counterfeiting. Card-present fraud didn’t immediately go away, of course. It just started to fizzle out of areas no longer available for exploitation. Brands that were slow to adopt this technology became abused in the residual opportunities that remained. I had a very active business consulting for these brands in the winddown of this era, and today, I had a feeling that was very 2015 again.

One of the problems in the U.S. is that we’re typically quite late to the fraud deterrence party, for myriad reasons, and by the time EMV came around to our shores, we were essentially the last ones to accept the standard (our FOMO was just absent, by the way). By contrast, Australia has always seen fraud and financial crime as an area of priority in mitigation. NAB’s recent announcement provides yet another proof point that it’s not only leading the pack but also extending its lead on the fraud problems of today, notably innovating in prevention of authorized payment scams. Good on them.

When NAB recognizes a payment as “out of character” (deviating from the user’s historical behavioral patterns), the bank sends the consumer an alert warning them about the suspected scam. This has led to a new metric (take a note, please) for “Scam Abandonment Rate,” which is, I assume, the aggregate loss avoidance when a customer who would have sent a payment, has that payment delayed due to a scam detection control, and does not initiate the payment again. This is a beautiful evolution and one that has resulted from a culture that’s very favorably bent the trajectory of scam losses nationally, reducing them by more than 13% since they peaked in 2022.

The cat is out of the bag. Scams are receiving a lot of attention in other regions also seeking significant change—Canada being one of them. We recently published a white paper on this subject. I’ve seen Canadian institutions take a great interest in what’s occurring Down Under. Forward-looking institutions are already looking to duplicate the Aussie playbook.

Here in the U.S., it’s 2013 again. And, again, we’ll need to wait until most consumers are impacted by major retailer card breaches before anyone blinks and recognizes we’re in a hole and need to start drinking the Aussie Kool-Aid.

In Latin America:

Edrick Lambrano

As it is everywhere in the world, fraud is a growing challenge in Latin America, targeting millions of unsuspecting individuals on daily basis. Real-time transaction alerts, like those utilized by NAB in Australia, have the potential to revolutionize how LATAM combats this growing and evolving threat.

Already, a large Mexican bank drastically reduced its fraud losses by deploying our social engineering scam (SES) solution to create strategic rules that send users real-time warnings. These alerts not only build trust but also strengthen the region’s financial ecosystem by reducing losses.

The alerts are straightforward but incredibly effective. When unusual activity is detected (transactions linked to investment and/or romance scams, for example), customers receive an immediate notification urging them to double check both that they know for certain to whom they’re sending their money and that they trust this person. This simple but effective pause often leads to customers recognizing the scam and cancelling the transaction.

LATAM banks cannot afford to wait to adopt these real-time transaction alerts, but they shouldn’t stop there. The next evolution in this strategy is the sharing of intelligence between competing financial institutions – as NAB does with Australia and New Zealand Banking Group (ANZ), Commonwealth Bank of Australia (CBA), Suncorp Bank (Norfina Limited), and Westpac. A network of banks sharing intel gives visibility into the trustworthiness of both sending and receiving accounts, further improving the accuracy of and fraud losses prevented by real-time alerts.

In the UK and across Europe:

Jonathan Frost

When it comes to Authorised Push Payment (APP) fraud, the UK is often held up as leading the way, with split liability and clear reporting creating fresh incentives for payment service providers (PSPs) to deal with financial crime.

“No one remembers the second man on the moon,” or do they? While most can recall Neil Armstrong, there are also plenty of people who also remember Armstrong was joined minutes later on the lunar surface by Buzz Aldrin.

In many ways, Australia is the Buzz Aldrin of APP fraud, with its government, regulators, and financial service sector all focusing on prevention. The merits of the Australian approach over that of the UK’s isn’t the focus of this blog, and in fairness to both countries the outcomes will speak for themselves. On the face of it, Australia appears to have turned a corner, with losses from reported fraud (via the ACCC) falling by a little more than 13% between 2022 and 2023. More recently, a report from BDO commissioned by Westpac found scam losses in Australia declined by more than 50% from June of 2023 to June of 2024.

That decline comes amidst a continued increase in attempts, with reports of fraud in Australia rising by 18.5%. By comparison, if we combine police and industry statistics, the UK saw a 9% spike in reported fraud and a 12% reduction in APP fraud losses, in 2023.

In December of that year, the UK’s Payment Service Provider (PSR) issued guidance to PSPs concerning “The Consumer Standard of Caution,” crucially outlining what PSPs might reasonably expect of consumers.

Front and center in the battle against APP fraud was an expectation that consumers would “have regard to interventions” or warnings. The PSR also threw down the gauntlet by stating that such warnings should be “consumer-, scam-, and transaction-specific” and that they “should not consist of ‘boilerplate’ written warnings.”

The implications for PSPs were also spelled out when the PSR asserted: “Providers should not refuse reimbursement claims on the basis that a consumer received vague, non-specific written warnings, or warnings that routinely accompany most or all transactions of a similar type.”

While the UK’s PSR is tracking three key metrics for 14 of the UK’s largest banking groups (reimbursement levels, the value and volume of APP scams that they send, and which payment accounts receive those funds), the industry currently does not track the volume or value of APP fraud prevented.

“Prevention is better than cure” is a much-used adage, but there are few who’d disagree with the premise that prevention is the best possible outcome. Regardless of your position on reimbursement, it is undoubtedly the case that APP losses create misery for customers, encourage customer churn, and drive-up operational costs.

Returning to our moon analogy, it’s interesting that while Buzz (Australia) is having success in aggregate-dollar-loss terms, individual banks are innovating. In the case of NAB and its real-time payment alerts, it appears to have innovated in a manner that keeps with the expectations of the UK’s PSR: “That intervention must offer a clear assessment of the probability that an intended payment is an APP scam payment.”

PSD3 will bring limited APP reimbursement to the Single Europe Payments Area (SEPA) at a time when instant payments are accelerating and, by late 2025, euro-denominated instant payments will have been introduced throughout the eurozone.

The experience of the UK and determined efforts of Australian banks such as NAB demonstrate the art of the possible. More importantly, NAB has also demonstrated that acting swiftly and decisively makes good business sense.