There’s a growing consensus among organizations as diverse as financial institutions, consumer advocacy groups, and card networks that scams are out of control. And yet, the U.S. still lacks a consistent framework to identify, categorize, and address this spiraling threat.
In the Getting Personal With Scams report, Suzanne Sando, Senior Fraud and Security Analyst at Javelin Strategy & Research, detailed how the many methods criminals use to perpetrate scams demand a more holistic solution for identifying and sharing threat intelligence.
A Damaging Threat
Scams peaked during the pandemic as more consumers engaged on social media and shopped online. While there has been a slowdown with the return to brick-and-mortar stores and increased face-to-face communication, scams remain a significant threat.
Although the total number of scams may have declined, the number of scam victims surpasses those affected by other types of fraud. For example, in 2023, there were 15 million traditional identity fraud victims in the U.S., according to Javelin. In comparison, 24.1 million people fell victim to scams last year.
The prevalence of scams has even begun to impact consumer shopping patterns. Some victims have shied away from purchasing items online, and many have closed accounts entirely. Some consumers have stopped using digital banking services. While individuals must take steps to protect themselves from scams, completely withdrawing from the digital world is an ineffective strategy.
Many consumers are taking these actions because they believe their governments, financial institutions, and businesses aren’t doing enough to reduce this threat. According to Javelin, scam mitigation efforts vary by country, and the U.S. has plenty of room to improve in this area.
“We’re just not doing enough,” Sando said. “Financial institutions are not required to reimburse scam victims, and there are a lot of other international economies that have regulations to do so. I’m not saying that’s the way it should be—I don’t think we are going to get to a point in the United States where scam reimbursement happens anytime soon—but it doesn’t mean there aren’t things that we can do to at least tackle the problem better.”
Standardizing the Nomenclature
One of the biggest issues in the U.S. is the lack of a comprehensive system to categorize and log scams and bad actors. The Javelin report identified over 16 categories of scams, yet it was still not an exhaustive list. Criminals exploit any method of communication to reach their victims and leverage all available technology and tactics to accomplish their goals.
Because scams take so many forms, different organizations may use varying names for the same scheme. Even within the financial industry, one institution might categorize a scam differently than another. Without standardized nomenclature, understanding the full scope of the problem becomes extremely difficult.
The issue is exacerbated because there is no overarching system to track scams.
“You may have a consumer who became a victim of a scam that might report it to the FTC, or to their financial institution, or to law enforcement,” Sando said. “They might even go to the IC3 Internet Crime Complaint Center. But none of those systems will talk to each other, so we’ve got this skewed idea of what’s happening within the realm of scams.”
There have been efforts to standardize scam documentation, such as the ScamClassifier Model that was recently released by the U.S. Federal Reserve. Based on the Fed’s FraudClassifier system launched five years ago, ScamClassifer is a voluntary framework designed to serve as a central hub for documenting attempted and successful scams, threat actors, and fraud trends.
A more structured approach to scam documentation helps organizations understand the trends affecting their institution and customers. This, in turn, allows them to allocate fraud and scam detection budgets more effectively, focusing on the most relevant threats.
“The idea is how do we get to a point where we can at least be united to fight scams,” Sando said. “A lot of those problems come down to how you’re categorizing it. If you don’t have a handle on what’s going on in your own backyard, you can’t fight the problem.”
Keeping the Cards Close
One of the challenges with systems like the ScamClassifier model is they are voluntary. Even if organization does utilize it, many are reluctant to share this data with others, especially if it could include proprietary information. Financial institutions, in particular, have been hesitant to communicate with competitors.
However, better communication is the key to fighting a growing problem that can irreparably damage the relationship between an institution and its customers.
“At the very least, have your own organized way of tracking scams,” Sando said. “But sharing the information is just as important. You have to know what’s going on within your own neighborhood to fight the crime. And how can you do that if you’re keeping your cards so close to your chest?”
Framing the Problem
Once banks and credit unions become more informed about scam trends, they can better educate their customers and members. Understanding these trends also helps financial institutions implement technologies that can mitigate the issue.
For example, many organizations don’t have real-time scam detection. Especially when consumers aren’t reimbursed for falling victim to a scam, financial institutions should have measures in place to prevent fraudulent transactions from settling.
While there are clear actions organizations can take, criminals still have a head start. This makes it critical to take proactive steps to combat scams now.
“With this report, it’s just framing the problem,” Sando said. “There’s not even a huge solution, because we are still at this point in the U.S. where we haven’t done anything to fix this problem—and that’s the problem.”
