A consumer receives a text about an unpaid toll bill demanding immediate payment—only they haven’t driven on a toll road recently. A homeowner locked out of their house calls a locksmith, only to discover the business listing on Google Maps was fake, and they have been redirected to a criminal trying to manipulate them into sending funds.
These scams are alarmingly common, with new tactics emerging every day. Yet despite the persistence and damage caused by these threats, many financial services companies still fail to allocate sufficient budget to protecting themselves and their customers.
In the Battle of the Budget: Prioritizing Scam Classification for Future Cost Savings report, Suzanne Sando, Senior Fraud and Security Analyst at Javelin Strategy & Research, examined the scam identification and prevention tools available to financial institutions—and the growing urgency of dedicating more resources to the fight against fraud.
Altering the Priority List
Though most financial institutions often notify their customers about emerging scam types, there have not been as quick to invest in the technology needed to mitigate them.
“A huge issue as far as budgets go—whether the funds are there or not—there’s always something flashier to spend the budget on,” Sando said. “This goes for any organization. So many are going to spend their money on enhancements that will improve the user experience and keep them competitive in the market, or things that might handle regulatory issues that come up. As these things crop up, the priority list changes.”
Unfortunately, initiatives to reduce scams are frequently delayed. This means that while institutions may want their customers to be informed, scam prevention often isn’t a high budgetary priority for many banks and credit unions.
“It’s all over the place,” Sando said. “We all get emails constantly, saying, ‘This is your bank, Suzanne, and these are the common scam types. This is your financial advisor coming to you live with all the scam types we’re hearing. This is Amazon, here are the scam types.’ It’s obviously a huge, persistent issue, but what are we going to do about it?”
Revisiting the Budget
One reason it can be difficult to combat scams is the lack of a consistent system for categorizing and documenting scam types. Criminals use a variety of increasingly sophisticated methods to reach and manipulate their targets.
Because scams take many forms, there’s little standardization in how they’re categorized—varying not just from one organization to another, but sometimes even within the same institution.
The first step toward understanding how to allocate budgets appropriately to address scams is standardizing documentation. To that end, the U.S. Federal Reserve recently released its ScamClassifier model, an offshoot of the FraudClassifier system launched five years ago.
ScamClassifer is a free system designed to help financial institutions track and monitor attempted and successful fraud attacks, threat actors, and emerging fraud trends.
A more organized view of the scams organizations face could help them more effectively allocate budgets for fraud and scam detection. However, even though ScamClassifier has been available for over a year, many banks remain unaware of it—or uninterested in adopting the model.
“The framework is free, but you’re going to spend all this money for your developers to do the integration into your existing system,” Sando said. “You are going to have to spend money on analyzing these huge back-end legacy code systems. That is not an easy task when you have millions of lines of code, where even if you make one change, you might have to change, test, and redeploy 20 to 30 programs.”
The effort and potential costs of implementing these scam documentation systems can be daunting, but the benefits are substantial.
“It seems like the payoff isn’t there to implement something like the ScamClassifier model because you think: I’m going to spend all this money, and for what?” Sando said. “Well, to figure out how much you’re losing on scams. In my mind, once you know what you’re up against, then you can revisit your budget.”
Using Data Effectively
Aside from ScamClassifer, there are other technologies that financial institutions should consider. Real-time scam detection is becoming more critical, as once a payment is authorized, it’s often too late to intervene.
Effective real-time detection typically relies on predictive AI that can flag suspicious activity using existing signals, such as account behavior and transaction history. AI can also streamline processing for organization, minimizing friction for consumers.
Beyond real-time detection, financial institutions should also make better use of the troves of data they already have at their disposal.
“I had a purchase that was blocked by my bank, and I got a fraud alert, and it was me making the purchase,” Sando said. “I was buying parking for a concert at Soldier Field at the exact same parking facility I have purchased parking three times in the recent past. I wasn’t even doing it at a weird time, and they blocked it.”
“Part of me is thinking, you’re collecting all this data and for what?” she said. “Are you even using it? Hopefully, we’re getting to a point where financial institutions are getting the right technology in place that is going to effectively use that data, so they’re not blocking transactions that should go through and they’re catching the ones that are suspicious. But I think we’re still behind the game on that one.”
A Grand and Sweeping Statement
The financial institutions that haven’t invested in these technologies could be in tremendous jeopardy if there is a spike in scams targeting their customers or institutions. They may be forced to continuously divert resources toward fraud and scam prevention, making it hard stay afloat.
For these reasons, it is critical that institutions reevaluate their budgets.
“Long story short, financial institutions are not budgeting appropriately,” Sando said. “That is a grand and sweeping statement, and there are certainly institutions out there that are making the right investments. There is always going to be something flashier and more exciting to spend your money on, but scams have got to be a priority—plain and simple.”
