Janine Starks’ Post

Ironically I’m finding genuine OTP messages are being reported back to me that the client thought it was fraud or a scam message, when we’re using our company name in the messaging and have talked to the client about what to expect… The lack of understanding by the public, and the mixed messaging on what is or is not an issue is also part of the problem here. We instigated OTP as an additional 2FA to help manage possible e-mail account compromise and the resulting experience from clients has been eye-opening. Thankfully, we are talking document-level transactions and not banking or money transactions, what I’ve seen would be horrifying to manage at a banking level. Part of the problem is all of “this” (finance, banking, technology) is seen by the general public as too hard for them to understand. That preconceived attitude people have coming into this is putting up barriers before people even get started on understanding things. It's not complicated, people need to: * slow down * stop and read messages * think about what they are doing. * And make sure the dots join up correctly. If they don't, then they need to ask more questions. As Einstein said, if you can't explain it simply you don't understand it well enough.

Andrew Bayly will be pleased to see this image of an Ostrich from Westpac New Zealand. Westpac New Zealand says “This is Olly. Don’t be like him” Olly Ostrich is obviously a cartoon representation of our banking industry and Westpac’s scam workshop is about to pull their head out of the sand and take ownership of bank-enabled fraud. Here’s what victims hope will be on the agenda: 1️⃣ Investment fraud: 💰Confirmation of Payee: fast track roll-out 💰 A commitment to add EFD capability (Enhanced Fraud Data) 💰A commitment to read FMA warnings and combine into algorithms to monitor payments. 💰A commitment to implement a register of legitimate payment accounts that accept money for investments. 💰A commitment to ask what the purpose of a payment is and block investments not going to verified financial services providers. 💰Acknowledgement inferior bank security has made the NZ payments system the direct target of criminals, causing life changing losses, which need to be repaid. 2️⃣ Mules, smurfs, laundering: 💰 Acknowledgement that onboarding processes are too weak. 💰A commitment by payee banks to provide a duty of care to the victims of crime and freeze accounts. 💰A commitment to use the discretion provided in privacy law to stop a crime. 3️⃣ Phishing and bank impersonation fraud: 💰Acknowledgement that phished bank codes are due to inferior bank processes. 💰Text delivery of a payment code is insecure and banks commit to implement in-app solutions. 💰Bank text messages will now warn customers never to give a code to anyone, including their own staff. 💰Phishing of customer numbers and bank passwords has been inflamed by banks allowing companies like POLi to ask for these details. 💰A promise to stop the conduct of low-ball offers to customers who have been defrauded due to inferior bank processes. 💰Implementation of call-check where banking app confirms you are on the phone to your real bank. 💰Implementation of 159 (call to connect to bank). 4️⃣ Invoice scams: 💰Repayment of losses due to no Confirmation of Payee 5️⃣ Online shopping scams: 💰Chargeback education 6️⃣ Romance scams: 💰More monitoring of outward payments with pop up warnings, payments stopped and staff training to intercept. The Westpac financial and policing team are holding scam workshops. Ostriches at ANZ, ASB Bank,, Kiwibank and Bank of New Zealand will join Westpac in these commitments. Victims of financial crime are looking forward to some introspection and acknowledgement that banks, not customers hold the vast majority of the answers to the prevention of crime in New Zealand. Catherine McGrath Antonia Watson Vittoria Shortt Dan Huggins Steve Jurkovich FMA Nicola Sladden Reserve Bank of New Zealand Samantha Barrass Roger Beaumont #fraudprevention #scam Netsafe New Zealand Brent Carey CERT NZ Andrew Bayly #fintech Ministry of Business, Innovation and Employment #fintech

Kudos to JPMorganChase for holding consumers accountable for First Party Fraud. Scams like this cost our financial system $100 billion annually in the US alone. With shifting liabilities in APP fraud away from consumers to banks, payment processors and others, the problem of FPF will continue to grow. Unfortunately, there is not enough stigma attached with committing this fraud and consumers who perpetrate FPF don’t feel they are committing fraud (in this case the fraud even became a popular TikTok topic). Socure did an interesting study last year on FPF and found that: - 35% of Americans admit they’ve engaged in some form of first-party fraud at least once, with 10% admitting they have engaged in several different types of first-party fraud. - The most commonly admitted type of first-party fraud – 22% of surveyed Americans – is requesting a refund on an online purchase even when the item was received, followed closely by choosing not to pay off credit card bills indefinitely (21%), and disputing legitimate financial transactions (20%). - Nearly a third of Gen Z respondents (30%) have made a purchase through Buy Now, Pay Later (BNPL) without intending to pay it back. - A majority (52%) of Gen Z say they’d commit first-party fraud if they knew there would be no negative consequences. - 12% of Americans – 1 in 5 of Gen Z respondents – don’t consider first-party fraud to be ethically wrong. This may not be a popular comment, but I’d like to see financial services companies more aggressively and publicly hold their customers accountable for first-party fraud (and money muling). FPF is FRAUD, and consumers should feel the stigma.

Senator Colin Deacon spoke in the Senate, showing public support for CCUA’s stance on enhanced digital verification tools to address increasing levels of fraud. In CCUA’s CU FWD blog, we highlight the importance of adopting more robust digital verification tools, measures and practices to safeguard Canadians against financial fraud. #canadacreditunions #financialfraud  

Bravo Colin Deacon! As an identity risk/fraud expert for over 30 years, I firmly believe that establishing identity trust during onboarding is crucial from the moment a consumer engages with an organization. Once trust in an identity is established, its impact resonates throughout the entire financial ecosystem, potentially causing chaos if the identity is fraudulent. Synthetic identity fraud ranks among the fastest-growing financial crimes, draining billions from businesses & causing financial & emotional harm to consumers. While identity fraud isn't a new concept, its manifestation in our digital era is noteworthy. Regulatory compliance is striving to keep pace, requiring not only the acquisition of identity data but also ongoing surveillance for abnormal consumer activity. However, there's a lack of shared threat intelligence and trends for preemptive measures across internal Compliance, Risk & Ops teams, AND, across diverse sectors like financial services, e-commerce, government & healthcare Criminals show no bias toward specific organizations or sectors; they freely exchange information to maximize their returns on investment. It's time for both law-abiding citizens & governments to take action! #fraudprevention, #FRAML, #identityverification, #advocacy

“During a hearing Tuesday, U.S. Sen. Richard Blumenthal, D-Conn., revealed that Bank of America, JPMorgan Chase and Wells Fargo only reimbursed 38% of unauthorized Zelle transaction claims - leaving consumers on the hook for $100 million in fraud losses. The banks disputed the committee's findings. The banks disputed the committee's findings during a hearing Tuesday. The Senate Homeland Security and Governmental Affairs Committee asked the bank executives present about their Zelle reimbursement program, citing a Permanent Subcommittee on Investigations inquiry that found the three banks reimbursed customers for about 38% of the $166 million in unauthorized fraud disputes. Blumenthal pointed out that banks are required by the Electronic Fund Transfer Act to reimburse consumers for unauthorized fraud. In total, these banks rejected scam disputes worth a combined total of approximately $560 million from 2021 through 2023. Total dollar value of all Zelle payments disputed as fraud at the three banks, 2019-2023 The Permanent Subcommittee on Investigations launched an inquiry into Early Warning Services, which operates the Zelle Network, and the three largest banks that offer Zelle and co-own EWS. Collectively, these banks facilitated 73% of all Zelle payments in 2023. Representatives of the banks and Cameron Fowler, the CEO of Early Warning Services, disputed the allegations, saying that they have reimbursed 100% of unauthorized fraud. They said some consumers claim unauthorized fraud, but the investigation shows no evidence of fraud. Since its creation in 2017 by America's largest banks to enable instant digital money transfers, Zelle has become the country's most widely used money transfer service. With 2,100 banks and credit unions in the Zelle Network, 80% of U.S. deposit accounts can use Zelle. The total number of transactions on Zelle increased more than 10 times in the five years between 2018 and 2023 - from $75 billion to $806 billion.” https://lnkd.in/edsPwAeD

Getting ready for our breakfast fraud round table with fraud stakeholders from banks in Germany last week with Horst Hirsch Some great conversations and insights shared on topics from upcoming Instant Payments Regulations (IPR), the evolving fraud threat landscape, and implications of PSD3 / PSR1 on PSPs on the horizon. A few thoughts to reflect on: ➡ SEPA Instant credit transfers may currently represent only 10-20% of digital payments volume, they nonetheless will most often account for highest proportion of fraudulent digital transactions. ➡ The promoted adoption of SEPA Instant Credit Transfers (SCT Inst) will inevitably drive a huge demand in processing power for such payments, alongside the 10 seconds settlement in beneficiary accounts, and availability 24/7, 365 days a year. However, are fraud controls optimised to handle the shift to more automated decision making (without compromising false positive rates)? And will it trigger an increase in money mule accounts as fraudsters capitalise on irrevocable more instantaneous settlement payment channels? ➡ Mandating IBAN name checks on beneficiaries for SCT Inst payments as part of IPR is a positive step for interoperability on an international scale, as well as flagging mistakes before a transaction is made. Unfortunately, as seen elsewhere, fraudsters still manage to manipulate consumers to make such payments. ➡ Bank impersonation is the biggest scam related fraud challenge experienced right now, investment scams also high up in terms of current trends. Multi-factor authentication (MFA) is embedded as part of payment journeys, but social engineering is playing a huge part in compromising this layer of defense. ➡ The adoption of genAI by criminals cited as a major area of concern. Already widely used for the generation and mass roll out of phishing emails, particular concerns with regard to its use in falsification of documents (fueling credit / loan application fraud), and growing fear around deepfakes. ➡Modus operandi of criminals committing account takeover has evolved (not just transfer of funds), seeing more around exploiting account facilities that allow the perpetration of wider fraud initiatives (card applications, telephone banking setup, standing orders set up etc.). ➡PSD3 / PSR1 is on the horizon. Banks still seeking clarifications for a standardised interpretation of 'gross negligence' when it comes to assessing liability for impersonation scams (guidelines required to harmonise this issue). ➡ Providing SCA methods that do not rely exclusively on smartphones, and promoting the use of 'environmental' and 'behavioural' charateristics (location, device, spending habits, session data etc.) for transaction fraud monitoring represent positive steps. ➡ Likewise, removing some of the current barriers under GDPR - e.g. requirement for user's explicit consent when it comes to processing sensitive data for fraud prevention, will help on the collaboration front. NICE Actimize

Opening your banking app and seeing your bank account drained is one of the most terrifying things I can think of. Thank you, Thalia Pillay for the great post. One last thing I'd add: 👉🏻 Log into your banking app regularly to cross check your balances and verify your last transactions. Don't ever, and I mean EVER dismiss a small R20 transaction you can't identify. That's a $1 tester transaction. Putting a temporary lock on your card in time may just save your funds.

Are Banks Doing Enough to Protect Customers from Zelle Scams? US Launches Federal Probe: "Zelle payments can't be reversed once they're sent," notes the Los Angeles Times — which could be why they're popular with scammers. "You can't simply stop the payment (like a check) or dispute it (like a credit card). Now, the federal regulator overseeing financial products is probing whether banks that offer Zelle to their account holders are doing enough to protect them against scams. Two major banks — JPMorgan Chase and Wells Fargo — disclosed in their security filings in the last week that they'd been contacted by the Consumer Financial Protection Bureau. According to the Wall Street Journal, which reported the filings Wednesday, the CFPB is exploring whether banks are moving quickly enough to shut down scammers' accounts and whether they're doing enough to identify and prevent scammers from signing up for accounts in the first place... A J.D. Power survey this year found that 3% of the people who'd used Zelle said they had lost money to scammers, which was less than the average for peer-to-peer money transfer services such as Venmo, CashApp and PayPal. The chief executive of Early Warning Services, which runs Zelle, told a Senate subcommittee in July that only 0.1% of the transactions on Zelle involved a scam or fraud; in 2023, the company said, that percentage was 0.05%. But Zelle operates at such a large scale — 120 million users, 2.9 billion transactions and $806 billion transferred in 2023, according to Early Warning Services — that even a tiny percentage of scam and fraud problems translates into a large number of users and dollars... From 2022 to 2023, Zelle cut the rate of scams by nearly 50% even as the volume of transactions grew 28%, resulting in less money scammed in 2023 than in 2022, said Ben Chance, the chief fraud risk management officer for Zelle. The company didn't disclose the amounts involved, but if 0.05% of the $806 billion transferred in 2023 involved scam or fraud, that would translate to $403 million. Do Zelle users get reimbursed for scams? Only in certain cases, and this is where the banks that offer Zelle have drawn the most heat. If you use Zelle to pay a scammer, banks say, that's a payment you authorized, so they're not obliged under law to refund your money... Some banks, such as Bank of America, say they will put a freeze on transfers by a suspected scammer as soon as a report comes in, then investigate and, if the report is substantiated, seize and return the money. But that works only if the scam is reported right away, before the scammer has the chance to withdraw the funds — which many will do immediately, said Iskander Sanchez-Rola, director of innovation at the cybersecurity company Gen. Read more of this story at Slashdot.

Are Banks Doing Enough to Protect Customers from Zelle Scams? US Launches Federal Probe: "Zelle payments can't be reversed once they're sent," notes the Los Angeles Times — which could be why they're popular with scammers. "You can't simply stop the payment (like a check) or dispute it (like a credit card). Now, the federal regulator overseeing financial products is probing whether banks that offer Zelle to their account holders are doing enough to protect them against scams. Two major banks — JPMorgan Chase and Wells Fargo — disclosed in their security filings in the last week that they'd been contacted by the Consumer Financial Protection Bureau. According to the Wall Street Journal, which reported the filings Wednesday, the CFPB is exploring whether banks are moving quickly enough to shut down scammers' accounts and whether they're doing enough to identify and prevent scammers from signing up for accounts in the first place... A J.D. Power survey this year found that 3% of the people who'd used Zelle said they had lost money to scammers, which was less than the average for peer-to-peer money transfer services such as Venmo, CashApp and PayPal. The chief executive of Early Warning Services, which runs Zelle, told a Senate subcommittee in July that only 0.1% of the transactions on Zelle involved a scam or fraud; in 2023, the company said, that percentage was 0.05%. But Zelle operates at such a large scale — 120 million users, 2.9 billion transactions and $806 billion transferred in 2023, according to Early Warning Services — that even a tiny percentage of scam and fraud problems translates into a large number of users and dollars... From 2022 to 2023, Zelle cut the rate of scams by nearly 50% even as the volume of transactions grew 28%, resulting in less money scammed in 2023 than in 2022, said Ben Chance, the chief fraud risk management officer for Zelle. The company didn't disclose the amounts involved, but if 0.05% of the $806 billion transferred in 2023 involved scam or fraud, that would translate to $403 million. Do Zelle users get reimbursed for scams? Only in certain cases, and this is where the banks that offer Zelle have drawn the most heat. If you use Zelle to pay a scammer, banks say, that's a payment you authorized, so they're not obliged under law to refund your money... Some banks, such as Bank of America, say they will put a freeze on transfers by a suspected scammer as soon as a report comes in, then investigate and, if the report is substantiated, seize and return the money. But that works only if the scam is reported right away, before the scammer has the chance to withdraw the funds — which many will do immediately, said Iskander Sanchez-Rola, director of innovation at the cybersecurity company Gen. Read more of this story at Slashdot.