Feedzai’s Post

As I said in my last post on my scam experience the system protecting fraud victims is ‘slow, deliberative, inept and inadequate’. We’re 15 years behind the UK here, the Banking Association is deliberating on an ‘ecosystem’ of players (when in reality, due to their privileged position in our lives they are the pinch point where a crime is committed), systems are inept at detection, and the silos in scam protection agencies, eg the Banking Ombudsman’ are inadequate. And yes, in case you are wondering, I put Macquarie Asset mngmt in my reference field, the intended recipient. I even rang Kiwibank to check my money went to the right place, to which they replied it went to a ‘legitimate’ account. Wrong it was a fraudulent money laundering account. Silly me I believed the bank. Andrew Bayly Janine Starks #scam #fraud #investmentfraud #confirmationofpayee #openbanking #banks #bankingombudsman #bankingassociation #financialmarketsauthority #consumernz #seriousfraudoffice #commercecommission #privacycommission

And the truth is the banks are saying they are reviewing fraud rules when they’re actually on manoeuvre’s- trying to water down from the UK Repayment model. “Looking at international best practice”….classic. They know exactly what’s occurring elsewhere. Every juristiction except the UK is in a state of flux and demanding more consumer protection. Other countries current fraud rules are of no use when they’re weighing up change themselves and their own banks are performing the same manoeuvres as ours. Except while they have those battles offshore, they do so from a position of greater safety. Their banks have far better detection tech, friction, and monitoring. Australians are getting ready for laws where telco, digital and banks must have scam detection - accc can fine them. But guess what? They’ve just realised there’s no link between breaches and consumers getting their money back. Meanwhile we sit and yawn that the banks say they will start to roll out Confirmation of Payee at Xmas. That means sporadic hook ups throughout 2025, (patchy COP) not a fully working system. This is only base level tech. Then we need a huge overhaul of payment screens, filtering high risk payments, and asking questions….the list goes on. Andrew Bayly Jon Duffy

TSB came top among Britain's main banks in reimbursing customers conned by fraudsters, the Payment Systems Regulator (PSR) said on Tuesday in its first public survey of how individual lenders handle fraud. The PSR looked at how banks dealt with authorised push payment or APP fraud during 2022, whereby a customer is tricked by a fraudster into sending a payment to an account outside their control. Fraud is Britain's biggest crime, and APP scams accounted for 40% of fraud losses last year. https://lnkd.in/dTxWbN4A

This is a positive step in fraud prevention from Monzo https://lnkd.in/ezE6Fdwh Impersonation fraud continues to surge and figures from UK Finance show only 51% of people always check whether a request for money or personal information is legitimate As well as prevention, it is important for the sector to continue counter fraud investigation efforts and support those who have fallen victim to fraud. Learn how we are helping to develop capability in investigators https://lnkd.in/dCBW4hJ #fraud #counterfraud #fraudprevention #fraudinvestigation

Big news Friday about Bank Security Here’s the extension to Rob Stocks story. Questions for us all to ask: 1. No mention of the date for Confirmation of Payee. Every day counts. Another $255,000 HSBC fraud case in my inbox. 2. No acceptance of liability. Banks are at the start of the chain of financial fraud. Criminals target holes and weaknesses driven from poor commercial decisions by banks. Customers are only a conduit through the hole. 3. No mention of a Repayment Model - more proof self regulation won’t be forthcoming. 4. No mention that second generation fraud (authorised fraud) is the new normal. Customers should be no more liable for sophisticated trickery, than having a wallet stolen (unauthorised if cards are used). 5. No mention of a culture change on friction. Human intervention and helping customers check first time payments (highest risk profile) is international best practice. 6. No mention of eliminating phone numbers from text messages. These can be altered. 7. No mention of how the law interacts with freezing money mules accounts. Obvious to me it's going to be on a “best efforts” basis. Banks have no compulsion under the law. The Reserve Bank has confirmed no action is required on suspicious transactions, there is only the need to report these. They also can't force banks to scan for known fraudsters, when opening an account. It’s suggested, but not obligatory. 8. No mention of receiving banks liability: this is part of the UK model. In NZ the Ombudsman has historically refused to hear complaints on this. 9. No mention of Fast Payment System ISO20022: crucial platform to develop alongside COP. High Value customers in NZ have it already (Wholesale, cross border payments). Consumers waiting since 2018 10. MFA, 2FA, codes: No mention of multi factor authentication, or changing text delivery #ANZ #ASB #BNZ #Westpac #Kiwibank #NZBA #RBNZ #ComCom #CommerceCommission #Fraud #BankSecurity #ConfirmationOfPayee https://lnkd.in/e8YwJ3gP

Lane Nichols article - thanks for the continued coverage. A point to draw out: Bankers Association “banks were usually at the end of a chain of events that made up a scam”. That is a view designed to detract from liability. Let’s turn it on its head. Fraud does not target people, it targets the payments system. People are the conduit. Every scheme has its origin in a payment weakness. Fake Term Deposits; no confirmation of payee in NZ. Answer, invest in COP. Phishing; delivery of 2-factor authentication codes via text. Answer, in app confirmation with no code. Criminals pretending to be the fraud dept of a bank; inApp ‘light’ confirming you are currently talking to your bank. Banks are not short on cleverness or tech skills. A smart watch can connect to the payments system and earn a fee for the bottom line. Why do we accept their underinvestment in security tech, isn’t at the forefront of fraud and customer harm. Article is behind a paywall. #ANZ #BNZ #ASB #Kiwibank # Westpac #Fraud #Scams #NZBA #BOS

An apparent solution to the fraud pandemic in UK?- Banks, could now delay payments to investigate potential fraud. As reported by Financial Times, The government’s draft legislation, which ministers intend to pass into law by October 7, will allow banks and payment groups to delay processing transactions by a further 72 hours if they have reasonable grounds to suspect fraud or dishonesty. Banks will be given more time to investigate potentially fraudulent payments under anti-scam legislation to be published by the UK government on Wednesday. Banks must process payments by the end of the following business day in most cases even if they suspect wrongdoing, which limits their chances of halting transactions involving fraudsters. The extra time would make it easier for banks to contact customers, police and other relevant parties in relation to suspicious payments. The legislation is designed to crack down on “authorized push payment fraud”, where a customer is tricked into initiating and authorizing a transaction. Often this is done by fraudsters tricking a customer into paying for goods that never arrive, or by scammers impersonating bank staff and persuading a victim to transfer money. It can also take the form of “romance fraud”, in which a fraudster dupes their victim into developing a romantic attachment to them. Victims lost an estimated £485mn to authorized push payment fraud in 2022, according to the government. “Fraudsters spin whole webs of lies and fabricate all sorts of things to convince people to send them money,” City minister Bim Afolami MP was quoted by Financial Times. He further said, “This legislation will give banks, other payment service providers, and law enforcement more time to get in touch with victims and break the fraudster’s spell before the money is sent,” he said, adding that the government recognized “the impact of this devastating crime on victims”. The extended timeline for banks to delay payments will put a fresh focus on financial institutions’ IT systems because the technology that erroneously flags legitimate transactions as suspicious could result in days-long delays to customers’ transfers of money. #fraud #financialcrime #appfraud #banks #regulations

Great post Howard Rawstron with simple explanation on Banking Protocol. 👏 I can think of similar potential fraud parallel in digital channel "APP fraud" - Authorised Push payment fraud. APP scams happen when someone is tricked into sending money to a fraudster posing as a genuine paye. Imagine - Victim 80yo lady who was groomed by "family friend" to give up her entire life savings with false pretence of investment. The fraudster uses the victims credentials to gain access to digital banking and then initiates authorised payments.   The APP scams can either -  - ‘malicious payee’, i.e tricking someone into purchasing goods which don’t exist or are never received. - ‘malicious redirection’, i.e a fraudster impersonating bank staff to get someone to transfer funds out of their bank account and into that of a fraudster. The CRM code (Contingent Reimbursement Model code) sets out consumer protection standards to reduce APP scams. This is a Voluntary code that few banks have signed up, proud of Nationwide Building Society to be forerunners in this geared to help customers. Fingers crossed to see more banks and societies to join the CRM code soon. Still long way to go to protect customers in the digital channel 🤞 Kudos 👍 to Nationwide Building Society to have strong controls in all channels and proactively looking after positive Customer outcomes. #consumerduty #financialcrime #scams #digitalbanking #fraudprevention #crmcode