How AI and biometrics are helping to turn the tide on banking scams

Fraud continues to pose a significant challenge for the UK banking sector as it seeks to address ever-evolving threats. Although the industry successfully prevented £1.25 billion worth of attempted financial crime last year, nearly the same amount, £1.17 billion, was still stolen by criminals.

One of the key reasons these threats have become so difficult to defend against is the ease with which people can now transfer money online. While this convenience benefits most of us in our everyday transactions, it has also made it easier for victims to lose their money.

In 2023, nearly 40% of successful fraudulent attempts involved authorised push payments (APP), where the victim willingly sent their money to a scammer. These cases often involve vulnerable individuals falling prey to romance scams or being deceived by fraudsters posing as authoritative bodies demanding money. APP scams are estimated to have cost banks almost £460 million in 2023.

Regulatory changes

Historically, these losses have been a significant headache for banks, as the responsibility for refunding customers who fell victim to fraud lay with them. Banks then faced the complex task of attempting to recover that money from the bank receiving the payment.

If the receiving bank was operating outside the UK and beyond UK regulations, this was even more challenging. The same applied to recovering money sent to the UK’s neobanks, such as Monzo, Starling, or Metro, as they have been able to operate without the same controls in place at major banks.

With the government encouraging greater competition in the banking sector, neobanks have faced a lower regulatory burden compared to their larger competitors. This often resulted in a lower level of sophistication in detecting accounts used for laundering the proceeds of APP scams.

However, this situation is changing. In 2023, an update to the Contingent Reimbursement Model Code (CRM Code) by the Payment Systems Regulator introduced a requirement for all banks, including neobanks, to reimburse victims of APP scams. The introduction of this shared liability has created a stronger financial incentive for all receiving banks to identify accounts being used to launder money. It is now crucial for them to monitor and block suspicious transactions and collaborate with other financial institutions to do so.

Anti-fraud measures

To combat APP scams, banks have already begun taking steps to encourage customers to think carefully before making a push payment. For example, it is now mandatory for major banks to provide “confirmation of payee” before a payment is made. This service alerts the payer to the true name of the bank account they are paying into, allowing them to verify if it matches the intended recipient.

The 2023 regulatory changes are likely to drive increased investment in anti-money laundering (AML) systems. Many of these solutions are adopting cutting-edge technologies, such as behavioural biometrics and machine learning (ML), alongside big data solutions and real-time analytics.

These technologies enable banks to automatically detect and temporarily block live transactions if they are considered uncharacteristic for the customer. This provides banks with a window of opportunity to investigate, contact the customer, and potentially cancel the payment.

In addition to AML solutions, banks are also implementing know-your-customer (KYC) solutions to ensure that when someone opens a bank account, they are who they claim to be, rather than a front for organised criminal gangs looking to launder money. Alongside biometric verification, such as facial and voice recognition, as well as fingerprint and iris scanning, these solutions utilise artificial intelligence (AI) and behavioural analytics to detect anomalies and unusual activities.

Developing new solutions

As criminal threats evolve and the financial incentive to reduce this type of crime increases, banks are increasingly looking to deploy more sophisticated solutions, and quickly. The good news is that many of these solutions can be implemented relatively easily.

For instance, many do not need to be integrated directly into a bank’s mainframe. In several cases, banks can simply use middleware or APIs to access payment data. This can save financial institutions a significant amount of time and effort during the integration phase, which is a positive development for neobanks looking to address their liabilities as swiftly as possible.

How quickly a bank can go live with these new solutions will, of course, depend on the institution’s infrastructure and existing technology stack. It is also important to note that, as with any digital transformation initiative, these solutions will require institutions to implement a comprehensive change project, likely involving the introduction of new processes, the creation of new roles and responsibilities, and the need for internal training and external education.

However, the emergence of AI and ML, along with the growing sophistication of behavioural biometrics and real-time analytics, offers great promise for banks aiming to keep their customers safe and prevent criminals from accessing their money. The sooner these protective measures are put in place, the better it will be for everyone involved.