Callsign, the digital trust pioneer, has announced new technology to detect social engineering scams in real-time and intervene when fraud is detected. It delivers contextually relevant and personalised warning messages to protect the user from becoming a victim of fraud. This Dynamic interventions capability is controlled by Callsign’s Orchestration Engine.
The phenomenon of social engineering has emerged as a way for fraudsters to psychologically manipulate consumers into transferring money to accounts held by the fraudsters. Known in the industry as authorised push payment (APP) fraud, it is hard for banks to detect as the authorised customer is making the payment.
Need for a digital solution
Research from UK Finance reveals customers lost £583.2 million in 2021 after being manipulated into transferring money into accounts controlled by fraudsters.
The UK’s Faster Payments system was the payment method for 97% of those losses. "Authorised push payment scams are a digital fraud problem requiring a digital solution," said Chris Stephens, Solutions Engineer, EMEA, Callsign.
Real-time detection with Dynamic Interventions
Dynamic Interventions detects threats to consumers in real-time, intervenes and alters digital journeys"
Chris Stephens adds, "With real-time and faster payment systems becoming the global norm, banks and financial service organisations need to look beyond conventional fraud detection and actively detect, intervene and protect."
He continues, "Fraudsters anticipate ubiquitous static warning messages and coach users past those warnings, but Callsign’s Dynamic Interventions detects threats to consumers in real-time, intervenes and alters digital journeys appropriately, introducing new controls or steps to protect customers."
Dynamic fraud warnings and behavioural biometrics
In the last 18 months, APP fraud has grown exponentially. Recent research from industry analysts Forrester reveals that authorised push payments are considered a major problem by 66% of financial services and consumer banking organisations across the globe (APAC 66%, Middle East 67%, North America 56%, UK 72%).
Organisations agree that using a combination of threat detection, dynamic fraud warnings, and behavioural biometrics can help solve this issue.
Machine learning
Using machine learning, the Callsign platform recognises recurring user behavioural patterns when they make online payments and uses that knowledge to detect if someone is acting under coercion. Combined with threat and malware detection, Dynamic Interventions intervene the moment a customer might be in danger, delivering intelligent, contextual, and timely fraud messages to the consumer or stopping payments altogether.
Crucially, for genuine users performing a recognised activity, these messages won’t be presented. This ensures users will not get message fatigue.
Working on the platform
The platform works in unison and identifies threats by asking these questions:
- Is the session secure?
- Is the user human? Is there any malware present on the user’s device or has their device been compromised by a bad actor?
- Is this user authorised? Is the user allowed to make the transactions they wish to make?
- Is the user being tricked? Are they performing any unusual actions, such as making a big transfer to a suspicious account? Does their behaviour indicate that they are under some sort of duress or being coached?
- How to manage the risks and user experience? What user journeys do they need to orchestrate?
Orchestration Engine
For example, a bad actor may attempt to deploy an impersonation attack against a genuine user by claiming to be a bank representative and asking for payment.
As the legitimate user attempts to initiate the payment, Callsign’s Orchestration Engine screens the genuine user’s device to ensure that a fraudster isn’t using remote access software to take over the account or that malware was running, ensuring that the fraudster can’t fool the technology by turning it off at specific stages in the digital journey.
Monitoring movements to prevent manipulated transfers
The genuine user’s typing cadence and mouse movements are monitored
Next, the genuine user’s typing cadence and mouse movements are monitored, for example, they may be slower and more ponderous, indicating they are on the phone receiving directions. Before the payment is approved, Dynamic Interventions powered by Callsign’s Orchestration Engine asks the user about the payment they are making, prompting them with multiple contextual questions.
Based on customer answers, threat detection, and customer behaviour, the technology establishes if a bad actor is directing them. If the answers confirm to Callsign they are under attack, the Orchestration Engine would either advise them it is likely that they are under the influence of a bad actor and do not comply with their instructions, or the technology would intervene to prevent payment-taking place.
Targeted, user-friendly, and engaging approach
When contrasted with the current setup that requires users to read and consent to generic messaging in a challenging user interface, this approach is more targeted, user-friendly, and engaging.
Organisations can customise the interventions to suit their sector and their customers’ needs and can be deployed with just a few clicks of a mouse without any need for coding. Consequently, fraud teams can establish interventions to counter new attacks quickly and efficiently, ensuring that bad actors aren’t successful.
Regulation
Regulation needs to play a key role when it comes to enforcing consumer protection
Regulation needs to play a key role when it comes to enforcing consumer protection. Forrester’s research revealed that almost half of the financial services and consumer banking industry see regulatory issues as a significant challenge when trying to detect and prevent scams such as APP fraud.
The impact of regulatory compliance has been cited as most significant in both the US and the UK, whereas organisations in the Middle East and the Asia Pacific said the cost of victim reimbursement has a significant impact on their organisations.
Revised guidelines
With the increase in APP fraud and consumer losses, regulators around the world are acting. The Consumer Financial Protection Bureau (CFPB) in the US recently revised guidance on unauthorised electronic fund transfers (EFTs) and, the UK Government and Payment Services Regulator (PSR) intends to improve reimbursement of APP fraud scam victims.
It’s clear a new approach to combatting online scams is needed, and the best result for organisations in all sectors is layering solutions, for example using a combination of threat detection, dynamic fraud interventions, and behavioural biometrics, to ensure genuine users are protected.
- Network / IP
- Remote surveillance
- Digital video surveillance
- Remote video surveillance
- IP video surveillance
- Electronic security systems
- Application security
- Physical security
- Industrial security
- Remote security
- Commercial security
- Perimeter security
- Security management
- Security devices
- Security installation
- Security cameras
- Security camera systems
- Security monitoring system
- Security access systems
- Voice recognition systems
- Network monitoring
- Asset tracking
- Remote video monitoring
- Electronic access control
- Identity management
- Building security
- Facility security
- Industrial security systems
- Network cameras
- Door access control
- Security software
- IP Surveillance
- Security service
- Industrial surveillance
- Human identification system
- Mobile surveillance
- Physical Security Information Management (PSIM)
- IP security solutions
- Security communication
- Integration software
- Perimeter protection
- Cyber security
- Crime prevention
- Mobile communications
- Corporate Security
- Central Monitoring
- Data Security
- Network Video Recorders
- Digital Video Recorders
- Warning Devices
- Incident Management
- Security Assessments
- Cloud security
- Mobile access
- Video surveillance
- Mergers & Acquisitions
- Machine Learning
- Touchless Security
