How machine learning and intelligent insights are accelerating the UK’s fight against APP Scams

10/10/2022

LexisNexis® Risk Solutions Head of Engagement, Tom Garner, explores the genesis of the complex scam and shares the latest technological developments showing promise in turning the tide on the UK’s scam-demic.

The break-neck speed with which digitalisation has transformed the way we live our lives can, at times, be alarming. Yet, it’s also brought countless benefits to society. Anything and everything is at our fingertips within a few clicks: shopping, food, communication, entertainment and banking – the latter giving consumers the ability to make almost instant payments and transfers. The downside to this new immediacy with which we can get things done however, is enhanced risk and vulnerability to fraud.

Not too long ago, in order to make a money transfer of thousands of pounds, you had to physically go to a bank, and that bank contained real people trained to spot suspicious behaviour. In other words, in-built latency in the system provided consumers with valuable protection against scams. In the digital banking world, latency has been all but designed out, paving the way for fraud such as Automated Push Payment scams – now the most prevalent form of fraud in the UK. Payment scams rely on evoking panic in the victim, encouraging them to act immediately to make a money transfer without stopping to think logically about it. A victim receiving a call from someone impersonating their bank or the police can now make a payment in seconds via their mobile banking app. In the heat of the moment and with no one to question the validity, many fall victim, at a cost of around £583 million per year to the economy. Worse still, only around half of victims are ever reimbursed.

The impersonation scams described above are just one of many forms of APP scam designed to target online consumers; others include investment scams, purchase scams, advance fee scams, invoice scams and the particularly pernicious, romance scams.

What all of these have in common is that they are incredibly difficult for the banks to detect. Much of the existing internet bank security and anti-fraud technology is designed to allow trusted customers in and keep bad actors out, without slowing down the user experience. APP scams effectively bypass this security by manipulating the genuine banking customer to log into their account and authorise a payment. This then, presents a whole new challenge for anti-fraud technology – how to determine whether a customer’s actions are genuine, or the result of social engineering? Not at all easy to do, especially amongst the millions of UK banking transactions taking place every day.

At LexisNexis® Risk Solutions we’ve been working on these problems for some time – indeed our technology already sits quietly behind many UK banks’ digital customer journey, helping to authenticate trusted users and keep fraudsters out. Like most anti-fraud technology, it essentially works by looking at multiple data points that might indicate the presence of risk in a user’s behaviour – for example, what device they’re using, their location, and whether the payment they’re making is unusually large and going to a new beneficiary. While any single risk indicator could be circumstantial and therefore not enough to act upon by itself, nevertheless considering multiple indicators alongside each other soon builds up a more reliable view, with each potential risk factor contributing to an overall risk score that an organisation can use to confidently make an intervention to stop fraud.

Accurate scam detection therefore relies on the strength and depth of the intelligence the risk assessment draws from. The LexisNexis® Digital Identity Network®, for example, helps 6000 customers leverage data from billions of global online transactions every year, analysing patterns of past online behaviour and interactions to assess the potential risk an online user (digital entity) might pose to an organisation. Layered on top is Behavioural Biometrics – device intelligence that helps firms to understand whether their user is interacting with a web or mobile app session in a typical or atypical way. Using the device’s in-built sensors, it can determine whether the user is typing more slowly, holding the device differently to expected, drag and dropping text between PC screens – to name a few – all potential indicators of manipulation by a third party, as happens during an APP scam.

Making sense of this glut of data and intelligence, is the Threatmetrix® Dynamic Decision Platform®. It uses machine learning models to leverage the information collected and build complex models that can reliably predict and detect the probability of activity being a complex scam in action, based on similar past behaviour.

To date, we’ve had considerable success with our banking partners. In just one example, we used this technology to help a tier one UK banking client to detect 50% of scams for around a 0.05% review rate on payments.

Yet scams are constantly evolving and so, therefore must businesses too. As we continue to learn more about the modus operandi of scams, we can develop smart new technology that turns the scammers’ own techniques against them.

Two recent and exciting examples of this are the Active Call Detection feature available within ThreatMetrix, and our Two-Party Payment Model.

The genesis of both solutions came from us working closely with our tier one UK banking clients to drill down and fully understand the anatomy of these scams. In doing so we found over two thirds (69%) of RAT Scams – where a victim is duped into downloading a remote access tool to allow the scammers to take control of the victim’s device – includes the fraudster being on the phone to the target during the online session, guiding them through the process of making a payment. Similarly, we found one in four (26%) APP scams involves the victim being on a live phone call with a fraudster.

From there, it was a relatively short leap to harness live call detection software to indicate when a phone call is in progress during an online bank transfer – thereby providing another key piece of market-leading intelligence that, considered alongside other data points, can be used to help accurately assess the riskiness of a payment, as it happens.

In a similar fashion, the Two-Party Payment Model capitalises on the fact that every APP scam requires the stolen money to be transferred from the victim to another account within the global banking system. Leveraging the globally networked intelligence of our ThreatMetrix solution, the Two Party Payment model is designed to ensure there’s nowhere for the fraudsters to hide their illicit funds – real-time account beneficiary and sender risk assessments give a reliable measure of the likelihood that the bank account the victim’s funds are heading for is owned or controlled by scammers to receive fraudulent funds.

Suddenly, these insights, layered on top of the additional data points and analytics from the Digital Identity Network and Behavioural Biometrics, we start to build up a sophisticated picture of potential fraud: the user is on a live call on their mobile phone, typing slightly hastily, making a high value transfer to a newly set up payment beneficiary associated with a target account that is receiving multiple high value payments from similarly unrelated accounts. In isolation, these behaviours might be innocent, but together they create a compelling argument for suspicion. Of course, this still might not be fraud, but this type of insight allows an organisation to be very targeted in determining the riskiness of the payment.

Indeed, in trials, we found that combining live call and suspicious bank account intelligence with a host of other fraud detection factors, significantly improved scam detection rates by 120%. We also saw false positive rates more than halve. Work is ongoing, but these early results are highly encouraging.

In fraud detection, information is power. The more relevant intelligence we can feed into anti-fraud technology the better it will become at successfully identifying and preventing scams in action. Understanding fraudsters’ actions is also key. Far from being lone operators, fraudsters mostly work in organised networks and fighting them therefore requires the financial sector to act like a network too – sharing intelligence like sender and beneficiary risk assessment to ensure that ultimately, the fraudsters have nowhere to turn.

Combining additional, relevant sources of intelligence such as live call data and beneficiary account information, with a host of other device and location intelligence has already proven to be exceptionally beneficial. The goal is to give banks higher confidence to be able to stop payments and protect their customers from both the financial loss and emotional distress associated with this malicious type of fraud.