Retail Banking

Retail Banking

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Need to know about vishing fraud? You can bet your house on it!

Need to know about vishing fraud? You can bet your house on it!

Fraudsters don’t care where you live. They don’t even care how much money you have. Research shows that fraudsters target people who are vulnerable.

Indeed, according to my calculations those aged over 55 are ten times more likely to fall victim to a vishing scam, with 28% of the population currently falling victim to 80% of the fraud. This might be because older account holders are less likely to make use of online services and are more reliant on telephone banking. Isolation and fear contribute towards their vulnerability.

What is vishing?

This vishing scam is brilliant in its simplicity; deceive the victim into thinking they are talking to their bank. The most common approach involves a fraudster calling the victim directly and requesting they call their bank to discuss an urgent security issue.

By using a loophole in UK landline services that allows a caller to remain on the line even if a phone is put down on the receiving end, fraudsters can deceive the victims into thinking they are dialling their bank independently, while actually never disconnecting the phone line.

Once convinced of the security threat, it’s easy to steer the victim towards an urgent fund transfer to protect their hard earned savings.

What impact does it have on consumers and banks?

The worst part;  banks do not take accountability for customers moving their money and are usually not liable for reimbursing the victim once the fraud has been detected. RBS recently reported that 70% of customers falling victim to scams do not receive any compensation from the bank. Yet with the potential for huge reputational damage and an ever increasing amount of customers choosing to switch providers, banks really do need to step up and act.

So how can banks curb this disturbing wave of financial crime? Raising awareness within target demographics can certainly help. We’ve seen campaigns aimed at bringing banking customers online, but often these are targeted towards younger, more technically savvy generations. It appears many banks are guilty of targeting awareness campaigns towards those who want to hear it, not those who need to hear it. A welcome exception is the Barclays Digital Eagles programme, which does look to assist the older generation in accessing online banking.

Two-way verification is one solution growing in popularity. Often used online by presenting a unique picture or phrase on login, this works by establishing an initial agreement between customer and organisation so that ongoing identity confirmation is mutual. A similar solution for telephone banking would allow customers to identify if they are talking to their real bank over the phone and avoid falling victim to vishing fraud.

However, prevention through awareness isn’t the only answer. Banks need to revolutionise how they respond to fraud.

An analytical solution?

Real-time dynamic risk profiling can allow banks to identify and halt suspect transactions conducted by customers in high risk segments, making it harder for the criminals to get paid. Did you know that most banks do not use the name of the account holder to verify bank transfers? Only the account number and sort code are used when verifying a payment. In an age where real time verification is possible and used in so many aspects of daily life, banks must do more to make bank transfers secure.

A recent example of fraud targeted a homebuyer transferring their mortgage deposit to their solicitor. After emailing their solicitor for details of where to transfer the large sum and receiving a real response, the victim soon receives a second apologetic email along with updated bank details.

To the victim, the emails appeared to be part of the same conversation, exactly the aim of the fraudster closely mimicking the solicitors email. Unfortunately, they transferred the money to the fraudster and due to the victim freely transferring the money, the bank again offers no compensation.

Couldn’t this be easily prevented by the bank’s matching the name on the transfer to the recipient in real time? A fraudster may be able to convince a victim to change the account number, but it would be challenging to convince someone to change the name of the solicitors firm on the transfer.

Banks clearly have a challenging time ahead. With a rising tide of new services coming available to consumers, banks must be seen as a safe haven for financial security. Fraudsters are becoming more determined and ruthless; banks urgently need to innovate to keep up.

About the author

Mike Duffy
Mike Duffy
Mike is an Associate Consultant within the Analytics team at Capgemini Consulting. Mike's consulting experience primarily lies within Financial Services, with a particular interest in financial modelling, performance improvement and strategic analytics. Prior to joining Capgemini Consulting, Mike worked in an accountancy role at a leading practice and as a performance analyst for a global automotive company.

Leave a comment

Your email address will not be published. Required fields are marked *.