Blog article
See all stories »

No Caller ID: Stopping the onslaught of fraud text messages and phone calls

Financial institutions everywhere are still wrangling with the issues of vishing and smishing, the identifiable code words for scam phone calls and text messages. According to the Crime Survey for England and Wales (CSEW), there were an estimated 4.5 million fraud offences in the Telephone-operated Crime Survey year ending March 2022, a 25% increase compared with the CSEW year ending March 2020.

Yet, recent technological advancements that have ballooned in popularity are set to increase the effectiveness of these phone calls and text messages significantly. Talk about generative AI and its widescale use for anything from marketing materials to academic papers has been well documented. However, this technology can also be used to produce convincing communications designed for malicious intent. With just 3-5 seconds of real speech, the advanced AI can be used to recreate someone's voice. So, to increase the impact of their messages, a fraudster in a foreign country can easily produce scripts in English, French, Portuguese, or Spanish. 

Often, the victims of these financial telco scams will not get reimbursed by their financial institution because the fraudulent transaction is “authorised” by the customer, be it knowingly or not.  So, what is being done by financial institutions to get potential victims of this new attack vector off the hook? 

 

The Automatic Reply

For the most part, financial institutions view these phone calls and text messages as a problem that is outside of their control. Maybe all they can do is educate their customers. But the reality is the industry can start to take some actions. 

In the UK, Ofcom has initiated rules where phone companies will be required to identify and block ‘spoofed’ calls, where feasible. There are efforts underway in other countries as well, including the U.S., where The Broadband Association runs a Traceback service (The Industry Traceback Group) that goes to the source point of the call to stop vishing/robocalls from being initiated, for example.

Several telco vendors are also coming up with solutions, such as offering mobile carriers firewall protections that leverage AI to block smishing text messages. Other vendors are helping legitimate companies sign their text messages and phone calls so these can be easily identified as legitimate by the customer. Mobile carriers have an incentive to also solve this problem, as they make significant revenue from delivering marketing/security calls/messages to their customers.

These issues are considerable pain points for consumers, and a challenge for telco vendors to try and address.  

Therefore, there is a significant opportunity for financial institutions to work together with their trade associations or cybersecurity groups to help shape these solutions. By working collaboratively with the telco ecosystem, financial institutions can make a direct impact in minimising fraud due to scam calls and text messages. 

Educating customers with actionable information is still important as well. Here is a three-step education process to share with consumers: 

1.  Add friends, family, and key service providers (e.g., doctor and dentist) phone numbers into your contact list on your mobile phone.

2.  Never answer a phone call from a phone number you do not recognize.  Just let it go to voicemail.  There you can listen to the message. If it is from someone that claims to be from your bank, call them back from a phone number you have on file, the number that appears on the back of your credit card or on the bank’s website.

3.  Never respond to a text message from a phone number or short code you do not recognize. Especially a message that appears to be sent in error (e.g., thanks for a great weekend or I enjoyed seeing you at the charity event on Saturday). These messages are just trying to start a false dialogue.  If it appears to be from a bank follow the instruction in step 2.

 

Just as financial institutions thought they were starting to get ahead of vishing and smishing scams, the introduction of a revolutionary technology has crashed the party, resulting in a surge in fraud offences. 

However, technological solutions like AI-powered firewall protections and identifying and blocking spoofed calls are being used to fight fire with fire. Financial institutions have the upper hand, though. By collaborating with the relevant parties within the fraud kill chain to educate customers and shape solutions, there is an opportunity for them to quash this type of fraud and help customers put the phone down on scammers, for good.

 

13501

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 18 April, 2023, 12:53Be the first to give this comment the thumbs up 0 likes

TBH these measures have been tried for years but they don't work in actual practice. 

Let's take #2. Genuine employee XYZ in my bank does not know what genuine employee ABC has told me. If I call the call center, there's no way on earth that genuine employee PQR will know what I'm talking about. 

Now let's take #3. Genuine message from bank warns me to inspect the incoming URL very carefully and tells me to click an extremely dodgy - but genuine - URL to learn more. 

Lest anyone question the creds of these banks, they're among the three largest banks in India and 20 largest banks in the world. 

It's obvious to me that this is banks' way of stonewalling "drunk under lamp post" regulation holding them unilaterally responsible for scams. After all, shareholders of banks will not be happy with their management for absorbing losses caused by customers' (mostly) faulty actions.    

IMO the one thing that might work is shared responsibility according to my Three Strike Rule To Eliminate Cybercrime.

Iain Swaine

Iain Swaine

Director EMEA, Global Advisory

BioCatch

Member since

12 May 2022

Location

London

Blog posts

8

This post is from a series of posts in the group:

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.


See all

Now hiring