Our everyday routines are changing, and taking care of our finances is no exception. Due to the popularity of cashless and contactless payments, internet banking, and buy now, pay later (BNPL) services, the days of visiting a branch for basic banking needs are long gone. In 2021 alone, 93% of customers used one or more digital payment methods and BNPL services accounted for $100 billion in purchases.

Although the widespread use of online banking may make customers' life easier, it also makes them more susceptible to fraud. Due to key worldwide events and the development of scamming techniques, the idea of the conventional "vulnerable customer" has evolved. Scammers now have access to a far larger pool of prospective victims, locating new ones and preying on the vulnerabilities of different populations.

Covering a customer's cash losses in the event of fraud is one thing, but if the consumer's faith has been lost and they believe their data is not appropriately protected, reputational damage may be nearly impossible to repair. Adding yet more layers of security online and to applications can have the unintended consequence of undermining experience and cause users to turn to other providers.

Financial institutions, both established and new, are looking to new methods to protect those vulnerable to attacks, with solutions like behavioural biometrics poised to play a major role in building digital trust and safety.

The growing threat of Cybercriminals  

The tactics employed by online criminals are always evolving. Although the rollout of two-factor authentication is an integral step for online banking on a global level,   scammers are starting to overcome these security precautions, weaken them, and create more sophisticated ways to make contact with their targeted victims.

Fraud methods vary depending on the intended victim. For instance, social engineering scams, where victims are emotionally and psychologically manipulated to obtain money or confidential information, have evolved to understand human inclinations and tendencies. These schemes have increased by 57% in 2021 with an average loss of $1,029 per victim, targeting consumers at the exact right moment when they are most vulnerable with the tempt of romance or friendship.

The threats do not stop here, with scammers moving to a multi-layer hybrid model to defraud unsuspecting victims. Often using a mix of smishing or SMS phishing, voice scams, and remote access scams, fraudsters reach thousands of victims in minutes, use bots to intercept one-time passcodes from the victim’s device and slip past bank security controls.

The rise of the ‘vulnerable customer’  

Cybercriminals are taking advantage of both historically non-susceptible people and those who are vulnerable in the current economic climate. This is driven by four factors - health, life events, resilience, and capability. All factors can shift suddenly and dramatically, and never in our lifetime has this been so apparent as during the pandemic.

Elderly customers remain a primary demographic for fraud, scammed out of an estimated $3 billion a year thanks to their better credit scores, plentiful funds, trusting nature, and lack of tech know-how. Methods most prevalent in this age group include romance scams, imposter scams, and lottery and sweepstake scams, with 40% of identity theft fraud victims being over 60.

However, Gen Z have become a new target for financial crimes, primarily through social media. Younger customers who value convenience over privacy are increasingly falling prey to so-called ‘mule herders’ that slide into their direct messages, recruiting them into laundering schemes with the lure of quick and easy cash. This method can be very challenging to detect since the scammer does not interact directly with the banking platform and instead convinces the user to perform an action. Mobile malware is also a key feature in Gen Z fraud, with multi-factor authentication intercepted by scammers, hijacking their operating system through fake apps.

Security comes first 

As Gartner says, don’t treat your customer like a criminal. Customers want convenience, and financial providers should be able to provide the security they need. If you keep putting the onus on the customer to jump through hoops, they’re going to move to a provider that takes the burden of security out of their hands.

Thanks to the dynamic nature of cybercrime, managing fraud risk is a considerable and ever-evolving challenge. As scammers have got smarter, authentication methods have remained stagnant, leaving customers vulnerable to attack. To provide robust protection, financial institutions must recognise the vulnerability of one-time passcodes and knowledge-based authentication and look for solutions that go beyond the device, IP, and network-based attitudes. They must look to user behaviour to catch criminals before they strike.

Behavioural biometrics technology seeks out scammers through how they interact with online platforms, whilst ensuring that customers still have the frictionless banking experience they desire. Working passively in the background of a user web or mobile session, this technology monitors thousands of parameters such as pressure used when typing, how online forms are navigated and whether multiple fields are copied and pasted. For instance, in practice, behavioural biometrics can look for anomalies in digital interactions to reduce the risk of account takeover and identify ‘mule personas’ on social media to seek out potential mule herders. It can also detect potential social engineering scams, looking to typing hesitation and session length as indicators of foul play.

Scammers frequently alter their tactics and victims. As hackers have the means to defraud financial institutions and defeat two-step authentication, it has become abundantly clear that new solutions are needed to safeguard vulnerable customers. Whether it's Gen Z falling for mule herders in their direct messages or elderly victims becoming victim to social engineering schemes, the simplest way to catch fraudsters is to observe and distinguish their online behaviour. Financial institutions can rely on behavioural biometric technologies to provide convenient yet secure banking, protecting their customers from growing threats.