Blog article
See all stories »

Fraud increases among neo-banks - what’s going wrong - and how can banks mitigate risk?

Rates of fraud have continued to soar in the latest 3-year period studied by the UK’s Financial Ombudsman Service (FOS), and neo-banks account for the bulk of increases. This has confused industry observers as one of the benefits of neo-banks is reportedly greater transparency and control over transactions. However, it now appears likely that these features are part of the problem. 

Banks can improve certain processes to mitigate these risks and more efficiently deal with fraud disputes - but first we need to understand the reasons behind the increase.

Why neo-banks are often worse-hit

Fraud complaints against Starling, Revolut and Monzo have increased at a rate higher than customer growth, and higher than complaints at traditional banks. Customers are caught out by fraudsters with a few different types of tricks. The most common variety is Authorised Push Payment (APP) fraud, which sees fraudsters posing as a friendly actor and convincing consumers to make a large bank transfer which is authorised in the bank’s app. Neo-banks are taking the brunt of this increase in APP fraud - and here’s why:

Apps with a better user experience

Often celebrated as a key advantage of a neo-bank, an intuitive and easy-to-use app can cause customers to verify transactions too quickly or without due scrutiny - contributing to rising rates of APP fraud. Therefore, even though fraudulent transactions are verified by users directly, they are more likely to be verified than if a traditional transaction monitoring method is used. Legacy banks will typically block the flagged transaction outright, and then notify the consumer via telephone or letter. The methodology behind this difference in transaction monitoring is that the neo-bank approach shifts the responsibility onto the user to block fraudulent transactions, whereas legacy banks incur higher costs by first blocking transactions, and then reaching out to consumers directly.

KYC and Inter-Bank transfers

Neo-banks are often reported to have weak KYC and AML practices. Although no official data suggests that neo-banks have inferior vetting processes, recent struggles to expand beyond their home markets suggests that something is askew. Therefore, fraudsters are more likely to onboard with a neo-bank, as their application processes are app-based and take minutes, as opposed to the legacy bank’s requirement of visiting in-store. Banks also do not always inspect internal bank transfers with the same scrutiny as transfers to an outside bank, making customers of neo-banks interesting targets for APP fraud as the fraudsters are able to circumvent KYC checks to also create an account at those banks.

Fraudsters are efficient

It has become clear that fraudsters do not commit random and spontaneous attacks. In an effort to increase the success rates of their campaigns, fraudsters assess potential victims by the audience’s willingness to deal with financial matters online. The typical legacy bank’s audience is unlikely to comply with fraudsters' requests without speaking to a staff member at their bank - whereas customers of neo-banks are far more likely to comply with digital requests and are therefore systematically targeted by fraudsters. Therefore, digital-first neo-banks are targeted at a higher rate than legacy banks, increasing their number of fraud cases.

How can banks mitigate the risk of increased fraud

The key concept when settling fraud disputes is to decide which party is liable - the consumer, the consumer’s bank or the fraudster’s bank. The Lending Standards Board has laid out a voluntary set of guidelines - the Contingent Reimbursement Model (CRM) - to settle this question. This set of guidelines has been adopted by most traditional banks and one neo-bank (Starling). The CRM was a large shift for the banking industry when introduced in 2019, providing consumers with greater protections whilst sending fast transfers and shifting the liability from consumers to banks concerning APP fraud.

Herein lies the problem - not all banks have signed up to the standard. An industry-wide set of guidelines would simplify the process of fraud disputes resulting from APP and reduce costs associated with lengthy claims for both sides. However, a shift in the voluntary nature of the CRM is unlikely in the short term, and neo-banks such as Revolut and Monzo are unlikely to voluntarily sign up - a move which would shift a large amount of liability from their customers to themselves. 

In the meantime, financial institutions are able to mitigate the risks of increased fraud by implementing better technologies to manage the fraud dispute process. These systems automate the fraud dispute process, drastically reducing the cost of handling fraud disputes, all whilst providing the customer with a faster and more insightful complaints process. Using such systems can also mitigate the risk of non compliance for banks which have signed up to the CRM.  It’s a win-win situation for banks and consumers - and a great excuse to tap into the world class payments innovation that’s designed to help financial institutions focus on what’s truly important - putting customers first. 


Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 10 January, 2023, 10:522 likes 2 likes

Further proof that (a) there's a tradeoff between convenience / frictionless UX and security / fraud potential (b) transparency is actually a way to shift liability.

While it's not very populist, my Three Strike Rule is the best way to eliminate APP Fraud and other forms of cybercrimes, even if I say so myself!

Thomas Mueller

Thomas Mueller

Co-Founder & CEO

Rivero AG

Member since

08 Sep 2022



Blog posts


This post is from a series of posts in the group:

Payments strategies 2015-2020-2030

Payments systems visions, strategies, trends, pilots, forecasting, and planning for the short-, medium-, and far-term.

See all

Now hiring