The First Line of Defense: Tackling Scams Before Transactions

In my blog "The Missing Link in Fraud Prevention: Real-Time Customer Dialogue" (https://bankloch.blogspot.com/2025/06/the-missing-link-in-fraud-prevention.html) I argued for moving fraud checks earlier in the payment flow. Rather than waiting until a customer has signed and submitted a payment, banks should interact during the initiation phase. This not only allows for blocking fraudulent transactions sooner but also serves to educate customers in real time.

With Authorized Push Payment (APP) fraud on the rise, early-stage interaction is a step in the right direction. But what if we could go even further?

To truly understand how we can intervene more effectively, we need to break down a typical scam into four distinct stages:

• Stage 1 – The scam is underway, but no financial transaction has been initiated.
• Stage 2 – A payment is being initiated but not yet confirmed by the customer.
• Stage 3 – The payment is signed and submitted but not yet fully processed.
• Stage 4 – The transaction has been executed.

Currently, most banks concentrate their fraud detection efforts at Stage 3. In my previous blog, I proposed extending that effort into Stage 2. This post explores why we also need to address Stage 1.

Of course, Stage 4 remains essential - recovering stolen funds, investigating fraud cases, improving earlier controls, and sharing threat intelligence (see my blog "Fighting Financial Crime Together: The Role of Data Sharing" - https://bankloch.blogspot.com/2025/03/fighting-financial-crime-together-role.html). But shifting focus to the very beginning of the scam process - before a transaction is even considered - could be transformative.

It’s tempting to say Stage 1 falls outside the banking domain. After all, most scams originate on social media or via SMS, which puts the responsibility on tech giants and telecom providers. These players should be the first line of defense, using AI moderation, account verification, and platform monitoring to prevent scam content from spreading. Governments, too, must step up public education and law enforcement responses to digital crime.

But here’s the problem: these actors often fall short.

Social media platforms continue to scale back moderation efforts. Governments struggle to keep pace with the speed and adaptability of scam networks. That leaves banks - who are increasingly on the hook for compensating APP fraud losses - with a growing incentive to get involved earlier.

Preventing fraud before a payment is initiated offers several advantages:

• It educates customers, making them less vulnerable to future manipulation.
• It reduces overall fraud costs, including compensation and investigation.
• It enhances trust in the institution’s ability to protect its users.

And some banks are already stepping up.

CommBank recently launched the Scam Checker, a Gen AI-powered tool that allows customers to paste suspicious messages or links into their banking app for instant analysis. The tool cross-references known scam language, user-reported content, and actual fraud data. As CommBank puts it: "When you upload a suspicious text to Scam Checker, you’re not just protecting yourself. You’re also helping keep others safe by sharing valuable information that can be used to help protect them too."

The app also provides real-time alerts when a user’s identity is misused at major merchants (e.g. impersonation at telcos and banks) or when their personal information is exposed in a data breach (i.e. Dark web monitoring). Customers are then guided step-by-step on how to respond.

Here’s a range of actions banks can take - some already in use, others emerging - to intervene earlier:

• Awareness Campaigns: From large-scale media efforts to rotating tips inside the app (e.g. "Be cautious if someone pressures you to move money urgently") or interactive tutorials that train customers to recognize fraud tactics.
• Caller Verification Service: Let customers confirm, via the banking app, whether they’re speaking with a real bank representative. Banks like Monzo, Reovlut, ING, and KBC already offer this.
• Counterparty Risk Assessment Tools: Tools like Capilever’s CPRA give SMEs and individuals a reliable risk score before entering into transactions - similar to credit ratings for bond investors, but for peer-to-peer contexts.
• In-App Secure Messaging: Encourage all bank communication to happen within the app, minimizing phishing risks via email or SMS.
• "Call Me Back" Buttons: Let customers receiving suspicious calls request a verified, secure callback from the bank.
• Internet Scanning & Takedowns: Proactively find and remove (by taking legal action) fake websites, phishing sites, fake social media accounts, or spoofed domains mimicking the bank.
• Safe Browsing Integrations: Offer plugins or app features to customer that block access to known malicious sites.
• App Blurring: Santander UK now uses screen-sharing detection technology to counter scammers who trick customers into revealing banking screens. When screen-sharing is detected, the Santander banking app automatically blurs the screen and prevents any banking activity.
• AI Honeypots & Scam-Baiting Bots: Tools like Jolly Roger Telephone (US), Norton Genie, or O2’s "Daisy the AI Granny" waste scammers' time with fake conversations - lowering the ROI of scams.
• Digital Padlock: The Australian bank ANZ has introduced a ‘Digital Padlock’ as a last-resort security measure. Customers who suspect unauthorized access can activate it via their app or online banking. Once enabled, it blocks digital access to accounts, freezes eligible cards, and locks down banking services until the customer contacts ANZ directly to safely restore access.

Stage 1 might not be the traditional domain of banks, but the line is blurring. As fraud becomes more sophisticated - and the burden of losses shifts - banks are not just protectors of funds, but partners in prevention.

By stepping in sooner, banks not only defend their bottom line - they become trusted digital allies in their customers’ daily lives.

For more insights, visit my blog at https://bankloch.blogspot.com