KeyBank On Fighting APP Fraud During The COVID-19 Pandemic

Fraudsters are preying on consumers’ anxieties by turning to authorized push payment (APP) fraud for COVID-19-related schemes. Deploying multiple fraud prevention tactics is therefore a must if banks hope to spot complex scams and outfox bad actors, says Megan Kakani, vice president of product and innovation at KeyBank. In this month’s Digital Fraud Tracker, Kakani explains how the bank pairs machine learning-based pattern recognition and stringent authentication measures to battle APP fraud.

Fraud targeting digital banking users has been around as long as digital banking itself, but it has recently become more prevalent.

Sixty-one percent of banks report that fraud volumes are increasing over time, 59 percent say the total value of fraud attempts is going up, and 41 percent note that the average value of any given fraud attempt is on the rise. The pandemic is exacerbating the problem, with a study finding that 22 percent of Americans were the targets of pandemic-related fraud attempts as of March.

Fraudsters are deploying numerous methods to perpetrate this fraud, including authorized push payment (APP) schemes and account takeovers (ATOs), but these methods all have one thing in common, according to Megan Kakani, vice president of product and innovation at KeyBank. These attacks harness individuals’ and businesses’ collective fears and uncertainty surrounding the pandemic to trick them into making bad decisions.

“A sense of urgency is a common theme in a lot of fraud schemes, and COVID-19 added an extra layer to that,” Kakani said. “It wasn’t necessarily fundamentally that different from the kind of fraud that we’ve seen in the past, but people and businesses forgot good [security] practices because there was such a sense of urgency and the environment.”

Financial institutions (FIs) require comprehensive strategies to fight APP fraud at this level. KeyBank’s strategy for fighting APP fraud is twofold, consisting of customer education and back-end authentication procedures.

How The Pandemic Makes APP Fraud More Pernicious

APP fraud is not a new occurrence. What has changed during the pandemic are these schemes’ specifics, with fraudsters now impersonating everything from personal protective equipment (PPE) providers, medical staff, tax officials or friends begging for help.

“[This] has been a vulnerable time for folks because it’s already made people on edge,” Kakani said. “There’s a sense of urgency both for individuals and businesses. We saw a lot of fraudsters pretending to be PPE providers, and they got away with it because the sense of urgency was so great.”

One factor contributing to the prevalence of APP schemes is the growing number of consumers using payment apps — especially those using these solutions for the first time — as contactless alternatives to physical payment methods. First-time users are often unused to security best practices surrounding such apps and are thus more vulnerable to fraud.

“It certainly has been a step change in terms of digital adoption,” Kakani explained. “We have seen that it has shifted [people’s behaviors] in a way that I think will be lasting, in terms of trying digital payments and … getting used to them.”

Consumers’ changing payment habits necessitate rigorous fraud prevention through customer best practices as well as back-end security innovations because these shifts’ lasting effects will almost certainly result in continued cybercrime threats.

Fighting Fraud Through Technology and Education

Educating customers on APP fraud is the first step toward preventing it, Kakani explained. One of the most telling signs that such schemes are occurring is a sense of urgency. Those asking for funds want to receive them before the victim has too much time to think about it. There is another potential clue, however.

“There’s a lot of name dropping, like, ‘The name of this CEO asked me for something [from you],’” Kakani noted. “They try to pose legitimacy and adding a sense of sort of urgency and intimidation by dropping very senior names. You may not want to call that person to verify what they’re going for.”

Customer education is only half the battle, however, and FIs like KeyBank must also leverage behind-the-scenes authentication and pattern recognition technologies that use artificial intelligence (AI) and machine learning (ML) to identify and flag suspicious transactions.

“We have our own fraud monitoring to try to detect what we would consider suspicious behavior,” she said. “On the front end, we protect the front door through user authentication to make sure that the person sending the transaction is the correct individual and authorized to do so. And we’re also continuing to expand the forms of authentication and multifactor authentication that we require depending on the type of activity that user’s looking to perform.”

Customers are largely willing to accept a little extra friction in the name of security, Kakani noted. They may seek one-click functionality in some areas when using their mobile devices, but they feel a sense of security in extra authentication steps when their money is at risk.

“As much as we all love things to be one-click and easy, consumers, especially when it comes to their money, don’t value ease over everything,” she explained. “We found from our customers that they do appreciate the right level of authentication. I personally am less comfortable doing a transaction if it doesn’t ask me for some sort of authentication.”

Banks must take care to step up their anti-fraud strategies as bad actors’ schemes evolve. Combining authentication technologies with best practices for personal security may not solve all instances of APP fraud, but this approach is helping many FIs put a dent in fraudsters’ efforts.