We recently connected with Bill Sytsma, Senior Vice President at Callsign, a digital trust pioneer servicing some of the top banks in the US, to discuss authorized push payment (APP) fraud.
Bill began working at Callsign in January 2021, where he is responsible for the commercial organization in North America.
As covered in October 2021, Visa (NYSE: V) had chosen Callsign as their preferred behavioral biometric digital and device intelligence identity provider.
Under the agreement, Visa will be introducing Callsign’s behavioral biometric and device fingerprinting services to the Visa network of financial institutions, payment service providers, and merchants across Europe.
Callsign joined the Visa Fintech Partner Connect program “giving banks, merchants and the wider card ecosystem access to Callsign’s Intelligence driven authentication solutions which positively identify consumers using inherent behavioral biometrics whilst detecting and preventing fraud.”
Our conversation with Bill Sytsma is shared below.
Crowdfund Insider: What is authorized push payment fraud and how does it relate to the recent fraud seen with Zelle payments?
Bill Sytsma: APP fraud is when fraudsters deceive individuals into ‘legitimately’ sending them a payment to a bank account controlled by the fraudster. These types of scams are increasingly occurring over peer-to-peer payment (P2P) applications such as Zelle, Venmo, or PayPal since the funds cannot be returned so easily.
In fact, APP fraud is becoming such a popular method of scamming people that nearly 18 million Americans were defrauded via digital wallets and person-to-person payment apps in 2020, according to Javelin Strategy & Research. Additionally, APP fraud is also a global concern, costing UK victims £479 million in 2020.
In the case of the Zelle fraud schemes, fraudsters posed as legitimate banks scaring or tricking victims into handing over money via Zelle, so they can steal thousands of dollars in a few minutes.
To do this, fraudsters use social engineering techniques and may hack into email and other systems to set up their victims. For example, a user receives a text message that appears to come from their bank’s fraud department, asking them to verify whether they had made a payment through Zelle. Once the user responds over text, they get a spoofed phone call showing that it’s coming from a legitimate bank telling them that the user needs to send money back to themselves over Zelle.
But in the background, the scammer attached the customer’s phone number to their own account which has their personal banking information. In doing this, it allows the scammer to receive the money instead of the customer, and since retrieving funds back on P2P apps is very difficult, the fraudster is able to make a quick getaway.
Crowdfund Insider: What other types of APP fraud exist?
Bill Sytsma: APP fraud can present itself in a myriad of ways such as “romance scams” or even “puppy scams.” Romance scams occur when someone adopts a fake identity to gain a victim’s affection, and once they are trusted they may request money to visit their lover or marry them, but never follows through and instead keeps the money.
Puppy scams are when a person seeks to buy a puppy from a vendor, sends them money over P2P applications for a deposit or complete payment, but then never gets the puppy from the vendor losing all their money.
Crowdfund Insider: How does APP fraud affect customer experience and why is there a debate on where the responsibility lies for the payment?
Bill Sytsma: Customers are increasingly expecting friction-free experiences with complete security. But since payments made using P2P applications are instantaneous and the user willingly made the payment with no way for a bank to tell if the customer was in on the scam, they are irreversible. This puts both security and customer experience at risk, and raises questions about who is responsible when it comes to APP fraud – the user or the financial institution?
In some cases, consumers feel like there should be a shared responsibility with 19% of respondents blaming themselves for fraud occurring and 12% blaming the bank, according to a recent Callsign survey.
Crowdfund Insider: How can financial institutions help educate their users to avoid falling victims to APP fraud?
Bill Sytsma: Banks and financial institutions need to provide its customers with the right tools and materials that enable users to ask questions before interacting with anything or anyone that is asking for money. Questions users can ask include:
Am I expecting to make this payment today? Often unexpected payments such as a bill, or tax payments are signs of scams, scaring people into making payments quickly.
Am I being asked to move money to a different account? If a user is being asked to make a payment or move their savings, they need to question who the person is or where the email/text making the request is coming from.
Am I sure you are being contacted by a legitimate financial institution? Users need to ensure they call their bank or financial institution directly and check on any changes to payment details, before taking the word of the initial person that contacted them. They shouldn’t rely solely on emails, text messages, or even phone calls since they can be spoofed to look legitimate.
Crowdfund Insider: What type of technology measures can financial institutions put in place to further protect themselves and users from APP fraud?
Bill Sytsma: To prevent APP fraud such as the Zelle fraud schemes, banks can implement dynamic fraud intervention and contextualized warnings. These tactics aim to overcome challenges when fraudsters coach users around static warnings and points in the user journey.
Dynamic, contextualized warnings at the right time, give more direct information telling a user that they may be in contact with a fraudster, and also give the bank the opportunity not to complete the payment if they think fraud is being committed.
Financial institutions can also implement passive fraud monitoring, which only sets off interventions when the danger is high by checking for unusual behavior patterns. The ability to adapt customer journeys and warning messages helps financial institutions to deter fraudsters from targeting their users.