Resources / The Evolution Blog
Human Fraud Fighter Foils Financial Scam
Ken Palla
Scam Detection - Humans versus Machines.
Too often when we are writing about online fraud controls, we are talking about the software solutions that create defense in depth. Be it online account opening, account takeover, phishing, credential stuffing and eCommerce fraud, it is always revolving around important and effective fraud control software tools. And no doubt, these tools are quite important. And the bank regulators want to see these tools in place.
But realistically, we do not put the same energy and effort on the human side of fraud controls. Education for customers and education for staff are sometimes considered second tier or “check the box” activities.
Well, today I want us to rethink that approach and discuss a story about a real bank teller and what she did to save a customer’s AU$40,000 in Australia.
The Story
(This story is taken from the Daily Mail Australia¹)
It was probably a quiet day at the National Australia Bank (NAB) branch in Rosny, a city in Tasmania, Australia. After all, the population of Rosny is less than 1,000 people. But on this day, a couple walked into the branch and wanted to withdraw AU $40,000 to be sent to an investment firm.
The NAB bank teller, Erin Bugg started to get concerned about this transaction. The couple then asked “to have their account unblocked so they could send money to an 'online investment firm'. The couple were attempting to have the first of two instalments – AU $40,000 - sent to the fake firm in Perth.” The couple told Ms. Bugg “The investment firm promised a 12 per cent return on their term deposit and a guaranteed payout if the firm was to go bust”.This rang more alarm bells for the teller.
'If there was a scam red flags bingo card, 'online investment opportunity' would be top of the list,' Ms. Bugg revealed in a statement by the bank.
Another red flag was the wife mentioning “a man at the firm kept calling her and insisting she open the account to transfer the money.”
Ms. Bugg went online and found the investment website and it sure looked good. But then she took the initiative to call the NAB fraud department. They told her this was very suspicious and was probably a scam. The fraud department suggested the customer talk to the bank in charge of the investment firm’s accounts. The couple first called the investment firm on a speakerphone and told them NAB was questioning them. Ms. Bugg overheard the investment firm say “Oh, NAB always flags us as a scam”.
Next Ms. Bugg suggested the couple visit the investment firm’s bank to confirm the relationship.In the small town of Rosny, the other bank was close.Well, the couple went there and returned and said the other bank had no relationship with the investment firm.So, no money transferred—and AU $40,000 (Australian) saved!!
Later Ms. Bugg said “I was put in a difficult position with all the pressure on me, and I'm so glad I didn't waiver – I stood my ground and followed my gut, preventing them from losing their life savings.”
This story shows the number of steps Ms. Bugg had to go through before the customer realized it was a scam.She efficiently processed what she saw and heard. So, kudos to Erin Bugg at NAB!
This is more difficult than you think, because a few months earlier, the news.com.au website reported² that “Angry customers have hit out at ANZ (another Australian Bank), accusing the bank of deliberately making it difficult for them to access their own money (at the branch) and ‘interrogating’ them about why they want it.” And “they made me feel like I was a criminal when in fact I was taking my own, hard-earned money.”
So, the teller can be in a very difficult position, when a customer wants to withdraw cash or move money to another bank/investment/crypto exchange.Some of the customers just want do a real transaction with their money.Others are being scammed, but are convinced it is real (romance scam, investment scam, etc.) and are trained by the fraudster to deceive the teller and be aggressive about it.
What makes the Australian story even more impactful is there is no current Australian regulations for reimbursement for financial scam losses. This person and their FI, just “did the right thing”.
I mention this story because this is a real-world example of how one person, the human involved in the fraud kill chain, did in fact stop the financial scam cold. And this is not just a story that takes place in Australia. In fact, this type of success occurs frequently in the UK with a combination of bank staff and local police (using the UK Banking Protocol which allows branch staff to call local police to the branch to talk with a potential victim). UK financial institutions (FIs), especially the major FIs over the past four + years, have been reimbursing for around 40-50% of authorized push payments (APP) scams. Later this year, all UK FIs will be required to reimburse 100% of APP scams.
So, the UK FIs have been seriously looking at every way to stop these APP scams (think romance scams, investment scams, etc.). Their branch staff have become an integral part of the defense in depth. And they are empowered to bring in the local police to the branch as well to talk with customers and convince them to not withdraw cash or send money to crypto exchange. The incentive to the FI is that if they fail to convince the customer what they are about to do is a scam, the FI may be liable for reimbursing the customer 100% of the scam loss.
Conclusion
This story about a teller on an island in the South Pacific, in a quiet town of less than 1,000 people, reminds us that people count on our fraud strategies- especially bank staff. Yes, we also want to educate customers. But we know that is difficult, training bank staff is different. And under our control. And if they are well-trained, and are taught the option of adding as well a ‘lifeline’ call to their fraud team to help in a suspicious customer transaction at the branch, it can make all of the difference in the world to the person whose money was not lost. So, remember, training bank staff must be part of your defense in depth fraud control strategy. And you be surprised how effective it can be.
The other thing that occurred to me as I reviewed this story though, is that we need to be building scam defenses that give the level of “human insight” into customer behavior to allow banks to make more informed decisions. Some key principles include:
Understanding normal user behavior – the teller could understand from the conversation that this new investment was unusual for this couple and something they hadn’t done before.
Identifying outliers in payment behavior – the size of the two instalments was higher than anything the couple had tried to do before, and the context behind the request was suspicious.
Highlighting anomalies in beneficiary accounts – there was a mismatch between who the couple thought they were paying and who they were paying. The bank the investment firm purported to have their account with had no record of the account.
The ability to intervene at key moments in the payment journey, with relevant warnings – ultimately not everyone caught up in a scam will have the good fortune of speaking to a teller like Ms Bugg. But if banks can replicate some of her advice with tailored interventions during the payment process, it may just be enough to make the victim pause, and even be redirected to a human who can help.
Solutions such as the security and fraud prevention platform built by Darwinium do exactly this. They piece together every piece of digital intelligence across the entire payment journey, from current and previous user behavior, account data and beneficiary intelligence. They also give banks the ability to dynamically intervene with tailored messaging and other remediation strategies to delay or block potential high-risk payments.
Post Script
Even as I wrote this blog in early February 2024, I saw a story about a teller in California who saved an elderly customer $40,000, where a fraudster remote accessed a customer account and moved $40,000 from a loan account to a checking account and was trying to get that customer, via a scam, to withdraw $40,000 from the victim’s bank account to buy bitcoin. According to the Grass Valley California newspaper, The Union³, the customer’s teller stepped in and “was able to see the signs of what was going on and instructed her to immediately hang up on the phone with the scammers.”
References
1. “How NAB bank teller refused to let a couple withdraw $40,000 from their account - and saved them from a sinister scam plot: 'Alarm bells'”, Fredy Pawle, Daily Mail Australia, January 29, 2024
2. “Customers lash out at ANZ over withholding their money”, Michelle Bowes, news.com.au, November 25, 2023
3. “Bank Teller Stops $40,000 Phishing Scam”, Elias Funez editor, The Union (Grass Valley California), January 31, 2024