Artificial
Intelligence is now being applied to traditional consumer financial fraud,
often being used to support the pretence that your brand has contacted your
customers. As their efforts become more sophisticated, we look at what business
and consumers can do to protect themselves from these AI enhanced fraudsters.
Not the surprise I had in mind
I
received an unwelcome Christmas surprise this year when hundreds of dollars of
purchases appeared on my credit card via my Apple account. I’d been hacked.
Happy Christmas!
Apple’s customer experience in this instance was particularly good as their alerts notified me quickly to the problem, which meant I was able to block my credit card and change my Apple password, minimising the damage. Plus, the icing on the customer experience cake was that I was reimbursed within 48hrs.
As I was
writing this blog, just this morning I received a text message claiming to be
from “Woolworths Gifts” congratulating me on my win and providing me with two
links. A quick google search unearthed the scam.
If my experience is anything to go by, we’re seeing a proliferation of increasingly complex scams that could impact on your brand.
Complex fraud is increasing
Unfortunately, this kind of fraud is on the rise in Australia. The ‘Targeting Scams’ report released by the Australian Competition and Consumer Commission (ACCC) states more than $340 million was reported lost by Australian victims of fraud schemes in 2017, up $40 million on the previous year.
And if
you think scams are just for the gullible, their increasing sophistication
means even the most diligent consumer is at risk, thanks mainly to AI.
In 2018
many Australians were on the receiving end of a scam that centred on an AI
generated phone call. The call claimed to be from from the Australian Taxation
Office and threatened immediate legal action if the recipient didn’t call the
number provided straight away. You had to listen carefully to realise that the
voice was robotic.
And even though, when you consider the nature of the call – you’re under investigation, there’s a warrant out for your arrest – it seems ridiculous to fall for it, the call felt in some part genuine, preying on the doubt we all feel from time to time.
Are we becoming wiser to scams?
So, is this having a knock-on effect on consumers behaviour? And will
it make them more wary about providing personal information in the future?
According to
a survey of 10,500 consumers by digital security firm Gemalto, “seven out of
10 UK consumers and two-thirds, on average, around the world would stop doing
business with a brand that suffers a breach of users’ financial or personal
data.”
Retailers are most at
risk globally, with 62% of respondents willing to walk away after a data
breach, followed by banks (59%) and social media sites (58%). The survey also
found that, across all ages, 93% place the blame squarely on businesses and
would think about acting against them. Social media sites worry consumers most,
with 61% concerned that these companies do not protect consumer data
adequately, followed by banking websites (40%).
How will this affect trust?
With
Australian financial services already dealing with significant distrust issues,
how will the Open Banking legislation hitting in 2020 further exacerbate
consumers’ privacy concerns?
It seems
that the industry already is aware of the core issues, with the Australian Banking Association publishing an extensive
laundry list of urgent fixes to mitigate privacy risks for consumers and fraud
loss risk to themselves.
However, with the acceleration in sophistication and platform
and tech developments supporting the emergence of digital only players, the
question remains, are we able to keep up with the criminals?
One emerging Australian neobank had to urgently upgrade its
defences after one of its directors fell victim to a phishing scam and had only
just implemented two-factor authentication on email accounts in late January.
But the debate is on as to whether the neobanks may be at an
advantage with Chief executive of Douugh, Andy Taylor saying “we
have the luxury of employing more up-to-date technology than the major banks,
as we do not have to support disparate legacy systems. Everything is more
centralised, meaning it’s easier to manage in a lot of ways.”
However, it could also be argued that relying on digital interactions could leave new entrants exposed to the use of these channels providing a vulnerability as consumers look to understand how interactions work with digital only fin services firms.
How to handle a scam targeting your
brand
So what can you do, if your brand suffers from a scam or data breach?
- Have a plan in place – While we may have tradition crisis management PR strategies in place, not many firms have specific comms plans designed to react to a significant data incident. Be prepared that you may not know everything about the incident at first and your plan should have the flexibility to evolve.
- Get in front of your customers as soon as possible – It’s your customers’ trust that will determine the impact on your brand. Don’t let your customers see your incident in the press first. Tell them as soon as you know, as much as you know.
- Put a face on your comms – Having the message come from your senior leadership is important to showing customers how seriously you take their wellbeing.
- Be transparent – It’s happened, there’s no point hiding from the fact, so get out there by telling your customers what’s happened, when it happened, what the impact may be, what you’re doing to help and what they should do next. Anything less is not enough.
- Use all your channels – Don’t forget that scams come through multiple channels, even letters (rarely, but they do). Also remember that your customers are not all the same, and not all of them read their emails. When dealing with an incident, use every channel you have to provide consistent, clear messages, with an offer to answer any questions they may have.
