21 April 2023
By Catalina Grosz
Behavioural science: The front-line in the battle against online fraud
Every time we make an online transaction, we put ourselves at risk of cyber fraud. In a recent report prepared for OFCOM which surveyed UK internet users aged 18 and above (Yonder), a quarter of respondents lost money as a result of an online scam or fraud.
In order to reduce the impact of scams and fraudulent acts online, legitimate organisations put time and effort into ensuring their online presence is free of fraudsters and hackers. Firewalls are installed and users receive cybersecurity training. Yet somehow, fraudsters and hackers still find ways to trick us. It is often our own behaviours that make us vulnerable to cyber attacks and scams. This is why we propose none other than behavioural interventions as a low-cost and easy to implement way of mitigating the impact online frauds and scams may have on our lives. With small changes to our decision-making environment, behavioural interventions can have a powerful effect on our choices, nudging us towards more beneficial behaviours (Thaler and Sunstein, 2008).
The following is a list of three common types of frauds and scams that can threaten us in online transactions. We accompany each with a suggestion on how to counter them based on behavioural science research that is both low-cost and easy to implement.
- Description: When shopping online, we often turn to product and service reviews to help us choose amongst the hundreds of available options. Fake reviews refer to online product and service reviews for which sellers may provide incentives in exchange for or even pay for positive reviews. These fake reviews make the product or service more appealing. Unfortunately, this scam often works. Our research here at TB found that both inflating star ratings and including fake text in the product reviews led to more consumers choosing a low-quality product (The Behaviouralist). Buying the wrong product may not be at the top of our concerns, but when these products turn out to be cheaply-made counterfeits they can sometimes pose a threat to our safety and that of our families (CNN).
- Suggestions: In a report drafted for OFCOM (Yonder), respondents stated that a warning from the platform addressing the possible presence of unverified content or messages would be helpful in preventing people from engaging in fraud or scams. In our research with Which? regarding fake reviews, we found that a banner at the top of shopping screens reduced the harm associated with fake reviews (Which?). However, our banners were simple and untargeted. More research is needed on the impact of warnings with more specific messages.
Figure 1: Banner displayed at the top of shopping screens with a warning message regarding the presence of untrue or misleading customer reviews.
Authorised push payment (APP) fraud
- Description: APP scams are an umbrella term for any scam which involves a person willingly processing payments to recipients they believe to be ‘genuine’ or ‘legitimate’ but that are actually fraudsters (The Behaviouralist). These recipients can pose as a handful of organisations, from charities to healthcare providers. APP scams usually begin with a fraudulent text or email attempting to pressure people by claiming urgency and warning of terrible consequences if a payment is not made. For individuals, APP fraud may present more than just a threat to their money, it can also pose a threat to their trust in organisations.
- Suggestions: We worked with OpenBanking to understand how changes in the design of online banking journeys could make individuals less likely to fall for fraudulent payment requests. We found that a change as low-cost and easy to implement as adding calls to action (CTAs) during the online banking customer journey could help greatly in mitigating the impact of APP fraud. These prompts allowed customers to easily postpone or cancel a payment, giving them a chance to reflect on the payment and its recipient (The Behaviouralist)
Figure 2: Phone screens showing the changes in the design to online banking journeys, including the CTA buttons.
- Description: Probably the most dangerous scam in this list, identity theft for financial purposes represents a scam in which an individual steals your personal information in order to obtain services, goods or benefits. This can include your name, bank account number and credit card information. Once a scammer has gotten hold of these details they are able to make unauthorised transactions and purchases, which may in turn damage your credit, finances and reputation. This damage can be long lasting, leaving the victim with psychological scars. In order to obtain your details, most identity fraudsters turn to computer technologies, hacking their way through computers and networks (Investopedia, Investopedia). Most victims of identity theft do not realise the scam is in place until after severe damage to their accounts.
- Suggestions: A highly recommended way of staying safe from this kind of scams is to have separate and strong passwords for sensitive accounts and to update operating systems on all devices. However, our own habits and preferences may be stopping us from implementing these simple behaviours. Password managers are a great solution. By suggesting strong and unique passwords and automatically saving them, they ease the cognitive load. These managers are in themselves a form of behavioural intervention because they present a small change to our decision-making environment that makes it easier to put the most beneficial behaviour into practice.
These are just a few of the many online scams and frauds that exist today. In the past, it was believed that simply educating people about cyber security and scaring them with the impact that cyber fraud could have on their lives was enough to promote safe behaviours. Today we know that fear alone won’t make us change. We believe that behavioural interventions enacted by banks and sellers offering online services can help mitigate the effects of these scams by addressing the barriers that make us the most vulnerable.