Redesigning online banking environments to reduce fraud
In collaboration with the Open Banking Implementation Entity (OBIE), we conducted two large-scale online experiments to identify and test ways banks and fintech companies can redesign their online payment environments to minimise the risk of fraudulent transactions.
UK consumers lose millions of pounds in bank transfer scams each year
Nowadays, sending money to almost anyone in the world is a matter of just a few clicks in a banking app. However, the convenient system leaves us exposed to fraud. In 2019, consumers lost approximately £456 million to scams known as Authorised Push Payments (APP) 1, where fraudsters trick or pressure victims to transfer money to their accounts. They commonly trick victims by impersonating an authority such as a bank representative or a police officer, sending a false invoice, or inviting the victim to a fake investment scheme.
Can in-app warnings and action buttons help prevent suspicious payments?
We ran two online experiments to test mechanisms that can effectively warn consumers and prevent APP fraud. In both experiments, participants made payments in what closely resembled real shopping environments. We rewarded them based on the number of legitimate transactions they made and the number of fraudulent transactions they correctly avoided. We tested three types of interventions to help participants avoid fraudulent transfers: call-to-action (CTA) buttons, behavioural messages, and risk-based warnings.
Example screens from interventions to prevent fraudulent transactions.
Call-to-action buttons reduced customers’ likelihood of falling for fraud by 54%
We found that adding specific action buttons had the strongest impact on reducing the number of fraudulent transfers. The inclusion of more actionable buttons allowed users to conveniently defer or cancel transactions that they thought were suspicious. Only 10% of participants who were presented with call-to-action buttons made a fraudulent payment compared to 22% in the control group (a reduction of 54%). Participants also rated the app with additional call-to-action buttons as more user-friendly. When we used the actionable buttons in combination with other mechanisms, the number of participants falling for a scam further dropped. The most successful was a combination of call-to-action buttons and risk-based warnings, which reduced the proportion of participants falling for fraudulent transactions to 4%.
While the CTA interventions generated large reductions in the share that fell for fraud, they also led to an unintended side effect––they reduced the share of non-fraudulent payments that individuals completed. However, while the interventions may dissuade people from completing legitimate payments initially, they are unlikely to stop people from ultimately making these payments, as individuals/organisations with legitimate payment requests are likely to follow up with reminders and supplementary evidence.
Percentage of participants who made fraudulent and legitimate payments per experimental conditions. Beh = behavioural messages. CTA = call-to-action buttons. Risk = risk-based warnings. The red lines show 95% confidence intervals. N = 10,000.
The risk-based approach did not seem to reduce fraud on its own, suggesting that individuals do not necessarily need more information warning them about the prevalence of, or risks associated with, fraud. Instead, they need to be provided with well-placed calls to action that remind them that cancelling a payment is an option, and which provide them with an easy way of doing so if they feel suspicious.
Should the outlined safety measures be a responsibility of the bank or a third-party app that initiates the payment?
The second experiment we ran showed that warnings displayed either in the bank or the 3rd party platform such as PayPal are equally effective. However, when both platforms warned users against possible fraud, the intervention backfired - participants were 37% more likely to ignore the warnings and make a fraudulent transaction.
The bottom line is that small changes in online banking environments can have a large impact on the likelihood that consumers fall for fraudulent transactions. Our trial results indicate that by making it easy for users to defer and cancel suspicious payments, online banking platforms can dramatically reduce the number of bank transfer scams and further improve the user experience.