Home Technology Cybersecurity Five steps to win the battle against everyday fraud Consumers in MEA can receive up to three scams a day, with a quarter receiving more messages from fraudsters than they do from their friends and family by Saeed Ahmad November 17, 2021 It’s challenging to comprehend the enormous cost of fraud in today’s world. Scammers drain $5 trillion from the global economy each year, equating to $700 for every person on the planet. However, while multi-million-dollar scams and massive data breaches may make national headlines, they do not accurately reflect the flood of fraud cases that occur every day. Most bad actors understand that stealing from ordinary people’s bank accounts is easier and less risky, allowing them to remain undetected for much longer. Fraudulent SMS scams are how most of them work – tricking users into believing that a real business is contacting them. Consumers in MEA can receive up to three scams a day, with a quarter receiving more messages from fraudsters than they do from their friends and family. Almost one-fifth (19 per cent) of MEA consumers who have been a victim of fraud have stopped using the company whose name the fraudster used to execute the scam. Customers are being bombarded with increasingly sophisticated scams, which all too often use the same communication channels that businesses do. As a result, it is the responsibility of both parties – the customer and the company – to make it as difficult as possible for scammers to succeed. The question is, what should businesses do to ensure that their customers are not punished simply for attempting to engage with them online? A multi-layered solution – the ‘Swiss cheese’ model When it comes to protecting customers from fraud and scams, businesses cannot afford to rely on a single layer of protection. As a result, risk analysts advise businesses to use the ‘Swiss cheese’ model. The idea is that businesses should put as many layers of security between their customers and scammers as possible. As a result, even if criminals manage to get through one layer of security – similar to a slice of Swiss cheese – they will never be able to get through the entire block. Businesses using this model must select the appropriate layers to maximise the effectiveness of their security. 1. Educate at the right time Educating customers is one of the most important things a company can do to protect its customers. Therefore, for example, warning messages appear on the screen before beginning a new transaction. Customers, on the other hand, are becoming increasingly difficult to sway. There are several reasons for this, some of which include customers reading them in a cold state (dispassionate, calm/bored) or simply because they are complacent. When it comes to educating customers online, businesses must be more creative and understand human psychology. Furthermore, even the most knowledgeable customer can forget their entire education if they’ve been riled up into a hot state (emotional, stressed, or angry) by the person scamming them. To be more effective, businesses must deliver warning communications at the right time – when the user is out of their cold state but before they have entirely entered a hot state. Keeping the language used in warnings fresh can help to ensure that they are read instead of being ignored. 2. Use friction wisely Friction is another tool that can be used to stop a scam in its tracks; small, seemingly insignificant barriers can have a massively disproportionate impact on how people act. When a person is hot, a little friction can give them that crucial second to think about what they’re doing – to break the spell, if you will. This is why a timely fraud warning can be highly effective. However, these messages are frequently found at the very beginning of a user’s journey. If a company wants its warnings to be effective, they should appear when the user is in danger, such as being persuaded to do something risky. 3. Give informed nudges It’s not enough to advise a user not to transfer money to a questionable account, reveal their personal information, or do anything that could be potentially harmful. Because generic advice is frequently overlooked, businesses must provide clear and specific reasons why they shouldn’t proceed with a particular action. Businesses should remember that it’s not just the language that influences whether people pay attention to a warning – it’s also how it appears. This entails making it clear and visible so that customers notice it. 4. Make better use of consumer data When all else fails, and a company is unable to prevent a scam, it is critical to detect one. This is where dynamic intervention software can help by proactively scanning a user’s device for malware and other threats. These tools can examine everything from unusual locations for that device to strange behavioural patterns. This enables businesses to detect scams as they occur and provide highly targeted warning communications to people who are genuinely at risk, avoiding the “cry wolf” effect that can accompany a blanket of generic security messages. 5. Security is a shared responsibility With so many scam text messages, emails, phone calls, and other messages being sent out every day, nothing can protect customers 100 per cent of the time. And no matter how complex the strategy, no company is likely to get it right the first time, especially if they try to do everything themselves. As a result, businesses should not rely on a single security strategy but rather test various approaches to provide their customers with the best defence against scammers. Organisations should also make use of every asset available to them, including humans and technology. Customer experience teams, for example, have insights into the minds and behaviours of users and advice on what is likely to help or hinder them. However, technology also plays an important role, as many security solutions are digitised rather than digital. In a world where it increasingly appears that scammers and fraudsters are winning, digitised analogue processes like PDFs and SMS one-time passwords are simply no longer fit for purpose. Saeed Ahmad is the managing director – Middle East and North Africa at Callsign Tags callsign cybersecurity cyberthreat fraud 0 Comments You might also like Proofpoint’s Haifa Ketiti on AI-driven cybersecurity solutions Boost for GCC mobile app security as Protectt.ai, Finesse partner Tackling the surge in fraud during UAE’s peak shopping seasons GITEX GLOBAL 2024: Two mega venues, one massive tech event