When major events – such as the COVID-19 pandemic, global sports or politics – take center stage, fraudsters and scammers often exploit them to profit from unsuspecting consumers.
According to a recent global survey by Callsign, only 8% of consumers in the region trust SMS as a safe form of communications with their banks or retail brands.
Just receiving a scam message purportedly from a brand will cause 52% of consumers in Asia Pacific to lose faith in the organization, regardless of the fact that the message wasn’t actually sent by the brand.
For more insights into “smishing” and the “industrialization of scams” – and its impact on organizations in the region – we discussed the survey findings with Namrata Jolly, General Manager, Asia Pacific, Callsign:
How are organizations’ reputations being harmed by the increase and industrialization of scams?
Namrata: According to Callsign’s own research, just receiving a scam message claiming to be from a brand causes 52% of consumers in the Asia Pacific region to lose trust in an organization. Worse, 29% said they had stopped using the company whose name the fraudster used to execute the scam.
The fraudsters use anything they can to trick their victims and play to human emotions to execute their scam. Unfortunately, this means using a brand name to lure consumers into their scam. This may be via email or SMS with the promise of an invitation to an exclusive event, a discount, a special prize, a request to change login details or more together. Usually there is a link included to encourage the person to click and register, handing over personal information.
Consumers are an easy target for scammers because, unlike big banks and retailers who spend billions on security, processes, procedures, and training, the general public is largely unaware. Therefore, when a scam message appears via SMS or other familiar communication channel, consumers are more trusting and this is exactly what the scammer banks on.
There was another interesting statistic from Callsign’s research on scamming. In Asia Pacific, nearly half (45%) of consumers think identity is a problem and said people should prove who they are when signing up to a platform as this will stop the scammers.
How serious is the harm caused by scams in the context of Asia, and how has the COVID-19 pandemic exacerbated it?
Namrata: Scammers are notorious for latching onto world events to defraud consumers. Many security professionals were taken aback by the speed in which scammers mobilized and industrialized pandemic scams. Because COVID-19 produced a climate of fear and uncertainty, fraudsters were quick to industrialize scamming.
Research conducted this year by Callsign revealed that respondents in the Asia Pacific region reported they were receiving an average of three spam messages a day. 28% said they received more messages from fraudsters than from their family and friends.
The impact this has on brands is devastating. Almost a third (29%) of respondents said they had stopped using the company whose name the fraudster used to execute the scam. For any business, losing a third of a customer base due to fraud is a disaster.
The cost borne by brands when a fraud occurs is not just the pain the customer goes through and the immediate liability the organization needs to pay, but is also the cost of loss of reputation which is difficult to quantify but definitely adds to the cost that the brand needs to bear.
Fraudsters use the same channels to target consumers as businesses use to authenticate them. Banks and online businesses spend millions of dollars every year on enterprise security to protect their networks, educate and train staff on cyber hygiene. Yet the consumer does not have access to enterprise grade security and must make up their own mind if the SMS messages they receive is legitimate or fraudulent.
Rectifying this imbalance will go a long way in reducing customer churn, rebuilding digital trust, and will put a significant dent in the ability of scammers to operate.
What industries are most targeted by fraudsters, and why?
Namrata: Ultimately, scammers go where the money is, starting with the most liquid with banks being prime targets yet any business is under threat. There is a growing trend in the targeting of organizations running loyalty schemes because loyalty points are increasingly tradeable on the Dark Web.
Scammers exploit various communications channels. Which ones are used most frequently, and which ones do consumers trust the least?
Namrata: From Callsign’s research, only 8% of consumers think SMS is a safe channel to communicate with their bank or retailer. If a consumer receives a scam via text message, then there is a 57% decrease in trust.
This is worth noting because SMS is widely used by banks to send one-time passwords (OTPs), yet the technology has been around since 1993 when Nokia was the only handset manufacturer to support SMS text.
Although SMS usage exploded worldwide and was a fun, new way to communicate, today the technology is antiquated and open to abuse. The messaging platforms used by organizations to communicate with their customers must balance protection and experience to ensure brand protection.
SMS is one example but any communication channel is open to abuse. Another is email. In fact, any means of communications is open to attack. This is made worse by the ability to purchase stolen information on the Dark Web to target consumers through emails, SMS or phone calls.
What are some key considerations organizations should bear in mind in their efforts to improve customer experience, while protecting identities and personal information?
Namrata: Only by creating a seamless and secure customer journey, can brands establish, or re-establish, digital trust. The technology exists today to make this happen. The reliance on 20th Century technologies to authenticate customers has proven to be the weakest link for many years.
Passwords or PIN numbers alone form a single point of failure, just one layer of security for a scammer to compromise, they aren’t necessarily easy to remember and consequently can inhibit good customer experience online. What customers really want is a frictionless and fast experience –security cannot be seen as a chore. What this means for banks and online services is adopting a multi-layered approach to authenticating consumers.
By combining passive behavioral biometrics (such as the way a consumer swipes or types) over with device and location data, multi-factor authentication can be achieved seamlessly and easily and with no one point of failure in the process if a would-be fraudster was to have a user’s credentials. Unlike other methods of verification, authentication, and authorization, such as facial recognition or the use of cookies to identify users, Callsign obfuscates the data so that privacy of the user is always preserved.
Callsign’s solutions use deep learning techniques to combine event, threat, and analytics with multi-factor authentication. Added to this is real time threat intelligence that enables banks and online services to simultaneously catch fraudulent activity and introduce warning messages in a timely fashion.
Importantly, this tailored approach to customer authentication – building privacy preserving, unique identity profiles for every individual – helps reduce churn, rebuilds digital trust, and reduces friction.
In other words, 21st-century technology is required to combat a 21st-century problem.