Hi everyone
Last year we shared some of the things we’ve been working on to tackle fraud here at Monzo. And we wanted to come back with a bit of an update about how we’ve evolved this work over the past year, how it’s been going and what you can expect next. Today we’ll be focusing on purchase scams.
But first, let me introduce myself.
I’m Chris, I’m a Senior Fraud Analyst. It’s my job to understand the types of Fraud and Scams that Monzo customers are at risk of falling victim to, and work with our product teams to come up with ideas for how to stop them from happening.
An overview of purchase scams
A purchase scam is when someone attempts to buy goods or services from a seller, typically one they met online. A customer will make the payment by bank transfer and expect to get what they paid for.
But the fraudulent seller will take the money and end all communication with the buyer, leaving the customer with no goods and no refund.
Purchase scams primarily start on social media. We recently reviewed a sample of purchase scam claims from this year and found nearly 40% started on Facebook alone, through public posts or on Marketplace.
People were often buying tickets for things like music concerts or sporting events like football matches.
We see fraudsters using a combination of tactics to entice people to pay:
- The event may have limited tickets available and given the high demand, the fraudster will put pressure on the buyer.
- They may sell tickets very close to the time of the event, sometimes days before, to encourage customers to buy immediately.
- The fraudster might lower the price, so it feels like a deal that’s hard to resist.
They’ll always ask for money up-front, before sending the items.
Purchase scams are on the rise, up 34% in 2023 vs the previous year according to UK Finance. And now it’s summer, the festivals, concerts and sports events – from Glasto to the Euros – all offer fraudsters opportunities to run purchase scams.
In fact, they’re by far the most common type of authorised push payment fraud in the UK: 67% of all APP scams reported in 2023 were purchase scams.
What we see at Monzo reflects this, though because the demographic of our customer base are more likely to be on social media and shop online, we actually see a higher concentration.
Preventing purchase scams
Our aim at Monzo is to detect and prevent fraud before it happens. But doing this for purchase fraud comes with some unique challenges.
People are desensitised to warnings
Our user research shows people tend not to trust warnings. Fraudsters know this and abuse it, to push even the most suspicious buyers over the line.
People tend to feel like warnings are ‘generic’ or think ‘this is just what banks do now’. We’ve heard people say ‘it’s like terms and conditions’ that you scroll past and accept without really paying attention’.
Banks expose customers to so many of these screens, sometimes on transactions which are actually safe, which enhances this problem and erodes trust in the warnings.
We need to repair this trust by showing customers we can accurately detect fraud, and giving them tailored warnings, relevant information and meaningful education to cut through the noise and show people they should take these interventions seriously.
Lower value, one-off transactions that start on social media mean purchase fraud is difficult to detect
We know the majority of these scams start on social media sites we don’t have visibility of. Then compared to other types of scams like fake investment scams, purchase scams are typically lower in value and often involve one or two transactions.
The average purchase scam is for over £200 vs other types of fraud which are for £900-1,300 and involve multiple transactions.
This makes purchase fraud difficult to detect. There’s often nothing obviously unusual or risky about these payments that’d indicate to us we should ‘intervene’. And we don’t want to show you warning screens for every single transaction!
Our approach
At Monzo our primary goal is to prevent fraud before it happens, which means we have to accurately detect fraudulent transactions, then intervene in the right way to stop people going ahead with the payments.
To do this with purchase scams, we’ve really focussed on customer experience, using our quantitative and qualitative insights to inform our designs. We’ve also been running experiments to understand how effective different approaches are.
In every fraud intervention we design, our aim is to protect our customers, without causing unnecessary friction to people making genuine transactions.
We’ve experimented extensively with warning screens
Iteration #1: we tested different messages
The first warning screens we tried were focussed on delivering a message to customers based on the following three ideas:
- the urgency of the issue – you could be getting scammed right now
- the idea that their money was being stolen
- the notion that if they listened to our warnings now, they’d save themselves trouble later
These screens were able to stop 25% of customers from making transactions we deemed risky. But we thought we could do better…
Iteration #2: Education
We then tried a screen that focussed on educating customers about how much fraud happens in the UK. It aimed to give them a sense of how risky the payment they were trying to make was compared to other payments Monzo customers make.
This iteration was able to stop 30% of customers from making transactions we deemed risky.
Iteration #3: Personalised education
We experimented with educational screens that were personalised to the customer’s own spending history. We told customers how risky this payment was compared to the rest of their spending.
Unfortunately these personalised screens weren’t more effective than the generic education ones we tried in iteration #2. Our experiment found they were able to stop about 23% of customers making transactions we deemed risky.
But we’ve found payment blocks most effective at preventing purchase fraud
After warning screens, we wanted to experiment with adding a lot more friction. What if we actually prevented customers from making payments we think are risky?
Iteration #4: Payment block
In this next iteration, we blocked payments that we detected were higher risk for purchase fraud. We’d actually stop the customer from making the payment and provide them with education around scams. Then we’d ask them to get in touch with us if they were confident the payment was safe and they still wanted to make it.
We found that while 1 in 6 customers would still contact us to make the payment, the payment block was 60-70% effective at preventing fraud.
This is the version we’ve actually now implemented in place of the warning screens we tested in the past.
Iteration #5: Payment block and unblock experiment
We’re looking to refine this further, and are currently testing a variation of the payment block that lets the customer unblock their payment themselves, but provides them with some more specific education about the signs of potential fraud in the journey.
The impact so far
With our new approach and design changes, we’ve prevented over £1 million worth of transactions going into the hands of fraudsters.
As the approach we’ve implemented involves blocking payments, we’ve also put a lot of work into improving our detection for purchase scams, so we’re only interrupting payments that are genuinely risky, and not inconveniencing customers otherwise! The current experiment is showing positive early signs, with over 60% fewer interruptions to the payment flow for purchases.
Closing thoughts
Fraud is a constantly changing environment, and defending against it is an ever-evolving process. To stay on top of it and protect our customers, we need to be agile and adaptable as new threats emerge.
We’d really welcome input from the community here on thoughts or ideas for how we can keep developing our work here!