Hey, I’m Ashley and I look after fraud, disputes and our fincrime operations teams at Monzo.
I wanted to drop by to share an update on some new fraud data that the Payment Systems Regulator (PSR) has published today. They’ve shared rankings for banks across three metrics based on data from 2022, looking specifically at Faster Payments and authorised push payment fraud (APP fraud) where fraudsters trick you into sending them money.
You can see them on the PSR’s website APP fraud performance data | Payment Systems Regulator
You might have concerns or questions about the rankings and press coverage about it today – so I wanted to come on to explain some of the data behind the rankings and take the opportunity to share more with you about what we’re doing to tackle fraud and prevent it from happening before customers fall victim.
We’ve really made some significant investments here this year, in technology and in people: so far in 2023 we’ve hired almost 200 people into fraud teams across product, risk and operations. So while last year’s data isn’t where we’d want it to be, I’m confident we’re taking the right steps and making progress.
Fighting authorised push payment fraud is an ongoing challenge for the industry
Let me start by sharing some general context about the fraud landscape at the moment. UK Finance’s latest report really helps to set the scene for what we’re seeing across the industry but I’ll give a quick overview.
Last year victims in the UK lost over £1.2bn due to fraud and authorised push payment fraud in particular is an industry-wide challenge. Right now criminals primarily focus on APP fraud: social engineering with a view to getting victims to authorise or make payments themselves.
UK Finance’s data shows the value of APP fraud actually fell 1% in the first half of 2023 but the volume of cases reported increased 22% vs the same period in 2022.
The main thing driving this is an increase in purchase scams, which typically result in lower value losses than other types of fraud.
Our younger customer base are disproportionately affected by purchase scams – and this drives a lot of the data behind the rankings the PSR published today
We see a higher proportion of purchase scams as on average the demographic of our customer base is younger and more likely to shop online. At Monzo in 2022, purchase scams made up 79% of the overall volume of authorised push payment fraud we saw, and 53% of the value. By comparison, across the industry they make up 57% of volume and only 14% of the overall value.
The PSR data shows last year we saw the highest volume of APP fraud sent from our accounts, though not the highest value – which is consistent with us seeing more lower value purchase scams.
You’ll also see our reimbursement rates are among the lowest, and this is because we’re less likely to reimburse for these purchase scams given it’s extremely hard for banks to detect and prevent them.
I’ll dig more into this in more detail later, including what we’re doing to address purchase scams.
It’s worth saying that we are confident in the way we make decisions about reimbursing fraud – and the data backs this up. If our decision-making for reimbursement was at odds with the industry, we’d expect the rate of Monzo cases that went on to be upheld by the Financial Ombudsman to show this. But our ‘upheld rate’ in 2021/22 was in line with the industry average at 56% (the industry rate is 54%).
Our priority at Monzo is to prevent fraud before people fall victim
Our aim is really clear – to stop people experiencing the distress and emotional toll of falling victim to fraud in the first place. And crucially to stop criminals benefitting.
Fraudsters are sophisticated and their methods are ever-evolving. So we need to constantly innovate if we want to be successful.
In the fraud team, we think about this challenge in the same customer-centric way we do across Monzo, and look at how we can tackle it with a combination of skilled experts and technology.
As I said above, we’ve really been investing here, and there are a few things we’ve implemented this year we can see are already making an impact. I’m going to focus on impersonation fraud, investment scams and purchase scams in particular as these are the three most prevalent APP fraud typologies.
We use now machine learning to successfully tackle impersonation fraud and investment scams
Since the start of 2023 we’ve introduced new machine learning models that target impersonation fraud and investment scams. These are the highest-value types of fraud and cause victims the most harm – people can lose life-changing amounts of money.
Since January we’ve stopped £3.8 million getting into the hands of fraudsters, and in the first half of 2023 our average fraud losses per case are 82% lower than other banks – which shows we are being successful in stopping the highest-value scams that can cause the biggest harm.
Investment scams usually start on social media like Snapchat, Instagram or TikTok, where fraudsters will try to convince you to make an investment promising really high returns. Impersonation scams involve fraudsters posing as trusted organisations – anything from your bank, the police, HMRC or your landlord.
These scams usually involve an extremely high level of social engineering and emotional manipulation. Fraudsters can really convince people they need to make these payments by posing as trusted organisations, creating a sense of panic and urgency, and lots of other tricks. And they even know how to coach customers around things like Confirmation of Payee and other warnings and controls banks put in place.
So, we have the best chance of success if we can both identify when someone is at risk of fraud, and then deliver them really relevant ‘interventions’, in real time.
To help us spot when someone’s at risk, we have machine learning models for impersonation and investment fraud that assess a number of different factors to learn patterns associated with them.
We’re then able to intervene when we identify that risk. For example, one of our expert fraud investigators may reach out to ask you more questions about a payment before we release it.
Because fraud evolves so quickly, using machine learning that can quickly detect and adapt to new trends is really powerful.
These models work alongside the feature we recently launched to fight phone scammers and help you check in the app if you’re really talking to us on the phone or not. Since we implemented it in early September, we see about 100 cases a day where people have been able to avoid attempted fraud using the tool.
We’re also tackling purchase scams with machine learning and targeted interventions
As well as making progress to address the highest value scams, we’re committed to preventing fraud across the board. Purchase scams, though typically lower in value, can still be distressing for customers and have a real impact on their finances.
They involve fraudsters tricking people into buying something online that never arrives (think a designer pair of trainers on Facebook Marketplace for a price that’s too good to be true, that never actually turn up in the post).
In the last few months we’ve implemented a new machine learning model here too.
Identifying purchase scams is pretty challenging as they’re typically for smaller amounts of money and look just like regular payments. And they originate on platforms where we don’t have any visibility.
But thanks to this new model we’re now able to better identify them. In a similar way, the model evaluates different factors to understand the patterns/hallmarks of purchase scams and flag them. Then based on the signals from these models we intervene when we identify someone’s at risk.
Here’s some examples of user journeys we’ve recently launched, that show how we’d intervene in the moment when we identify someone’s at risk:
This technology works alongside human experts manually reviewing cases to identify risks too.
But we can’t do this alone – social media companies need to help us stop scams at the source
APP scams largely originate on fake websites and social media platforms that banks just don’t have any visibility over. UK Finance found 77% of APP fraud takes place online, mostly on social media. And in our own data 70% of purchase scams we see start on social media. This really demonstrates the scale of fraud that’s actually initiated outside of banks’ controls.
Unfortunately, social media companies aren’t as proactive as banks at preventing fraud, and often host scam adverts and posts which lead to people losing money. They’re just not regulated or incentivised in the same way as they don’t bear any commercial responsibility for reimbursing victims. We really need these firms to step up and take steps to stamp out this fraud at the source, rather than allowing people to fall victim and relying on banks to reimburse.
This is something we work with our Policy and cross-industry bodies like Stop Scams UK to address. Because APP fraud really is an issue that spans sectors and typically starts outside of banks/financial services, Stop Scams UK helps us work with tech and telecommunications companies to find ways to address fraud by looking at the problem end-to-end.
We’re committed to preventing fraud happening through Monzo
Finally, I wanted to talk about how we prevent fraud happening through Monzo. All stolen money has to go somewhere - and it’s equally important that we stop criminals using our accounts. The data in the PSR rankings for ‘Metric C’ relates to money muling, which is a growing problem across the industry.
A money mule is someone who receives criminal money into their bank account and quickly transfers it onto another account, keeping a small cut for themselves. Criminals recruit (sometimes unsuspecting) people to do this. Their goal is to get the money they’ve stolen into their own bank account, while making it as difficult to trace back to them as possible.
Muling is varied and difficult to detect, which is why again we use a combination of machine learning technology and expert human investigators to monitor transactions and detect muling patterns in real-time.
Our strategy is to identify muling before someone can transfer fraudulent money out of their account, investigate, and often return money to victims.
Monitoring transactions in real-time is pretty unique in the industry, where processes can take weeks or even months to detect muling. But it’s really important as mules usually receive and send money onto another account really quickly. We’re actually seeing this real-time approach being replicated by some other banks.
We’re also part of UK Finance’s bank notification system, which lets us quickly tell other banks if they’ve received the proceeds of APP fraud (and vice versa). The quicker we can move, in collaboration with other banks, the more fraudulent money we can stop and the more we can get back to victims – whether they’re Monzo customers or not.
We work closely with the law enforcement agencies and other industry players too. We’re in the Operations Group of Joint Money Laundering Intelligence Taskforce (JMLIT), which is a partnership between law enforcement and the financial sector to exchange and analyse information about fraud.
Again, social media firms have a role to play here too, as lots of money mule recruitment happens on social media.
Thanks for reading
As you’ll know we can’t divulge too much detail about our controls and strategies for preventing fraud to avoid helping criminals circumvent them! But I’m happy to answer questions where I can, about the PSR’s report or what we’re doing in this space.