Misdirection fraud – why we should start paying attention

Smarter banking means criminals are having to look for other ways to trick us, but how do banks react to the rise in misdirection fraud?
Neil Happs

November 5, 2018

According to a recent survey we ran, almost nine in ten people (89%) say they are concerned about fraud and scams targeting their bank account. However, misdirection fraud is not top of mind – even after explaining what it is, only 54% of consumers we asked are aware of misdirection fraud; far lower that awareness of other types of more direct fraud like malware (72%) and phishing (77%). 

Misdirection fraud covers several different tactics used by criminals to trick people into making an online payment they are led to believe is legitimate. For example, an invoice from a tradesman is intercepted by the criminals, the bank details are amended on the invoice and the email is then resent. The victim doesn’t know that the bank details have been changed so they go through all their usual banking security processes but make the payment in to a criminal’s account. As online banking security becomes more sophisticated, tricking the person making the payment has become a more accessible target for criminals than trying to hack into the banking system itself.

Upcoming legislation will put more responsibility on the banks to do all they reasonably can to reduce misdirection fraud or they could find themselves liable for reimbursing the lost money.

Our research points to this being an accurate reflection of where the public feel responsibilities lie: 77% agree banks should be doing more to protect customers from fraud and 75% agree that banks should reimburse victims of fraud.

However, the banks are in a precarious position with misdirection fraud because it has already been successful before the customer goes online to make the payment. The reality is that there is only so much a bank can do, and there is a real risk that if banks add extra layers of security to the online payment process it could result in customers becoming more complacent rather than more diligent because the banks are perceived to be taking responsibility off the customer. Also, we all use online banking for its convenience and speed; the last thing consumers want is a more time-consuming process.

Therefore, the question is how do banks get the balance right between offering a quick, simple and seamless process for legitimate and routine payments, while also having enough security in place to identify and stop the rare occasions of fraud? Also, how do the banks make you stop and rethink to double check that every payment you make is legitimate without making the process cumbersome and annoying?

Morar HPI has recently worked with a major high street bank to investigate how the online payment process can be improved in a way that does not cause annoyance and delay, but encourages customers rethink their payment and double check that it is legitimate. Our research highlighted that understanding the psychology of customers while they are making an online payment is invaluable when trying to increase the effectiveness of the security process: how can banks encourage customers to rethink a payment they have already decided is legitimate without adding frustration?

It’s clear that more focus needs to be put on educating customers about the risks of misdirection fraud, which will help consumers understand and appreciate why banks are increasing online payment security. With that understanding will come greater permission to make the necessary changes.

We have come up with a number of other recommendations to alter the payment process in a way that makes sense to the customer and increases security without making it overly laborious.

If you’d like to know more please get in touch.

Morar HPI Limited is part of MIG Global and part of the Next15 Group.

Registered in Scotland: Number SC281352. Registered Office: Biteda Limited, 111 Bell Street, Glasgow, G4 0TQ.
Privacy PolicyTerms & Conditions