Mastercard Inc. is selling a new artificial intelligence-powered tool that helps banks more effectively spot if their customers are trying to send money to fraudsters.
Nine of the UK’s biggest banks, including Lloyds Banking Group Plc, Natwest Group Plc and Bank of Scotland Plc, have signed up to use the Consumer Fraud Risk system, Mastercard told Bloomberg News.
Trained on years of transaction data, the tool helps to predict whether someone is trying to transfer funds to an account affiliated with “authorized push payment scams.” This type of fraud involves tricking a victim into moving money into an account falsely posing as a legitimate payee, such as a family member, friend or a business.
The tool comes as UK banks prepare for new rules from the Payment Systems Regulator that will require them to compensate customers affected by APP scams from 2024. Historically banks haven’t been liable for this type of fraud, although some signed a voluntary agreement to pay back victims.
Ajay Bhalla, president of cyber and intelligence at Mastercard, described APP scams as a “huge problem” that banks have historically struggled to detect because victims’ accounts aren’t compromised. Clients voluntarily make the transfer and so pass many of the security checks used to identify other types of fraud, such as unauthorized payments, he said.
In the UK, victims of APP scams lost £484.2 million ($616 million) in 2022, according to research by banking industry association UK Finance. Losses to APP fraud across the UK, US and UK are expected to hit $5.25 billion by 2026, according to a report by ACI Worldwide and GlobalData.
TSB Banking Group Plc, the first bank to implement the system four months ago, has seen a 20% increase in detection of this type of fraud, which the bank’s Head of Fraud Paul Davis said was one of the biggest improvements of any individual fraud prevention project he’s worked on. TSB estimates it could save UK’s banks about £100 million per year if the tool was rolled out across the industry.
“It’s a good example of the power of sharing data,” Davis said in an interview. “It’s the first time we’ve been able to see both sides of the payment — sending and receiving.”
Consumer Fraud Risk works by assigning a risk score from 0 to 999 on any attempted bank transfer within half a second — similar to a system it already uses to identify fraudulent credit card payments. The bank can combine this risk score with its own analytics to create an assessment of the transaction and, if necessary, block it before the money leaves the victim’s account.
TSB’s Davis said the system has been particularly good at detecting purchase scams, where fraudsters posing as merchants trick people into paying for goods or services that are never received, which represent about half of all APP fraud. It’s also helped reduce false positives – genuine transactions flagged as potential fraud.
Mastercard is able to provide the risk score because it runs the infrastructure for real-time electronic transfers of funds through its subsidiary Vocalink. For the past five years, Mastercard has worked with UK banks to follow how scammers move their proceeds through a sequence of “mule” accounts – often at several different banks – to obscure their activity. This has allowed Mastercard to identify patterns of behavior and accounts associated with scams that it’s used to train the Consumer Fraud Risk system.
The company, which charges banks a fee for the product based on transaction volume, plans to roll out the tool globally. It’s in discussions with potential clients in markets with mature, real-time payments systems and significant APP fraud, including the US, India and Australia.