The prevalence of fraud, and in particular consumer scams, has skyrocketed across Southeast Asia (SEA). Our analysis suggests that total losses across SEA exceeded US$5 billion, with customers bearing the vast majority of these.
The sharp rise is due to the proliferation of mobile banking applications and instant payment systems, more e-commerce-based transactions, the wealth of personal information available on social media, and the generally increasing sophistication of scammers. Challenges will be further amplified with the growing usage of generative artificial intelligence (AI) and the expected introduction in 2024 or 2025 of real-time cross-border payments across the Association of Southeast Asian Nations (ASEAN).
The rising prevalence of scams has had a considerable impact not only on consumers, but also banks, in particular retail banks. In SEA, the Monetary Authority of Singapore (MAS), Bank of Thailand (BoT), and Bank Negara Malaysia (BNM) have each introduced new measures in 2023 with which banks need to comply with. These include, but are not limited to, the banning of clickable links, limits on mobile devices per user, enhancement of authentication controls, implementation of kill-switches, and implementation of real-time scam detection and monitoring solutions that go beyond traditional card fraud monitoring.
The new measures are only partially effective in protecting customers from being scammed, are predominantly reactive, and too often come at significant operational costs to banks. Principally, the banks need to run dedicated scam detection and call center teams operating 24/7 to manage inbound scam cases and potential scam alerts, many of which are false positives. Beyond the significant operational burden, banks face the risk of being held liable for a share of customer losses.
Against this backdrop of elevated risk from scammers, banks in SEA need to act now to proactively address the rising threat to their customers and themselves. Banks need an overhaul of their scam-prevention strategy across customer education and interactions, analytics, organizational setup, and industry collaboration.
Three Key Strategies for Southeast Asian Banks to Shield Customers from Scams
Harnessing Advanced Analytics for Early Scam Victim Identification
Banks need to put in place strong detective and predictive capabilities to preemptively identify customers who are at risk of being scammed or are in the early stages of a scam. In doing so, most banks have either implemented, or are in the process of, implementing real-time scam detection solutions, either by leveraging in-house capabilities or by taking advantage of the suitable systems of third-party vendors. As they implement these solutions, banks must manage the dual considerations of erring on the side of caution when investigating likely scams, and the expediency of taking remedial action.
However, under the current approach, banks often face false positive rates in excess of 80%. This creates significant operational challenges in terms of not only higher costs, but also in terms of alert resolution activities for cases of confirmed suspicion. While regular back-testing and tuning can improve the efficacy of these solutions, the inherent challenge is that scams are unstructured and dynamic by nature. Consequently, the ability to refine alerts based on an observable set of rules and features is quite limited, as the results may already be outdated by the time they are put in practice.
Although uplifting either the data or analytical techniques of a bank would advance its ability to detect scams, the target state involves near-simultaneous progress on both fronts. A suite of truly state-of-the-art scam detection solutions is situated at the intersection of both fronts. In this position, banks can use suitable novel data for the right type of advanced analytics.
Despite their benefits, these advanced solutions are not devoid of their challenges, and the timely review and intervention by appropriately skilled and trained staff is particularly crucial. Moreover, an AI or Machine Learning (ML) outcome is only as valid as the data it ingests. Where data is not available or particularly sparse, analytical blind spots may miss the detection of emerging risks.
Customer Safety with AI-Driven Interactions and Scam Alerts
Beyond deploying more advanced analytics to preemptively identify potential scam victims, we see opportunities for banks to make their customer interactions more impactful, and AI-driven. At present, call center and investigation staff have frequently reported challenges relating to the following: the high and increasing volume of inbound calls; the inability to reach the customer to confirm or deny scam alerts; and the challenges in convincing the customer that they might be the victim of a scam.
These challenges are not only a massive cost driver for banks, but they also force banks to put stricter thresholds in place than they would otherwise have to do, in effect fitting thresholds against manageable alert and outbound call volumes.
There is the opportunity for tailored scam alerts to be pushed to customers at the point of transaction. These types of alerts would allow banks to effectively deal with medium-risk alerts, which the bank thinks have a higher likelihood of being a scam, but not sufficiently high enough to block the transaction outright. The customer can then make an informed decision on whether to cancel, hold, or proceed.
A more advanced version of this message could leverage generative AI to automatically consume bank and public information to develop an even more compelling story for the customer, and potentially even allow for customer interactions, such as performing basic question-and-answer queries.
Another opportunity is for generative AI to support scam or fraud operations in banks, such as automating scam reporting using generative AI-powered chatbots and creating first drafts that investigators can then refine.
Strategies for Unmasking Scammers and Money Mules
Scam proceeds are often layered and disguised using money mules. Scam syndicates either directly or indirectly control these accounts, and they use them to conduct cross-border money laundering. Identifying these accounts and the people behind them disrupts the scam syndicates’ network, facilitates the process of recovering funds, and helps the police take appropriate action against these bad actors.
Law enforcement agencies are typically at the forefront of this charge. However, scams are often underreported with victims sometimes being unwilling to come forward. Furthermore, scam syndicates will have emptied most mule accounts by the time investigations commence, making the recovery of funds challenging. There needs to be a concerted effort in using analytics to proactively identify scammers and money mules.
Some banks are implementing dedicated risk scoring models to proactively identify money mule accounts. The models identify risky accounts based on typologies and the typical mule characteristics observed in demographic and behavioral data. Models produce results daily to minimize the latency of information, so that the banks can identify and investigate suspected money mules while the suspicious activity is still taking place. Investigated accounts are frozen rapidly, account holders reported to the police, and the relationship exited, where permissible.
There is also an opportunity to go one step further: using Network Link Analytics (NLA). Scammers often control networks of accounts which either transact with one another to obscure their identities or share common data fields because of being used together. NLA exploits these characteristics algorithmically, starting off by constructing a network of accounts with shared properties, such as residential addresses, IP addresses, and device identities, and then examining certain accounts of interest, such as ones flagged by the intelligence from law enforcement agencies, or accounts identified from the bank’s own detection models. Adding external data, such as data from e-commerce platforms, can help refine the models further or catch new archetypes of scammers.
This entails scrutinizing not only the accounts connected with these accounts of interest, but also ones that are connected with those, and so on. Doing so could accurately pinpoint “communities” where accounts of scammers and money mules hide, leading to investigations that holistically uncover even more scammers and money mules. In leveraging technologies and analytics focused on “catching the scammers and mules”, banks also need to think through the end-to-end deployment, including, among other things, specialized investigators, and a well-designed operating and interaction model, particularly among the bank's various lines of defense.
The cat and mouse game between banks and scammers will only grow bigger over time, and SEA is one of the main hotbeds of this battleground. Banks need to take a series of actions now that revolve around uplifting their capabilities, particularly around analytics and the use of AI. These capabilities will be instrumental in preventing further scam losses, enhancing customer trust while improving the customer experience, and managing the banks’ operational burdens and costs.
While most countries in SEA have started promoting better cooperation, be it private-private partnerships such as Hong Kong’s Financial Intelligence Evaluation Sharing Tool (FINEST) or public-private partnerships such as Singapore’s Collaborative Sharing of Money Laundering/Terrorism Financing Information and Cases (COSMIC), these countries are still at the beginning of their journey. Building a strong cross-industry alliance to tackle fraud requires political will and funding to put in place a clear vision, the supporting legislation or regulation, a strong and nimble operating model, and robust data and technological capabilities. Market leading commitment, as demonstrated by the MAS under the umbrella of the flagship AI Collider program announced in its 2023/2024 annual report, is a critical first step to establishing stronger industry collaboration in tackling scams.
As the process will take time, banks, in the meantime, need to continue to build stronger internal capabilities to keep scammers in check and protect their customers.