Sparebanken Sør Proactive Fraud Mitigation Efforts Save Millions

The implementation of the AFM solution has not only averted numerous customer issues but also safeguarded the bank from significant financial losses.

– The fraud landscape is ever evolving, necessitating a commitment to adaptability and change from both Tietoevry and the banking sector, remarks Nina Merethe Olsen, Operational Anti-Money Laundering Officer at Sparebanken Sør.

Rising Fraud Attempts

In response to increasing fraud attempts, Sparebanken Sør integrated the AFM system in November 2022 and subsequently lowered the limit for instant payment transactions in March 2023.

Per Martin Steinsvåg, Special Advisor, reports that leveraging AFM's capabilities alongside the reduced transaction limit for instant payments has notably decreased the bank's losses from significant "vishing" incidents - situations where individuals are deceived by phone scammers into making money transfers or revealing their BankID credentials.

Despite efforts, fraud attempts continue to rise. According to Nina Merethe Olsen, there has been at least a doubling in the number of frauds attempts since 2021/22.

– Following our success in halting numerous account-to-account payments through AFM and reducing the instant payment limit, we've observed fraudsters shifting their tactics, with 'phishing'—notably via SMS links—now emerging as the predominant threat. Moreover, we still encounter calls from individuals falsely claiming to be from the 'bank' or 'police,' with the sophistication of these methods continually advancing. These fraud attempts are orchestrated by criminals with technical expertise who are well-versed in the operational aspects of banking systems and the transaction limits set by various banks, she explains.

From left: Per Martin Steinsvåg, Nina Merethe Olsen, Tor Helge Schjøll. Photo: Morten Krogstad Nøstdal

Ongoing Collaboration for AFM Fine-Tuning

The implementation of AFM and a ruleset based on various parameters have been meticulously refined in collaboration with Tietoevry, drawing on accumulated experiences.

– After lowering the instant payment limit, we soon noticed a shift in the fraudsters' behavior. They began probing to discover the new transaction thresholds, ensuring their activities remained below these limits. Additionally, we observed a transition in their preferred methods of payment, from account transfers to card payments, notes Olsen.

During and after the implementation phase, frequent meetings were held between the Financial Crime Prevention (FCP) department at Tietoevry Banking and Sparebanken Sør to identify any deficiencies and refine the AFM system.

– In cases of “vishing”, we've noticed that fraudsters specifically target elderly individuals, often those living alone without household members to consult. We've seen instances where clients have been in communication with the fraudsters over several days, during which they were instructed not to contact the bank or anyone else, under the guise that the fraudsters were 'assisting' the client, shares Tor Helge Schjøll, Special Advisor at Sparebanken Sør.

Recently, it has been observed that a significant number of young individuals, particularly those under 30, have also fallen victim to telephone fraud, with the bank noting successful scams against this demographic.

The More, The Merrier

Nina Merethe Olsen mentions that Sparebanken Sør was among their first clients to adopt the AFM solution on a full scale.

– We feel like we've co-developed the solution alongside Tietoevry, contributing significantly with feedback and solutions, she states.

The implementation process, including initiation, testing, and ongoing adjustments, is described as straightforward.

– Tietoevry has swiftly addressed our inquiries, enabling us to make significant progress. For any new bank considering the system, it essentially comes down to 'plugging it in.' We're thrilled that more are adopting AFM, as it strengthens our collective defense by exposing us to a wider array of cases, observes Olsen.

Per Martin Steinsvåg emphasizes the importance for new banks to familiarize themselves with and actively use the solution:

– AFM is a dynamic product that can continuously be enhanced. The collective benefit for all AFM users is amplified when unique incidents are reported by everyone utilizing the system.

Minimal Negative Feedback

Intervening in customers' banking activities might seem likely to create friction. However, according to Olsen, feedback from Sparebanken Sør's customer service indicates that such concerns are manageable:

– We rarely receive negative feedback because we're clear about our intention when reviewing transactions halted by AFM. We've had customers express appreciation for our outreach. Typically, a slight delay in transaction completion is of little concern to them. However, setting the transaction limit too low results in increased activity for our customer service center. It's about striking the right balance between security measures and enabling customers to carry out their intended transactions, she explains.

Following customer contact when a transaction is stopped, it proceeds if the bank trusts the explanation provided.

– The customer's word alone isn't always sufficient. We examine the customer relationship, conduct an analysis, and ask insightful questions. In cases of telephone fraud, for example, the scammer might coach the victim on what to say if the bank calls. It's then our responsibility to ask the right questions to determine if the situation is an ongoing scam, explains Tor Helge Schjøll.

Commitment to Social Responsibility

Nina Merethe Olsen highlights Sparebanken Sør's strong focus on social responsibility, aiming to ensure that funds from fraud operations do not benefit criminal entities.

– Success for the fraudsters leads to more crime. Moreover, it's distressing for our customers to experience this. Therefore, preventing fraud is crucial for us, she remarks, adding that minimizing the bank's financial losses is also a priority.

Continuing the Fight on Multiple Fronts

As part of its ongoing battle against fraud, Sparebanken Sør is hopeful for increased assistance from artificial intelligence in the future.

– We're looking for behavior analysis that triggers an action based on what's normal behavior for a customer. For instance, we've seen a case where a 90-year-old man, who had never made international payments with his card, suddenly had 600,000 kroner withdrawn for the purchase of cryptocurrency. Such transactions should not be possible at all, says Olsen.

Currently, a growing percentage of account-to-account fraud is being halted by AFM. Additionally, Tietoevry's Card Transaction Monitoring solution stops over 90% of all attempted card fraud. Monitoring for both card and account transactions is conducted on the same platform (Secana), enabling the prevention of fraud across both areas. However, the bank emphasizes that surveillance must be subject to continuous improvement and adjustment.

– There's also significant potential in being able to share customer information across banks, Olsen notes.

Efforts are underway at industry level to facilitate this, but information sharing between banks faces regulatory challenges related to GDPR and privacy laws, with solutions depending on legislative action.

– At industry level, we must constantly strive for better technological solutions that ensure customers understand their actions, Olsen asserts, highlighting that Bits is working on industry recommendations, a handbook on fraud prevention measures, which presents a toolkit that should be considered to reduce the extent of successful frauds.

Maintaining trust in BankID is another essential factor. Olsen believes this can be achieved by ensuring that customers are clearly informed about what they are authorizing at the moment of authorization, such as where they are logging in, what they are signing, what payments they are making, and to whom, etc.

– Context is crucial for enabling our customers to identify an ongoing fraud situation themselves, she concludes.

Current Scam Methods

Vishing: Scammers impersonate banks or authorities, leveraging information they've gathered on you to build trust. They then persuade you to misuse your BankID, either granting them access to your account or compelling you to transfer funds to a so-called "secure account."

Phishing: Fraudulent SMS messages and emails are designed to trick you into disclosing sensitive information like credit card numbers or login details, which are subsequently exploited to gain unauthorized access.

Romance Scams and Investment Fraud: Scammers manipulate you into willingly sending money. While banks might intercept and query some of these transactions, many customers choose to proceed anyway, convinced by the scammers' narratives.