By Mzukisi Rusi, VP Product Development: Identity & Authentication
A recent article in The Financial Brand caught my attention. It detailed how a scammer manipulated a tech-savvy consumer into sharing highly sensitive information — a one-time passcode (OTP) from their bank.
Unfortunately, this is not a new story by any means. In fact, according to KPMG’s Global Banking Scam Survey, 60% of banks are experiencing an increase in scam-related customer complaints.
So, what can banks do to stop their customers being tricked by fraudsters? Let’s start the journey with what went wrong in this case.
A recent article in The Financial Brand caught my attention. It detailed how a scammer manipulated a tech-savvy consumer into sharing highly sensitive information — a one-time passcode (OTP) from their bank.
Unfortunately, this is not a new story by any means. In fact, according to KPMG’s Global Banking Scam Survey, 60% of banks are experiencing an increase in scam-related customer complaints.
So, what can banks do to stop their customers being tricked by fraudsters? Let’s start the journey with what went wrong in this case.
Why cross-channel authentication is no longer optional
The story shared in The Financial Brand is terrifyingly familiar — a blend of urgency, social engineering, and the exploitation of outdated authentication methods like OTPs. A few things stood out:
- The fraudsters didn’t have to “hack” anything. They manipulated human behavior and exploited a fractured authentication experience.
- They relied on urgency and partial truths to convince the victim to share an OTP, which, by itself, should never be enough to move money.
- The bank did send fraud alerts — but the messages included no context and aren’t helpful at all when customers are confused and afraid.
This is a textbook case of why fragmented, channel-specific security mechanisms do not offer enough protection against today’s evolving scams and fraud. If we’re going to safeguard consumers, the authentication journey must be orchestrated, context-aware, and user-friendly.
Learn how FirstBank partnered with Entersekt to secure their Zelle payments in real-time.
What can banks do to detect and prevent scams?
Let’s imagine that customer was with a financial institution (FI) that employed a unified, device-bound, context-rich authentication platform. In this case, the FI could follow these steps to prevent malicious scams:
Step 1: When the fraudster calls, the customer receives a prompt: “Are you currently on a call with a representative from Bank XYZ?”
→ If not, red flag.
→ If not, red flag.
Step 2: When the fraudster tries to reset the password: “Are you resetting your password from Chrome on a Windows device in Florida?”
→ Again, clear mismatch.
Step 3: At login, even with the right credentials, the bank compares device trust and proximity.
→ If the authentication device and login origin don’t align, block or escalate.
Step 4: Before adding a Zelle recipient: “Are you trying to add a Zelle recipient from this location?”
→ If the context doesn’t match the story the scammer told, the user gets another chance to stop the scammer’s attack.
→ Again, clear mismatch.
Step 3: At login, even with the right credentials, the bank compares device trust and proximity.
→ If the authentication device and login origin don’t align, block or escalate.
Step 4: Before adding a Zelle recipient: “Are you trying to add a Zelle recipient from this location?”
→ If the context doesn’t match the story the scammer told, the user gets another chance to stop the scammer’s attack.
Each of these interactions builds the customer’s confidence and exposes the fraudster’s lies – not through guesswork, but through frictionless, trusted prompts that give banking customers the right context at the right time.
How banks can deliver secure, user-friendly protection
Entersekt’s Context Aware™ Authentication ecosystem has benefited many of our clients; reducing Zelle fraud by 98% in some instances and real-time payment fraud and peer-to-peer (P2P) fraud by 90% on average.
- Device binding that ensures only trusted devices can approve actions.
- Real-time contextual prompts that inform customers what's really going on and what they’re about to approve.
- Channel orchestration that aligns web, mobile, call center, and in-person channels into one continuous security experience.
Fraud has evolved. It’s no longer just about credentials — it’s about psychological manipulation.
And while consumer education is important, it's unfair to expect users to defend themselves when the defenses in place don’t empower them. In fact, the same warnings banks give to protect customers are often repurposed by fraudsters to gain trust while impersonating the bank.
We need to shift the burden back to the platform or system, not the customer. The right fraud prevention platform that provides strong security and a smooth user experience can do exactly that.
Discover how Entersekt can help your FI detect and prevent scams and fraud in real-time: Click here
