Data beats instincts in the competition to surpass fraudsters
Real-time payments are exciting for consumers and businesses with immediate fund transfers, but the same speed attracts fraudsters. Banks eager to meet customer expectations must rethink defenses as scams, especially authorized drive-in payment (APP) fraud, are spreading and pressure is growing to increase reimbursement as victims lose money.
When legitimate customers are deceived to send funds through social engineering – under false beliefs, the transaction is valid, application fraud occurs. “It’s the real people, they really want to buy anything, or send the money to that person because that person thinks it’s legal.”
The scammers may promote $15 sneakers in the market, or act as trusted contacts to lure victims to “authorize” the transfer. As customers initiate payments, it is difficult to recover funds or prove fraud, prompting banks to reconsider reimbursement and testing methods.
He stressed that client education, reimbursement policies and prevention controls require cooperation in an era where funds move faster than ever before.
Beyond intention
The traditional fraud model seeks malicious intentions, but the app scam flips the script. “We are no longer thinking about intent, except in possible first-party fraud,” Bledsoe notes. Instead, banks have to analyze the context, such as the original location of the request and how the client finds the offer and blend it with an authentication layer that can be asked gently: “Are you sure you want to do this?”
Data, not a single signal
Fraud defense weakens when the bank is fixed to a single indicator. “If fraud tools explicitly say that this type of signal is better than this,” Bledsoe warned. The key is to move towards understanding the big picture. He said the platform is crucial to the overall effort, not just point solutions.
Advertisement: Scroll Continue
EnterSekt is based on the platform's system-level behavior analysis, reputation data and device security posture, and is then modeled over time. For example, a VPN connection might hide the criminal's location, or simply instruct the user to play the show abroad. “You can’t look at a single thing, ahhh, that’s a smoking gun,” he said. “You have to assign all that intelligence together, model and make informed decisions.”
Avoid alarm fatigue
Continuous ping training clients to ignore warnings. “The last thing we have to do is just send out authentication messages every day,” Bledsoe said. Effective risk-based authentication naturally limits unnecessary prompts, introducing “expected friction” only when risks are high. Regular login from known devices should glide, while high-value zelle transfers from unfamiliar locations deserve additional checks.
Controls may block or strengthen suspicious payments, and if the education is done correctly, “this experience is not surprising to account holders. It should send a signal…'My FI has my support.'”
Good friction and risk register
There is an art to apply “good friction” that slows down fraud without alienating customers. Policies may vary by institution and risky appetite. Bledsoe said some banks “want to challenge everything” while others use granular rules for high-value accounts, thus saving low-value payments from difficult challenges and apparently taking risk-based decisions. Every financial institution keeps a “risk register” to track fraud losses. EnterSekt can tailor the controls with everyone and adjust them as the pattern changes.
Integrated in the core
Implementation can only be successful if seamlessly integrated with customers and bank employees. “Where you integrate, it has to be easy to use,” he said, including a digital layer or a core layer. Customers do not have to register; protections such as biometric verification should be activated automatically.
Entersekt brings real-time risk and secure data back to the bank's core systems or third-party platforms. For example, it not only marks “VPN usage,” it also provides the context: “This conference is a bit risky because it comes from a location that is inconsistent with the behavior and patterns we see here,” he said, describing the information conveyed to financial institutions (FIs). Banks can combine it with their own data to make decisions.
Proof of impact
Data quality and measurement are crucial. “Not all data is equally valuable, nor is it all high-quality data,” Bledso warned. Key metrics include false positives and customer experience during travel activities. Entersekt's results speak loudly: Q2 digital banking customers report an average monthly decrease of 90.7% after deployment, while another bank recorded zero losses in November 2024. Continuous reporting ensures that the model adapts in real time.
Bottom line
For Bledsoe, success always returns to balance. “Balance, balance, balance… You get the balance wrong, you get the wrong person in. You get the balance wrong, you kick the right person out. We don't want anything to happen.”
Real-time payments won’t slow down, and there are no scammers. Combining layered data, smart risk modeling and customer-friendly education banks can keep pace so that speed customers desire without giving fraudsters keys.
