Katie Quilligan is an early-stage venture investor at BankTech Ventures and co-founder of Tech Sis, a community advancing women’s leadership in technology, venture capital and finance.

A 73-year-old U.K. woman gets a call from someone claiming to be from her bank's fraud department. The voice sounds right, the caller ID checks out, and the "banker" even knows her balance. Within twenty minutes, she has transferred £67,000 (around $88,000) to what she believes is a secure account.

Under U.S. rules, that money would be gone. Under the U.K.'s reimbursement regime that launched last year, her bank must refund her within five business days.

This change may be coming to the U.S. In June 2025, the Office of the Comptroller of the Currency, the Federal Reserve, and the FDIC jointly issued a Request for Information on payment fraud, asking specifically about expanding bank responsibilities for real-time payment scams. When three agencies coordinate on a topic, it's a signal of direction, not curiosity.

The challenge is that traditional fraud controls can’t fix this. They excel at catching unauthorized transactions — a stolen card used in another state gets flagged instantly. But when a criminal persuades a customer to authorize a transfer themselves, the system sees a legitimate transaction from a verified user and approves it. These authorized push payment scams are growing faster than detection models can adapt.

If liability shifts to institutions, fraud education stops being a customer service courtesy and becomes a direct P&L issue. That's also creating an opportunity.

The business case for customer-embedded security

Fraud prevention is no longer only a defensive investment. It's becoming a competitive feature.

Small and mid-sized business clients are particularly sensitive to fraud exposure, and they switch institutions more readily after a security incident. When banks demonstrate strong prevention programs and offer tools that help clients train their teams, they not only protect assets but also deepen loyalty and create stickiness.

Some institutions now offer prevention dashboards, fraud wellness scores, or behavior-based training as part of premium account tiers. Framed correctly, these programs elevate security from a compliance cost to a customer benefit that commands premium pricing.

The ROI is measurable. The FBI's Internet Crime Complaint Center logged $16.6 billion in fraud losses in 2024, up 33% from 2023. Americans over 60 lost $4.9 billion alone. Every customer who avoids a scam means protected revenue, saved investigation time, and preserved trust.

Why generic awareness doesn't work

Most fraud education fails because it's disconnected from moments of risk. Generic emails and static website warnings assume customers will remember advice when a fraudster calls six months later. They won't. Modern behavioral analytics change that equation. Platforms like Beauceron Security, a cybersecurity awareness and behavior-change platform, analyze engagement patterns, measure individual risk profiles, and deliver education when it matters most.

Consider a customer prone to phone-based scams who gets an in-app reminder just before confirming a large transfer. Another might receive a just-in-time verification prompt when their transaction pattern changes suddenly. These aren’t blanket warnings — they’re personalized nudges that intercept fraud attempts in real time.

This is the shift from awareness to action. When customers are equipped and prompted to detect suspicious behavior at the moment of risk, they become an active control that protects both their accounts and the institution's balance sheet.

Making customer behavior a measurable control

If customers are part of the security perimeter, their participation must be managed and measured like any other control. Leading institutions track:

• Fraud losses per customer cohort: Which segments are most vulnerable, and is training reducing their exposure?

• Fraud wellness scores: Individual risk ratings based on behavior patterns and engagement

• Engagement rates with in-app interventions: Are customers seeing and responding to prompts?

• Reductions in dispute and investigation volumes: Prevention means fewer cases to investigate

These metrics allow executives to manage prevention the way they manage credit risk. Fraud education stops being a soft initiative and becomes a quantifiable lever of performance.

Getting started

Moving from institution-centric to customer-embedded prevention requires collaboration between security, product and marketing teams. The goal is to integrate prevention naturally into digital experiences, not bolt it on as another alert customers ignore.

Start with your highest-risk segments. For most banks, that's business banking clients and customers over 60. Build interventions specific to their vulnerabilities: phone-based scams, business email compromise and tech support fraud.

Even resource-constrained institutions can launch a pilot with one segment and one fraud type within a single quarter.

The new fraud partnership

For decades, banks built security walls around their systems, but the biggest vulnerabilities now exist outside those walls. Fraudsters have turned customers into targets, manipulating them into authorizing their own losses.

The 73-year-old woman who lost £67,000 didn't fail to use two-factor authentication. She didn't click a phishing link. She was socially engineered by organized criminals using deepfake voice technology and spoofed caller IDs refined through thousands of attempts. While the scenario is illustrative, the threat is not.

Technology alone won’t stop that. But a connected system — where analytics identify risk patterns, contextual education changes behavior, and customers serve as the first line of defense — creates a security perimeter no fraudster can easily engineer around.