As I wrapped up my time in the payments space, fraud had surged to the forefront, quickly becoming one of the most pressing challenges for financial institutions as losses continued to rise.
Now, stepping into the realm of client engagement, spanning product, pricing, and relationship management, I’m seeing another hot topic rise: Loyalty programs. But not just any programs—these are unified frameworks designed to reward customers across all products, services, and behaviors.
In a recent discussion with a major DSIB, we explored a surprising and powerful intersection: Fraud and Loyalty.
Here’s how those two seemingly unconnected banking segments interact:
The Hidden Cost of Fraud: A Human Story
Fraud is one of the fastest-growing threats to financial institutions. Between 2021 and 2024, U.S. banks and credit unions are estimated to have absorbed over $42 billion in fraud-related losses, with $12.5 billion reported in 2024 alone, according to the FTC1. This is only reported fraud: unreported fraud could account for billions more in untracked losses.
But here’s what’s more revealing: 90%+ of that fraud, roughly $11 billion annually, is driven not by system breaches, but by social engineering2. The scams aren’t technical, they take advantage of human psychology.
Approximate global fraud vulnerability breakdown (2023-2024 data)
| Fraud vector | % of fraud cases | Description |
|---|---|---|
| Social Engineering | 65-80% | Includes phishing, vishing, smishing, romance scams, and business email compromise (BEC). |
| System Compromise | 20-35% | Involves malware, credential stuffing, SIM swapping, and account takeovers via breached systems. |
Example: A scammer sends a text that appears to come from the customer’s bank:
Had the customer enabled 2FA, that scam would have hit a dead end. Or if the customer had taken the bank’s scam identification training, then they might have identified the scam. However, because the customer had taken neither of these actions, fraud occurred.
This is what makes social engineering so dangerous: it targets human instincts, not system vulnerabilities. Even the most advanced fraud detection models can’t stop an attack if the customer voluntarily hands over access, and there’s no extra layer to stop the transaction.
Even top-tier cybersecurity can’t fully protect against fraud that originates in manipulated trust and customer decision-making.
| Type of Payment Fraud | How It’s Committed | Common Targets | Prevention Measures |
|---|---|---|---|
| Phishing | Emails, texts, or calls impersonate trusted institutions to steal credentials. | Retail customers, small businesses |
|
| Authorized Push Payment (APP) Fraud | Victims are socially engineered to send funds to a scammer’s account. | Consumers, real estate buyers |
|
| Business Email Compromise (BEC) | Spoofed or hacked business emails request fraudulent payments. | SMBs, corporations |
|
| Card Not Present (CNP) Fraud | Stolen card info used in online/phone transactions. | E-commerce retailers |
|
| Account Takeover (ATO) | Login credentials obtained via phishing or breaches. | All customer segments |
|
| Fake Invoice Scams | Fraudulent invoices mimic legitimate vendors or known contacts. | Accounts payable, freelancers |
|
| Refund Fraud | Exploiting generous refund or chargeback policies. | E-commerce, service providers |
|
| Skimming | Devices on ATMs/POS terminals clone card data and record PINs. | ATM users, retail shoppers |
|
| SIM Swap Fraud | Mobile number ported to attacker’s SIM, enabling account hijack. | Crypto users, digital-first users |
|
| QR Code Scams | Victims scan malicious QR codes leading to fake payment pages. | Retail customers, event-goers |
|
Defensive Spending vs. Human Vulnerabilities
Global banks are responding. In 2024 alone, they are projected to spend over $17 billion on cybersecurity and fraud prevention initiatives, according to Deloitte and the American Bankers Association. That includes infrastructure, machine learning models, identity tools, and expedited customer outreach.
But despite these investments, fraud driven by social engineering continues to rise, outpacing technical fraud in both volume and cost.
To help customers protect themselves, many institutions have launched customer-facing fraud prevention efforts, such as:
- Email & SMS Fraud Education Campaigns: Monthly alerts warning about phishing and impersonation tactics.
- Prompts to Enable Two-Factor Authentication (2FA): Login nudges or app banners encouraging activation of 2FA.
- Fraud Simulation Tools or Training Portals: Banks like Capital One and Citi have tested interactive tools to simulate scams and teach defense tactics.
- Transaction Confirmation Nudges: Real-time push notifications or delayed transaction approvals for unusual behavior.
Despite this increased attention and focus, customer adoption remains limited:
- Only 25–30% of customers engage with fraud education materials
- 30–35% of customers enable 2FA when it’s optional
- Security alert opt-ins and profile updates vary by age, income, and digital fluency—leaving many customers, especially seniors, under-protected
These tools are essential, but awareness alone doesn’t move the needle. Driving increased adoption will lead to less headaches, less disruption and less losses to fraud for both the customers and the banks.
The Power of Positive Reinforcement
This is where behavioral science comes in. Research from the Behavioural Insights Team (UK) and University of Chicago shows that even small, well-timed incentives can increase the adoption of protective behaviors by 30–45%.
Micro-rewards work because they give customers immediate feedback and perceived value. Instead of warnings and friction, they get recognition and benefit.
The good news? Leveraging existing engagement touchpoints can help. Loyalty programs can work double-time, rewarding customers for transactions and growing savings/investing accounts, while also becoming risk reduction tools.
Banks can reward proven fraud reduction behaviors like:
- Setting up fraud alerts and real-time notifications
- Enabling biometrics or 2FA
- Completing short fraud awareness modules
- Verifying contact info or linking trusted devices
- Using secure channels like in-app chat instead of phone
How incentives influence fraud reduction
| Mechanism | Description | Impact on Fraud |
|---|---|---|
| Behavioral Nudging | Smart prompts and warnings guide user actions (e.g., “Are you sure you know this person?”) | Reduces success of scams like APP fraud |
| Gamified Security Challenges | Reward systems for completing security tasks (e.g., enabling 2FA, attending fraud webinars) | Increases security awareness and vigilance |
| Tiered Account Benefits | Safer behavior unlocks account features (e.g., lower fees, higher limits) | Encourages proactive fraud prevention habits |
| Instant Feedback Loops | Customers get alerts or rewards when reporting suspicious activity | Encourages early fraud reporting and detection |
| Reputation Scores or Badges | Visibility into one’s “security hygiene score” in the app | Builds habit-forming security behavior |
| Loss Prevention Incentives | Enhanced fraud protection (e.g., quicker reimbursements) for compliant users | Encourages adherence to security best practices |
These behaviors directly reduce fraud risk, and when tied to small incentives (e.g. points, sweepstakes entries, credits), they feel rewarding, even fun, instead of burdensome.
Loyalty as a Strategic Risk Asset
Loyalty programs already deliver ROI through retention, engagement, and deepening product engagement3. But add in fraud cost avoidance, and the business case strengthens dramatically.
Let’s take a step back and look at the big picture:
In 2024 the FTC estimated the U.S. banking sector absorbed $12.5 billion in fraud losses.
Now imagine a national-scale initiative where banks use loyalty incentives to encourage protective behavior:
Even if that program only increases protective behavior adoption by 10% (recall the behavioral science estimate of 30-45%), and the resulting action reduces social engineering-based fraud losses by just 5%, the numbers are game-changing:
- 5% reduction on $~11 billion = ~$550 million in avoided losses
- Net benefit after incentive spend = ~$450 million
- ROI: ~4.5x — nearly 4.5 dollars saved for every 1 dollar spent
That ROI doesn’t even factor in soft benefits like improved customer trust, brand loyalty, NPS, and operational savings from fewer support calls and complaints.
Instead of spending more to react to fraud after it happens, this approach creates a positive feedback loop:
At Zafin, we’re building configurable loyalty platforms that go beyond rewarding spend, to recognize and reinforce secure, empowering behaviors.
Leveraging Loyalty in the Age of Fraud
Fraud is both a technology problem and a human behaviour problem. Technology solutions abound yet are incomplete without a systematic approach to addressing the human problems. Behavioural science has shown us that smart incentives and positive reinforcements can and will change human behaviour.
By extending loyalty to include proactive fraud prevention behaviors, banks can reduce losses, increase customer engagement, and position themselves as partners in safety, not just service providers.
It’s time to shift the model: reward security, not just spending. Make fraud prevention a shared goal. And leverage loyalty as a frontline defense, turning engagement into protection and making trust the strongest currency in the bank.