HSBC
Fraud
Warning
The world of fraud is changing at a rapid rate and even more so as technology opens more doors for new scamming methods. I was asked to work on HSBCs present and future of fraud warning.
I consider this my most important project to date.
Protecting the most vulnerable
Scammers literally do not care as long as they get their money, they will target any person, no matter the customer circumstances; elderly, disabled, depressed, people in problem debt. Everyone is a target and nobody is off limits.
Financial difficulty and suicide
It had been identified by the bank, that with people in financial difficulty there was a reported link to suicide. People who get into financial difficulty are more likely to think about suicide which can then eventually lead to taking action.
3X
More likely to think about suicide when in problem debt
420K
People in problem debt
who think about suicide
100K
People in problem debt
that attempt suicide per year
Two problems
going hand
in hand
Problem 1
(suspicious transactions)
55% of customers ignored push notifications related to suspicious transactions. This lack of engagement posed risks to both customers and the business. Possible causes:
Mistrust in notification authenticity
Waiting for second SMS communication before acting
Making a decision at the point of notification and dismissing it
The goal was to improve customer trust and engagement at the time of approving or reporting a transaction.
Problem 2
(paying someone)
Current scam warnings in HSBC’s payment journey often fail to influence user behaviour. Research shows they’re unclear, poorly timed, and easily dismissed.
Users misinterpret warnings as technical issues
Messages lack urgency or actionable advice
Fraudsters can override weak warnings in emotional situations
A more effective warning must interrupt high-risk payments with clarity, empathy, and stronger behavioural cues.
First thing first:
Tackle problem 1
Customer engagement and technical barriers. Our first issue was to tackle the engagement how we communicated from outside the app and leading into the app initially, plus iron out those tech issues we had around triggering warnings. Then we could look at the follow up issues as our learnings would feed into the second larger problem.
Customer Journey Mapping
Understanding the now. Using FigJam we conducted customer journey mapping sessions in a group workshop involving staff from fraud, tech and UX. This meant we could map out all journeys that weren’t covered already and all the different scenarios across the multiple touch points and consider the tech constraints that we needed to solve or workaround.
Messaging is everything
One of the key things I identified early on is that the current notifications held a lot of information and may also be written in a way where it actually in itself sounds like a scam and not trusted to be interacted with by the customer at first glance.
CURRENT
Notifications contained too much information
Wording made messages feel like scams themselves
Dismissed or decided all okay outside the app
Without feedback fraud team had no option but to escalate
NEW & SIMPLIFIED
Simplified for reduced cognitive load
Concentrated on getting the customer into the app (safe space)
Presented info in a trusted, safe environment with more space
Tone was calm but conveyed urgency on needing feedback
Base in place:
Time for problem 2
Fighting fraud. For me when I looked at the issue of scamming and fraud for our customers it stood out that as an organisation we are in a position where we intercept after we detect it, however by then a scammer has already invested so much effort, may have been talking to them with a hard sell approach for hours or even in some cases befriending the victim for months. We need to shock the customer out of that mindset and also win them back over into questioning what is actually happening in that situation.
Research
There was plenty to consume and cross reference in terms of general fraud information and how the bank had approached this in the past, they had been tested by the bank. HSBCs approach was common across many banks.
The current HSBC Journey
Current journey was very static, text heavy and relied on customer input for gathering information on the payment to then give feedback with advice. It was hard for the bank to get the correct message across but also protect itself from not giving the legally required information
Competitors
Looking around at the competitors a lot of banking institutions have similar approaches to informing the customer what to do.
Overcoming emotion
The main challenge was to help the customer come back down from being manipulated into an emotionally heightened state. The fraudster will use emotion in one way or another and persuade the customer into a set way of thinking that will eventually lead them to being a victim of fraud.
HOT STATE
Heightened emotionally
Panicked
Irrational
Inability to think calmly
Ideally this is where the fraudster wants a victim
CALM
Talked down to safety
Seeing the bigger picture
Listening to the banks advice
Thinking calmly
This is where the fraudster does not want the customer
Fighting fire with fire
I felt we needed to strike a personal relationship with the customer to help bring them back in the moment they are at point of being a victim.
Emotion and connection are the two foundations for fraudsters manipulate to their means. My concept was to use these two elements for good. To strike a connection on a more personal level with the customer.
Overused icons
Icon blindness
The bank were using the rag status icons for a lot of different scenarios and mainly around technical issues were the customer was hindered or needed to retry, in other cases the technical issue was a blocker and so a red triangle was used. However the customer seen these icons many times over the years and in many circumstances where the situation wasn’t as critical as a fraud warning is.
CURRENT
Error and delay icons
Current icons were overused for all sorts of scenarios
Red Flag
A dedicated symbol for Fraud
What the bank needed e needed a symbol dedicated to fraud prevention and that is only seen when the bank talks about the risk of customers money or information around scamming. A red flag is a familiar symbol of danger and built into culture as a warning.
This icon would give us the the correct iconography for the appropriate response, even if it was actually a white flag on a red background! This construction however gave it more impact.
