Could Behavioral Science Improve Fraud-Fighting Results at Your Bank?

Digital banking is a boon and a burden for the financial services industry. While customers find its speed and convenience irresistible, fraudsters regularly exploit its many security features, which banks install to overcome the impersonality and vulnerability of transacting online.  

Make no mistake—the future of banking is digital. And so are many of the solutions banks are using to fight slick new methods of online fraud. But people, too, can make a big difference in stopping fraud when banks fully understand and accept not what they want people to be but who they really are, and design systems around their strengths, habits, and inclinations. They are critical agents, alongside technology, for positive change in fraud outcomes, says a group of behavioral science professionals working in the financial services industry. 

“Often the industry comes at this from a top-down approach, with processes and rules” for people to fit into, said Jeff Kreisler, head of behavioral science at J.P. Morgan Private Bank. “My role has been to spread the gospel—let’s do more than just make rules … let’s create support, understanding, and systems to work with real people.”  

The approach—drawing from psychology, sociology, economics, and other disciplines—starts with a basic principle: that people, including customers, succeed when the human-aware systems around them encourage the best results. It considers context, environment, and institutional norms, infusing behavioral principles into bank processes, practices, and technology with the understanding that humans are, by nature, imperfect. 

It’s people, after all, who break the law in bank fraud. And it’s those fighting fraud who make mistakes when managing teams, performing due diligence, and upholding ethical commitments on behalf of the bank. Rather than blaming individuals for their lapses, though, behavioral scientists zero in on bank culture, team dynamics, and process design to better understand failure and align mechanisms of the institution to help humans achieve their goals. 

Taking Shape 

The practice of applying behavioral science to financial services began in a broader risk context in the mid-2010s among a handful of major European financial institutions. The Dutch Central Bank (DNB) hired organizational psychologists Mirea Raaijmakers and Wieke Scholten to develop a method for supervising culture and behavior in the industry—a post-financial crisis strategy that came to be known as the “Dutch Approach.” 

Both led bank behavioral risk teams in the industry post-DNB, with Raaijmakers founding a global behavioral risk management department at ING and Scholten establishing a London-based behavioral risk audit team at NatWest.  

“We view the organization as a social system, emphasizing how culture and behavioral patterns shape risk-taking and decision-making,” said Raaijmakers, who now advises executives across different industries on cultural transformation. 

“In our view, behavioral risk is a sub-driver of all other risks, financial and non-financial,” said Scholten, who is a lead behavioral consultant at BR Insights, a behavioral risk management consultancy. 

Federal Reserve Governor Michael Barr was an early champion of behavioral science in a supervisory context. As a law professor at the University of Michigan in 2009, he advocated for a more human-centered approach to risk management and supervision, publishing research promoting “behaviorally informed regulation.”  

Around the same time, the New York Fed began exploring culture and governance reform initiatives focused on how organizational structures and norms influence behavior. Over time, more regulators and industry groups have argued the importance of understanding culture to properly assess institutional risk.  

More than a decade later, in response to the 2023 Silicon Valley Bank and regional bank crises, Barr suggested the Fed would hire behavioral scientists to strengthen its own supervisory culture, which he blamed, in part, for missing stresses at SVB. 

Speed Up! Now, Slow Down! 

When it comes to fraud, staying connected to and supporting customers can be challenging when banks’ own systems and processes are used against them. Digital banking, for instance, offered consumers near-frictionless electronic transaction services, freeing them from the local branch. For fraudsters, the technology created a natural, and exploitable, barrier between the customer and the bank. No more lines or gazing eyes to navigate. 

Importantly, too, it compressed the time to transact. What may have taken minutes—or hours—inside the bank now takes seconds online, leaving little opportunity for intervention. And that time can make all the difference when a fraud target has been hooked. 

“These fraudsters and scams are so attuned to their victims’ emotions, and we don’t think clearly when we’re thinking emotionally,” Kreisler said. Already suffering from innate confirmation bias that “it couldn’t happen to me,” an emotional target is more likely to transact quickly or give up personal information if there aren’t any speed bumps in place. Digital banking practically eliminates them. 

The key, says Kreisler, is to make the transaction process as methodical as possible when the bank detects a potential case of fraud. That includes reminding customers to “slow down their decision-making” when emotions are running high. A simple pop-up warning screen may not be enough because “people ignore that when they’re in a heightened state. The question is ‘how can we redesign that to get people to connect with it personally?’” in those critical moments, Kreisler said. 

These behavioral “nudges” can be especially effective when cautioning customers, if properly designed, Raaijmakers said. They are also helpful in discouraging employee fraud, reminding staff subtly, for example, of their ethical commitments to the bank.   

With the speed and scale of digital fraud growing, there is no question that technology will play an increasingly important role in slowing down fraudsters and their targets.  

With it, banks generally take a “detective” approach with machine learning and data to spot what fraudsters do. Data analysis can find spending or withdrawal anomalies, for instance, allowing banks to intervene. Another promising development is behavioral biometrics, which helps banks detect fraud by analyzing browser movements, online interactions, and the typical thought patterns—expressed as actions—on a customer’s account. 

It’s an escalating tech arms race, with banks constantly trying to stay ahead of fraudster innovations. Is generative AI making it easier for criminals to impersonate customers? Then fast-track gen AI-powered detection solutions to stay ahead of those deepfakes, the Fed’s Barr recently recommended. 

As a complement, a behavioral science approach examines who fraudsters are, and the functioning of people and systems deployed to thwart them—a “protective” approach aimed at influencing the people in the fraud ecosystem. 

Kreisler said that while studying those who commit fraud is “fascinating, understanding their psychology doesn’t really impact our business” because the result is the same—attacks on the bank’s customers.  His goal, he said, is to help those on the front lines fighting fraud “to think slow instead of fast” when dealing with fraud cases and processes. 

The fraud triangle, a widely accepted framework in auditing circles, attempts to explain the human factors that lead someone to commit fraud: opportunity, or what conditions make fraud possible; incentive, or the payoff for committing fraud; and rationalization, or how the individual justifies the criminal action to themselves. 

What the triangle misses, Scholten said, is that it assumes rational decision making by an individual without considering social influences, which also applies to employees. “The extent to which we ‘do the right thing’ is highly driven by what the ‘we’ in our team think the right thing is,” she said. From an incentive standpoint, social factors override monetary enticements, which is why banks’ own outcome-based financial bonus programs often fail to stop internal misconduct, she added. 

Understanding the ‘We’ 

Instead, part of the solution is better coordinating the “we” across banks’ front line, risk, and compliance teams, which are battling to overcome a psychologically savvy adversary exploiting humans’ biases and need to belong.  

“Fraudsters are absolute experts at this,” said David Grosse, an independent behavioral risk consultant who spent his career in banking risk roles before retraining in behavioral science and running a team at HSBC. In his traditional risk roles, he “realized that a lot of what we did wasn’t all that effective,” Grosse said. “It was too mechanistic and procedural and took little account of the reality of human behavior.”  

So, fraud fighting is as much psychological and social as it is technological. Using gen AI effectively to defend against deepfakes, for example, is extra-promising when banks understand the motivations, behaviors, and work environments of the people applying the technology and interpreting fraud signals. 

In a real-life behavioral risk assessment focused on a bank’s Know Your Customer (KYC) capabilities, Raaijmakers identified lapses in cross-team collaboration and an “us-versus-them” mindset internally that affected the quality of a bank’s client investigations. Information from less trusted departments was ignored. Without this assessment, these human dynamics likely would have gone unnoticed, and the results misunderstood. 

These days, connecting the dots is critical, in part because adversaries aren’t typically working as “lone wolves.” They often work together in their own social ecosystems, where the behavioral norms are criminality, and “doing what’s right” is ultimately what’s wrong for banks and consumers.  

As professor David Maimon described in a March RMA webcast, whole communities have sprung up on the dark web and messaging platforms to support the pursuit of bank fraud. Economic goals may not be these community members’ only motivators, as the behavioral scientists suggest.   

Creating reinforcing “white hat” communities is one way to fight back. This includes encouraging peer accountability and structuring shared “challenge mechanisms” that make it harder for fraud to go undetected, Raaijmakers said. To that end, ProSight Financial Association is launching its Fraud Alert Network this summer to connect the fraud-fighting community around actionable intelligence. 

Banks employing behavioral science teams to date have tended to focus on customers and how to design products that best serve them, leaning into Nobel Memorial Prize-winner Daniel Kahneman’s work on behavioral economics and prospect theory, which attempts to explain why people often act counter to their own interests.  

The work of J.P. Morgan’s Kreisler is primarily focused on customers’ financial decision making and investing outcomes, but he consults throughout the bank, educating teams from the fraud front lines to cybersecurity on this behavioral approach to process and people.  

Others, meanwhile, have applied behavioral science principles narrowly to areas of client engagement or risk management. Few, though, have linked up human behavior practices across the enterprise, evidence of the very institutional disconnects these teams are trying to correct. “I haven’t come across a single bank yet that has linked it all up and figured out how to traverse all the silos,” Grosse said. 

Banks in Canada, Europe, and Australia have been quicker to buy in. But few banks in the U.S. have adopted behavioral science in any part of their business, skeptical of what some consider a “squishy, soft skills” approach to a problem requiring clear solutions with measurable outcomes.  

Scholten disagrees with this “squishy, soft skills” critique. While the approach emphasizes the behaviors of people, the methodology, she says, follows a structured sequence of gathering and analyzing quantitative and qualitative data, leading to concrete measurements of success. It includes confidential conversations with staff, field observations, desk research into mechanisms that might drive behavior, and survey and data collection.  

Raaijmakers broke the approach down to this: 

1. Diagnosis: Identifying risk-prone behaviors, biases, and drivers of behavioral patterns.  

1. Design: Developing interventions based on behavioral science, involving nudging, communication strategies, and process redesign. 

1. Implementation: Collaborating with risk teams, HR, and business units to integrate these interventions into existing policies and controls. 

1. Evaluation: Measuring impact through behavioral data analysis and feedback loops. 

Be the Change 

Ironically, banks’ reticence to adopt a behavioral science approach may come down to, well, behavioral science. 

In the case of employee fraud, for example, institutions tend to focus on the “bad apple,” shifting responsibility for their own systemic shortcomings to the rogue actor, Scholten said. While that may explain today’s failure, it ignores the conditions that led to fraud in the first place. 

“It prevents organizations from addressing root causes such as toxic cultures, poor governance, and weak internal controls,” Raaijmakers added. These kinds of failures can offer clues to how banks unwittingly sabotage their own best efforts to fight fraud. 

Oversight concerns may be one reason for this “naming and shaming.” Targeting the individual shows regulators that the problem is contained. And regulatory frameworks can be biased toward holding individuals accountable, which can lead to criminal prosecution of the bad actor instead of penalties for the bank itself.   

Legal exposure is another reason. When there is a risk of lawsuits, especially in the litigious U.S., executives may not want to know the operational reality at the shop-floor level, Scholten suggested. “There may be a degree of willful blindness to revealing how things are done in the organization,” she said. Whatever the reason, concluding investigations at the person is a missed opportunity for company introspection and broader corrective actions. Changing the bad apple narrative can help, she said. 

For a financial services industry whose product is numbers, leadership, too, can be overly reductive when it comes to measuring returns on investment. “Even when thinking about human behavior, it’s tempting to want to put a decimal point on it,” Grosse said.  

With risk officers favoring quantitative risk models, and U.S. regulators under the new presidential administration stressing the need to deemphasize the more “subjective” elements of oversight, justifying a soft skills approach to risk management becomes more challenging. 

And, while understanding theories of human behavior is one thing, applying them in real-world contexts is another. The front lines of fraud are messy, and criminals constantly adapt. Delivering consistent outcomes is challenging because people—employees, fraudsters, and customers—don’t stand still. 

That makes base lining performance and measuring success difficult. Kreisler said that while he is accountable for delivering on defined metrics, “they aren’t as clear as other banking metrics. How do you measure a culture shift or a brand enhancement?” 

Raaijmakers understands the challenge. “There is this perception that behavioral interventions are hard to measure in financial terms,” she said. But flexibility and keeping an open mind, she added, can help leadership overcome their numbers-driven hesitations.