Nu : Most Brazilians believe that scam prevention should come from both customers and institutions, according to Datafolha

São Paulo, April 12, 2024 - Threats made by scammers in the digital environment are becoming increasingly sophisticated. That's the intake of nine out of ten respondents interviewed by Datafolha which held a study, commissioned by Nubank, to understand the perception of Brazilians regarding security-related matters.

For 75% of the participants, financial institutions and their customers have equally relevant roles in preventing scams; the majority also point out factors more related to the vulnerability of victims as the main reasons for a scam to happen. To understand the data, it is important to keep in mind that there is a difference between the concepts of scam and fraud. In fraud situations, the criminal circumvents the institutions' system without the victim's participation or uses mechanisms of violence or coercion to carry out financial transactions on behalf of the victim without their consent; in the case of scams, which have become more common, the offender relies on the participation of the client themselves, who is being deceived and manipulated, for the improper operation to take place.

Among the respondents surveyed by Datafolha, 72% said they had heard of people who had fallen victim to scams on financial institutions' apps. Within this group, 56% indicated, in spontaneous responses, factors related to the victims' lack of knowledge, attention, or naivety as the main reasons exploited by criminals that led to the scam occurring - like difficulties in identifying a scam, lack of information about how they occur, trust in false contacts, or clicking on suspicious links, for example.

For 15% of people who have heard of such situations, the most cited reasons are related to the sophistication of scams - the persuasive power and creativity of criminals were mentioned in spontaneous responses. The same percentage (15%) applies to those who mentioned security flaws or institutional shortcomings as the main causes for the scams to occur - in the perception of this portion of the respondents, hypothetical situations of data leaks and a perceived lack of security in apps are predominant reasons for financial scams to take place. (It is worth mentioning that, as the responses were spontaneous, the respondents may not necessarily have had sufficient technical knowledge of the difference between the concepts of fraud and scam to point out the reasons why they believe this type of situation occurs.)

"With the sophistication of the protection mechanisms of institutions' systems, we have seen a trend of increasing financial scams at the expense of frauds that do not involve the victim's participation," says Fabíola Marchiori, Vice President of Engineering and General Manager of Fraud Prevention at Nubank.

"The challenge in the case of scams is broader because they originate outside the environment of our application and often exploit the vulnerabilities of the victim, either by simulating a false threat of loss or financial insecurity, or by making unfounded offers of prizes or even employment.", she explains.

A significant portion of scams relies on the use of social engineering, a manipulative tactic employed by criminals to deceive a victim into providing confidential information or performing actions in favor of the scammer. These scams usually play with the victim's emotions. In one of the most common cases, the scammer claims to be from the financial institution itself and states that they urgently need to block a fraudulent transaction in the victim's account. Out of fear of losing money, the victim may then provide sensitive information or follow the instructions of the criminal and make transactions.

"In addition to their persuasive abilities, scammers often catch people off guard. Based on the research, we can conclude that many people are aware that these things exist, but, as is often the case, they believe it won't be likely to happen to them," says Fabíola. According to the Datafolha study, while 81% of respondents believe that people are not attentive to their digital security, the same proportion (81%) claims to pay the necessary attention to their own online security.

Aware of this scenario, Nubank has been continuously working on awareness and information initiatives for people on how to keep their accounts secure and developing tools aimed at helping customers protect themselves from criminal actions. In this regard, the company recently launched the "Chamada Verificada" feature, which allows customers to access their Nubank application during a supposedly made call from the institution's customer service to check if it is truly a representative of the company on the other end of the line.

"Our goal is always to stay ahead of criminals, protecting our customers from their actions," says Fabíola. "We have a multidisciplinary team that constantly develops and tests our protections, as well as works to anticipate new types of fraud and scams that are emerging."

Access tools and digital education

Nubank has several initiatives to raise awareness among its customers and the general population, such as its blog and social media profiles. Additionally, the institution offers a range of tools that assist in monitoring and preventing scams and fraud, as well as receiving notifications and reports from both customers and non-customers, such as:

Monitoring and prevention

Chamada Verificada: a recently launched feature, this update allows customers to open the Nubank app upon receiving a call to view an alert on the home screen and confirm that the call is legitimate. It's important to note that this function is activated only in cases of calls initiated by the company itself or its accredited partners - it does not apply when the contact is made proactively by the customer. Additionally, calls are identified in the app only from the moment the customer answers the call made by Nubank.

Defesas inteligentes: the system built with artificial intelligence by Nubank allows the extraction of data patterns using algorithms, which indicate atypical behaviors. This enables Nubank to anticipate and take action against attacks that arise from a breach in the customer's behavioral pattern. When an atypical behavior is identified, various mechanisms can be activated, including not only blocking the transaction but also performing additional checks to ensure that it is indeed the customer who is carrying out the transaction.

Alerta de golpe: it sends a notification within the app, prior to the completion of the transaction, to alert the customer that they may be about to confirm a transaction to a suspicious account. This serves as a proactive measure to prevent potential fraudulent activities and allows the customer to review and verify the transaction before proceeding.

Alô Protegido: it blocks calls made from phones that "disguise" their numbers to appear as if they are being made from Nubank's customer service center. This functionality is available for Android devices and can be activated by customers through the app. This measure helps protect customers from scams where fraudsters attempt to trick them by posing as Nubank representatives through spoofed phone numbers.

Modo Rua: the app's feature allows the customer to set a maximum limit for transactions through the app when disconnected from a Wi-Fi network flagged as secure. The tool only modifies the settings when connected to the original classified network, making its layers of protection even stronger.

Incoming notifications and reports

Me Roubaram: it allows customers to register cases of theft, robbery, and loss of their mobile phone and card in order to log out of the device's account and block the card. This functionality enables customers to take immediate action to protect their information and prevent any unauthorized transactions or access.

Canal de denúncias: it allows the reporting of fraud and attempted scams in which the name of Nubank has been wrongfully used by third parties. This channel can be used by anyone, whether they are Nu's customers or not.

Consciousness

Safety Hub: a content hub that provides information on the most common scams, how to avoid them, and the necessary actions to take.

#PareceMasNãoÉoNubank: a campaign aimed at empowering users to be able to identify and prevent financial scams, providing guidance on topics such as the most common tactics used by scammers, how they might use the Nubank brand to deceive people, how to report a scam attempt to Nubank, how to recognize legitimate Nubank customer service, and how to identify legitimate Nubank profiles online. The campaign includes the launch of a security portal to which dozens of previously confusing URLs are redirected, potentially preventing financial scams.

About the research

Commissioned by Nubank, the research was conducted between December 14, 2023, and January 3, 2024, through online interviews with 1,700 people. The target audience is the population that has a relationship with a financial institution, over 18 years old, from all economic classes and from the five regions of the country. The margin of error for the research is plus or minus two percentage points, within a 95% confidence level.