Balancing fraud prevention and UX in financial services: a conversation with Rob Woods, Director at LexisNexis Risk Solutions

 

At Money 20/20 Europe, The Paypers sat down with Rob Woods, Director of Fraud & Identity at LexisNexis Risk Solutions, to explore fraud prevention, AI, network data, and how to balance security with great customer UX.

Rob, how long have you been working in the fraud prevention space, and what drew you into this field?

I've been in the fraud prevention space for quite a few years now. I joined LexisNexis Risk Solutions nearly four years ago and before that I spent time at Lloyds Banking Group working on fraud controls and authentication systems. I was also deeply involved in PSD2 for about four years.

Earlier in my career, I worked in crisis management and disaster recovery, essentially planning for the worst day possible, like payments or data centres going down. It was high-pressure, but I enjoyed the challenge. Eventually, though, I realised I didn’t want to keep waiting for things to go wrong, I wanted to help prevent them.

That’s when I got involved with a fraud incident and saw a team actively trying to stop the ‘worst day’ from happening for customers. It really appealed to me. I transitioned into a product owner role in fraud, where I focused on solving real problems and implementing new solutions. Over time, I moved into leadership, delivered major initiatives like a new fraud and authentication platform and eventually took the leap to LexisNexis Risk Solutions.

Now, I get to do what I love across multiple industries like banking, gaming, travel, etc. helping organisations design smarter fraud strategies and improve customer experiences.

Rob, from the way you speak about customer experience, it feels like you’ve found the secret to balancing fraud prevention with seamless, frictionless digital journeys. How do you achieve that balance?

One of the key things I bring to LexisNexis Risk Solutions is a deep understanding of the customer experience, not just from the perspective of someone who previously developed fraud systems at a major financial institution, but also as an advocate for the end user. I’ve always believed that a great fraud control system isn’t only about stopping fraud, it’s also about enabling smoother, better experiences for genuine customers.

Take logging into your banking app, for example. If we can help a business gain a high level of trust in who the user is, why force unnecessary step-up authentication? When risk-based decisions are possible, you can keep things friction appropriate in the background and only step up friction when there’s a real signal. That gives the genuine customer a much smoother journey while keeping the fraudsters out.

There are regulatory moments where authentication is required of course, but outside of those, it’s all about using smart tools to make the right call at the right time. And that’s where good fraud strategy really shows its value: fewer complaints, faster onboarding, higher customer satisfaction.

Think about applying for a credit card. You don’t want to hear, ‘We’ll get back to you in three days.’ You want a real-time answer. These are the kinds of experiences we can enable if we get fraud prevention right.

At the end of the day, it’s not just about reducing fraud losses. It’s about doing the right thing for the customer in the right way. Sure, we could stop fraud entirely by layering on loads of authentication, but then we’d also kill the customer experience. The real win is in finding that sweet spot where security and ease go hand in hand.

You spoke on a panel at Money 20/20 titled 5 Reasons Why You're About to be Defrauded. Can you share some of the key takeaways from that discussion? What stood out most for you?

The big takeaway, and what the panel title alludes to, is that, realistically, we’re all going to be targeted at some point. If you share personal data online, shop, bank, or even just have a digital presence, your information is likely circulating out there in some form, whether through data breaches, phishing attacks, or being sold on the dark web. Your email address, phone number; these details give fraudsters the tools to reach out and try to trick you.

We talked a lot about consumer awareness. If something feels off, take a moment. Don’t rush. A lot of scams rely on urgency and emotion. If you’re seeing a ‘get-rich-quick’ scheme, it probably isn’t. That pause, that scepticism, can make all the difference.

One of the other major themes was the rise of generative AI and what it means for fraud. Fraudsters now have access to incredibly sophisticated tools. We’re seeing deepfake videos and voice cloning used in real-world scams like romance scams, where someone takes a simple photo and produces a realistic video and even changes the voice to sound like someone else entirely. It’s powerful and dangerous tech.

Now, I don’t think generative AI will increase the overall number of fraud attempts, it’s already high. But it will, I think, increase the success rate of those attempts. Many fraud efforts fail, but with AI improving how convincing the scam is, say, mimicking a loved one’s voice, the chances of someone falling for it increases dramatically.

What’s especially challenging for organisations is that many of these scams happen outside their digital estate. That is the manipulation, the social engineering, that takes place before a customer even logs into a banking app or visits a website. So, from the organisation’s standpoint, there’s no direct risk signal to detect, just a returning customer. They don’t see the fraud until it's already well underway.

That’s where the pressure increases on fraud controls to be highly-tuned during key touchpoints like new account openings or payments. Because once the customer reaches you, they may already be compromised without knowing it. And now it's up to your defences to make the right call in real time.

If scams happen outside the bank’s estate, how can financial institutions detect or intervene effectively?

This is one of the biggest challenges because the manipulation often happens through other channels, like telecoms or social media, which banks don’t see or control. But there are still ways to detect risk by analysing context and available data.

For instance, by understanding a customer’s typical online banking or ecommerce behaviours, it’s easier to spot when the customer looks to be acting outside of their expected behaviours, such as if they log in on a different device or from a different location. If you’re tuned into that, you can easily flag it for step-up authentication or review. That’s where combining signals helps.

One tool we use is called Active Call Detection, part of our LexisNexis ThreatMetrix solution. It can detect if a live phone call is taking place, whether it’s a regular telecom call or a VoIP call like WhatsApp, and whether it’s inbound or outbound. In as many as 75% of scams involves an active inbound call. That’s often the fraudster coaching the victim and telling them where to send the money.

If a transaction seems uncertain and you add in intelligence insights like active call, behavioural signals (such as how the victim’s phone or PC is being used), and anomalous payment behaviour (such as a new recipient being created or an unusually large amount being sent), you start to build a strong risk profile. No single factor is definitive, but combined, they provide a powerful signal that allows the system to flag a transaction as genuine, risky, or likely fraudulent.

For banks and fintechs, having access to the right data is crucial in detecting fraud early. Beyond using providers like LexisNexis Risk Solutions, what are other effective ways to access and leverage data for early fraud detection?

One of our biggest advantages, and something often underappreciated in the industry, is the network effect. Through our ThreatMetrix platform, we create a unique digital identity ‘tag’ connected to every data attribute in the network: phone numbers, emails, and devices. Fraudsters often reuse at least one element, say a phone number, for multiple frauds, even if everything else changes. Our system can detect that link, map it across our entire global network, and connect the dots through what we call HOP analysis.

This lets us identify fraud patterns across different organisations and geographies in a GDPR–compliant way because the data is proprietary to our network.

On top of that, we offer consortia, collaborative groups within specific regions or industries (e.g., UK banking, gaming, or Singapore, UAE), where members share confirmed fraud signals and suspected mule accounts. This collective intelligence significantly strengthens early detection.

These aren’t standalone products, they’re embedded value - adds for ThreatMetrix users, and they deliver a powerful defence by combining shared intelligence with advanced identity analytics.

Let’s talk about APP fraud regulations like the PSR in the UK and Verification of Payee across Europe. What’s your take on these efforts–do they work as intended?

Verification of Payee (VoP) is a helpful tool, especially in the UK where it’s been around for a while. It’s great for both preventing fraud and catching simple mistakes – like when someone accidentally mistypes account details. It can prompt users to pause and double-check, which is a valuable layer in a multi-layered fraud prevention strategy.

That said, fraudsters are skilled manipulators. If they’ve convinced someone to make a payment, they often remain on the phone to steer them through any warnings, including VoP alerts. So, while VoP adds friction in the right moments, it's not a failsafe.

As for the Payment Systems Regulator (PSR) and the 50/50 reimbursement model, I believe the intention, protecting consumers, is absolutely right. More people are now reimbursed, which is a success from a consumer protection standpoint. But from a fraud reduction perspective, it’s a mixed picture.

We’ve seen first–party fraud rising in our annual Cybercrime Report data, while the PSR reports claim minimal change. So, there's some debate there. What's clear is that total fraud losses haven’t significantly dropped, fraud isn’t going away, but the financial burden is shifting more toward institutions.

Still, it's worth noting that scam volumes in the UK have been declining for the past 18 months, especially in categories like impersonation. Purchase scams remain a challenge, especially in ecommerce.

So, has the PSR been effective? If the goal is to protect consumers, then yes. If the goal is to reduce fraud, we still have work to do.

 

About author

With more than a decade’s worth of experience in threat readiness and fraud prevention, Rob Woods is a leading industry expert on all aspects of fraud and identity, specialising in biometrics and behavioural analytics. Rob is responsible for international market planning for financial services for LexisNexis® Risk Solutions, including product portfolio and strategic roadmap planning to suit client needs.

His product expertise has led the design and delivery of major agile transformation programmes in financial services, focused on authentication, fraud and digital identity.

 

About LexisNexis Risk Solutions

LexisNexis® Risk Solutions harnesses the power of data, sophisticated analytics platforms and technology solutions to provide insights that help businesses across multiple industries and governmental entities reduce risk and improve decisions to benefit people around the globe. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers. For more information, please visit LexisNexis Risk Solutions and RELX.