Every conference has that one session that sticks. At Open Banking Expo, for me, that session had little to do with APIs, data interoperability or instant payments. It barely spoke about open banking. Instead, it addressed something far less tangible, and yet infinitely more important: human behaviour.

The talk was titled “The Psychology of Online Fraud”, delivered by Paul Maskall, Strategic Fraud Prevention and Behavioural Lead from UK Finance. He came with an engaging story that was insightful, but also funny, and at times deeply uncomfortable, precisely because it forced us to look in the mirror (Paul, if you read this: please do apply for a speaking session at our event in Brussels one day ;)). More importantly, it was a universal story: no discussion of fraud in the UK or the EU; it was just about fraud and the psychological reasoning behind it, which is universal.

Fraud, Paul reminded us, is not a technological failure. It is a human one. And if we continue to treat it as merely a system problem, we will keep missing the essence of what truly drives victims to act and why our prevention efforts so often fall short.

Why Awareness Fails

A few weeks ago, I wrote about this very theme in my piece Fraud Prevention in 2025: Why Technology Alone Won’t Save Banks. I argued that while fraud prevention has made remarkable technological progress, the results remain discouraging because people, not systems, are the weakest link.

Paul Maskall’s session gave that hypothesis a psychological depth.

Coming from a background in intelligence and counter-terrorism, Paul entered the world of cybercrime prevention assuming that awareness campaigns and education would work as they did in other domains of public safety.

They didn’t.

He quickly discovered that no one needed to be convinced that terrorism was dangerous, but when it came to fraud, the first challenge was convincing people that they should even care.

Fraud messaging doesn’t evoke emotion. It’s abstract, invisible, and, unless you’ve experienced it, detached from daily life.

We can flood inboxes with warnings, build sophisticated friction into payment journeys, and push e-learning courses by the dozen. But if customers don’t feel at risk, they will not act. No one thinks, instinctively, that they will be tricked by fraudsters one day, until they are.

As Paul put it bluntly: “Education without motivation is pretty much useless.”

This quote encapsulates the paradox we face in financial services today: we are exceptional at building secure systems, yet remarkably poor at cultivating emotional engagement around fraud (where’s the empathy?).

The problem is not a lack of knowledge; it’s a lack of emotional connection to that knowledge. We continue to assume that rational advice will drive behavioural change, when in reality, emotion dictates far more of our decisions than logic ever will.

The Cognitive Shortcuts That Betray Us

One of the most fascinating parts of the session was Paul’s dive into cognitive risks: the shortcuts our brains take to simplify decision-making. These shortcuts, or heuristics, are inherently human: efficient for survival but disastrous in digital environments.

Take the availability heuristic: our tendency to assess risk based on the vividness of examples that come to mind. We fear flying more than driving, even though statistically the latter is far more dangerous. Why? Because plane crashes are spectacular, memorable and emotionally loaded.

Fraud, on the other hand, is quiet. It rarely makes headlines unless it involves millions.

There’s no visceral image attached to it.

This lack of imagery translates into indifference. When customers hear about a “romance scam” or “authorised push payment fraud,” they don’t picture themselves as potential victims. They picture someone else: someone less informed, less cautious. Without emotional resonance, there is no sense of urgency, no internal motivation to change behaviour. This, more than any technological shortfall, is the Achilles’ heel of fraud prevention.

Paul also spoke about emotional projection, another subtle yet devastating vulnerability. We don’t read digital messages objectively; we interpret them through the lens of how we feel in that moment.

A harmless text from a partner can sound hostile when we’re stressed. A message from a stranger can feel sincere when we’re lonely.

Fraudsters exploit this mercilessly. They don’t need to hack a system; they only need to understand emotion. As he quipped, “Everyone has been told something they wanted to hear - at probably the wrong time.” It’s that perfect alignment of vulnerability and timing that turns an intelligent person into a victim.

Fraud and Marketing: The Same Tools, Different Intent

At a certain moment, Paul asked the audience, almost playfully: “What’s the difference between fraud and marketing?” After a brief pause, he answered himself: “Apart from legality, the only real difference between fraud and marketing is intent.”

Both rely on the same psychological mechanisms: storytelling, emotional triggers, social proof, and timing.

Both aim to influence behaviour.

The only divergence lies in the endgame: whether the purpose is to sell or to steal. Fraudsters, in that sense, are simply unethical marketers with perfect emotional precision.

That comparison has stayed with me. It forces banks and fintechs to confront an uncomfortable truth: we cannot outsmart fraudsters by out-engineering them; we must out-communicate them.

But how do we do that?

If fraudsters are mastering persuasion, we must learn to do the same, ethically, transparently, and in the service of trust.

Rethinking the Language of Protection

Paul didn’t stop at diagnosing the problem. He also challenged the industry on how we frame fraud messaging and support. Too often, the language we use is vague, accusatory, or counterproductive. Phrases like “Don’t fall for scams” or “Be vigilant this Black Friday” sound practical, but they often do more harm than good.

They evoke shame. They trigger overconfidence bias (“of course I won’t fall for that”), and they alienate the people most at risk. Worse, they imply that the victim should have seen it coming. That being scammed is a personal failure, rather than the result of criminal manipulation.

Instead, Paul suggested we take the emotional charge out of the moment. If fraud is emotional, our prevention messaging must be emotionally neutral and humanising. One of the reframes he offered was this:

“You didn’t fall for it. A criminal targeted and manipulated you.”

That subtle shift changes everything. It takes the blame off the customer and puts it squarely on the criminal. It validates the experience without diminishing the person. It opens space for support, instead of defensiveness.

This approach should extend to how we train customer service teams, how we script interventions in digital journeys, and how we design “friction” into high-risk moments: not as an obstacle, but as a pause in the emotional momentum. Not all friction is bad. When done well, it can be the moment that prevents a life-altering mistake.

Reimagining Fraud as a Human Experience

As the session drew to a close, I asked Paul what we should do with all of this insight. His answer was both simple and profound. “If we could afford therapy for the entire population, that would solve a lot,” he said, half-joking. “But since we can’t, every touchpoint matters.” That insight made an impact, as I heard from several attendees afterwards.

He urged banks to think about the emotional context of their customer journeys. How do we communicate at moments of stress? How do we insert helpful friction, not to block transactions, but to pause emotional momentum? How do we train frontline teams to recognise distress and vulnerability rather than simply suspicious behaviour? These questions don’t require new technologies; they require empathy, creativity, and a willingness to rethink what “security” really means.

This resonated deeply with the conclusions of a recent fraud round table by The Banking Scene, described in Fraud Prevention in 2025. There too, I concluded that our greatest opportunity lies not in more sophisticated tools but in reconnecting with the human side of banking. Fraud prevention should not only be about building higher walls—it should also be about building stronger customer relationships.

One of my main insights from this talk was that the fight against fraud is not won in code, but in conversation.

The Mirror We Don’t Want to Face

What made this session so special was not its novelty, but its honesty. It reminded me that fraud is, in fact, an extension of who we are as humans. It thrives on our hopes, our fears, our trust, and our need for connection. Every scam tells a story, and that story always begins with emotion.

For an industry built on trust, it means that our defences must extend beyond compliance frameworks and AI models. They must reach into culture, communication and compassion. Because ultimately, we can’t make people less emotional, but we can design systems that respect and protect that emotion.

In our rush toward digital efficiency, we risk losing sight of the messy, beautiful humanity that drives every decision: good or bad. Fraud prevention in 2025 and beyond will not be defined by how quickly our systems react, but by how deeply we understand the people behind them.

This was one of 3 sessions that Rik and Andrew discuss in the Director's Cut Debrief session found below, sharing insights from the Open Banking Expo event in London and digging into some of the points raised during an Open Banking panel with views from Brazil, Saudi Arabia, Australia and the UK, and voicing a few concerns about The Future of Consumer Finance when it comes to old age 😵‍💫

You can watch the video discussion below or find us on your favourite podcast platform here (don't forget to subscribe!).