- What's at stake: Without early intervention, vulnerable senior customers risk losing their retirement savings to highly coordinated criminal organizations.
- Supporting data: American seniors lost a staggering $4.9 billion to scams in 2024, according to recent data from the FBI.
- Expert quote: "It's one thing to detect a scam," but it is "quite another to prevent a loss," according to Rick Swenson, head of enterprise fraud management for TIAA.
Overview bullets generated by AI with editorial review
San Francisco — Elder financial exploitation has become a massive crisis, and the pressure is mounting on U.S. banks and credit unions to stop the theft before their customers' life savings disappear.
In 2024 alone, American seniors lost $4.9 billion to scams, according to data from the FBI. Despite these staggering figures, elder fraud is "woefully underreported," said Rick Swenson, head of enterprise fraud management for TIAA, a nonprofit retirement services organization.
Swenson presented the session at RSAC Conference, an annual gathering of cybersecurity professionals in San Francisco. He presented alongside Lisa Plaggemier, executive director of the National Cybersecurity Alliance, a nonprofit organization promoting cybersecurity awareness and education.
Because hostile actors are often highly coordinated, financial institutions cannot fight this battle alone, the two said. Combating elder fraud is "a team sport" that requires community effort, according to Swenson.
Financial institutions typically serve as the final step in a scammer's kill chain, which is the point at which the money actually leaves the victim's hands. This so-called kill chain is the sequential stages of a scam; the other stages include initial contact between the scammer and the victim, requesting payment and laundering the stolen funds.
To truly protect vulnerable customers, the two said, banks must shift their focus to the left side of the timeline to get involved earlier in a potential scam and collaborate with telecom providers, technology platforms and government agencies to disrupt schemes earlier in the process.
Elder fraud tends to be very time sensitive, and because banks are the last stop in the kill chain, intervening sooner is critical to short-circuiting the scam before the transaction is finalized.
The banker's dilemma: Catching fraud too late
Financial institutions usually discover a potential scam at the exact moment a customer attempts to move money, which leaves bankers with little to no information to differentiate a fraudulent request from a legitimate one.
Because the actual customer authorizes the transaction, the intent behind the funds often remains unknown or ambiguous. If banks attempt to slow down these transactions, they risk impeding legitimate customer requests and increasing complaints, according to the presentation.
Intervening successfully requires more than just spotting an anomaly.
"It's one thing to detect a scam," but it is "quite another to prevent a loss," because victims often become deeply committed to the scammer's narrative, according to Swenson.
Swenson illustrated this challenge with the case of an 87-year-old widow who attempted to transfer $250,000 from her retirement account for what she believed was a legitimate investment.
"We put a suspension on the funds, and she got upset," according to Swenson.
It ultimately took TIAA staff three and a half weeks, along with coordinated interventions from the local sheriff, Adult Protective Services and the FBI to convince the customer to cancel the transfer.
In another extreme case, a couple lost $2.5 million over the course of a year by purchasing gold bars and leaving them in their mailbox for a fake undercover government courier, according to Swenson.
Because the couple firmly believed they were participating in a secret operation to help the government catch criminals, the financial institution only learned of the fraud long after the money was gone, he said.
"Shifting left": A collaborative defense strategy
To get ahead of the problem, banks need to break down the internal walls between their cybersecurity and fraud departments, according to Plaggemier. Scammers have already taken advantage of these organizational divisions, she said.
"I think our enemies have weaponized those silos," Plaggemier said.
Financial institutions also need to rethink their broader defense strategy by moving earlier in the timeline of a scam, a concept the presenters called shifting left — a term commonly used in other contexts in cybersecurity and software engineering.
Instead of waiting for a customer to request a fraudulent transfer, banks should treat elder fraud as a "distributed security problem," the two said. This requires working closely with telecommunications carriers, technology platforms and government agencies to stop the initial contact before the scammer's persuasion phase even begins.
The sheer volume of these attacks makes early intervention essential. Hostile actors send an estimated 190 billion scam texts and messages globally each day, according to Swenson.
By collaborating with telecommunications providers and technology companies, banks can help suppress this "daily blizzard" of abusive traffic at scale, according to the presentation.
Equipping the front lines with AI and trusted contacts
TIAA recently implemented an artificial intelligence solution to review customer phone transcripts and identify patterned responses that indicate a scammer is actively coaching a customer, according to Swenson.
Fraudsters often instruct victims on exactly how to answer a bank's questions, which results in stoic, "scripted" responses rather than the natural excitement expected when a customer requests funds for a major life event, such as buying a retirement home in Florida, according to Swenson.
Beyond new technology, banks should proactively encourage older customers to designate a trusted contact, he said.
Staff must clearly explain that this designation does not grant the contact access to the customer's money, but simply provides the bank with an emergency lifeline to check on the customer's well-being if employees suspect exploitation, according to Swenson.
Alerting a trusted contact can quickly short-circuit a scam, but the approach carries risks and must be done carefully.
"Sometimes, it's a very awkward conversation to have with a senior customer," Rolland Johannsen, a senior consulting associate at consulting firm Capital Performance Group, previously told American Banker.
To minimize that awkwardness, Johannsen advised bankers to focus on the skill of today's scammers rather than the vulnerability of the client.
Empowering the customer through empathy and education
Research shows older adults often feel overwhelmed by the barrage of digital scams, but they remain optimistic and highly teachable because they value using technology to stay connected with their families, according to Plaggemier.
To move beyond generic warnings, TIAA and Google sponsored an educational campaign by the National Cybersecurity Alliance called "Then & Now." The program uses relatable analogies to simplify complex security concepts for older adults.
For example, the campaign explains multifactor authentication by comparing it to adding a deadbolt to a front door that already has a standard lock.
Plaggemier and Swenson encouraged financial institutions to host community workshops using these tool kits to help older customers actively implement security measures — such as password managers and software updates — rather than just warning them about threats.
However, education and branch-level training cannot solve the epidemic alone. Protecting vulnerable clients requires integrating cyber and fraud intelligence, adopting proactive artificial intelligence tools, and building empathetic educational defenses, according to the session presenters, the two said.
Because banks only see a fraction of the scam lifecycle, defeating transnational criminal organizations requires breaking down industry silos and stopping the fraudsters before they reach the bank, according to Swenson.
"We have to work as a community in this model," Swenson said.
