Scams are difficult to stop because they manipulate the victim into transferring their own money. When the vulnerability is human judgment, layers of security can only do so much. Financial institutions can raise flags and block transactions, but a motivated victim can disregard warnings or shift their assets. The challenge will grow as scammers adopt new technology, like AI and deepfakes, to trick victims.
To address this challenge, financial institutions should consider expanding a control they have used for decades, if not centuries: dual approval.
Dual approval means that two authorized users must approve a proposed action. Banks have long used it for commercial customers. Businesses designate one set of users to initiate transactions ("makers") and another set to review them ("checkers"). Dual approval
Think of it as "two-human authentication." We all understand two-factor authentication: Because your password might be compromised, you must enter a code sent to your phone. Dual approval recognizes that, because one human's judgment might be compromised, requiring a second person's approval reduces risk.
Dual approval is generally not available to retail customers. Financial institutions should change that. This control could stop many foreign scams. The scammer's whole game is to isolate someone, create urgency and trick them. It is much harder to do that to two people than one.
Dual approval would also impede schemes that rely on stolen account credentials, whether through hacking or social engineering. It's harder to steal two sets of credentials than one.
Financial institutions could offer dual approval to retail customers in multiple ways.
Most simply, they could make it an optional setting. Imagine an aging parent who can manage their finances, but who wants to protect their family. The parent could designate a spouse or child as a "checker" on their accounts. The checker would have to approve transactions exceeding certain thresholds set by the customer, along with proposed changes to those controls. This prudent step — taken before anyone falls under a scammer's spell — would reduce the risk of the customer getting scammed.
In a move some industry observers call "dangerous and irresponsible," the administration is taking down consumer protection guardrails that have been put up by states like California and Colorado.
To be clear, this is not just an issue that impacts aging consumers. Young people fall for scams too, from
Another way to make dual approval available would be for an independent company to provide scam protection to a financial institution's retail customers. Consider it "judgment as a service." This third party, expert in spotting scams, would review transactions exceeding the thresholds set by the customer. (Some customers might prefer this to involving family.)
A checker company might even offer a guarantee: accepting liability for scam losses from transactions it approved. This quasi-insurance would give injured victims a means of redress, shift the risk of loss to a party well-positioned to mitigate it, and spread the cost of scam losses across a wider pool.
Any of these processes would introduce some friction and delay, as is true when businesses utilize dual approval. The key is that the customer decides when that friction kicks in. Paying your mortgage shouldn't require a second approval. Wiring $100,000 to a new payee merits a pause. That friction makes it harder for scammers to rush victims, similar to how a time-delay safe can impede a robbery. As it has in commercial banking, technology can reduce friction to manageable levels and lower the cost of offering dual approval controls.
The downsides of friction may make dual approval easier to implement in some contexts than others. Brokerages, wealth management firms, and retirement plan administrators could implement it for withdrawals and transfers, which tend to be infrequent, large and less urgent. Banks and credit unions, which customers use more frequently and with less patience, present a harder use case. Customer opt-in and threshold setting would be key to successful implementation in that context.
In any financial institution, dual approval could be piloted as an extra benefit ("enhanced protection") to premium accounts and then offered more broadly over time as financial institutions refine the process and user experience.
Financial institutions would benefit from giving retail customers access to dual approval controls. A customer in thrall to a scammer is a nightmare. Dual approval both reduces the risk of loss and broadens responsibility when it occurs. Even when consumers choose not to adopt dual approval, financial institutions would benefit from having offered and recommended the safeguard.
Widespread adoption of dual approval — a proven and effective control that addresses the human vulnerability targeted by scammers — would significantly reduce the risk of scams. It would not eliminate the threat, and a broader range of measures are necessary. The Aspen Institute's
