February 05, 2026Call Checker Apps vs Caller Impersonation: Are Banks Solving the Right Problem?
With impersonation fraud now accounting for a growing proportion of overall fraud attempts, banks are under pressure to deploy visible countermeasures quickly.
In recent weeks two UK financial institutions have made announcements of a new feature to their mobile apps (Call Checkers). The feature is an in-app call identifier or call checker designed to prevent bank impersonation scams. One of the institution’s own research shows within Britain the average person receives eight scam calls a month.
Why Banks Are Introducing Call Checker Apps
The new feature will allow customers, who have the app installed, and who have received a call claiming to be from their bank, to check in real time whether the caller is genuinely calling from the bank, and is therefore legitimate, or whether the call was not initiated from within the bank and is therefore a caller impersonation scam.
Understanding Caller Impersonation in Bank Fraud
Whilst on the surface this appears to be a useful feature, if not somewhat unwieldy in practice, it is worth exploring the reason and purpose of these caller impersonation attacks and why the banks are desperate to detect them. The caller is not attempting to impersonate a specific person who may be known to the customer, as would occur in a Deepfake attack, but rather they are impersonating a function within the bank, namely the fraud department or similar.
How OTP-Based Authentication Enables Impersonation Fraud
Both financial institutions have something in common. Amongst other online banking customer authentication methods, both support multi-factor authentication based on 0ne-time passcodes (OTPs) being sent to the customer via SMS or push notification. And the reason for the call and impersonating a bank’s fraud department? The impersonator is ready to initiate an online transaction from the customer’s online account. The bank will send an OTP to the customer’s mobile phone, and the impersonator needs the code to authorise the fraudulent transaction.
Therefore, the caller will make up a bogus story, replete with urgency, and tell the customer they will receive a code to first ensure the bank is speaking with the correct customer and the customer must speak that code back to the bank to confirm who they are. Voila! Fraudulent transaction duly authorised.
Do Call Checker Apps Actually Stop Bank Impersonation Fraud?
So, will the new call checker app stop this attack? Yes, provided the customer has the app, is aware of the call checker feature, and remembers to use it under pressure. Given the impersonator will be amplifying urgency, “your account is about to be emptied”, reliance on customer behaviour remains a critical weakness.
The call checker feature, whilst a welcome advancement, can still be seen as a hit-and-miss band-aid solution to the real problem, the use of OTP-based authentication in their current form. An OTP is no more than a supposed secret piece of information, but which can be shared (deliberately or inadvertently), stolen or hijacked. As it’s just information, anyone with possession, such as our impersonator, can use it.
Binding Authentication to The Right Human
Therefore, rather than relying on an app feature that may or may not be in the possession of the customer and may or may not be used even if it is, to prevent the inadvertent sharing of an OTP with a fraudster, what about an OTP where it doesn’t matter if it’s shared with a fraudster or anyone else. An OTP that will only work for the intended legitimate owner.
That’s exactly what ValidSoft can provide to any OTP based online authentication solution. Simply by speaking the OTP into the browser rather than typing it, and overlaying ValidSoft’s leading voice biometric technology, the OTP is effectively bound to the legitimate owner and unusable by anyone else. So, whilst the customer may tell the impersonator the OTP, it cannot be used by them to authorise the transaction and clear the account.
It’s true the call checker feature will prevent some fraudulent transactions being authorised, but addressing the problem at its source, rather than relying on customer behaviour under pressure, provides a far more robust defence against bank impersonation scams.
