Ensure End-to-End Security and Mitigate Risk Across the New Customer Journey
Written by Cynthia Wylie
Banks have a need for enhanced security and risk mitigation across the new customer journey, but this should be a frictionless experience with the ability to access payment tools 24/7 across various channels. This experience is important for both financial institutions and customers be they consumers or businesses.
Several years ago, my 20-year-old daughter visited a friend in New York City. After a week of fun and merrymaking, she took a cab to the airport only to find that her debit card (her only non-cash method of payment) didn’t work to pay the driver, and she didn’t have any cash. The cabbie became increasingly upset. It was early in the morning in New York, so calling her Los Angeles-based bank wasn’t an option. To her credit, she tried everything even offering the driver a gift card that she received for Christmas in lieu of the amount due. Her cab ride that cost about $65 wasn’t even close to her $200 gift card so in theory it was a good deal for the cabbie. The only problem is that it was from Victoria’s Secret. He was not amused. He drove her back to the city where her friend’s father paid the bill to and from JFK. She missed her flight. It was expensive to re-book, and frustrating to her that the bank, in all its careful wisdom, shut her debit card down to prevent fraud—not very customer friendly. When I called the bank to complain they said she should call customer service before she travels to let them know. This was not a frictionless customer journey. Literally. The good news is, things have improved a lot since then.
Clearly there are factors driving the need for enhanced security and risk mitigation across the customer journey, including expectations for a frictionless experience and the ability to access payment tools 24/7 across various channels including IVR, text, mobile app, website, office, or branches. Solutions for ensuring end-to-end security must be able to: address a variety of fraud scenarios from those most commonly known to ones specific to an organization; be able to integrate with existing systems; and provide robust data reporting for compliance purposes as well as bolstering the security of the overall business by mitigating risk.
One of the most important components in anti-fraud measures is authentication. Joris Lochy in a recent article in Finextra puts it best: “For the financial services industry, having a secure but user-friendly authentication process is no longer a nice-to-have, but a necessity. The current authentication methods, which are typically based on passwords, meet however neither of these objectives, i.e. passwords give a poor user experience and are not at all secure.” A large part of authentication involves technology and its increasingly important impact on the problem.
The Fraud Landscape Today
Current legacy bank solutions for fraud detection can often lead to high false positives, friction, and operational inefficiencies. And, they don’t really do a great job at fighting fraud. According to Arkose Labs Q3 Fraud and Abuse Report, one in every 10 transactions is an attack.
Moreover, an Aite Group survey has revealed that fraud rates for financial institutions are eight times higher in the digital channels compared to the branch. My recent article for CheckAlt, “Connecting In-Person and Digital Experiences at the Branch” states, “Although many customers still bank in branches, the majority of these individuals still use online banking.” Digital security is paramount.
Another critical area to be mitigated is application fraud. When an applicant applies for a new financial relationship with a bank or credit union, there are three general types of fraud that can be used:
• Identity theft. The attacker steals and uses the full identity of a victim;
• Synthetic identity fraud. Fraudsters either create a new identity from scratch or with bits and pieces of stolen data;
• First-party fraud. An individual has no intention to repay his or her obligations.
It has become vital for financial institutions to authenticate across all channels. By implementing more advanced technology and methods to fight fraud, banks and credit unions can realize three important advantages: maximizing revenue, reducing fraud loss, and reducing operational costs.
1. Set triggers with alerts.
Think of mobile deposit limits, but more than that—the financial institution can set all sorts of triggers to reject deposits they consider risky. Fraud detection should include risk analysis of a deposit against industry data to identify and flag. For example, a check made out from a high-risk consumer to the depositor can be flagged.
2. Update fraud detection technology in real time.
This is incredibly important for both businesses and financial institutions. They need to be able to update fraud detection technology in real time as teams learn about new risks, such as bad ABA numbers tied to fraud. A staff member should be able to add that ABA number as a new risk flag and have it become active instantaneously.
3. Strong Customer Authentication (SCA).
SCA is a requirement of the Revised Directive on Payment Services in Europe. The requirement ensures that electronic payments are performed with multi-factor authentication. This is a method we can implement in the United States across all channels. Your phone system asks for you to verify your date of birth, your account number, and your "secret pin” if a bank offers such a thing.
4. New application fraud.
There are several exciting developments working to mitigate these risks without simply turning down the majority of online applicants as is often currently done. These include, device authentication services by mobile providers, behavioral biometrics to evaluate whether the applicant is a real person or a bot and Big Data Analytics to effectively analyze inputs and make a proper conclusion.
5. Applying technology such as machine learning.
A new trend to help with fraud detection in a way that is more consumer-friendly is adapting AI as not just a fraud detector and shutting down a transaction, but to one that is a fraud teacher and explaining, “Why?” While it’s great to have a machine that learns, a machine that teaches propels us into the future of fraud detection and prevention. And that’s precisely what Explainable AI (XAI) is: a machine that teaches by providing insights to teams.
With increased use of certain fraud detection measures that at first may seem invasive, cumbersome and unnecessarily time consuming, customers will get more comfortable. After all, it protects the customer’s account. And as technology advances, the anti-fraud measures will be become less onerous. I believe that people would rather go through a 2-step verification process than getting their debit card turned off in a cab outside JFK.