Just as cybercriminals continue to find ways to foil traditional means of digital protection of bank accounts, and just as bank customers continue to demand easy, fast, and seamless access to their accounts, analysts and providers suggest a new approach:
Make improved customer experience itself a means to beef up fraud protections.
With fraud mitigation traditionally seen as a cost center within a bank, “customer experience needs to play a bigger part of the conversation that fraud executives are having with the folks who hold the purse strings in order to get the resources you need to implement new controls and new solutions,” said Al Pascual, research director and head of fraud and security, Javelin, in a recent webinar.
“The story has to be, we have very particular fraud challenges. Here is how we want to solve them, and it will be better for the customer experience,” according to Pascual. “It will be less onerous. It will increase engagement, and that creates a much more compelling ROI.”
What will meet challenge
Specific new approaches, Pascual summarized, are these:
• Check me out, in the background. New solutions such as device recognition, geolocation, and biometrics that are substantially more difficult for criminals to intercept or falsify than knowledge-based authentication or one-time passwords sent as texts. These, Pascual said, improve the customer experience by rendering authentication nearly invisible.
• Connective human intelligence. Properly trained security staff that find innovative ways to draw insights from customer data, detect new fraud schemes, and analyze how customers interact with the company’s online and mobile platforms.
• Sophisticated data analytics. Sifting of transactions and customer interactions to identify and curtail fraud for any digital channel-oriented financial product or service.
The key, said Pascual, is to recognize that customers themselves want to be personally engaged in protecting their personal information—yet seem burned out by what have become old-fashioned and ineffective methods.
They’ve found that protections such as questions about their mother’s maiden name and even smartphone four-digit locks have become less and less effective.
Meanwhile, access to high-value personal data such as Social Security numbers, medical records, and bank account numbers are increasingly available to criminals. Pascual said that thieves can buy Social Security numbers for as little as $5 each.
Whose financial life is it anyway?
To drive home this point, Ian Holmes, banking fraud solutions manager for SAS—which cosponsored the webinar—pointed to two customer-related results from a recent Javelin survey. (SAS offers analytics-based fraud protection solutions to the financial services industry.)
In one, customers were asked who bears most responsibility for protecting data. Fifty-seven percent said they themselves bore either the most or the second-most responsibility. Banks came in a close second, at 51%.
However, when comparing the adoption of smartphone security behaviors in 2014 and 2015, all categories of self-initiated protections were shown to be declining. Just one example: In 2014, 41% of smartphone owners used antivirus or antimalware software; in 2015, that dropped to 31%.
“I think the combination of those two research results show the need for a new, balanced approach,” said Holmes.
“There is an opportunity to help protect them [customers] from themselves, but there’s also an opportunity to hold their hand through that process. That’s how we get them to be engaged,” Pascual said. “There is a way to empower the consumer. It’s a way that shows them that you are being mindful of what’s going on in their accounts and that you want them to play a role.”
Threat keeps on growing
That there needs to be new approaches to fraud protection is borne out by recent cybercrime trends, said Holmes. These include:
• Increases in new-account fraud: Major credit card accounts—361,000 cases in 2015, vs. 157,000 cases in 2014; email payments accounts (such as PayPal)—335,000 cases in 2015, vs. 114,000 in 2014; and store-branded credit card accounts—216,000 cases in 2015 vs. 117,000 in 2014.
“It is interesting that it’s not just new technology. It’s also the older ways [i.e., credit cards] of performing transactions with customers that are affected,” said Holmes.
• Building up digital volume. A growing rate and new types of digital account opening: checking account—49% of those surveyed opened an account digitally in 2014; 70% opened an account in 2015.
“Now we’re in an era of more types of loan products available to open online, such as personal loans, mortgages, and home equity lines of credit,” Pascual said. “Those are much more attractive targets. We really need to step up our game when it comes to protecting the digital channels.”
• Real-time ramps up everything. Risks related to the provision of faster transactions, such as real-time credit, mobile remote deposit capture, and same-day ACH. Just as they make the legitimate transactions faster, they make potential fraud faster as well.
“This is an area where we’re still looking for the right approach to manage that risk,” observed Pascual. “But you can’t introduce a ton of friction into something that’s meant to be fast, seamless, and more convenient.”
Constantly chasing the bad guys
“Fraud is changing rapidly,” Pascual said near the close of the webinar.
He said that fraud rings are changing their tactics, placing pressure on new areas of financial institutions.
Balancing consumers’ desire for engagement with frictionless security requires a finely-tuned balance of robust analytics, well-trained personnel, and resilient antifraud solutions, the consultant said.
“Handled well, the explosion of digital financial technologies offer major gains for customers,” said Pascual. “Handled poorly, they provide wide-open doors for fraudsters.”