Financial institutions are on a continual quest to improve customer engagement in order to drive increased transactions, account balances, loyalty and, ultimately, profitability. Online banking customers have become more profitable, so providing exceptional, seamless service to this highly valued segment is critical for financial institutions. Unfortunately, the antiquated fraud controls that many financial institutions use degrade the customer experience. Banks struggle with balancing requirements for fraud mitigation and compliance with improving customers’ online experience and their own profitability.
When evaluating and implementing fraud prevention technologies, many security professionals focus solely on fraud avoidance capabilities, while overlooking the adverse impact these controls typically have on the customer experience and operational costs. But there’s no longer a tradeoff. Strong, effective security can and should enhance the customer experience and reduce operational costs.
The current state of cyberthreats
Cybercriminals clearly aren’t slowing down the frequency and sophistication of their attacks. To the contrary, cybercrime techniques are improving and becoming even harder to detect and prevent. For example, cybercriminals are increasing the number of attacks they launch directly from legitimate user devices to bypass device ID solutions. They’re also using automation to enter fraudulent transactions with randomized “human” patterns to bypass anomaly detection systems.
In response, financial institutions are implementing more controls, hoping to mitigate current and impending threats. In some cases, those controls reduce the risks associated with advancing attacks. However, they degrade the customer experience by inserting additional barriers. In the rush to improve online protection, most financial institutions simply accept the perceived necessity of negatively affecting the customer experience.
The shortcomings of current platforms for fraud management
Financial institutions’ fraud management platforms aren’t keeping pace with evolving, sophisticated fraud methods. Banks continue to suffer substantial losses to fraud because cybercriminals find ways to evade fraud detection technologies. Many current platforms have shortcomings that limit a bank’s ability to mitigate fraud, including:
- Limited point solutions — Information isn’t shared between systems, at least not in any usable form, and rarely do these systems work together.
- Imprecise solutions — Systems don’t know that fraud has occurred, but based on circumstantial evidence, they create a statistical model of multiple factors to calculate the probability that a certain set of events represents a fraudulent transaction, which can be inaccurate.
- Costly solutions — Imprecise results lead banks to spend valuable resources investigating a myriad of fraud alerts, to determine which are legitimate and which are false positives.
The shortcomings of current fraud prevention platforms affect customers and their online experience. Customers consider most fraud management systems invasive, from the initial login through transaction execution. Banks also restrict the types of transactions that are available to customers and set transaction limits to reduce the risk of fraud. Rather than enhancing the customer experience, current fraud management platforms work in direct opposition to the business lines’ goals of customer satisfaction, customer retention and profitability. However, the customer experience doesn’t have to be negatively affected by the implementation of security controls.
A new paradigm for fraud prevention
It’s clear that the financial services industry needs a new paradigm for fraud prevention. The current approach simply doesn’t support the industry’s goals of providing a superior customer experience and reducing operational costs. A successful solution must provide an effective, nonintrusive and integrated layer of protection for customers across all channels. It must be easy to implement and operate, require minimal operational support and be highly adaptable to address new threats.
The surest way to prevent fraud is to not allow fraud attempts to even be initiated. Once they begin, a tremendous amount of technical and human capital must come into play to detect, analyze and remediate them. Blocking fraud from entering the system is by far the most effective way to prevent it. This approach also provides tremendous benefits for both customers and operations.
If fraud is never initiated, customers won’t be inconvenienced by blocked transactions, stepped-up authentication and phone calls for verification. In addition, the bank’s staff won’t have to investigate fraud alerts and respond to customers’ inquiries regarding fraudulent transactions. The best strategy for preventing fraud is to keep it from happening in the first place, rather than hoping to detect it after it has been initiated. Clearly, an approach that focuses on identifying malware, the root cause of fraud, will be far more accurate and effective than an approach that focuses on identifying the indicators (byproducts) of fraud. Security and customer experience goals and outcomes can be aligned when effective fraud prevention technologies are used.
What has been your experience with fraud prevention vs. fraud detection? How do you balance the customer experience vs. customer protection? What are your questions about the current threat landscape and fraud detection?
I look forward to hearing from you here and at the conference, where I’ll address this in more detail in my session “Using Holistic Fraud Prevention to Address the Latest Cybercrime Threats.”