Working to stop financial crime before it happens is nothing new to the financial services industry. Adapting crime prevention strategies to the changing nature of fraud is a challenge that many financial institutions (FIs) are increasingly making an effort to address.
Fraudsters use various novel schemes to take advantage of new payment channels and FIs must understand these emerging security threats and adapt their financial crime risk management strategies accordingly – in order to protect their customers’ financial assets.
As an example, FIs are losing millions of pounds a year due to account takeover fraud. In 2014, £27.9 million was lost in the U.K due to criminals using fraudulently obtained cards or card details, along with stolen personal information, to open or take over a card account held in someone else’s name or target genuine accounts by pretending to be the account-holder.
The latest Cifas research has also revealed that identity fraud was the dominant fraud threat in the first quarter of 2015, up 27% from the same period last year and accounting for just under half of all frauds recorded in the first quarter.
These figures highlight that identity fraud continues to be a serious fraud threat that, if not effectively prevented, can be extremely disruptive for consumers and prove very profitable for organised criminal groups.
Though technology is the best way to identify and protect customers, many current fraud controls set up by financial institutions cannot present a holistic view of customer behaviour across all products and channels, or include the non-financial transactions such as address changes and cheque requests that are often early indicators of account takeover.
As a result these tools are unable to identify account takeover early enough to prevent a loss – creating a negative impact on good customers who might then take their business elsewhere.
However, taking a draconian approach to fraud prevention to avert account takeover fraud might well have the same effect, as good customers are likely to be routinely inconvenienced by preventative action taken as a result of lack of understanding of their personal banking behaviour.
Trying to secure a middle ground between protecting customers against risk and also providing a convenient service is a complex balance to strike. In order to move forward, financial institutions need to identify the key challenges that they face in effectively recognising the earliest signs of fraudulent transactions and how they can streamline their infrastructure to act quickly and efficiently – while still optimising customer experience.
Managing false positives
One of those challenges FIs find themselves up against on a daily basis, is the struggle to deal with false positives. A false positive is when a fraud alert is generated for a transaction that is in fact legitimate. This happens when fraud and risk systems don’t provide the ability to accurately profile the customer and merely look at risky events in silos.
For example, when a cheque is flagged as an account takeover risk because the value amount is over £5,000, it can be difficult using a rules-based fraud prevention system to identify whether this would be classified as ‘normal’ or ‘suspicious’ activity for an individual customer.
A deposit of a £5,000 cheque may be common place for one individual, but may be particularly unusual or indicative of possible account takeover when accompanied by a recent address change and request for new cheques.
Customers who need to wait days for cheques to clear will inevitably become dissatisfied and could potentially look to bank with alternative providers. Delay in clearing legitimate cheques can also cause regulatory compliance issues.
The best approach for keeping false positives low is to employ a predictive model and behavioural profiling to accurate assess what is 'normal' behaviour for a particular customer. Predictive analytic models can evaluate the complex interrelationships between variables such as cheque amount, transaction frequency, transaction velocity, and other less obvious attributes to much more effectively differentiate legitimate from suspect transactions.
Multiple fraud solutions
A holistic view of fraud risk is essential for identifying account takeover, as this type of fraud often starts with a series of small non-financial changes to an account, which can be missed with ‘point solutions’ that only monitor a single product or channel.
Often as many as 15 or more different tools can be in place at a financial institution based on the point of interaction. Not only does this result in the increase in the risk of false positives, but it doesn’t allow the bank to be able to identify the threat of account takeover before it has happened.
Similarly, this lack of a holistic view makes it difficult to enable, identify, segment and target the two percent of customers who represent the highest risk of fraud. In order to streamline this procedure, FIs should seek out processes which allow fraud mitigation to take place, but also incorporate predictive scoring and profiling on a single platform that can provide a more complete view of the customer and all of their account and digital activity.
If compliance teams can utilise behavioural profiling and the ability to quantify risk mitigation through investigation, the threat of losing customers due to poor visibility at the customer level can be minimised.
Customers all have different risk levels and it is vital for FIs to understand this and tailor their fraud and risk reviews to each customer. It is important for FIs to have a solution whereby they can build a profile for each customer that tracks what is ‘normal’ for them, and in turn segment the risk level of customers based on a number of key metrics. Aggregating each individual’s data from various sources is vital and creates a central repository to manage customer risk effectively.
Protecting customers for the future
As consumers are increasingly accessing and applying for a variety of financial products across a number of new and different channels, either online or via their mobile devices, fraud is evolving alongside. With emerging payment channels, fraud patterns are often not yet well understood. Therefore upon launch of a new payment technology, it is not long before financial criminals are at work to exploit the new systems.
For example, with the launch of ApplePay in the US, we have seen reports of consumer cards being loaded on to multiple devices and used without the card owners consent or knowledge and other fraudulent activities.
It is evident that FIs are becoming more committed to countering the threats posed by fraudsters, but in order to keep the business of loyal customers they must streamline their anti-fraud operation to demonstrate that they can manage the risk of account takeover effectively.
Fraud must be looked at from a holistic perspective. This includes monitoring patterns, implementing rules and strategies in the event of fraud outbreaks and having mechanisms to control the fraud in real-time with sophisticated scoring algorithms.
For every new payment app or technology, FIs must be able rely on the right infrastructure to actively monitor transactions protect consumers, businesses and financial institutions from losses. This will mean that customers receive the best possible banking experience and can safely take advantage of new and more convenient ways of banking.
Sourced from Mannie Da Silva, Global Product Line manager, Financial Crime Risk Management Solutions, Fiserv