Criminals target financial institutions because that’s where the money is, writes Hugo Löwinger, consultant at Innopay, in an article in collaboration with The Paypers, a platform specialised in the payments domain.
When asked in the 1930’s why he robbed banks Willie ‘Slick’ Sutton replied: “because that’s where the money is”. Sure, banking has since then largely moved online, and so have criminals. However, what was true then remains as true today: criminals target financial institutions because that’s where the money is. As a result, both the top- and bottom line suffer.
Fraud: an inevitable surprise
We know that at some point we will be confronted with fraud, we just don’t know exactly when and in which form. We are in a constant balancing act between customer convenience, fraud control and cost containment. The top line suffers as customer journeys are cut short for being overly burdensome because of security measures. Think of prospects having to come to the branch, or getting stuck in paper heavy processes during onboarding, hampering conversion rates. The bottom line hurts because implementing and maintaining anti-fraud measures can have serious (opportunity) costs that come on top of actual fraud loss- and repair cost.
Fundamentally, fraud is a business issue so let’s treat it as such
So, why is it that something with as much impact on both the organisation and its customers as fraud is often treated like an afterthought, and is still frequently offloaded to risk managers, security officers and fraud advisors outside the primary process?
Don’t get me wrong: we desperately need these experts, today more than ever! However, just as we would do not rely exclusively on the finance department to be profitable, we cannot expect the risk-, security, or fraud department to, by themselves, keep our customers’ data and money safe, especially not from within the ‘second line’. How then do we close this gap?
It starts with an integrated, customer centric view. At Innopay we use a three-tiered approach called “360-degrees fraud management” which consists of a comprehensive set of tools enabling organisations to come to grips with the wicked-problem that fraud is. Below you will find a primer.
Tier 1: Mission control
It is important to define clear roles and responsibilities that are as integrated with ‘regular’ governance as possible to avoid unnecessary cost and preserve organisational agility.
Proper orchestration will allow the organisation to take action when a new M.O. (modus operandi or specific fraud pattern) emerges, before fraudsters get a chance to ramp-up and/or branch-out their operation. It will also help the organisation identify consolidation opportunities for fraud measures, which is important given the ongoing commoditization of available solutions.
Tier 2: Customer journey
The customer journey is at the heart of the approach, because ultimately this is what the organisation is all about: providing convenient, secure and cost effective service to their customers. It is paramount that we strike the right balance and make sure that the most convenient options are secure. There is nothing like a burdensome security measure to make customers look for easier, and often less secure alternatives, sometimes at the competition.
Customer authentication (during login and transaction signing) and fraud detection are the key ingredients of this defence layer. Today we see new technologies being implemented such as mobile centric authentication, fingerprint-, behavioural- and voice recognition resulting in an easier and truly omnichannel customer experience if and when properly designed.
Tier 3: Knowledge position
Last but certainly not least is the knowledge position of the organisation which is essential in taking well informed decisions and action. Many organisations are exchanging fraud intelligence, both quid-pro-quo and commercially. This intelligence ranges from stolen credentials (e.g. usernames, passwords) retrieved from underground forums, to suspicious IP addresses, skimmed cards and sometimes even alerts from risk engines.
Not only should knowledge be shared with peers. It is also important we do not shun our customers out of fear of spooking them. As a result of high profile fraud incidents and security breaches, customers are much more aware of potential risks. We should acknowledge their concern by providing them with actionable information.
When applied the right way, knowledge can be a true multiplier of defence effectiveness.
Putting it all together: a 360-degree approach to business driven defence-in-depth fraud management
To meet customer expectations in a secure manner, organisations make fraud management a natural part of the design, continuous development and management of their customer journeys. This takes tools and methods that business owners feel comfortable applying and is exactly where the 360-degrees approach can help.
When asked: “why is fraud managed driven from within the business” at Innopay we reply: “because that’s where the solutions are”!
Hugo Löwinger brings over a decade of experience in business driven fraud and authentication strategy at large financial institutions. Hugo leads the digital identity practice at Innopay and previously fulfilled positions at among others ING Bank and Capgemini Consulting.