“The customer comes first” started out as the secret to success in business. Now it’s the secret to 21st century cybersecurity and fraud prevention, too.
The phrase always seemed more like an empty platitude, but a growing number of banks and other financial institutions now understand that optimizing convenient consumer experience with risk and safety across all their channels is a strategic differentiator.
Dealing with fraudulent transactions
Financial institutions have been on the lookout for fraudulent transactions in hopes of preventing customers from falling victim to illegal fund withdrawal since the dawn of the digital age. Things like usernames and passwords have become less of a proof of identity and ownership in a world of endless data breaches.
Cybercriminals today easily harvest all manner of personal identity credentials from the dark web as well as through social engineering schemes. They gain access to customer accounts and make transfers or payments with the legitimate customer none the wiser—at least until their next login or they encounter a declined transaction due to insufficient funds.
Automated bots increasingly spur fraudulent transactions by allowing fraud to occur at unprecedented speed and volumes. The goal for fraudsters using bot attacks is to compromise accounts and harvest stolen data, leading to ever-greater risk in new channels and services and for recently digitized and experienced digital channel companies alike.
Efforts to stop these nefarious activities have sometimes led to either a one-size fits all approach or overly aggressive policies and additional identity proofing requirements. Customers get frustrated when they need to jump through hoops to log in or complete a transaction.
The lengthy process seems especially frivolous when cybercriminals continue to find inventive new ways to bypass these same controls. Consumers do not expect a “no-friction” transaction every time. They want the incremental steps to be commensurate with the risk of the transaction (e.g., checking an account balance vs. a large balance withdrawal).
Organizations should look beyond the disruption of fraudulent financial transactions and stop viewing the consumer as a financial event or a financial risk to contain. Instead, organizations should treat the consumer at every customer interaction and not as a single touchpoint or a stand-alone transaction. Only then can organizations effectively protect consumers throughout their experience.
Data insight = Consumer satisfaction and safety
Data insight drives greater consumer satisfaction and safety. To a financial institution, both digital and physical data is often as valuable as a consumers’ financial worth – at least when it comes to visibility into fraud and how to stop it.
Criminals use information within a banking relationship to commit fraud at multiple points during the customer journey. Compromised consumer information exposes the consumer to wider risks outside of specific applications, increasing the risk for the consumer and the organization.
For instance, a fraudster could use compromised customer data to open additional accounts or new lines of credit. Fraudsters with access to online banking information can easily circumvent security questions that require information ostensibly known only to the customer. Then criminals often add their phone number to the account or use account information to re-direct the consumer’s phone calls back to them when users return bogus “security” checks by the financial institution.
The mess left behind in the fraudster’s wake entangles banks who do not employ adequate risk controls. Customers do not like that kind of breach. Neither do regulators.
Banks can benefit from risk signals that can identify this kind of fraud and stop it in its tracks.
When organizations use a combination of data and customer insights (such as pinpointing the last time a device accessed a specific account) measured against transaction risk (whether an account was accessed to change personally identifiable Information or to check a balance), it can tailor each consumer’s experience with the right risk controls.
Also critical is real-time and historical intelligence of the customer’s legitimate identity usage in other interactions on other sites or apps around the world. Organizations should shift emphasis to establishing “the good” in terms of normative devices and behaviors informed by global-scale intelligence instead of focusing on trying to ferret out “the bad.” This practice uncovers anomalies instantly. The key then is to ensure the identification of anomalies and a proactive response at every decisive moment – not just when the financial transaction is taking place.
For all of this, the other side of the equation is just as important. Recalling “the customer comes first,” this focus on protecting the customer also pays serious dividends for the institutions they do business with. Finally, the brand experience matches the brand marketing.
Cybersecurity and fraud risk controls enable significant differentiation for the brand through consumer loyalty and convenience. According to Forrester, less than 10% of organizations ever crack that code.
Institutions that use data insights to coordinate risk and fraud control strategies across channel and consumer journey silos inevitably deliver a faster, more consistent experience across the entire omni-channel spectrum.