I was taking a walk and enjoying the beautiful fall day here in the US. As I walked, I watched the various colors of the leaves as they fell from the trees and thought about the changing of the seasons and what that might mean for different people. For me, I think about making sure my colder season clothes are more accessible in my closet. That idea made me think that this might be a good opportunity for organizations to think about the regulatory “change of season” and how that may affect the way they fight fraud.
We are living in a different world today and many of the technologies and techniques for making your business secure from fraud are probably in need of a refresh. With new and updated regulations putting pressure on your existing processes and resources, why not use this new regulatory season as a time to not just make the regulators happy, but also as a time to invest in technologies and innovative approaches that can help you save money, create efficiencies and make your business more profitable.
A season for rejuvenation
For example, fraudsters aren’t resting; rarely using the same techniques of last year or even last month. They are constantly evolving and looking for ways to take advantage of the vulnerabilities that exist within your organization. Fraudsters understand the difficulty that many of you face in integrating data and information about your customers.
This inability to get the true understanding of customer behavior across the financial institution causes many banks to lose hundreds of millions of dollars each year in malicious fraud attacks. Financial Intelligence Units in all countries struggle to analyze suspicious activity across channels, customers, accounts, devices and merchants and see where one activity could possibly be related to another activity or incident that has been flagged or alerted.
Fraudulent activity is worsening and the lack of visibility poses tremendous risk for the financial institution and for its customers and is one of the key reasons the FFIEC issued a supplement to the 2005 Authentication in an Internet Banking Environment.
Here are a couple of highlights from the supplement that stood out for me in terms of how our technologies can help:
“Updated risk assessments should consider, but not be limited to, the following factors:
- Changes in the internal and external threat environment, including those discussed in the Appendix to this Supplement;
- Changes in the customer base adopting electronic banking;
- Changes in the customer functionality offered through electronic banking; and
- Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry.”
Change, change, change
Notice that all of these require looking for “changes” in behavior, whether this is changes to the environment in the way fraudsters operate, changes in the customer, or changes in the amount of risk exposed. The point is that there must be a system and process in place that can constantly monitor and detect these changes based on previous baseline behavior.
I also noted from this supplement the following statement, “fraud detection and monitoring systems that include consideration of customer history and behavior and enable a timely and effective institution response.” The ability to have the data and information about the full customer history and ongoing behavior is critical to understanding – and more important – preventing an attack that could have taken place without prior knowledge of a normal pattern of behavior. This is where data consolidation, analytics and real-time transaction monitoring capability play a critical role in fraud loss prevention.
One final note
I will close with a final quote from the guidelines that I think reflects well the research from prior cases and how organizations can improve their processes.
“Based upon the incidents the Agencies have reviewed, manual or automated transaction monitoring or anomaly detection and response could have prevented many of the frauds since the ACH/wire transfers being originated by the fraudsters were anomalous when compared with the customer’s established patterns of behavior.”
Many of the cases I have read about all come down to not understanding the “established patterns of behavior”. What better time than now to tackle a new season of fraud prevention by revisiting and modernizing old, broken systems and processes to better enable your fight against fraud. Read more about implementing a modern enterprise fraud prevention system by downloading this whitepaper. Please feel free to ask me questions.