In the last 25 or 30 years, the banking industry has approached fraud in a reactive manner. Every time a new problem arises, somebody builds a product or establishes a policy or procedure to address that problem. As a result, banks are operating with a patchwork of systems and tools. In the payments arena alone, a bank could easily have a dozen software systems, procedures and reports that are being worked every day.
There may be many silo initiatives just within one group. For example, in most large banks, there are multiple fraud groups: a check fraud group, an ACH fraud group, a wire fraud group, a credit card group, and so on. The industry is only now asking whether these groups should be talking to each other. Big organizations have been challenged by politics and culture, so it has been very difficult to break down the walls of the silos.
The resulting cross-channel view is critical, says Dan Barta, Financial Crimes Practice at SAS. “Banks are monitoring transactions and account activity but not thinking about how accounts might be related within their own portfolio of customers, let alone how fraudsters operate across multiple financial institutions. As an industry, we’re just now thinking about how to monitor and detect fraud across the entire relationship.
“Many times what you see is the activity in any one channel isn’t that dramatic, but when you look at the total relationship and the total activity, suddenly you start thinking, ‘Hmmm, maybe I should start looking at this customer a little bit closer.’”
Too little, too late
The fraud detection systems in place today typically provide reactive, after-the-fact analysis of questionable transactions – an approach that comes too late to give any real protection from loss. Few systems block transactions at point-of-service.
“The credit card business has always been very good at real-time monitoring and decision-making, but very few of the other payment methods are done in real time,” said Barta. “More and more banks want to move all their monitoring as close to real time as possible.”
Ineffective systems = ineffective investigations
The cumulative effect of all these system limitations is that investigators are not getting the full picture of a customer and the issues. Because there’s no central repository for case management, an investigator in the credit card investigations department might not realize that there’s a case on that same person over in another department.
On the alert management side, people are working the alerts and trying to determine whether there’s fraud. They are getting more and more alerts, and more and more of them ultimately don’t turn out to be fraud. On the post-fraud side, investigators are seeing more and more fraud cases that the monitoring systems have missed, so they’re having to work more cases. It’s lose-lose.
Where independent, product-centric, transaction monitoring systems fall short, a layered approach to fraud detection and management can be quite effective. For more insight on holistically stopping fraud, read A Layered Approach to Fraud Detection and Prevention: Increasing investigator efficiency using network analytics.