Thinking Beyond the Guidance
By Christopher Robert
It’s easy to marvel at the conveniences that technology has afforded the experience of banking. Online banking, financial management tools, bill pay, person-to-person payments, account opening and transfers, and even image-enabled ATMs – the list goes on. No one would argue that these advancements have dramatically simplified our lives, but many would agree that they are a blessing and a curse when considering the doors they open for fraud. As banking evolves and shifts more from the branch experience into the online channel, so does the focus of fraudsters. After all, if bank customers no longer need to go to the branch to complete most transactions, fraudsters can access everything without leaving the comforts of home, too.
The focus of fraud today is customer information. Account takeovers are a primary fear for most banks, and a fraudster’s pot of gold. The consequences of this type of fraud can be detrimental to customers and sever a bank’s good reputation in the community. The fear of this fraud was the catalyst for the recent FFIEC updates.
Prior to January’s FFIEC Authentication Guidance deadline, banks nationwide spent months assessing risks, devising plans, and investing in enhanced, layered online security methods to protect consumers and businesses from fraud threats originating in the online channel. For many banks, adopting layered security meant investing in multiple solutions from multiple vendors. While great efforts are being made to create a greater peace-of-mind regarding fraud originating on the online channel, the fact is many banks remain vulnerable to fraud in other areas of their operations such as their mobile and ATM channels. They lack a concise way to monitor and correlate fraud across multiple touch points.
Cross-channel fraud remains an elusive threat to many banks nationwide, and security and compliance experts continue to remind banks about the importance of safeguarding customer and bank assets at every susceptible channel. For banks to help ensure customer confidence and secure the integrity of online banking security, they must think beyond the FFIEC regulations and invest in long-term solutions that address cross-channel fraud.
What’s at stake if banks don’t take cross-channel fraud seriously? Financial losses are the obvious answer, and it is safe to say that everyone is well aware of the hard losses. But it’s more difficult to pin an actual number to the soft losses, such as the damage to banks’ reputations, although numerous studies have analyzed them and discovered that they can have a significant impact. Reports consistently show that when a customer falls victim to fraud, the chances of the customer leaving the bank where the fraud occurred increase exponentially. Considering 20 percent of a business’ customers typically make up 100 percent of its revenue, banks certainly wouldn’t want fraud touching that top 20 percent.
Banks can reduce the risks associated with cross-channel fraud with the following tips.
Know your threats – Despite the common stereotype, criminals are no longer shady characters nestled in clandestine hideaways. Today’s fraudsters are college educated businessmen who have access to advanced technology that is capable of manipulating and altering information more easily and tactically. Account takeovers have become all-too-common because such criminals have access to several facets of a customer’s account such as on-us, ACH, ATM, debit, and wire transactions – and they stand to benefit from fraud using each pot of gold in the end.
Know your customers – To thwart fraud at the most susceptible sources, banks must develop a comprehensive understanding of their customers’ accounts and behavior in order to ensure each vulnerable channel has appropriate fraud prevention measures and technology in place to protect it. Technology that trends behavior and then flags deviations offers strong analytics that can help prevent assaults before any damage is done.
Trust integrated fraud technology –
Banks that use multiple fraud prevention products from a variety of vendors often find it difficult to detect and prevent cross-channel fraud. Smaller banks are better positioned to implement an enterprise transaction monitoring plan and technology, because they typically operate with more core integration and less vendors, which makes the fraud waters less muddy and prevention a bit easier.
Education – At the end of the day, education still reigns as the number one preventative measure a bank can take. Fraud is a moving target and requires continuous education for bank employees, and more importantly, customers.
In the wake of the new FFIEC guidance and with all the media surrounding commercial account take-overs, it’s safe to say that consumers are paying attention. If your customers aren’t asking what you’re doing to protect them yet, they will be soon. This presents a perfect opportunity to bring your fraud prevention efforts to light and position your bank as a thought-leader and proactive protector of customer information. Should your bank fall victim to fraud, it’s important to address the event immediately and attempt to turn the negative to a positive. A phone call to an important customer in the wake of a fraud scheme can earn your bank customers for life – and the power of word-of-mouth could potentially help you win that customer’s closest friends as customers as well.
With the enhanced FFIEC guidance deadline behind us, now is the time for banks to develop their forward-looking focus on enterprise fraud and secure the growing number of available banking channels. Meeting the guidance doesn’t necessarily solidify comprehensive fraud protection. Banks need to assess their enterprise fraud and legacy core systems, and consider the technology investments required to best position them for a future of fraud-free banking.
Christopher Robert is a risk specialist for Jack Henry Banking, a division of Jack Henry & Associates.