Sharing lightens the fraud burden for FIs
Financial institutions (FIs) are focused on delivering a smooth customer experience (CX) that enables legitimate users to interact quickly, yet securely. According to a recent Aite Group survey, a worrying 42% of FI executives think their authentication processes are effective on this front. However, greater security and reduced effort/friction are possible if FIs share fraudster data with their solution vendor. This enables them, in turn, to track, mitigate and reduce attacks across the entire industry.
Aite Group survey shows ATO top concern
The biggest fraud pain point for FIs is tackling account takeover (ATO) on the retail level, according to a survey of executives conducted by Aite Group. Card-not-present fraud was lower down on the priority list (Figure 1).
With ATO, fraud staff focus first on pushing the fraudster out of their systems, then on mitigating the damage these fraudsters have already done with stolen accounts. However, it is possible to take the fight back to the fraudsters. For example, Nuance Communications enabled clients to share data captured by its biometrics solution to work with law enforcement and prosecute over 50 criminals.
“This is vitally important, because these criminals will continue to commit fraud as long as they are free to do so,” says Shirley Inscoe, senior analyst in the fraud and AML practice at Aite Group.
FIs ready to use biometrics and behavioral biometrics
A majority of FI fraud professionals believe that voice and behavorial biometrics effectively mitigate financial crime, according to a survey by Aite (see Figure 2). The problem is convincing businesses to share fraudster data with each other – not convincing fraud teams that biometrics solution works. When surveyed, 76% of fraud fighting professionals said voice, facial and fingerprint biometrics and 83% said behavioral biometrics are effective in mitigating financial crime (see Figure 2). In particular, a full one-third said biometrics are extremely effective at doing so.
“I have spoken to executives in contact centers who used hot files to identify incoming calls from fraudsters who stated that the bulk of their fraud came from a small number of fraudsters, calling repetitively,” says Inscoe. “Once the fraudsters realized the financial institution was on to them, they stopped calling and turned their efforts toward other unprotected organizations.”
The key is using biometric identifiers to both prevent attacks but also to locate the perpetrators’ own legitimate accounts. This way, you bring the fight home to the fraudsters.
Fight fraud better with pooled data
What has been lacking from many FIs is the commitment to share their fraudster data with their fraud prevention vendors and/or wider fraud consortiums. There are a number of organizations this applies to, each in their own way. No clear figures exist for how many FIs participate in data sharing to fight back against fraud but the problem is noted by industry analysts.
“At many banks, over time, the emphasis shifted from investigators getting criminals prosecuted to recovering funds – wherever the stolen money may have been moved to in the world,” according to Inscoe.
However, the desire to mitigate and recover financial losses does not mean FIs must fight fraud alone as a single company. To prevent fraud effectively FIs should pool the data they pick-up when dealing with confirmed fraudsters to share with others in the industry. Some vendors do this by circulating watchlists for specific data like voice prints or email addresses.
Other vendors enable their clients to upload data and metadata from case files using a two-way application programming interface (API). This turns clients into active partners in helping broaden the effectiveness of fraud prevention solutions. It’s a little extra work, but it ensures all users get more bang for their buck.
Law enforcement is a partner
When it comes to actually capturing the bad guys, the private sector can reach out and partner with the public sector as well.
“Investigators from different financial institutions impacted by the same fraudsters can work together to present a very strong body of evidence to law enforcement,” says Inscoe.
Previously, law enforcement also put a high threshold on what level of financial crime it was willing to investigate and prosecute. However, with better and easier biometric data captured by financial institutions it is now easier to present cases to law enforcement.
The FBI itself has a long history of using biometrics to catch criminals going back to the fingerprint. Since 2000, it has maintained what is today called the Internet Crime Complaint Center (IC3), which coordinates complaints about fraudulent activity. It develops leads and distributes them to the relevant law enforcement agency at every level, from local to international. On the European front, the European Cybercrime Centre (EC3) does something similar.
“Law enforcement agencies will help prosecute criminals when bankers supply strong evidence and losses are high or there is evidence of multiple crimes by the same individuals,” says Inscoe.
Upgrade your defense
Being the weak link in fraud prevention goes together with lack of data-sharing. FIs, talk with your solution providers about how you can improve fraud prevention while also bolstering industry-wide efforts at the same time.