In the recent BankInfoSecurity Handbook, “The Faces of Fraud: Fighting Back,” Matthew Speare, senior VP of IT at M&T Bank, talks about a recent survey that highlighted cross-channel fraud, and the difficulty banks have in identifying and classifying it.
“I would have expected that the scores would be a little bit higher around multi-channel, but I think it comes down to “ignorance is bliss” in that if we can’t prove that it was multi-channel, then we think that there is not that much [multi-channel fraud] to be spending resources and effort around it. Because we just don’t have mechanisms in place to be able to detect that.”
In the same vein, Mike Urban, senior director & fraud chief, Fraud Product Management at FICO, added:
“And a reason for this is probably the way the financial institutions categorize the fraud and assign it to a bucket or a silo rather than tracking the actual MO (modus operandi) of the crime… Defining and categorizing your fraud losses and criminal MOs, again that is kind of crossing the silos because the criminals are going to be hitting more than a single channel element when the fraud comes through, and then being able to understand where the actual breach, if you will, took place versus where the fraud wound up, or where you assigned the fraud.”
I think Matt and Mike are correct. Oftentimes, unless large institutions have the resources or are taking significant losses, they don’t always complete the due diligence that’s needed to pinpoint where the fraud actually occurred. As a result, much of what is being reported today as card-not-present (CNP) fraud or counterfeit fraud loss would show the crime was perpetuated by gaining access to the customers’ records through an inbound telephone call to the call center. Until banks increase their analytics across customer-facing channels and develop a more comprehensive, layered authentication strategy, they will continue to suffer losses.
More importantly, and a component that I believe many financial institutions continue to overlook, is reputational damage. Matt describes the damaging effects that can happen when customers lose trust and confidence in the financial institution’s ability to protect their data.
“By having large amounts of fraud within your organization, or to be honest, fraud that just makes it to the public light and hits the media, can be devastating to a financial institution. Because [trust] is something that is very difficult to repair once it is lost. There have been varying surveys over time that have shown that when you notify customers that there has been a potential breach of their account, up to 20% of those customers walk away from the relationship forever. All of us in the banking industry are faced with the declining numbers of accounts… and the transactional-type activity that we as an organization make money off of has been slowly declining over the last two years. Getting another loss of 20% more accounts because of loss of reputation could actually bring a financial institution to its knees. So, there certainly has to be just as much attention paid to the overall appearance and brand reputation protection as there is just the dollars and cents themselves.”
He goes on to present a scenario that no organization wants to find itself in.
“From a reputation standpoint, you don’t want to be the topic of conversation at a local business breakfast meeting where a customer has lost a significant amount of money from their account at your institution and is complaining about it.”
Cross-channel fraud is fueled by social engineering over the telephone. Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their banker’s ability to protect their money and personal information. Protecting and safeguarding their customers’ money and data is core to developing and maintaining trust.
TrustID enables banks and financial institutions to undetectably validate the calling party number to reduce their risk of more sophisticated cross channel fraud schemes, ultimately improving the overall customer experience and ensuring the safety of their customers’ money and personal information.
