Walking the Line Between Detection and User Experience in Application Fraud Mitigation

Walking the Line Between Detection and User Experience in Application Fraud Mitigation

Walking the Line Between Detection and User Experience in Application Fraud Mitigation

Julie Conroy

Julie Conroy

As research director of Aite Group's Retail Banking & Payments practice, Julie Conroy covers fraud, data security and anti-money laundering issues.

More Info

Time is money when it comes to financial crime mitigation. Organized crime rings, fueled with the more than 13 billion records that have been lost or stolen since 2013, are systematically targeting financial services firms with sophisticated application fraud attacks in an effort to obtain new accounts using stolen or synthetic identities. The trajectory of these attacks continues to increase, since there is very little in the way of adverse consequences (i.e., jail time).

A key challenge for fraud executives is that even as the threat environment continues to escalate, issuers are under intense competitive pressure to make the banking experience easy and frictionless. In the face of this seemingly contradictory set of mandates, many issuers are looking for better solutions to help with identity verification at the time of origination.

Application fraud's impact

Application fraud manifests in a variety of ways:

  • Identity theft, where the attacker is using the full identity of the victim;
  • Synthetic identity fraud, where fraudsters either create a new identity from scratch or compile bits and pieces of stolen data to establish a new identity;
  • First-party fraud, in which fraudsters initiate relationships with financial institutions using their own identity and have no intention to repay the credit line.

The combined impact of these attacks will mean more than $2.7 billion in U.S. credit card and demand deposit account (DDA) fraud losses through 2020 (See Figure 1).

A chart showing the U.S. Application Fraud Losses through 2020

At the same time that the threat environment is sharply escalating, the pressure to reduce friction in the customer experience is growing. Consumers' expectations are increasingly shaped by the experiences provided by digital-first brands like Apple, Lyft and Amazon. Issuers are under pressure to provide similarly friction-free and elegant interactions. The importance of ease of use starts at onboarding — issuers still see high levels of attrition with digital channel onboarding when prospective customers are tripped up by hurdles in the process.

The importance of customer experience is borne out by the data in Figure 2. When asked about key business case drivers for new account risk assessment tools, 88 percent of the fraud executives surveyed indicate that improving the customer onboarding experience is a key business case driver. While fraud detection and Know Your Customer (KYC) compliance are also very important for 64 percent of respondents, customer experience obviously carries more weight for the majority of those surveyed.

A chart showing Factors Driving Investments

How technology can help

A variety of technologies are available to issuers to help assess the risk associated with new and returning customers, as seen in Figure 3. The challenge for issuers is knitting these solutions together in the optimal manner to balance fraud detection with the customer experience. The challenge is compounded by the fact that fraud, customer preferences, regulation and technology are all continually evolving, which requires an equally dynamic approach to detection. A case in point: Many U.S. issuers have incorporated queries to the aggregators of data from mobile network operators over the past couple of years. This has added valuable insight into the risk associated with the mobile device, and by extension, its owner. AT&T abruptly pulled its data from these aggregators in Q1 2019, leaving many issuers scrambling to fill the hole that this introduced into their fraud routines and analytics.

A chart showing Detection and Authentication Methods

A more nimble approach

Over the past couple of years, the concept of a fraud hub has emerged to help address these challenges. While the concept manifests in a few different ways, some key attributes include:

  • One API: The issuer only has to code to one API one time, enabling issuers to evolve their fraud and authentication strategies without the need to tap into IT resources.
  • Single contract: Some fraud hub vendors also maintain the contractual relationships with myriad vendors available on the hub. This alleviates the overhead associated with internal vendor risk-management processes, as well as reducing the ongoing vendor-management burden.
  • Policy and scoring engine: The fraud hub typically includes a risk engine that can ingest and combine alerts from multiple solutions. It also provides a policy manager that enables the issuer to orchestrate next steps based on the risk scores from the various inputs.

As the pace and sophistication of fraud and cyberattacks continues to grow, FIs and merchants need to find ways to more nimbly evolve their defenses. Here are a few keys to success:

  • Find ways to be more agile: The threat landscape is simply moving too fast for organizations to be constrained by clunky internal processes. Issuers need to look to technology solutions that can help them rapidly evolve their fraud strategies without having to work through 12- to 24-month implementation cycles.
  • Look for the win-win: Some forms of authentication are not only more secure but can also contribute to a better customer experience. For example, mobile document capture can not only help authenticate the applicant’s identity credentials, and can also be used to prefill the application form.
  • Ensure solutions work together holistically and are not additive: While a layered approach is key to success in digital channel fraud mitigation, the solutions must be brought together so that the alerts can be evaluated in a holistic manner. Otherwise, the multiple solutions lead to a compounding of alerts, potentially impeding the user experience and adding to the manual review burden.
The statements and opinions of the writer do not necessarily reflect those of TSYS.

Other Articles by Julie

Julie Conroy

As research director of Aite Group’s Retail Banking & Payments practice, Julie Conroy covers fraud, data security and anti-money laundering issues. She has more than a decade of hands-on product management experience working with financial institutions, payments processors and risk management companies, including a number of years leading the product team at Early Warning Services. Julie is often quoted in numerous media outlets, including The Wall Street Journal, U.S. News and World Report, American Banker, and the New York Times. Julie is fluent in Spanish and holds an M.A. in International Policy from the Monterey Institute of International Studies and a B.A. in Business Administration from the Michigan State University Honors College.

Share this story via email or social networks