Our Fraud Experts’ Answers to Fraud Pros’ Biggest Questions
Last week, Brian Russell, Sowmya Saiprasad, and Nash Ali led our Seasonal Fraud Forecasting webinar and broke down the details behind the trends dominating fraud today. These three experts dove into the fast-paced attacks causing headaches for businesses, fraudsters’ seasonal patterns, and the sophisticated attacks on the horizon (you can watch the full replay here).
At the end of the webinar, Brian, Sowmya, and Nash also took time to answer our attendees’ questions, which covered topics from digital IDs to regulatory changes. Here are the questions that sparked the biggest discussions, and a summary of their collective answers:
Q: How do you find the right balance between growing your business and preventing fraud?
A: It’ll always depend on a variety of factors—business type, market, customer base, etc.—but the most important thing is to have a consistent set of standards in place that prioritize security. When a new user comes in, it’s critical that they go through the same well-tested set of checks that everyone else is. You can’t sacrifice this because you can’t risk letting fraudsters into your platform; if they get in, they’ll start testing your defenses and looking for weak points, potentially opening the door for larger and more catastrophic attack.
Once the right fraud mitigation tools are in place, you can focus on growth by collaborating with other teams in your business. Each team has different goals, and pursuing each of these goals without coordinating can result in messy, inconsistent experiences for customers—even if goals are met, alienating customers will have major long-term negative effects. Start by laying out what each team is responsible for and how you’ll work with each other, and build a plan from there.
Q: We talk a lot about eliminating friction in our systems for customers, but not a lot about the friction that occurs when a customer becomes a fraud victim. How does friction from fraud impact customers?
A: Fraud is friction, and it’s arguably more harmful than the onboarding or transaction check friction we usually talk about. When a customer’s account is compromised and a fraudulent transaction is made, the recovery process is often long, requires an immense amount of evidence to prove that fraud occurred, and can even force victims to find an external communication route with the business as they no longer have access to their account. This is a lot more strenuous than submitting a selfie to create an account or entering a MFA code to log in.
It’s not only frustrating for customers, but bad for businesses as well. The immediate bottom-line impacts of successful fraud attacks are well-documented, but the long-term effects are also harmful. Once a consumer gets pulled down the long, winding road of an account or fund recovery, there’s really no turning back, and it’s very likely that this experience will turn the customer away from the business for good—fraud victims are more likely to leave their bank in the six months following their attack compared to the average customer. The one-two punch of fraud recovery costs and losing customers makes early detection that much more valuable.
That’s another reason why security needs to come first. Streamlined onboarding or login is important, but the harm can be huge if you don’t have the right tools in place.
Q: It’s clear that digital IDs are the future. What’s the outlook for creating secure, accessible digital IDs in the U.S.?
A. Like a lot of other things on the digital identity front, the U.S. can follow the lead of other countries. The EU is piloting digital identity wallets for every EU citizen, citing inconsistent identity access across borders as a driving force. They’ve laid out robust plans for “highly secure” digital identities. With ID laws and issuing left to the states in the U.S., we’ll likely need the federal government to support digital IDs in the same way the EU has. That will be the biggest hurdle to ensuring U.S. digital IDs are usable across state lines and safeguarded everywhere.
We’d love to see the digital IDs embraced quickly by the federal government, but states will likely end up being the catalyst for adoption. Most states are still focused on physical IDs rather than digital ones, but as younger generations push for more digital options, we’ll hopefully see more investments in the space (it’s already begun, with over a dozen states planning mobile drivers license pilots). Essentially, it will all flow upstream: once digital IDs become a priority for consumers, we should see more investments from the states, and ultimately more attention from the federal level.
Q: How can the Financial Crimes Enforcement Network (FinCEN) update its KYC regulations to meet the needs of digital banking channels?
A: The biggest step, and something we’re missing right now, is a solid definition for KYC. On KYC, there are so many varying definitions of it and what goes into it. As a result, FinCEN has played it very cautiously to not lean too far into one business’s definition and potentially allow another business to skirt regulations. Until that definition is set, it’ll be hard to make any meaningful updates.
Once we cross that first barrier, though, we can get to work on building a baseline for digital identity, with FinCEN overseeing its creation and security. That involves global banks agreeing on a set of basic digital identifiers that are needed for verifying an identity—likely names, SSNs, and the like. That can be the first tier of the global digital identity pyramid. As customers come into banks who require additional information, those banks can add that data to the secure identity database, attaching it to the customer for future use. There is also more nuanced data, like behavioral signatures, than can be used.
These questions were just a snapshot of the topics our experts covered in our webinar. To learn more about Brian, Sowmya, and Nash’s takes on these topics and other fraud trends, watch the full replay, or check out our Emerging Trends in Fraud series for an in-depth analyses of evolving bots, seasonal fraud attacks, and more.