Fraud Countdown – ‘Tis the season
As a certified card-carrying member of the ACFE, and this being their “Fraud Awareness Week”, it’s clear that more people than ever are becoming aware of the impact of data breaches and the resulting fraud. But what about the rest of the fraud types: internal fraud, account takeover, elder abuse and even the old generic scam?
We have a unique opportunity here, in this season, to be able to compel our customers (consumers) to take action and be mindful of their role in the fight against fraud. And they are engaged. In a recent Aite/ACI survey, 77% of customers want to be engaged, and responsive to a fraud alert from their banks. Even better, bank customers frequently trust their banks to do the right thing respectful of fraud management, as does the U.S. President (as noted in my last blog post). So great, we will find new and innovative ways to deliver risk-based contact strategies to consumers, and we’re doing great at that. So are the bad guys, and this is the current problem I have.
Consider this. How many times were you phished last week? A dozen? Two? Here’s my inventory: I had at least three vishes; multiple phone calls to gain remote access to my computer and the regular “you won a cruise” silliness. I have a half dozen phishing emails; some were quite spectacular…Twitter-bait, Facebook-bait, shipping-bait, even a new one impersonating my favorite Sunday paper subscription. All day long I find various other forms of click-bait all over the internet. A look in my junk mail file shows another six items waiting for my unfortunate navigation. I had one SMSish (SMS phish) when I woke up this morning claiming to be from the phone company. Last week, I got a very distressing phone call from someone who claimed they received a photo from my number regarding a recently deceased relative, seeking to fleece me.
Really sick stuff is out there, and as a guy who is focused on security and fraud, I wonder how much of it is spear phishing and how much is just the generic spam. Nevertheless, they will try everything, and stopping them is unfortunately out of the question. The problem is a modern day hydra, and this cat and mouse game will continue. But let’s not throw our hands up and lose focus; we can manage our way through this. Here’s some additional perspective on the steps that ACFE offers us as their recommendations to improve fraud awareness from a corporate perspective:
- Develop a Policy. This goes beyond the regular card and normal 3rd person financial crimes that are usually discussed in this blog. This puts ownership for all financial irregularities and sets a framework in place, setting up the business to understand responsibilities and accountability. Yes, it is that simple, and the ACFE even offers a basic template; but I wonder how many actually can find their institution’s fraud policy if they are up to the task? Pro tip: Check with the Internal Audit team, they’ll be pleased you did.
- Perform a Fraud Check-up: Popularly known as a risk review, this is a practice that is performed annually in the AML space, and naturally we should do it in the fraud space, to be sure that our plans are effective and controls are maintained. This operational review, with testing, is a great way to prepare for the busy holiday fraud-spending season (so, this has already been done, right?). If this is something you may have not done, allow me to offer my services as a CFE, and the scorecard again is provided by the Association in template form.
- Establish an Anti-Fraud hotline: Where should your customers/employees/3rd parties call when there is a fraud event? How should this be monitored and/or conducted as a service? Are there 3rd parties who can accommodate this, anonymously and in alignment with your fraud policy and incident plan? Why, yes.
- Last, use your anti-fraud resources (e.g. transaction monitoring, behavioral profiling, layered fraud protection, etc).
So how does the phishing bit from before tie into all of this? Well, it serves us as an example for what we are constantly bombarded with, at all levels really, and that we do need to have well concerted defense strategies to manage an increasingly cross-channel sophisticated fraudster. Internal fraud and account takeover frequently start with the simple phish. With the recommended policies and necessary preventative and detective-tested control structures in place, on the front and back end, we know we’ve got the layers that are ready to manage the risk even if eventually a customer does take the bait.
I always suggest to clients (and other interested parties) the following consumer awareness tips:
- Always tell your customers—through multiple channels—what the methods of contact will be, from what channel (i.e. mobile alert, phone call, e-mail, other) as well as what will (and will not) be asked of them! This simple method of clarification has helped many of my clients navigate their way through phishing events and minimize losses.
- Be up front and transparent with the issues that are affecting their customer experience.
- Customers are your first line of defense, so arming them with the expectations you have for their behavior, respective to your policies and systems, is more critical then you may initially estimate.
Related Blog Posts
How to be a Payments Trailblazer – The Seven Habits of Highly Innovative Organizations
The new Culture of Innovation Index from Ovum and ACI identified segments—from banks to intermediaries to merchants to corporates—at the cutting edge (of innovation) across the payments ecosystem. But what is most notable about those segments that have reached ‘trailblazing’ status is the apparent lack of commonality between them. No one segment, nor one region fosters better innovation. In fact, what’s driving these segments/organizations to be best of breed is their own culture of excellence. The only thing they have in common is their attitude.
Get Customers to Race Through Your Payments Funnel
No matter how good the products, how nice the website and how slick the flow, there are so many reasons why an eager prospective customer does not convert into a paying customer even after they have filled their basket. The buying decision has been made, but so often customers don’t complete the transaction.
Women in Payments: Don't Be Afraid to Ask Questions
Today, we have the pleasure of speaking with Google's head of Retail and Payments Activation for Southeast Asia, Anna Maria Maurieta. Anna works closely with retailers and e-wallet partners across the region's complex and sometimes highly-regulated market—including countries such as Indonesia, Thailand, Malaysia and Vietnam—making it easier for Google Play users to make payments on Play.
Helping Merchants Protect Themselves: Cybersecurity Tips from a Former White House CIO
In a world full of open technology, the devices that make our lives easier also leave us vulnerable to being hacked, according to Theresa Payton, former White House CIO and star of the CBS series Hunted. Payton recently joined me for an exclusive ACI cybersecurity webinar, sharing expert insights into how merchants can enable growth, enhance the customer experience and prevent greater instances of fraud.
How UPI is Driving India's Shift from Cash to Digital Payments
The Indian economy has traditionally been heavily dominated by cash, while experiencing low adoption of various online payment systems including National Electronic Funds Transfer (NEFT), Real Time Gross Settlement (RTGS) and inter-bank mobile payments. The dominance of cash is evidenced by the ratio of cash withdrawals at ATMs vs debit card usage at Point of Sale (POS)—ATM transaction volume is more than 2x greater than POS.
Transforming Telecom Companies in a Retail World
The recent MVNO World Congress in Amsterdam brought fascinating insights into the changing telecom industry, particularly around the opportunities that lie ahead for Mobile Virtual Network Operators (MVNOs) and how they can they can cement their position in today’s fast-paced climate.
Women Must Choose to Rise Up Despite Past, Current and Future Circumstances
Money20/20, Europe’s biggest payments and fintech event, was recently held in Amsterdam and featured Rise Up Money20/20, a global program designed to address the gender imbalance in leadership positions within the financial services and fintech industries. A cohort of 30 female professionals was selected to take part in an exclusive curated agenda, complete with a series of bespoke content sessions, one-to-one mentoring and unique networking opportunities.
How Italian Banks and Processors Can Capitalize on Digital Transformation
The European payments landscape is in an era of significant change thanks to PSD2 and other macro factors, but there is more than one way to deliver real-time and open payments to meet PSD2 requirements and its technical standards. Banks and processors must manage this alongside their own set of domestic challenges and opportunities.
Overcoming Cyber Threats to Payments Security
Recently, Gene Scriven, chief information security officer at ACI, spoke at NACHA Payments 2019 on the ever-changing landscape of cybersecurity. Here are a few highlights from his session, including the impacts of cybersecurity breaches, today’s emerging threats and the new strategies to keep your organization safe.
Removing Gender Bias and Enabling Women to Succeed in Leadership Roles
The recent UK Women in Payments (WIP) Symposium 2019 took place in London, recognizing unique leaders who help uplift women in the payments industry. Among those recognized was ACI’s Melissa McKendry, vice president, Retail Banking Implementation Services, who was honored by WIP as the 2019 Advocate for Women.