Fighting bank fraud and improving the customer experience: Can they work together?
Bank customers increasingly expect – and demand – a great customer experience. Banks have entire departments now focusing on "CX". Meanwhile, the financial crime department is focused on compliance, loss avoidance and preserving the bank's reputation. Yet both are based on knowing the customer – can they work together?
Forrester Research says we are in the Age of the Customer. We have become used to the personalised service we get from retailers like Amazon.com. Now we expect to be able to choose the time, place and channel we use to interact with our bank too.
But the convenience of digital banking hasn't just helped customers. Unfortunately, fraudsters have adopted the new channels just as fast as we have.
According to The Nilson Report, for 2015 through 2020, card fraud alone worldwide is expected to total US$183.29 billion. In 2020, global card fraud will exceed $35.54 billion. In Asia-Pacific, Card Not Present (CNP) fraud - meaning fraud carried out over digital or phone channels - accounted for more than 70% of all fraud losses last year due to rapid growth in CNP sales. Asia-Pacific saw a higher increase in fraud losses last year than the U.S., even though merchants in the region are far more likely to decline authorisations for fear of fraud compared to U.S. merchants.
This happens in spite of the advanced security measures that banks and merchants are employing to protect customer account and identity information.
Despite advanced front line defences, data leakage still happens, sometimes because data control processes in the bank or a partner fail, but more often it is due to human error and "social engineering" - where a fraudster persuades a victim to hand over information or unwittingly enact fraud. For example, a fraudster may call a bank customer and pretend to be a bank officer or even police officer and ask the victim to transfer funds to a specified account to avoid legal action.
So if the fraudsters manage to bypass the front line, we need a final line of defence - the ability to spot activity that doesn't look right. Most banks use software systems that look for suspicious patterns of behaviour in customer transactions.
Unfortunately this is where the customer experience can go awry.
For example, have you received a call from your bank late at night asking if you just carried out a card or Internet transaction? And when you said "no", what happened then? Sadly, it is usually a nightmare of blocked accounts, form filling and more phone calls, delays while waiting for a new card, then more forms to change standing orders. And this is where you hear the most often-said words: "Sorry but this is for your own protection."
The problem is that most fraud detection systems to date have been ineffective in various ways: they flag suspicious activity after the event (near real time) and so don't stop the fraud; they use ineffective algorithms so don't detect all frauds, yet generate many false alerts which can result in wrongly declined transactions; most banks block entire accounts or cards, not just the suspicious transactions.
Some systems do operate in real-time – but these have been expensive and difficult to set up and maintain in order to keep up to date, as the fraudsters have learned to regularly change their patterns. So banks have had to trade this off against the value of fraud losses, which means only the bigger banks have been able to afford to invest in it. Until now, customer experience has rarely been a consideration.
Thankfully, there is a new generation of software technology that takes advantage of artificial intelligence and machine learning to be much easier to install and maintain. This software works by maintaining detailed behavioural profiles of customers, accounts, ATMs, point-of-sale devices and network devices that make up the web of the total banking environment.
Using these profiles, called Smart Agents, together with artificial intelligence technologies and predictive analytics, the new systems rapidly learn new fraud patterns and can detect suspicious activity within milliseconds – soon enough to stop or suspend a suspicious transaction before it is processed. And that's been a major positive change to the customer experience.
So the next time I get a call from the bank I hope it will be: "We have just suspended a suspicious transaction on your account – can you confirm whether this is your transaction?" – "No it is not my transaction" – "OK, we have declined it." Both the merchant and I will feel grateful.
But the potential for improving the customer experience through analytics is far more than simply making fraud protection less intrusive. Just imagine, the bank now knows me better, how can it harness this insight?
The same analytic technology that helps the bank detect trends in my account behaviour to give early warning of unusual activity on my account, can be used to provide better product recommendations – ones that are relevant to me, which again provides a better customer experience as I feel the bank knows me. For example, I obviously don't want to be offered a product I already have. But if my bank knows I have just signed up for a new credit card and bought a plane ticket, it would be reasonable for them to offer me travel insurance and so on.
So – the war on fraud is not going to go away, it is a war of attrition, a guerrilla war fought on multiple fronts and multiple levels. But we do have better tools now that allow us to say: "Yes, fraud prevention and a great customer experience are compatible".
Ian Selbie has helped numerous clients in the Asia Pacific region to re-engineer and automate their systems and processes through the strategic and innovative use of technology. He is responsible for Unisys Financial Industry solutions in Asia Pacific and has worked with several large regional banks in Asia to develop and deploy their strategies and to implement advanced solutions for customer-facing applications and the detection and prevention of Financial Crime.
Follow Unisys on twitter @unisysAPAC or contact them on UnisysAPAC@unisys.com