AI helps banking salvage speed and safety in fraud fight

‎

TRANSCRIPT

Technology improvements and growing competition are pushing banking institutions toward ever faster transactions for their customers. But also growing are the number of fraudsters seeking to use the same emerging technologies to steal more money from the unwary and the unprepared.

I’m Rachel Koning Beals, senior editor at BAI. Welcome to this conversation on how the rapid advances in artificial intelligence are reframing the long-running debate on how banking institutions should balance speed and safety. That is, meeting customer expectations for quick and easy transactions while also protecting them from the myriad bad actors out there.

Joining me for the conversation are Anson Vuong, who leads the financial services practice at Cortico-X, and Hrishi Talwar, principal at TalHamm and financial fraud consultant at Cortico-X.

Anson and Hrishi, we’re happy to have you with us for this important discussion.

Anson Vuong:

Nice to be with you, Rachel. Thank you.

Hrishi Talwar:

Same here, Rachel. Thanks for having us.

Rachel Koning Beals:

Anson, I’m going to start with you. Give us a little bit of a background on Cortico-X and where you as a company fit into the fraud prevention ecosystem.

Anson Vuong:

Yeah. So Cortico-X is, the way I describe us is an experience-led transformation business. What that means, in banking specifically, is that we work with banks and credit unions specifically on complex customer journeys that have an outweighted impact on their relationship with their institutions. So, obviously, one of the key experiences that is prevalent today is fraud. It’s considered one of the top problem incidence rates that customers are having in banking in general. So we have an outsized workload related to fraud in the space as well. And where we specifically play is helping these banks and credit unions understand what we consider the end-to-end fraud experience, which tends to go above and beyond where most institutions think of it, which is mainly access points to transactions and then also, fraud prevention and fraud resolution.

And we really help in the space thinking about that above and beyond that, specifically upfront in terms of the advice and education that customers need to think about in terms of how to prevent fraud in general. But also in the experience in helping remove friction through passive signals and what Hrishi and I call “balancing the equation between fraud control and experience without adding fraud losses.” So we really play at that intersection of experience and fraud.

Rachel Koning Beals:

Our topic specifically is how AI is changing how banking institutions think about, or at least should be thinking about, that age old speed versus safety, and how they serve their customers and members with that in mind. So, just at a high level, how do you see Anson, please the AI technologies’ impact on that desire to get transactions done fast while also maximizing protection?

Anson Vuong:

Yeah. I mean, AI is a game changer. I don’t think I’m breaking any news here as a whole. Overall, I think most banks and credit unions know this intuitively that it will help scale what we consider the passive ability to gain confidence in customer’s identities. The way you might want to think about that, in other words is AI helps us cast a wider net of data signals that allow us to understand what’s suspicious versus not suspicious, what’s real versus fake.

So when we think about AI and experience in general within the fraud space, it’s really about helping these banks and credit unions think about the ability of “how do I insert friction more intentionally,” where it’s most effective to gain confidence from the customer versus today creating friction, and what we mean by friction, let’s call it essentially the customer having to authenticate themselves over and over again at every access point. So how do you maximize the ability to do that? And AI allows you to do that today in a way where it could be seamless, intentional and fully thought out versus, like I mentioned, creating that friction on every access points in the experience.

Rachel Koning Beals:

Hrishi, anything to add?

Hrishi Talwar:

Yeah. I would say a lot of key points that Anson brought up around experience and adaptive friction. But one of the key components of that also that drives AI capabilities is the data that we feed into the AI because that is what is driving that experience and driving more accurate predictions and decisions. Obviously, we hear a lot about how AI is being used. I’m sure people have heard about custom models, industry-specific models, LLMs or large language models. But really at the end of the day, the core ingredient of all these models is going to be the data that gets fed into these models.

You know that when you’re making a decision around a banking use case or scenario, the data that’s fed into these AI models has to be specific to that banking industry. It’s easier to go to ChatGPT and get your resume made out through AI. It’s really hard to use ChatGPT to make banking-based decisions on experiences and detecting fraud. So that’s why it’s a combination of the technology, it’s a combination of data that feeds the technology and then, of course, resulting in the best outcome possible around experience and detecting bad actors.

Rachel Koning Beals:

Hrishi, you definitely went there a little bit. I think banks and credit unions may still struggle with holding those vast amounts of data. They know they want to get AI involved here. Help us bridge the gap between having the data and then putting it into practice, to actually generate AI-driven insights.

Hrishi Talwar:

Yeah. Great question, Rachel. So to me, I really think that data is the core ingredient. It’s the fuel that’s going to drive a lot of these decisions, whether the decisions are around determining the experience that follows, or if the decision is around being able to accurately detect a good actor versus a bad actor. Now, banks traditionally have access to a lot of data. They have account-level data, they have transactional-level data. They can use this data effectively to drive inferences on predictive behavior of the consumer. This data can also be used to determine anomalies within the behavior that a consumer is exhibiting, which typically happens when a bad actor takes over a consumer’s identity or there is a bad actor in general trying to impersonate someone.

If the consumer is new to a bank – typically think about me opening a brand new account with a financial institution that has never interacted me before – solution providers can come in and leverage their data exchanges to introduce these inferences and insights into the decision-making process. But these AI-driven insights are not only going to help you from that initial interaction that you’re doing with the consumer around account opening, you can use these insights to also do cross-selling and upselling of additional products to that consumer. Because you’re not only predicting what the consumer is looking to do now, but that information can be used to predict future behavior, and this creates a much more meaningful interaction within the consumer and a bank and creates that stickiness in the relationship.

Rachel Koning Beals:

That’s great. Anson, anything to add on top of that?

Anson Vuong:

Yeah. I would just add that data is a big word. There’s a lot, what data, how much data? Where’s this data? My data team’s going through a data transformation, they’ve told me just to wait it’ll come for me to analyze as part of that. When Hrishi and I have worked with banks and credit news, they really have struggled defining the data requirements that they actually are looking for from the data teams to actually drive these insights. So I would argue again from an experience lens here to map the data architecture to a lens of what I would call experience architecture.

So what’s the end-to-end experience you’re looking to do? What specific fraud experiences are you looking to optimize? What does this look like from a customer’s point of view? What are those moments of truth in which they want to feel like they are safe and secure and thereby friction should be introduced, versus where they just want a seamless experience because it’s reoccurring at a place and a time in a way that’s been done ongoing and we have a unified view to that customer from a data standpoint within that specific piece. So, I think it’s really key to be able to look at this from the experience lens and say, “OK, what is the data that’s most important from a top-down view of things?” versus thinking “All this data is going to come bottom-up, and we’ll be ready for you to look at that.” You’ll be paralyzed across the data transformation for years before you ever get on this journey.

Hrishi Talwar:

Yeah.

Rachel Koning Beals:

Great perspective from both of you on that. It’s not an easy question, and I appreciate that. This fall, you both were behind an article in which you make a case for what you call an “experience-led fraud approach.” Tell us what you do mean by experience-led and how maybe that differs from current approach FIs might be using. Anson, kick us off there if you don’t mind.

Anson Vuong:

Yeah. I mean at the risk of being overly generalized here as I may be, the premise for most banks and credit unions, and I’ll use a legal analogy here, is that you’re guilty until proven innocent. And being experience-led is really saying, “Hey, the premise could be different. The premise could be instead of guilty until proven innocent, that you’re innocent until proven guilty.” So what this means is essentially is that the guilty-until-proven-innocent, traditional view of fraud has created a ton of friction in the experience today. Whether that be getting declined when you’re at the grocery store trying to do a transaction or having to reauthenticate yourself over and over again even though you’re using the same laptop within the same application at the same time doing the same transaction you’ve done over and over again on a weekly basis. So, it becomes frustrating, and this is why customers start to complain around the digital experiences that they’re having as a whole.

And these are really key, although they may not happen often, especially around getting declined and things like that, there are key moments of truth in the experience that create a really, let’s call it a high memory-loading experience for that consumer as a whole. So our big what-if is, what if instead of assuming they’re bad actors, we assume they’re good actors and we know they’re good actors because of the recurring understanding of the data and the behaviors that they’re going through. And then introduce the friction when we know there is an anomaly in that behavior and saying, “Hey, we can gain confidence with that customer by introducing that friction at this point.” So, really what this approach really pushes is what we consider really a reimagination of certain fraud experiences and journeys in a way where we think about the employee, the technical and the data architectures in a different way based on the premise that they’re good actors until proven otherwise.

Rachel Koning Beals:

Yeah. Hrishi, tell us then, where does AI fit in into that experience-led model?

Hrishi Talwar:

Sure. Yeah. I think if I go back a little bit to Anson’s response, I think the experience-led approach is super important because we are asking banks to reimagine how they looked at consumers. So Anson brought up the guilty until proven innocent flipping to innocent until proven guilty. And really what that does is that experience-led approach allows us to keep friction to a minimum during the interaction with the consumer. Now, the keyword here is “minimum.” It does not mean zero because if you put zero friction, as a consumer, I would have lack of confidence that the bank is doing enough to protect my information, my data, and we keep reading about it all day long. Every other day there’s an article about how some information has been stolen or breached.

But on the hindsight, if you create too much friction, then as a consumer, I’m going to abandon the process because I’m going to come in, I’m going to be a good actor, and you’re making me jump through hoops, and at the end of the day I’ll ask myself, “All I’m trying to do is establish a relationship with you in good intent, so why are you making me do that?” So I often tell people that an experience-led broad approach is not really an art or a science. It’s actually a combination of both. Because what you’re doing is you’re using the previous interaction, the previous behavior, and the outcomes of that behavior to drive what experience you’re going to provide on the next interaction with the consumer. And unfortunately, there’s no magic formula that you could give to an institution and say, if they do X, Y and Z to the next step, because A, the consumer’s going to act very different, B, X, Y and Z after a while become prevalent to a fraudster. So they will start trying to exploit that particular behavior to see if they can get through.

But going back to how can AI help identify or fit into this experience-led model, it’s really being able to figure out through identification and detecting the consumer that’s coming in that interaction as early on as possible, and also determining, “Do you know this consumer? Have you seen him or her before?” versus “Is this person brand new to me? And I have no idea, I’ve never interacted with them ever before.” Being able to determine if the behavior that this consumer is exhibiting, “Is this something that I have seen before as well, and do I know if that pattern has a good or a bad outcome?” Because I’m going to treat the combination of those to drive my next interaction with the consumer, as I mentioned earlier.

And then using this data to again determine what is the path of experience I want to provide. As a good consumer, I’m going to provide the most seamless experience possible, and I’m going to introduce friction only when I see something that’s unique or different. Whereas if it’s a bad actor, and I’ve identified that pretty early on in the approach, I want to introduce as much friction as possible. I want to make them do 20 different things to even get to the next page because my core intention there is to have them abandon the interaction and go away. Not to mention, if I’m making them go through hoops, what I’m doing is I’m collecting their behaviors and patterns. So should they return, I will be able to detect their intent earlier up in the funnel. And again, that’s going to drive a very different experience that I offer to them versus a good actor.

Rachel Koning Beals:

That makes sense. Just saying that it made sense to exhaust them and collect data at the same time. That really resonated. So anyway, sorry. Go ahead, Anson.

Anson Vuong:

Yeah. Sorry Rachel. I was just going to add, I think this is why AI I consider a gift to the fraud players in the industry is because in the background, Rachel, there is a push – every bank and credit union is doing towards being digital first, and getting their consumers to use digital applications more and more and more. And as they push that interaction and there’s still the same level of friction we typically have in the past, it will only create more at-bats in a negative way as part of this. Add the digital transformation part of this is the increase in the volume of data those digital applications are producing. So the ability for human beings or simple models to analyze this vast amount of data and not come out with big segments of findings versus personalized findings based on the consumer is where AI can really play a huge role and be a gift toward not having to make a pure trade-off between safety and a seamless experience. You can do both now with AI.

Rachel Koning Beals:

Yeah. You started down the path that I wanted to go on next, so thanks for that. It’s just the reality, listen, that banking institutions by design are naturally conservative, highly regulated, they’re managing people’s money, they’re risk-averse generally. AI has a mixed reputation when used in the mainstream. So what is the sell? You said so eloquently there, Anson, about AI really being a necessary tool in the toolbox against fraud. But go there a little bit again, and talk a little bit about how the conversations tend to go with banks and credit unions because sometimes they do have this defense-first mentality.

Anson Vuong:

Yeah. And a lot of times we’ll get that in these conversations and say, “Hey, I mean that sounds really good, but doesn’t this approach expose us to more potential fraud losses?” And I say back, Rachel, is that we’re not arguing not to have a defense-first mentality. You are taking a defense-first mentality, but what we’re saying is you don’t have to take a friction-first mentality with this. So what I mean by that is you can create defense passively and actively. And what we’re arguing here is with the data and the technology, you have the ability to play defense in different, diversified ways versus just the traditional person needing to chat or click multiple things to get authorized to go do something today.

So an example of, I have a digital application today where every time I log in today, I have to do two-factor authentication. It sends me something on my phone, I got to send it back. It’s really annoying. And if I close the app accidentally, I got to open it back up and do the same thing over and over again. By the way, I’m using the same IP address on the same laptop within the same location, doing the same type of transaction I’ve done over and over again. Why do I need to authenticate myself every single time? It just frustrates me as a customer as doing this.

Now, if I went on vacation suddenly to Paris and I pulled the same laptop up and wanted to do the same transaction, yeah, I want my bank to create friction as Hrishi talked about in the experience because if I was able to access that from a different country, I’d be very pretty worried that someone else could do the same thing as well. So in that scenario, yeah, I could be perceived as a bad actor. I want to be perceived as a bad actor and want to verify myself and gain confidence, but that’s not necessarily, it has to be a ubiquitous experience anymore across the board. AI allows you to play in a personalized fashion around us.

Rachel Koning Beals:

Got you. Anything to add?

Hrishi Talwar:

Yeah. I would just say, and maybe I’m echoing some of the points Anson mentioned. To completely understand, defense-first mentality is a way for banks to remain conservative. But one key thing element that we forget is in most banks, less than 5% of their customers are bad actors. What we are doing is we are treating everyone as a bad actor, which means we’re ignoring the 95%-plus of your customer base and saying, “I’m sorry, because of these people, everyone’s going to have to go through a frictionful experience. You have to prove to me you are who you say you are, a good actor, and only then I’m going to allow you to do anything with me.” This is a deterrent, in my experience, towards the brand and the loyalty, and we are seeing this now with a lot of the new banks coming in. Their focus is on the experience, but not at the expense of saying, “I’m not going to have any fraud checks built in, any controls built in,” but my heavy focus is on the experience to make it as seamless to you as possible.

A good analogy I give, because I live in Atlanta and I travel Delta a lot, is if I’m a Diamond Medallion (status) and I’m flying Delta, what do I get? I get free upgrades. I get aboard first. I get complimentary drinks. I get access to the lounge. But I’m not having to walk in there and prove at every checkpoint, at every instance that I’m truly a Diamond Medallion. I do that upfront through my app, through an experience, authenticate myself, and then all the way through my journey, I’m not having to prove myself that I am a good actor and my intention is good. So when you walk out of that flight, your overall experience has been very seamless and that promotes that brand loyalty towards that brand, because that was in that 5% segment of a good actor.

Rachel Koning Beals:

At BAI, we are sensitive to how much pressure is on front line workers at banks in the anti-fraud practices. Again, we’re talking speed throughout this conversation, they really are that first line of defense, if you will. So talk specifically, Hrishi, if you don’t mind, about how AI as a tool can be particularly helpful for the front line.

Hrishi Talwar:

Yeah. I think it makes their jobs more effective. So without those tools, they’re literally sitting there and looking at static pieces of information and trying to make decisions on whether this is good or bad. But now with AI in the place, very quickly they can sieve out what are the good actors, which is again majority of their transactions, and they can still have that information available to monitor if there are any new patterns and anomalies that are coming in. If they detect something like that, their focus is mostly on reacting to those new patterns and anomalies and figuring out if they need to introduce some level of interaction with the consumer just to make sure that they’re confirming it’s a good actor versus a bad actor. And in most cases, their approach is to do that in a passive way. So as a consumer, I don’t even know what’s going on, but sometimes some friction comes in and it makes me feel like the financial institution at least has some controls or checks in place.

And as I spoke before, most fraudsters don’t want to leave a trail. So the moment some friction comes in, they leave because they don’t want the bank or the institution collecting any patterns and anomalies about them because then they’ll be easier to detect the next time they come in. Now, in cases when something does go through, because we all know that fraud prevention is not completely foolproof, no matter how many gates you built in, someone’s still going to get in, these frontline workers can then look to understand these new behaviors that were exhibited that were not caught by the existing controls, and they can also map it to the consumer outcomes and they can use and learn from those behaviors for the next time they see that pattern and anomaly. So this makes their approach more effective. I would say it’s almost more proactive than reactive, in a lot of cases, and it’s really helping them balance that experience-led fraud behavior that we want to exhibit as a bank to a consumer.

Rachel Koning Beals:

That’s great. Anson, anything to add there?

Anson Vuong:

Once you have a fraud incident, it’s a high-stake, or have fraud concern, let’s call it, it’s a high-stake moment. And typically, look, I mean, we could try to drive as much of this identification and resolution through digitally, but at least in today’s market, when it’s high-stakes interactions, you want a high-stakes moment typically with a human being. So a lot of the times, Rachel, I empathize with the BAI’s focus on the frontline fraud teams because they’re the first teams that are going to get it. So a lot of times these frontline team members have to authenticate the customer themselves to have these types of conversations as well. And again, just because it’s an added friction in the experience doesn’t mean that it has to be a long, unwieldy friction point.

And there’s a lot of technologies today that makes this really fast and easy for frontline associates to authenticate the customer, and verify that customer, especially if they’re channel-hopping between digital call center, their end of the branches as an example. So one of the common tools out there is, for example, Pindrop as an example, when you go to call the contact center, they know your location, they can use AI, voice verification around your vocal footprint and allow you to be able to authenticate this customer a lot faster than the traditional, what’s your mother’s maiden name type ways. So it not only makes it easier for the customer to get that done in a high stakes intense moment, but it also helps the frontline get to the resolution faster with that customer.

Rachel Koning Beals:

I know you guys had written, like we said in the fall and even come up with an action list, anything to add then you gave such nice answers there, but any punch list things, especially for an institution that might, they’re not starting from scratch here, but it is a mind shift to go from an emphasis on fraud control to rethinking best experience. So anything in that punch list to add here?

Anson Vuong:

Yeah. I mean, I would say this is, look, there is, Rachel, a dynamic occurring between the fraud within the bank and the business leaders who are running these digital experiences saying, “I’m getting a lot of feedback that my experiences are not seamless and easy because of all the fraud pieces that exist today.” So again, we mentioned the fraudsters are going to look more bottom-up and say, “OK, what’s the tightest controls in which I can exert to reduce the maximum amount of fraud loss?” Or maybe I better said, live within the threshold of risk that the bank is willing to do related to the fraud losses as part of that. And what that has impactful in terms of their perception of the digital experiences, or their perception with the customer experience, or their perceptions with the bank or credit union, that’s not our mandate.

So I think it’s really important if we start to think about bridging those two gaps together, like we mentioned, is say, “Look, we all have a common goal here around making sure that the customer has the best experience possible with our bank or financial institution, so can we start to map and to end fraud experiences from the customer’s viewpoint and determine what are the common entry points of fraud within that experience, whether that be an account origination or account login or conducting a transaction or closing a relationship, whatever we think that common access point is in that specific journey, and how do we best optimize that using data and emerging technology? And AI could be the solution. AI might not be the specific solution as part of that, but at least we’re taking it from a, “Hey, what are we trying to solve for experientially,” versus saying, “Hey, let me go pick out… I get a million calls from a million vendors around AI tools. Where can I apply this AI tool like a hammer trying to find a nail? That’s less effective than thinking about it from the experience standpoint?”

Hrishi Talwar:

And I would just add, again, as we mentioned early on in the conversation, study the data that’s being collected, study the outcomes that are driving the overall decisions, do the mapping exercise no matter how hard it feels, because the data and the outcomes, along with the experience, will really help you fine tune what you end up offering to the consumer, and that will get you as close to the perfect balance as possible between fraud controls and an experience-led process.

Rachel Koning Beals:

Good. Fair enough. Love that. Listen, this technology is changing pretty fast, so I’m going to ask you the always difficult question, what’s next? So looking ahead for next few years, maybe a few months, I don’t know, Anson, what’s one thing you foresee for AI that could help frontline fraud teams at banks and credit unions be more effective? So again, maybe not even quite in hand yet, but where is this going?

Anson Vuong:

Yeah, so let me start a little bit higher to get there and might be a little meandering road here, but you’re asking me a futuristic question, so we’ll go-

Rachel Koning Beals:

It’s allowed.

Anson Vuong:

Look, AI in terms of banking and experience in general – let’s take fraud aside for a moment – offers personalization at scale. It’s typically what we call  “hyperpersonalization.” It allows you to go from a one-to-few mentality and a segment-based approach to getting one-to-one in the customer experience in a way where essentially you can pervade a feeling to the customer around “you know me and can anticipate my needs.” Now, typically when we think about hyperpersonalization and that emotional outcome, we typically have thought about that specifically, within marketing as an example in terms of how we offer products and services and serve them up to the customer or member here.

But fraud is no different. And I would argue that customers expect hyperpersonalized experiences in every interaction point they have, not just in terms of the projects and services that get served up to them. And fraud being a mission-critical journey for most institutions because of, again, the emotional impact that it has and the pervasiveness in which it exists today, means that the way we think about hyperpersonalization is it needs to be really be propagated differently. We focused a lot in this conversation around the bad guys and the bad actors. And when we speak to credit unions and banks, a lot of times the biggest propagator of fraud is the customer themselves.

So when we think about hyperpersonalization in banking, I think where this will move in the fraud experience is in the form of advice. And how we give customers more advice that is more individualized to their specific cases and more bespoke to their specific needs around how they can better understand the fraud risks that are associated specifically to them, and give them recommendations and thoughts proactively in anticipation of those needs versus reactively in terms of when they’re just trying to get something done, as an example. So I really see the total experience in terms of, “Hey, my bank really helps look out for me and my fraud” being the ability to help push advice to them, and fraud being a key topic as part of that.

Rachel Koning Beals:

And hey, doesn’t that then take pressure off the front line? No one department is particularly exposed, so yeah. Hrishi, anything to build on onto that?

Hrishi Talwar:

Yeah. I would say I think Anson covered on a very important point around hyperpersonalization. To me, another way of saying it and not such a nice eloquent term is educating the consumer on what’s important to protect themselves from fraudsters. It could be as simple as continuing to remind them every time they interact with you as to what are the things that they should be watching out for and making sure that they keep that front and center. We start to see that today. You’ll get an email that says, “You will never get a call from your bank asking you to change your password on the phone, or having to share your password on the phone with someone in a call center.” That was prompted by people actually telling a fraudster what their password was and someone went in and emptied a checking account. So these elements of consumer education at the relevant touch points become very, very important. It reminds the consumer about what they should not be doing and also reminds them of things the bank is doing to protect their information, to keep them safe.

The other thing that I think about in the future is we keep talking about data, and I love data because the more data you have, the better educated decision you make. Today, we still have banking institutions that are looking at their data within their four walls, and it’s really hard for them to make a decision on someone that they have never seen before. So I envision somewhere in the near future or maybe in the distant future, AI being able to leverage all the data that’s available potentially across multiple banking institutions. It doesn’t have to be PII-related, but there’s enough information available so I can make ads educated a decision on a consumer that I have never seen before relative to a consumer that I see every day. Because that is going to allow me to do that balance and offer an experience-led flow to the consumer, protect him or her, and also protect the front-line fraud team from having to react in a very different way for someone that they’ve seen before versus not, and I can help with that.

Rachel Koning Beals:

Good point. Well, hey, we appreciate you both putting yourself out there a little bit. Predictions are never super easy, but you guys are well-informed, and maybe some of this stuff, we’re already testing it a little bit, who knows. So for sure, given that AI’s capabilities will continue to grow, likely in ways not yet known, I think the real message is that financial institutions will be tested by ever more sophisticated fraud threats. It’s just reality. And that they’ll need to keep their focus to meet that critical challenge, and certainly, it looks like AI already is and is going to continue to play a role there.

So Anson Vuong, Hrishi Talwar from Cortico-X, thanks for sharing your perspectives with us in this conversation. I really appreciate it.

Anson Vuong:

Thank you, Rachel. Appreciate it too.

Hrishi Talwar:

Yeah. Thank you, Rachel. Appreciate it. Thanks, Anson.