Every financial institution wants a seamless experience for their customers. That includes a frictionless authentication experience that won’t leave customers frustrated, or feeling like a fraudster themselves. Banks also know that friction is part of fraud mitigation, so a certain amount is unavoidable. But how much friction is enough? Or too much?
We sat down with Isio Nelson, ProSight Managing Director, Research, Fraud & Thought Leadership, and Jason Bartolacci, Director of the ProSight Fraud Alert Network, to discuss how banks can find the balance between fraud mitigation and customer experience — and why collaboration is a crucial part of the process. Hear more of the conversation here:
Defining the Balance Between Fraud Mitigation and Good Customer Experience
How do banks measure success when it comes to balancing fraud mitigation and customer experience? Every financial institution is different, and there’s not one standardized formula. Many start with the fraud loss number — bottom line dollars out the door due to fraud.
The issue here is that not every loss can be clearly attributed to fraud. Some cases ultimately fall into bad debt or loan charge-offs instead. Bartolacci notes that fraud-avoidance metrics may offer a better view of a fraud team’s impact, even though they are just as difficult to measure. Fraud-avoidance figures demonstrate preventative value, while fraud-loss numbers reflect actual losses — two distinct but equally important measurements.
Most institutions look at fraud losses versus attrition and abandonment rates, which can be attributed to poor customer experience. The balance, of course, lies in the tradeoff between fraud control and customer convenience. “A lot of institutions are looking at how they balance that out, making sure that their fraud losses are under control in a manageable number, while also ensuring their abandonment rate and attrition rate isn’t going above industry expectations,” explains Nelson.
The Evolution of Friction-Causing Fraud Controls
To understand the challenge, consider common controls like one-time passcodes. When one-time passcodes were new to consumers around two decades ago, they were often seen as cumbersome — especially to those without a mobile phone. Over time, adoption and acceptance grew, and customers started to see passcodes as a necessity rather than a hassle. Now, of course, fraudsters are finding ways to intercept these one-time codes, or scam users out of them.
More recently, biometrics and live facial scans have started taking the place of passcodes. While adoption and acceptance are growing, there is still a large segment of the population that doesn’t have smart phones, or isn’t tech-savvy enough to fully use them. As with one-time passcodes, adoption will take time. Customer education can help speed up the acceptance timeline for any type of fraud control that a financial institution chooses to employ.
The Role of Customer Education
Letting customers know about new or extra authentication steps, and why their bank is taking them, is an important part of finding a balance. “We’ve seen data that says consumer education is having a good effect,” says Nelson. Sometimes, this can be as straightforward as educating customers to think twice about clicking on links or emails purported to come from the bank.
Bartolacci stresses the importance of clear messaging when educating customers about fraud threats or controls. “Any kind of education campaign can work like a marketing campaign,” he says. “You want to make sure there’s a clear message. You want to make sure that it’s sticky.”
Whether it’s an email campaign, messaging on the bank’s website, or education built into the account opening process, the key is to make sure the message resonates and is memorable.
How To Reduce Friction While Preventing Fraud
Promising tactics that financial institutions can take today to reduce friction and mitigate fraud include passive authentication. Behavioral biometrics, for example, can analyze user behaviors such as website patterns established by the client. If a client breaks established patterns by navigating to pages they don’t normally frequent, such as immediately updating login information or contact email and phone number, the system shows a red flag.
When accompanied by suspicious transactions, logging in from an unrecognized device or location can also raise a red flag and trigger stepped-up authentication. An organization may reach out directly to the customer at this point to verify that they’re the ones making the transaction. A bit of education comes into play at this stage, to let the customer know why the bank is taking these extra steps in order to protect them.
Bartolacci also points out the importance of early collaboration within an institution. “Financial institutions should include the fraud team and the cyber team as well as compliance and legal any time a new marketing plan, initiative or product is introduced,” he says. But this crucial collaboration doesn’t end within the walls of any single financial institution.
The Importance of Collaboration
Launched in October, the ProSight Fraud Alert Network simplifies collaboration among authenticated industry fraud teams. It’s a safe place where fraud professionals can easily connect and discuss what they’re seeing on the fraud landscape, and share learnings and best practices for balancing customer experience and fraud mitigation.
“It’s easy to mitigate fraud by just putting a bunch of controls around it, but when you do that, you’re usually creating a pretty bad customer experience,” says Nelson. “And there’s a community that can help you figure out how to achieve that balance, how to do that in a way that is effective for the organization from the risk controls perspective.”
Bartolacci echoes the sentiment. “The key is to get everyone in the industry talking and collaborating,” he says. “It’s the best way to know the risks, and understand the fraud threat landscape. I can’t stress enough the importance of collaborating as an industry to develop and share things like best practices.”
Learn more about the ProSight Fraud Alert Network.
