Phone Apps Let You Deposit Checks
JP Morgan Chase is a leader in new product offerings, so it was big news when they announced their updated iPhone app allowing customers to deposit checks electronically. Mobile banking is certainly convenient, but what about the security implications?
Have you hugged your risk managers today?
Risk management is enjoying a lot of attention these days. And I don’t just mean the person at your institution that holds the title of Chief Risk Officer or the equivalent. I mean everyone that thinks like a risk manager, that asks the tough questions, “How will this new product/service/payment channel impact the risk profile of this institution?
I’d argue that one illustration of how shoddy risk management impacts financial institutions is the graph below. The Wall Street Journal has a great interactive map showing bank failures since 2008. As of July 2010 there are over 250 (Click on the map to see more). The lax risk management I’m referring to of course is related to the influx of new products around mortgages.
I was reminded of this by a recent article in BAI Banking Strategies titled, Online Account Opening Needed To Fuel Growth. The article rightly pointed out that many banks are going back to basics, building revenue by adding checking accounts and other more traditional products. However, the recommendation of the article is to embrace the online channel and open accounts for customers outside of a more constrained geographical footprint. In my opinion this has the potential to materially impact the risk presented to the financial institution.
It made me think about a couple of data points from my research. Namely that accounts opened online are 5x riskier than accounts opened through more traditional channels and that check fraud topped $1 billion dollars in 2008. The online channel represents a huge opportunity, but blindly chasing the revenue opportunity without regard to how an FI will manage the resulting risk can end badly. If the opinions of the risk managers at your institution haven’t been considered when evaluating strategic decisions such as pursuing online growth, it’s time to make room at the table and embrace them.
One Year later – A Veteran’s Perspective
Well, hard to believe that it has been a year since I joined Memento. I am as excited today as I was when I joined the company, and I have been fortunate enough to work with a phenomenal team who has as much passion about fraud detection and prevention as I do.
Over the past year, I have been engaged in conversations with other fraud practitioners and it seems that not much has changed in that year, or over the past 21 years that I was a fraud manager, when it comes to the ideology of fighting fraud. It seems most banks continue to have an ‘acceptable’ loss budget (sometimes in the high five and six digit loss numbers), tolerate high false positive rates, endure outdated and layered systems that are so intertwined no one knows the effectiveness of each solution alone. Fraudsters continue to outpace the banks when it comes to innovation, and while I admit that some progress is being made in moving fraud solutions into this era, analysts and investigators are still hampered by minimal training, and often lack the contextual data needed review and quickly make decisions. The fact that check fraud exceeded $1 billion for the first time in 2008 proves the fraudsters continue to morph their fraud schemes to keep up with the product offerings, all while analysts and investigators continue to be handcuffed. But as long as the bank meets their targeted loss budget, then I guess it is not such a big deal.
As banks lose more of their ability to generate fee income, it is becoming more apparent that they need to ‘rethink fraud’ and its impact on the bottom line. Having an ‘acceptable’ fraud loss budgeted is outdated and perhaps even ‘unacceptable’. Outdated fraud tools and solutions that hinder the analysts and investigators from proactively and effectively detecting, stopping and mitigating fraud, is a hidden cost few managers really focus on.
But not all is lost. A significant change that I have been fortunate enough to be a part of is our ability to ‘rethink fraud’. Memento truly takes a new approach to preventing fraud with more robust and accurate analytics, a state-of-the-art interface, and the ability to look at transactional and contextual data easily. Having worked fraud and spent countless years preventing, mitigating and chasing the fraud, it is refreshing to see that the old has succumbed to the new.
Do you want to improve your bottom-line? Are you willing to ‘Rethink Fraud’?
Can Your System Adapt to Changing Fraud Schemes?
“Be infinitely flexible and constantly amazed” - Jason Kravitz
If bank fraud always followed predictable patterns, we would be a lot better at stopping it. Granted, many instances of fraud do follow predictable patterns that are relatively easy to detect and prevent. However, it is the fraud that is “below the radar” (aka not detected by the bank’s fraud rules) that worries me and many of my former colleagues in banking the most. Fraudsters are highly flexible in their approach to committing fraud. They have to be. The biggest return for their efforts results when no one sees what they are doing until it is too late.
The Bank Fraud Forum is full of examples of fraud that took place over a number of years. To remain undetected for years shows that they fraudsters were flexible in their approach. Conversely, the fact that banks routinely failed to detect fraud schemes that take place over the course of many years suggests that their systems have inflexible rules and cannot adapt to today’s complex fraud environment. My post detailing the “30 Year Fraud” is a great example. If the bank had flexible rules in place they could have spent time proactively searching for both internal and external fraud and arguably uncovered this fraud much sooner.
Does your bank have a team of investigators assigned to proactive fraud detection? Specifically, instead of waiting for previously defined fraud rules to catch the usual suspects, do you have a small team in place that is flexible in their approach to fraud detection? Can they develop and test ad-hoc fraud rules that mine transactions below the bank’s radar? Call them your “special ops” team, or “SWAT”, or just “proactive fraud detection”. The name does not matter, what does matter is that your bank has fraud detection approach and technology that can be just as flexible as the fraudsters.
I think you get the point - fraud rules must be flexible. Whether by design or directive, many banks “lock” their rules and seldom take the time to adjust them. Adjust them they do, but only when losses have resulted and senior executives ask pointed questions regarding how your department missed the fraud. Senior executives whether they say so or not, expect your department to be flexible. Try explaining why a fraud rule has not been recalibrated or tested in any way for years when fraud slips below that rule.
Fraud like water follows the path of least resistance. If your fraud system can’t easily adapt to the changing nature of fraud schemes, it is likely that the fraud system used by one or more of your competitors can. Don’t allow your bank to offer the least resistance to fraudsters. Over time, nothing good will result except more fraud and frustration. Be flexible, you may just be amazed…
Knowing When to Stop
This article discusses the issue of false positives, the accuracy of fraud detection systems, and the question: when dealt a queue of fraud alerts for review, how do you know when to stop?
What do soccer (or football, if you prefer) and fraud have in common?
Identity fraud crimes typically involve at least a pair of separate acts and is often a 3-step process to perpetrate the crime. and the need . This article outlines the need for a holistic approach to combating this type of fraud that brings IT security and the fraud/loss prevention groups to better communicate and work closely together with the help of technology.
Straw Buyers and Detecting Cross-Channel Fraud
This article discusses straw buyers, the importance of cross channel fraud and a financial institutions’ ability to identify suspicious loans. To commit fraud on a large scale, fraudsters will tend to follow patterns, therefore financial institution need advanced analytical models technology that can recognize these patterns to detect and stop the fraud before it happens. How would you rate your bank’s ability to uncover “straw” buyers?
Payments Fraud and the Economic Downturn (A Podcast)
Recently I was honored when asked by Jennifer Grier of the Atlanta branch of the Federal Reserve Bank to participate in their Payment Spotlight Podcast Series. Check out the podcast interview with Jennifer on the topic of Payments Fraud and the Economic Downturn.
Mike’s Cyber Threat Reading List
In my blog post Polymorphism and the Case for Transaction Monitoring I promised to share some of the sources I found. So here is a list of documents and websites that you may find interesting and helpful.
ID theft - Why It’s Your Concern Too
This article discusses the Countrywide data breach as well as the importance of having the technology to monitor and flag unusual employee activity with customer data. What tools do you have in place to stop a “Countrywide” data theft from taking place at your bank?
Subscribe via Email
Most Popular
Most Recent
