For a long time now we have seen the challenge businesses have with fraud. Why? Primarily because of the speed of attack and the variances in the attacks are often much faster than technology or businesses can change. This doesn’t mean that businesses aren’t trying, or adopting the right technologies, but it is because fraudsters are ultimately trying to not get caught. They try the front door, its closed. They try the windows, they find an entry. They get in.
If we look at the scenario of fraud we can see how it is three-fold. New to business fraud (predominantly from acquisition), known to business (e.g. synthetic fraud, for example where someone makes small incremental debits on a card over a period that go unnoticed), or digital fraud (my definition here is where businesses introduce more channels or more ways of processing payments to keep up with digital trends and wants of society, leaving the scale of it and the points of interaction, vulnerable to fraud problem). Naturally all three converge at some point. If a fraudster enters a system, then the attack will be continual, for example synthetic fraud, a problem the US see as a common risk. In their stealth-like actions, they will play the digital landscape to continue to go undetected, attacking the routes they can – wherever they can.
Fraud can be both basic and complex. Basic because it can be found through the introduction of the right tools and prevention methods, complex because of the speed of change and the complexity of it.
With businesses striving toward digital excellence, bringing in the right tools that can reduce the burden of fraud can often cause conflict – primarily caused by a fear that such checks would hinder the drive for a digital, frictionless experiences.
Businesses globally are challenged by adopting frictionless fraud controls
In our Global Fraud Report we can see how businesses find this a challenge – balancing fraud with customer experience – especially digitally. As a result, we are seeing skewed investments which means fraud checks become relegated behind of the user experience.
This doesn’t mean fraud attacks are dismissed or without concern. We can see from our report how more than seven in ten businesses (72%), believe the burden of fraud is a growing concern.
We can also see that there is a united belief that the risk of fraud would be mitigated if businesses were certain about the identity of a customer. Seems logical really – if you know who the person is, you can pass them through with confidence.
But this is where it moves from basic to complex. We don’t always have a known record of fraud against the individual to determine their risk. They therefore have an ‘in’ as they are validated as genuine – which is correct, as to this point there is no evidence to suggest they aren’t.
We can see that businesses want to be more proactive and implement a more progressive approach to fraud risk management. They aspire for the right balance between detection and the customer experience.
Business executives have expressed concern of their customers perceiving that they have fallen behind in providing comprehensive protection. Three quarters of businesses’ (75%) expressed interest in more advanced measures that had no impact on the digital customer experience. This varied across the 11 countries with the United States, India, South Africa and China making this a significantly higher priority.
Today there are more passive authentication and fraud prevention methods available. But, businesses are not using them frequently. Internal challenges remain when it comes to prioritising authentication and fraud prevention measures against other aspects of the customer experience that might be easier wins.
We see clearly from our research how most businesses lean on IT teams when making decisions for investing in both fraud risk management and customer experience solutions. IT serves a critical role in bringing multiple solutions together. However, these teams require time and resources to integrate new solutions. If under pressure, which in many cases they are, these teams can become a hindrance to the timely implementation of modern and advanced fraud control system. Equally, their expertise is in the technology – not necessarily the strategic threat.
Not only are IT teams required for evaluating and integrating the new technologies, represented across multiple groups, their involvement as a key stakeholder in those investment decisions is increasingly critical. No longer should businesses be working as a supply chain model, but instead designing and developing in collaboration from the start. Co-creating to better design and decipher the approach that’s needed, against an agreed set of objectives. By doing this, it is most likely to happen and the result be much more effective.
How do firms move beyond and catch-up?
To keep up, businesses should make meaningful investments in customer recognition tools. Setting your sights on building trust through technology without disruption to the customer experience. In addition, every stakeholder that’s required in the development, or installation, needs to be brought in, and this can be a challenge, mainly because of competing objectives.
For me, preventing fraud – by detection, needs to ensure all windows and doors are closed. Similar to this analogy is APIs. An API is like a series of doorways. You enter, you close the door – you do what’s needed, you leave and you close the door.
So, if I were to look at a good first place to start, I believe businesses should look at what this framework looks like. How you can contain fraud – go into the right room – at the right point? This is where multi-layered and agile fraud comes into play.
You can add many rooms, many doors, and open them when needed – when a signal tells you to. This way you can build your own maze that ultimately makes it harder for fraudsters to pass through. This approach doesn’t mean forgoing digital tools, or creating unwanted friction. In fact, it needs to be predominantly digital to succeed.
Look at the email – an email address is today’s digital letter – yesterday’s post. The data that sits behind an email address can tell a thousand stories, if the insight is extracted from it.
ID verification, electronically uploaded, can not only make it easier to build a digital profile, but means you can quickly (in a split second), verify the person is who they say they are. To do this you need a single controllable (yet connected) platform.
It is this approach to building the right tool kit and imposing the right barriers that will see businesses reduce the threat and risk of fraud moving forward. And this is something Experian has a huge level of knowledge in creating, and can help you with.