August 22, 2019 By Christine DeFazio 3 min read

This is the last installment in a three-part series. Be sure to read part one and part two to catch up on the full story.

Going live with your fraud protection solution should be a strategic process, enabling smooth transitions and positive outcomes. This continuation of your ongoing relationship with your vendor is where you can find ways to help your teams achieve success in the execution of your new solution as well as opportunities for continuous improvement. So, what is involved, and how can you help achieve a secure, seamless customer experience through this partnership?

Rob Rendell, global client success leader, financial fraud prevention and strategic development at IBM Security, has shared his valuable fraud and risk experience with us along this journey, and he’s back with more insight into what vendor involvement should look like to help develop a stable, cross-functional group.

How to Ensure Go-Live Success With Your Fraud Protection Vendor

Question: Once the fraud protection vendor is onboarded and teams are ready for implementation, what are some steps for success? Who should be involved throughout?

Rendell: Cross-functional stakeholder meetings should be established throughout the approval and onboarding life cycle. At the point of implementation, it’s important to have a joint meeting between technology partners from both groups to understand how the solution intends to hook into the target environment. It also helps to map out how the solution will be executed.

To start, ask yourself: Will the solution be leveraged as a standalone tool? The benefit here is speed to production and short-term wins.

In addition, will the solution need to be integrated with a larger risk engine? Many fraud organizations are integrating vendor solutions into larger risk engines to be a supplier of data/intelligence that is then aggregated with other data points to help increase fraud detection rates. Integration with a larger risk engine can also provide operational benefits since fraud analysts aren’t required to work out of multiple systems, reducing time wasted toggling between tools. Consolidated alert management can also improve efficiencies with alert workflow, alert automation (auto-contact strategies), reporting, and ongoing model performance and governance

Next, determine where the data will be stored for analytics reasons. You should also create testing plans to intended solution use cases. Furthermore, individual test scripts should be created and fully executed against. Validate connectivity and data capture with the supplier, and employ a “round-trip” approach to testing the connectivity from the customer to the supplier and back to the customer.

Finally, conduct a pre-go-live solution readiness workshop with the internal stakeholder group and supplier. Functional areas to be addressed include how the solution works and impact to process and people. Help review teams (operations analysts) understand what the solution is there to do so they know how to take action against review items and what the data means to analytics teams.

Question: How do you define what go-live success looks like? Can you provide an example?

Rendell: Successful go-live usually means minimal or no defects from the implementation, no major end user impact, and operations teams able to execute against the technology.

In the space of creating digital identity trust, this means organizations are able to execute authentication policies and inherent risk systems are able to take decisive action against solution recommendations. Downstream end users are passively protected against malicious acts of potential fraud and account takeover.

Question: As the threat landscape and fraudster sophistication evolve and customer digital demands grow, how can teams continue to maintain this success?

Rendell: Feedback, feedback, feedback. I repeat this because too often stakeholders in organizations implement a solution and start to let it run in autopilot. Continuous conversations between customer and supplier are needed to help protect the organization against the latest threat or if the solution has evolved and the organization needs to make updates to capitalize on the latest feature.

This is part of the supplier’s role too. They should understand the customer’s road map and current threats and educate the stakeholder on environmental trends that are happening in the larger ecosystem.

Fraud Protection Is Constantly Evolving

Much like the fraud landscape and digital customer experience, the supplier relationship evolves, and rightfully so. When partnering, your vendor is an extension of your team and should help advocate for the value of your efforts in securing and simplifying the customers’ digital experience.

See how fraud protection and authentication solutions can help your customers more securely and seamlessly interact with your platforms and apps throughout their entire digital journey.

More from Fraud Protection

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today