Change is afoot in how organizations serving customers online can deliver fraud detection and improve the customer experience. The disruption is happening in every sector, especially banking and insurance. Growing customer expectations for immediate approval of new accounts and faster payments, for example, and a shift to real-time technology are converging on the financial sector at the same time, adding complexity and creating an urgency for action. This convergence of expectation, regulation and technological opportunity seems to be in danger of encumbering some of the sector’s major players. It could also potentially limit their competitive agility over fintech and challenger banks, which are typically less burdened by IT legacy and widely dispersed customer management and compliance teams.

In the past, uncertainty and a need to act quickly saw security fraud teams throw people, or money, at the problem. While this Hail Mary approach may have provided organizations some kind of solution, even if temporary, today’s approach leans toward embracing controls and fraud detection and user authentication technologies that flex to match risk appetite and business goals.

Evolving Compliance Demands, Growing Costs

But security is not the only ongoing issue the financial and insurance sectors must reckon with. These heavily regulated industries must continually spend more to keep up with evolving regulatory demands. With an estimated £650 million per year in staff costs and a further 5–15 percent of all resource across U.K. financial services (FS) institutions, compliance is clearly a significant operational burden — if not the most important one — affecting U.K. FS companies in 2019.

To cope with the widening regulatory scope and cover the operational overhead, significant investment has been made in staff. But has that solved the core issue? More staff can spawn challenges in talent retention, staff costs and the ability to focus high-value resource on high-risk remediation activity, further dwindling resources. When this limited pool of talent applies significant time to investigate thousands of medium- to low-risk customers without raising a sufficient number of suspicious activity reports (SARs), if any — due to the sheer scope of the task and inadequate means — it’s easy to see how financial crime and regulatory compliance drain banking and insurance organizations’ resources yet continue to thrive.

To respond to challenges in budget and staffing, automation is emerging as a key solution component for addressing regulatory issues. For example, using automation to transform the Customer Due Diligence (CDD) process — a process for assessing the risks to which customers can expose an organization — can help realize benefits while enabling a risk-based approach that aligns with evolving regulatory demands.

Control and management of advanced surveillance technology and networked security systems is especially important in environments where security is operationally critical. For many banking and insurance clients, technology and automation have proved of important value in fraud prevention/detection analysis. Organizations can benefit from expanding the same learnings across the wider operational activity.

Which Areas of Fraud Protection Should You Automate?

So, if automation can help, which extended bits to automate?

Risk monitoring is a good place to start, especially with regular screening for politically exposed persons (PEPs) and sanctions, adverse media, fraud and commercial risk. By regularly screening the entire customer back-book against a selected list of high-priority, risk-focused data sources, an organization can potentially start moving away from manual remediation for low- to medium- risk customers.

This automated screening would need to be incorporated into a flexible customer risk assessment (CRA) model that validates changes and automatically prioritizes remediation activity once the screening process is completed. When changes to customers’ circumstances or the CRA model occur, accounts can then be automatically reprioritized in accordance with risk appetite to ensure that high-value investigatory resources focus only on high-risk fraud detection cases.

Automation can also help companies significantly reduce the number of false positives worked on by investigators. The need to remediate low-risk customers is reduced because both risk managers and regulators can be satisfied that these customers are frequently and appropriately risk-assessed and that customer data is accurate and up to date.

Incorporating dynamic workflows and prioritization also ensures that ok-book customers that carry a higher risk receive the full focus of remediation and enhanced due diligence (EDD) where required.

Adopting technology and automation can help reduce the investment required to staff costly manual processes and enhance the user experience for low risk customers, avoiding unfavorable user experience scenarios such as ringing up a loyal customer of six years to request they authenticate themselves.

Making Sense of Data to Make Sense of Compliance

When it comes to addressing the risk management demands of regulators, financial and insurance companies need greater flexibility to adopt a more coherent risk-based approach to CDD, moving away from box ticking exercises toward data-driven risk management. This shift can help give regulators more confidence in the organization’s ability to execute fraud detection and mitigate risks effectively. Adopting this approach can help minimize the need for regulators to request additional skilled person reviews (S166) of a company’s activities, which can place further burdens on existing processes.

Ultimately, in some cases, a full compliance transformation may be necessary in the remediation process to create a paradigm shift that would allow automation to work alongside people in the CDD process. The costs in time, money and focus are too high to remain with the status quo because challenges are evolving and growing and must be addressed proactively.

Today’s challenges around anti-money laundering (AML) compliance, CDD and other risk mitigation factors linked with financial crime are akin to having a haystack the size of a small town and hoping a few hundred compliance professionals will be able to find the “bad” needles within it. We need to start thinking about burning down the haystack and investing in something better than throwing people/money at the problem and hoping for the best. Alarming regulatory fines potentially await at the end of the day unless companies are proactive and preempt the inevitable regulatory pressure.

The industry and its customers recognize that there’s a problem. A 2018 Javelin study revealed that only 52 percent of financial services organizations surveyed are confident that their fraud protection and mitigation processes are effectively identifying fraudulent applications. And 4 of 10 of financial service companies surveyed don’t believe customers — who are reminded of their vulnerability almost daily when they read of data breaches — have full confidence in the security of their digital channels. The results of these studies seem to suggest that improving the status quo is a pressing organizational priority.

Figure 1: Trust in digital channels manifests in higher usage of online and mobile banking (Source: Javelin study, 2018)

What Is the Benefit of a Digital Identity Trust Solution?

Digital identity trust solutions take a proactive approach to mitigating risk and offering an enhanced digital customer experience. Innovations in technology such as artificial intelligence (AI), machine learning that helps build in automation and behavioral biometrics make it possible for organizations to help safeguard their customers and brand from fraud and address regulatory requirements while providing the ease of use across the customer journey that can help their digital business grow.

Figure 2: Digital identity trust solutions can protect against fraud while enhancing the customer journey, from onboarding to login and throughout the session

It is possible today, for example, by leveraging an effectively built digital identity trust solution, to securely let end users in without a password, affording them seamless, logged-in access to their accounts at the swipe of a finger or a click of a button. Passwordless authentication starts with the proper user context. By setting contextual data against a decision-making framework, organizations can deliver a seamless end user experience for the vast majority of their legitimate users. Think of the customer bliss that can bring.

Figure 3: Digital trust solutions can make passwordless login a reality

To bring clarity to the core issues the financial and insurance sectors face nowadays, Synectics will host a conference on single customer view (SCV) and the value of digital identity trust as strategic security solutions that can help improve the customer experience, protect against account fraud and improve compliance with regulations. At the conference, set for Sept. 26 at the Hilton London Bridge in London, Shaked Vax, IBM worldwide technical lead for Trusteer and digital identity, will provide an overview on fraud ecosystems in a world of digital identities.

Learn more about the Synectics conference on the ramifications of fraud and financial crime in an age of digital identity, and book your place today.

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

How Security Teams Combat Disinformation and Misinformation

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…