This is the second installment in a three-part series. Be sure to read part one and stay tuned for part three to learn more.

Partnering with a new fraud protection and authentication vendor can seem overwhelming. You may be asking yourself, “Where do I start?” or, “How will my team respond?” From onboarding to implementation, you and your vendor should be in constant communication, and the vendor should help your team across the finish line.

What does a successful onboarding and deployment process look like in practice? Rob Rendell, cybersecurity and fraud prevention expert, is back to help us understand what components are important for a smooth kickoff and how to prepare both your team and your new vendor’s team.

A Digital Trust Expert Explains How to Ensure a Smooth Kickoff With Your Fraud Protection Vendor

Question: Change management can be challenging, so what steps should security teams take to help gain internal buy-in and drive adoption?

Rendell: Building a solid business case is key and will be leveraged heavily throughout signoff and onboarding of a solution. A concise overview of the issue, reasoning for project/funding proposal, overall return on investment (ROI) and how the proposal works into the long-term organizational road map should be clearly outlined.

Gaining management support is obviously key. A good practice is to have one-on-one meetings with decision-makers before general signoff meetings are held. This proactive approach is valuable to address questions and concerns ahead of time and, more importantly, deflect any curveballs that might be pitched in a larger meeting forum that could spark additional questions and potential setbacks.

As previously mentioned, showcasing the business case to direct management is important, and a second step is to socialize the project with line-of-business partners and articulate potential indirect benefits they’ll see. This cross-review is great at getting incremental support to help push a business case to the finish line. Supporting feedback from indirect leadership is valuable and shows that tangible benefits are being thought of outside of the primary scope area.

Once fraud/risk managers have buy-in from their stakeholders, how can they secure the right budget, and what should the ROI breakdown showcase?

Rendell: This is a core component of the business case. The important thing to remember with regard to ROI calculations is to keep it realistic with a conservative estimation and, more importantly, ensure that post-implementation can actually quantify the ROI. Being able to quantify the impact is necessary to justify the expense in the out years when securing funding.

When calculating or assuming what the ROI should be, it’s helpful to bucket how a solution will be meaningful to core areas. In the case of authentication and fraud, one might project ROI against areas of potential benefit:

  • Customer experience — Net promoter scores should improve where passive authentication controls are enabled, meaning customers can feel less friction throughout the user journey. Surveys can be used to benchmark pre- and post-solution results to quantify the value customers see.
  • Fraud lossesAuthentication and fraud solutions ideally will drive down fraud losses. Additional key metrics to benchmark against are overall detection rate and alert rates — these metrics are key. A well-tuned solution will offer high detection rates while maintaining alert rates that are in line with operational capacity. In some situations, organizations will work down into false positive zones to increase the chances of finding fraud in a lower-risk bucket.
  • Operational benefit — As mentioned above, high detection with low alert rates is optimal. It’s obviously a goal to drive down fraud losses, but as workforces become more expensive, it’s critical to keep operational expenses in check too. Here, it’s key to identify a solution that has high detection, low false positives (negative customer impact) and low alert rates.
  • Attestation to regulators that business controls are in place — Regulatory compliance is a major task for financial institutions and insurers. There are myriad regulations from bodies such as the Federal Financial Institutions Examination Council (FFIEC), Securities and Exchange Commission (SEC) and New York State Department of Financial Services (NYDFS), as well as international mandates such as the EU’s Revised Payment Service Directive (PSD2). For other sectors, such as transportation and e-commerce, there are data privacy laws with fraud control stipulations. An organization would want to demonstrate to a regulatory body that its controls surpass the minimum guidelines outlined in the requirement. Not fulfilling regulatory compliance can be very costly once fines are assessed.

Will organizations need to build out new teams for this fraud prevention mission, or can they use existing team members? Who should be included and why?

Rendell: It depends. In the age of digital transformation, organizations have started standing up specialty teams that have been up-trained on digital threats, such as malicious malware and targeted account takeovers, and understand how redirect attack campaigns work. These specialty teams could include associates that have proven their value in the transaction alert space and have, in a sense, “graduated” to the next level.

If an organization has already been leveraging digital alerts for some period, it would be recommended to validate what overlap in alerting is being proposed, the incremental value the proposing solution would provide to help drive down alerts while amplifying detection rates and, finally, any new alerts that would be produced as a result of solution differentiation. This analysis is helpful and beneficial with the business case to help showcase the operational impact; in some cases, if alert rates will be lower, there could be a potential benefit from an operational expense perspective.

For organizations where this would be a net-new process, teams would need to be identified and trained. It’s key to inquire with the proposing solution provider what level of professional training they would provide from both a data analytics viewpoint and operational execution: What alerted, why is it alerted, and how does one work and remediate with the end user (consumer).

As fraud and digital transformation teams near deployment, what are critical components to a smooth kickoff?

Rendell: One of the most important tasks a stakeholder can do, given the size of these projects, is to find a strong project manager (PM) to keep the various teams synced and on point to help deliver a smooth and successful project. A strong PM will man the troops, manage the project plan and escalate issues to responsible areas as soon as they are identified.

Aside from identifying a great PM, weekly or biweekly stakeholder (cross-functional group) meetings are helpful to understand progress, roadblocks and issues (internally/externally). Transparency and socialization of information is a must for a successful project.

Recently, when working with a customer, a best practice emerged from the standpoint of how a solution provider’s supplier — in this case, IBM — can improve by creating a living document and updating it throughout the life cycle. The document should include lessons learned that showcase what went right, wrong and how both sides can improve the next time around.

Finally, testing, testing and testing. Too often, something simple that could’ve been detected in a test script goes amiss and, in the end, causes major setbacks. The testing practice applies to operational execution as well, ensuring operations teams are ready, have proper entitlements and can fully execute an alert review before the light switch is turned on for full production.

Learn how to establish digital identity trust with customers

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

How Security Teams Combat Disinformation and Misinformation

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…