Striking balance between fraud prevention and less friction
Banks’ push for more innovation is necessary but raises risks they are not ready for, experts warn.
In an age of increasingly sophisticated fraud attacks, how does one balance fraud prevention without adding to customer friction?
Asian Banking & Finance, in partnership with software leader GBG, sought to answer this question in its recently held webinar “More Security For Less Friction: Wielding Data Against Fraud” held on 25 May.
GBG Asia’s head of solutions Stephen Su kicked off the proceedings with an overview of the financial fraud landscape in the region and how GBG has moved to combat these risks when building financial platforms for their clients.
Su recalls a conversation with his daughter that embodies this dilemma.
“One of the interesting questions that my daughter, a Gen Z, asked me the other day, is the fact that on Instagram you can predict all of my likes and posts based on my behaviour. Why can't banks provide me suggestions on financial products, which are of benefit, of interest to me, given that they know a lot more information about me?” Su told the near one hundred attendees who tuned in to the event.
Su said that such expectations from customers have pushed banks to roll out innovative solutions quicker in order to compete with big fintech players–at times, without considering the full extent of risks they will face. He cites buy now pay later as an example.
“Often with that, it's fraught with risk. We've seen some buy now pay later products from some financial institutions having to roll back and relaunch the product, due to, number one, the high risk of fraud, as well as high customer rejection rates,” he said.
Su and the webinar panelists all echoed the same thing: data is key.
Anders Jensen-Waud, associate partner of consulting firm Bain & Co., provides the why: the right anti-risk technology can actually lead to less customer attrition.
A survey by Bain & Co. of 10,000 customers globally named the three most important customer “episodes”: the onboarding process, the acting on a suspected fraud alert, and then also disputing a fee or transaction.
All three require strong fraud management controls and require really strong identity management and KYC check functionality, Jensen-Waud noted.
“The banks that actually do those things well have up to 15 percentage point (ppt) higher customer advocacy or net promoter score than those that don't. So investments here can really move the dial on customer advocacy and tune in those customers for more products,” Jensen-Waud said. “They are more likely to recommend you to another one to another bank, and they also stay for longer than those that have a lower embedded Net Promoter Score.”
Back to the foundations
With fraud activities increasingly becoming sophisticated, banks are forced to play catchup–a reality that is more detrimental to financial firms when building up their anti-fraud systems, according to Lucose Eralil, head, enterprise technology and operations (ETO), Security Bank Philippines.
Eralil said that it will be impossible to stop fraud from increasingly becoming sophisticated.
“You can't stop that: the sophistication with which these players play, they keep evolving. You can put in controls, you can put in specific aspects and how you actually control the journey. But you'll be surprised how fast they adapt, how fast they kind of relate to it, and how fast they actually start doing work on it.”
Financial institutions should look back to their foundation and ensure that the anti-fraud settings they are adopting fit the core of their digital foundation, according to Eralil.
“As you keep evolving technology, what is very important is your design and your foundational elements in how you've set it up. Because [when you] plug and play, as you kind of keep swapping out new aspects of technology evolution that come in, if your foundational design is not capable enough to handle as changes come in, then what you have is you have potential breaches that can be exploited,” Eralil said.
“I do think that the most important aspect is to be able to ensure that as you think about implementation, it's about being able to map out all your journeys end-to-end. And what that does is that starts laying out how you set the foundation of your product, which is very, very important,” he later added, further emphasising the importance of a good foundation.
GBG’s Su has a similar back-to-the-core answer when it comes to combating fraud: although instead of the foundation of technologies, he emphasized the origination part of the process.
“So, ideally we'd like to stop it at the point of origination, to actually stop any of the bad activities from happening. But obviously, that's very difficult,” Su said.
For example, in buy now pay later, Su noted how it is hard for banks to distinguish between bad credit–those who cannot pay–and those who really do not have any intention to pay. What GBG does is to stop those with no intent to pay off them, they would put holistic protection around origination. But even then, you cannot stop all the bad actors.
This is where the ability to have all systems integrated becomes important to refine banks’ credit approval processes.
“Its [the] ability to feed all of these bad behaviours over time, and having the ability to re-assess the customer at any point in time, to give you that holistic protection when it comes to fraud prevention,” Su said.