After three years as a satisfied user of an on-site antifraud solution, Marlborough, Mass.-based Digital Federal Credit Union (DCU) needed to reevaluate the relationship in early 2011 when the vendor announced its move to a SaaS-based delivery model. “Although we were happy with Guardian Analytics’ FraudMAP for our online banking presence, we needed to make a decision about moving the application to the cloud,” recalls David DeWitt, VP of risk management for DCU ($4 billion in assets). “If we thought the data contained in the application was too sensitive, or we weren’t comfortable with Guardian’s information security infrastructure, then we would move to evaluate vendors that offered in-house solutions.”
Once DeWitt was comfortable that Guardian monitors activity without storing sensitive information, he began in May 2011 due diligence on Guardian’s proposed software-as-a-service platform. “We did an in-depth review of Guardian’s information security surrounding its new SaaS environment, including an assessment of the SAS70 [Statement on Auditing Standards] of Guardian’s data center provider,” DeWitt explains. Additionally, DCU considered system performance. “We have 180,000 online users and, at the time, there were few high-volume customers for Guardian’s SaaS solution,” DeWitt notes.
Satisfied with the results of the evaluation, DCU inked a deal with Guardian, and from September 2011 to November 2011, the Mountain View, Calif.-based vendor prepared for the DCU transition from the in-house solution. “This included moving 15 months of online banking session history onto the platform,” DeWitt relates.
By mid-December testing of the new platform began. Beyond some minor tweaks, the biggest challenge was tuning the alert levels, according to DeWitt. “Because Guardian had upgraded their analytics, we were seeing many more high-risk alerts during testing than we were accustomed to,” he says.
“When we dug into it, we discovered there was too much weight being placed on certain criteria,” he continues. “Guardian quickly made adjustments to set the threshold for high-priority alerts to a level we felt would reduce the number of risky sessions requiring review without missing any fraud.”
Even Better Than Expected
After a smooth cut-over in early February 2012, the SaaS platform provided immediate benefits. “Our concerns around performance were alleviated as the new system was faster than before,” DeWitt reports. “Plus, we’re using fewer IT resources, allowing our IT staff to concentrate on other business-critical projects.”
Most important, fraud deterrence is improved. “With the enhancements to reporting capabilities, as well as detection analytics, we’re saving about 10 to 15 percent a day in staff time,” asserts DeWitt. “That’s significant for us because we can shift those resources to other critical functions.” Additionally, DCU uncovered an epidemic of compromised member machines. “Although no nefarious activity had yet occurred, a certain percentage of those would likely have led to fraud,” DeWitt says. “We locked the affected accounts and personally contacted account owners to educate them as well as help with cleaning their machines. Most of our members really appreciated our monitoring capabilities. They were reassured that we have multiple layers of security in place.”
Overall, DeWitt gives the FraudMAP SaaS migration high marks. “It was definitely smooth and non-disruptive, with a short learning curve,” he says. “The SaaS platform has many advantages, and Guardian has a lot of vision.”
DeWitt adds that DCU plans to adopt Guardian’s FraudMAP mobile module, replacing an in-house solution, and will leverage a cross-institution data-sharing capability that Guardian expects to publicly announce in late 2012. “Fraud isn’t institution-specific — if a criminal is committing fraud at one institution, they’ll also do it someplace else,” DeWitt points out. “By collaborating with other Guardian customers, we can block suspect activity even faster.”
CASE STUDY SNAPSHOT
Institution: Digital Federal Credit Union (DCU; Marlborough, Mass.)
Assets $4 billion.
Business Challenge: Replace existing in-house antifraud solution to ensure online and mobile banking security.
Solution: Guardian Analytics’ (Mountain View, Calif.) FraudMAP SaaS-enabled online banking anti-fraud solution.