Has the media been overly strident in pointing out the numerous threats to online security? "If you listen to the press, you would be under the impression that the sky is indeed falling, and that all hell is breaking loose, nobody's safe and it's not safe to go on the Internet," said Richard Parry, a Chicago-based SVP for consumer risk management at New York-based JPMorgan Chase (JPMC; $1.16 trillion in assets), speaking at an industry conference sponsored by Forrester Research (Cambridge, Mass.).
Parry offered a contrasting view to the common perception of the Internet as the Wild West of commerce. "The very vast majority of the fraud that we incur ... is greater in transactions that involve speaking to someone over the phone or having the culprit standing in front of you at the branch," explained Parry.
Although Internet fraud exists, it has a limited financial impact, with adequate methods to contain the damage from identity thieves, according to Parry. "Internet risk, in financial terms, is really quite modest," he said. "Ironically, it's probably the safest delivery channel that we have," he continued. "It enables us to see activity and behaviors in close to real time, rather than wait for batch cycles to clear."
Internet transactions have a built-in delay relative to other channels, such as the ATM, branch or the point of sale, Parry noted. The delay provides banks with an opportunity to detect behaviors indicative of fraud, he asserted. For example, if a customer appears to be sending money to a type of business with which he or she has never transacted before, the bank has an opportunity to call the customer to investigate.
However, rapid response to customer interactions requires access to real-time enterprise data, Parry stressed. "If it's not a real-time transaction data warehouse - if it's just a storage house - you're operating in batch, and you're not detecting anything," he said.
Other customer channels also could benefit from this approach. "Nothing that we do on the Internet is anything that we shouldn't be doing at the ATM and at the branch," said Parry. "Centralized, real-time, transaction-level data warehouses help you accomplish that."
Rather than an approach to security that attempts to foil every attempt to steal information, Parry instead advocates that banks focus on actual customer interactions, including non-financial interactions such as a change of address. "As the customers interact with the bank, you have a solution that may not prevent all fraud, but it will detect it most of the time," added Parry.
While it may not stop data breaches nor silence the press, a transaction-centered approach to fraud prevention may be enough to protect both customers and shareholders. "You have to manage risk on the assumption that all data is out there, because to not do that is simply irresponsible," said Parry.