News & Commentary

10:59 AM
Jonathan Camhi
Jonathan Camhi
Commentary
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Getting the Customer Involved in Fraud Prevention

Banks need to get their customers actively involved in their fraud prevention efforts as customers may be willing to switch institutions if they feel left in the dark about those efforts.

Fraud prevention has emerged as one of the leading uses for data analysis among banks, with more banks interested in big data initiatives to protect against fraud than any other area of use, according to aMicrosoft survey from this past April. An Infosys consumer survey released last week also found that 87% bank customers now expect their institutions to mine their personal data to protect them from fraudsters.

A third of the customers in the Infosys survey also said that they didn’t believe that their bank had a process for dealing with fraudulent transactions, indicating that customers don’t know enough about their banks fraud prevention efforts. Customers want to know how their bank is protecting them and communicating with them through alerts can help fulfill that need.

[See Related: How Fraud Rings Evade Detection And What Banks Can Do To Stop Them]

Using predictive analytics to protect against fraud can help banks get their customers involved in their fraud prevention efforts by training models built on customer behavior to find suspicious transactions, says Jeroen Dekker, a product manager for risk management solutions at Fiserv.

Previously banks relied on set rules and limits for authorizing transactions, and it wasn’t hard for fraudsters to figure out that a bank would review any transaction above a certain amount, Dekker points out. Utilizing data driven models and predictive analytics allows banks to find suspicious transactions based on the customer’s purchasing patterns rather than pre-determined rules. This makes it harder for the fraudsters to know which transactions the bank is going to zero in on, and it allows the bank to then follow up with the customer if need be to get additional authorization for a suspicious transaction.

“Instead of making a black and white binary decision [whether to complete a transaction] banks now have a gray area [where they might not be sure if the transaction is legitimate]. You can then challenge the transaction and, increasingly, screens can prompt the customer for extra information for authentication,” Dekker says. “The customers knows the bank is looking after them and it allows the bank to add extra security with a light touch.”

Banks need to let customers know that they are looking over their shoulder to protect them, and prompting the customer to enter the answer to a security question or PIN number can do so without turning off the customer. Fraud prevention could become a competitive advantage for institutions moving forward, as Infosys’ survey found that 83% of the respondents said they would switch banks if they were offered assurances regarding the safety of their money and data. Fighting fraud isn’t enough anymore for banks; the customer needs to know what the bank is doing to fight fraud and be involved in that process.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
7/2/2013 | 9:17:10 PM
re: Getting the Customer Involved in Fraud Prevention
A lot of the big institutions are already ahead of the game on this but many smaller banks haven't been able to invest in the infrastructure and staff to support a data and analytics approach to fraud prevention.
The issue you bring up about card issuers not being able to control what goes on at the merchant's end is a good point. It'll be interesting to see what happens with the EMV deadlines approaching, and the responsibility moves from the issuer to the merchant if the merchant doesn't adopt EMV. The merchants are going to have to either pony up for the hardware upgrade or take over the fraud charges that the issuers have been responsible for.
Ann Employee
50%
50%
Ann Employee,
User Rank: Apprentice
7/2/2013 | 5:01:11 PM
re: Getting the Customer Involved in Fraud Prevention
This is old news. Card issuers have been doing this for years. I work in the industry and we use dozens of individual patterns to evaluate if a transaction is likely normal or fraud.

The point everyone is missing is that the cardholder has very little ability to protect themselves from most fraud because most of the time it's security breaches into poorly protected merchant systems that create the problem in the first place.

Merchants have a lot of liability protections to avoid chargebacks and losses from fraud. The irony here is the card issuer is usually the one that takes the losses for fraud, yet the card issuer has no control of the cardholder or the merchant's security practices.

Also, the card issuer does not control whether passwords or PINs are used to verify a cardholder. It is up to the merchant or the processing network if those controls are available or even turned on. Additionally, in order for any verification control to work, every card processor must be able to support it.

It's not as easy as it sounds to "just add security," which is why it takes years and years for standards to be created, software updated, and POS devices replaced to support new security standards.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.