More than 250 C-level and senior members from about 70 financial institutions around the world gathered in New York for the NICE Actimize Annual Client Forum on Oct. 12-13, where they discussed the evolution and prevention of financial crime, including employee fraud, cyber crime and compliance issues. Shawn Swartout, VP and security director at Spokane, Wash.-based Sterling Savings Bank (about $10 billion in assets) and Ben Knieff, director of product marketing for enterprise fraud prevention at security solutions provider NICE Actimize, took some time during the event to speak with Bank Systems & Technology about some of top fraud and security issues that have come up there.
BS&T: What are some of the key issues that you've seen emerge at the forum?
Shawn Swartout: One thing that's interesting and important to us is the impact on the end customer of a fraud scenario. It's difficult, clearly, as a consumer to experience fraud on your account. In many cases customers unknowingly have their computers infected, or sometimes it isn't their fault at all because it's a processor breach of some type.
While banks are not always able to prevent fraud from occurring, we clearly want to detect it and prevent it on the first attempted transaction. In some cases it may not be until the second or third transaction that it's actually detected and stopped. That's where your relationship management is so key. Once the fraud has occurred, the way you communicate to your client is just critical.
That's a consistent theme that I've heard here -- communication with your customer. While you may not be able to prevent fraud from occurring every single time, the one thing you do have control over is customer experience and trying to make it a positive one. If you treat them well after fraud has occurred then the retention rates will probably be higher.
Ben Knieff: I think that's probably one of the most important points. I've been going to fraud-focused and financial crimes-focused conferences for over 10 years now, and customer experience was never something that would come up in the past. Here, we've got a lot of people talking about what they're doing around customer experience and what they're doing to maintain those relationships. We had a really lively discussion today around how to manage aftercare because we know we're going to miss fraud sometimes, and sometimes false positives are going to happen.
Another theme I noticed from my end, looking across the various product lines and various folks, has been the continued need for financial crime professionals -- whether it's anti-money laundering, brokerage compliance or fraud management -- to have a strong partnership with the rest of the business. They need to know when new products are coming out, when new channels are being planned and to have a seat at the table very early in the process, not to say, 'No you shouldn't do that, it's too risky,' but to articulate what the risks may be, how they impact the business case, and what kind of controls that make sense to be talking about on day one of the planning process. That has been a really key component in the discussions here as well.
BS&T: Do you either of you have any best practices managing security-related communication and customer experience that you'd like to share?
Swartout: The first thing that came to my mind was giving a single point of contact to a customer. We're a relationship-based bank -- it's very important to us. We're regionally based in the Northwest, and our branches have very close relationships with our customers. We want a single point of contact to provide updates and information to our customers. The last thing we want is to have them getting information from a variety of sources -- it really sends the wrong message. We want them to have a friendly, well-known representative from the bank to talk to them. Our responsibility within risk management and security is to keep that single point of contact apprised of all of the information and updates and make sure that they're educated and informed on the status of the investigation and those sorts of things.
That certainly doesn't suggest that we're not willing or able to talk to customers, because we actually do conduct fraud road shows, where we actually go on the road in partnership with computer security teams to provide fraud prevention best practices as well as information security best practices.
Many small business customers cannot afford to invest in their own technology departments. One of the things we recognize is helpful is getting out of the office and hosting breakfast for your customers. Fraud is something that can be difficult to discuss that early in the morning, but we've had great attendance and representation from our customer base. They want to know about the latest trends from an information security perspective, and what best practices they can implement to reduce their exposure to malware or even social engineering.
Knieff: That's a really interesting point. As an extension of that, I've heard from a number of organizations, particularly ones that have a strong community focus and send people out to meet with customers or host workshops in the community, ones that are building relationships and a strong communication channel. One of the interesting things throughout many of our discussions is that there are a whole bunch of other communication channels that, from a fraud management perspective, there's some good agreement that we're not leveraging as well as we could.
You look at the voice channel, making a phone call, and that has been around for a while now. But then there are all of these newer communication technologies -- think about what can you do with SMS since the open rate for SMS among consumers is massive. Then you look at some of the younger folks who are using things like Twitter and Facebook. How can these communication channels enable the end customer to be part of the fraud management process? How can we utilize different technical and social trends to engage people better and have every one of us be part of a fraud management process?