To what extent are customizable alerts and transaction limits key steps in identity & financial fraud mitigation?
Customizable alerts and transaction limits — in principle — allow the customer and Financial Services organizations collaborate in identifying fraud quickly. Choice and collaboration are good things, aren’t they?
To what extent does the availability of customizable identity & financial fraud alerts reduce identity & financial fraud?
Javelin Strategy & Research asserts that “institutions providing the broadest spectrum of account-related alerts can decrease fraud losses and empower consumers to make proactive choices to reduce their risk. These detection alerts act as an added layer of security, shedding light on account behaviors that may pass undetected through back-end risk assessment.” [page 10]
Even without strong evidence, it is easy to take this assertion at face value.
The Identity Ecosystem Steering Group (IDESG) Trust Framework-Trustmark (TFTM) Committee is currently working through the development of technical component alignment with NSTIC guiding principles (“TFTM Deliverable 01-05 Working Group“.
They weigh in on this topic by offering (in several ways) principles & technical guidance that seems to direct Financial Services enterprises to ‘architect technical infrastructure for breach/fraud (trust violations) identification, notification, and restoration.’ [My apologies to the IESG if I have mischaracterized their good work]
In that context, architecting, designing, and implementing a collection of account-related alerts for business effectiveness is a critical success factor. This work will require clearly and relatively comprehensively documenting performance & service specifications from business, operational, and in technical perspectives.
Each customer suspicious activity or breach report has a financial impact — and profits & shareholder value still matter. Taking on any new program of customer-driven customizable alerts and transaction limits requires sound business decision-making along with sensitive and creative technical & process architecture & implementation. Specific measure & goal requirements must remain front-of-mind through this process.
The specific options that organizations offer customers and the way each of those options works in practice will determine whether they enhance customer trust, strengthen your organization’s relationship with engaged customers, save money, enhance compliance, or whether they result in something like their reverse. Given the diversity of our systems, there is no clear and easy path to success. These are hard problems today and will remain so as the threat environment and our business obligations continue to rapidly evolve.
Responding to suspicious activity or breach reports requires investments in automation, data analysis, automation, engaging specialists, and follow-up interaction(s) with the reporting customers. These can easily involve material expenses, and the follow-up interactions with reporting customers often require specialized skill-sets and capabilities. It is not yet clear how to judge the customer retention and economic value that will result from any given set of account-related alerts. Excellence in breach notification follow-up may, or may not result in materially-positive outcomes for Financial Services enterprises. It is much more clear that every time a Financial Services organization interacts with a customer who believes fraud has occurred on their account, there is elevated risk of a materially-negative outcome. Getting this interaction right must be a core competency of Financial Services fraud and security organizations.
It is likely that customers expect some amount of user-centric ‘alerting’ from all Financial Services organizations because so many major banks have implemented more or less sophisticated account and transaction-related limits and alerting. All of us, but especially non-bank Financial Services organizations have serious challenges ahead in our attempts to deal effectively with identity and financial fraud mitigation.
“2013 BANKING IDENTITY SAFETY SCORECARD: Changing Tactics in the Face of Growing Account Takeover and New Account Fraud” By Javelin Strategy & Research; [page 10]
The Identity Ecosystem Steering Group (IDESG)
IDESG Trust Framework-Trustmark (TFTM) Committee
National Strategy for Trusted Identities in Cyberspace (NSTIC) › NSTIC Goals and Objectives
NSTIC guiding principles
“TFTM Deliverable 01-05 Working Group”