Too Much Reliance on Customer Education?
Majority of Banks Say Customers are First to Catch Fraud2011 is expected to see a number of changes in the fraud-detection space, especially among U.S. banking institutions. That's a good thing. Some change is definitely needed.
I've spent the last several weeks talking with a number of industry experts about fraud and security expectations for the new year. The one overarching theme that keeps coming up? The United States lags the rest of the world when it comes to fraud detection, and that lag is catching up with us.
Information Security Media Group recently released results from its The Faces of Fraud Survey -- a survey we conducted in the fall. We asked bankers and others in the financial space to share their thoughts about fraud, detection tools and investments they plan to make in fraud prevention and security over the next 12 months. Not surprisingly, most institutions said budgetary challenges have hindered investments in fraud prevention. But, going forward, they expect to make strides toward upping their security initiatives. The problem is that some of the expected investments are a bit misguided -- not aimed at targeting the root of most fraud.
Let's take a look at the current landscape. According to our survey, 77 percent of respondents said employee education is the most effective way to prevent fraud, and another 67 percent said customer/member awareness plays the most important role in the fraud fight. But how far can employee and customer or member education and awareness really go?
George Tubin, a fraud analyst with TowerGroup, says education has its boundaries. Simply put: "We have to do more," he says. "Employee education is absolutely necessary, but because of the sheer volume of transaction and the move to electronic transactions, we have to invest in more technology for fraud detection."
I agree. And here is the most striking, and frightening, revelation -- more than three quarters of our survey's respondents say they learn about "most" fraud incidents when customers or members notify them. Yet 43 percent (the third highest) say "lack of customer awareness" is their biggest challenge when it comes to fraud prevention. What's more, 63 percent (the highest) say they spent the last year investing more heavily in employee and customer/member fraud awareness, as a way to reduce vulnerabilities to fraud.
But the effectiveness of their education programs need improvement. Seventy percent of respondents said education and awareness for employees needed help, and other 68 percent said education efforts for commercial and consumer customers needed improvement.
Does there seem to be a disconnect somewhere, or is it just me?
"When is a fraud incident detected? 'When a customer notifies us.' I see that year after year, and it's pretty sad," says Avivah Litan, a distinguished analyst and vice president at Gartner. "It also tells me that there is a lot of fraud they are never detecting, and that a number of fake identities are probably getting through. It could be a fraudster who opens an account and takes out money. If they're relying so much on customer notification, how would they know? If 76 percent say customers notify them of fraud, there's a lot that they are missing."
In a nutshell, fraud detection is getting short-changed, and Litan is not the only one who shared that view. Adam Dolby, who oversees online security and authentication systems for Gemalto North America, says current fraud-detection measures in the U.S. are in need of serious analysis. Continuing to rely on customer notification for fraud detection is not good for business. "This is more of a U.S.-centric mentality," Dolby says. "We see more authentication at the corporate and retail levels in Europe," where authentication solutions are more evolved and sophisticated.
Dolby says U.S. banking institutions are falling victim to what he calls the "CSI phenomenon."
"This is like trying to act against crime but starting with a dead body and investigating backward, rather than actually trying to stop people from getting whacked in the first place," he says.
So, what's the solution? Well, more investments in technology, from cross-channel integration to stronger authentication. Maybe we can learn a thing or two from our European banking brethren. Education, whether it involves the customer or member or the employee, does have a place in a fraud-detection and prevention plan. But it's definitely time for more investment in technology.