In 2017, 6.64 percent of consumers became victims of identity fraud, an increase of more than one million victims compared to the previous year, according to research from Javelin. This statistic highlights the growing number of threats that today’s account holders constantly face when it comes to security. Battling payments fraud, identity theft, account takeovers and email scams is no easy task and there is no silver bullet solution that will totally eliminate these threats. Instead, financial institutions must implement layered security measures that leverage different technologies to truly protect account holders and the Federal Financial Institutions Examination Council agrees.
However, many institutions worry that implementing additional layers of security measures into their existing online banking systems will inconvenience account holders. In reality, the financial institutions that enact layered security controls and actively enlist their account holders’ participation in preventing online banking fraud will reap several valuable benefits, including:
Reduced Operating Expenses
The FFIEC guidance advises financial institutions to implement layered security controls that include processes designed to detect anomalies and effectively respond to suspicious or anomalous activity. To achieve this in the most cost-effective manner, financial institutions must simplify and automate the fraud detection, response and dispute process and ultimately, shift the controls to their customers. This requires implementing technology that enables account holders to establish parameters for determining which transactions should be authorized, which allows institutions to monitor for anomalous payment activity.
When suspicious activity is detected that does not meet the specified parameters, layered controls like automated out-of-band alerts, one-time-passcodes or voice biometric authentication empower the customer to authorize or deny the validity of the transaction in the most efficient way possible. This eliminates labor-intensive, time-consuming processes like manually communicating suspicious activity to customers via phone calls and recorded messages, which often require additional back-office employees to manage.
The customer is the only one that can best determine if movement of funds is or is not fraudulent. After all, the customer is in possession of the valid payment information details for the companies or employees they pay and the customer knows who is authorized to debit their account. Contrary to a behavioral-based approach, financial institutions should consider deploying a detection and response strategy that systematically monitors where a customer’s funds are going and who is trying to pull funds from their account, based on the customer’s instructions. After all, customers like control; isn’t that evident in the fact that, according to NACHA, most businesses still pay by check?
Stronger Customer Relationships
Oftentimes, financial institutions report that customer adoption of existing check positive pay and ACH debit filters is low. This is likely due to the arduous, multi-step processes that customers must complete to manage these services. For example, with traditional check positive pay services, the customer is generally required to submit a file to the financial institution each and every time checks are issued so the financial institution can match check numbers and payee name information to the face of the check when it’s presented for payment. Traditional ACH debit filters are also inflexible and labor-intensive to set up.
Instead, financial institutions must offer a process for screening and securing transactions, whether check, ACH or wire transfers, that is transparent, convenient and facilitates faster processing of the payment. Imagine if a customer was reviewing transactions and noticed an unfamiliar charge – an actionable online banking system with layered security controls would allow the customer to easily dispute the transaction at their convenience. These capabilities give your financial institution a competitive edge over the institutions still using the outdated methods mentioned earlier.
New Revenue Opportunities
Some customers are willing to use antiquated systems for fraud prevention and even pay for them, which suggests that by simplifying and automating the fraud detection, response and dispute process, financial institutions could tap into a new residual-recurring revenue stream. This is especially important as account holders’ expectations for both security and convenience continue rising. Online banking systems offer more feature functionalities than ever before, so offering a sub-standard fraud prevention solution will no longer cut it if your institution wants to grow its bottom line.
Customers prefer convenience and control, especially when it comes to their own finances and the financial institutions that deliver gain a new marketable opportunity. All financial institutions must address fraud and regulatory compliance, but how they address it will determine their legal liability, staffing requirements, customer perception and ultimately, the impact to their bottom line.
For more information, download our white paper, "FFIEC Guidelines: Layered Security - How Much is Enough?"