A customer centric approach to security
As payments continue to innovate, so do the methods fraudsters utilize to exploit vulnerabilities. For example, according to the 2015 Association for Financial Professionals Payments Fraud and Control Survey, 62% of companies were targets of payments fraud in 2014. These prolific attacks have combined with the following trends to force banks to take a serious look at the security and protection measures currently in place:
- Rapid innovation in the payments space evidenced by the advent of mobile payment solutions such as Apple Pay, Google’s Android Pay, Samsung’s Loop Pay, and CurrentC;
- Increasing ingenuity and organized nature of fraudsters and criminals as seen in the recent coordinated global attacks such as the recent attack identified by Kaspersky Lab;
- Insufficient security at merchants and other payment processors, which can result in widespread data breaches similar to those at Target, Best Buy, Home Depot, and many others.
To retain loyal customers and gain new ones, banks should get ahead of the curve when it comes to security. Customers, after all, want to see a proactive solution, rather than watching their institutions react to security breaches after the fact. Here are some steps banks can take to better protect their customers’ data:
Advanced analytics and big data. Financial institutions are establishing centralized big data repositories, also known as “data lakes.” And, to make sense of the information collected in these data lakes, they need to quickly deploy the necessary advanced analytical tools on the data to detect usage patterns, behaviors, and trends in customer spend, such as a credit card company alerting a customer when an unusually large purchase is made or if a purchase is made from a different country. Fraud typically occurs during times of high transaction traffic so it is important for financial institutions to pay close attention to these trends and patterns.
Cast a wider net. Taking a page from the playbook of their marketing departments, institutions need to bring in external sources of information. They must look outward and bring in data such as population demographics, mobile service provider data, social network data, and merge it with their customer data to look for and identify patterns and behaviors they may have been missing. They need to fine-tune these patterns and behaviors in segments defined by characteristics such as geography (location), demographics (income status), psychographics (social class, lifestyle, personality) and behavioral (user status, loyalty status, usage rates).
For example, by analyzing data such as dates, holidays and zip codes, banks can determine if someone is spending an unusually large amount of money in a time period that doesn’t offer a realistic justification, such as an off holiday season. Detecting historical behavior of a customer, compared to the general population, using big data and analytics tools is key for institutions to not only identify these patterns, but to gain insight from them to prevent fraud. All of this information exists within financial institutions and historically has been used to drive business growth. But, the same information can be equally effective in fraud detection.
So how can financial institutions gather this data to protect their customers? Ultimately, they need to bring in the chronically-missing piece in the defense against crooks, fraudsters, imposters, and criminals – the customers themselves. Banks should provide the necessary tools and apps for customers to understand and vigilantly watch for their own fraud protection and security.
Self-service models enable customers to determine whom they consider to be trusted merchants, their spending limits and patterns. This information, specific to each individual customer, enables financial institutions to automatically tune the fraud detection models to that customer – preventing a declined credit card during a difficult time or alerting the customer when an unauthorized purchase is made. It is also important to provide customers with real-time access to their accounts and the security system. If a particular transaction has been rejected but is legitimate, he or she should be able to provide additional identifying information to clear the transaction. This will not only increase the security – because no one knows the customer better than himself – but also dramatically improves customer satisfaction.
The best form of security is the one you don’t see but know is there. Beyond that, the best way to ensure customers feel their data is secure is for financial institutions to transition to a more customer-centric approach to security.