By Sarah Rutherford, Senior Director Portfolio Marketing, Global, Fraud and Compliance, FICO on the need to bring biometric data together to carry out fraud checks
In the last few years, there has been a steady rise in banks requesting data from consumers. What began as passwords, addresses, and phone numbers turned to fingerprints, iris scans, and behavioral biometrics. For the average customer, banks will have a data-rich understanding of their finances and how they are accessed. But that presents a huge problem as banking security should not be built on averages.
Banks have good reason for requesting all this information. A total of over £730m was stolen through Unauthorized fraud last year. Principally, where a fraudster takes over an account and transfers money or uses stolen card details to make purchases.
At the heart of prevention is ensuring that the person using the card or payment mechanism is the legitimate account holder. For that fraud teams will routinely ask if they have the right amount of data, including biometrics, to do the job. Too little and they frustrate customers who can’t be verified and too much and the bank has to deal with an excessive amount of personal data they must keep secure. They should really question how they make use of the solutions they have to ensure the correct decisions are made. This elevates financial security above and beyond biometrics and single point solutions, which can miss the bigger picture.
Collecting consumer data, biometrics for example, is a necessary step in financial security but by no means the end of the journey. Cycling consumers through checks can cause friction in the process and there’s always a danger this will turn them away. With regulation such as PSD2, and industry moves such as the drive for 3D Secure 2, decisions about the frequency and to a certain extent the methods of authentication have been taken out of the hands of the banks and card issuers. This provides a challenge and an opportunity. Clearly there is much work to do to get it right and ensure that your bank isn’t the one people are choosing to abandon.
This is all tied into personalization and providing the customer with the right level of friction. For example, if banks know from the data they have about a customer that they are likely to be who they say they are, why would you put unnecessary barriers in their way? Similarly, why would you automatically invoke a biometric that costs money on every single customer when it’s not always needed?
These questions are important to answer and must be followed by further consideration of a customer’s preferences. Do they want a one-time passcode sent through text, WhatsApp or pushed to the app on their phone? Are they even able to provide biometric data? Not everyone has a fingerprint.
There are also actions happening in the background in terms of how many obstacles banks put in the way of someone. Consumers might not even know there is a personalization process happening behind the scenes. A completely frictionless journey would unsettle the consumer and provoke them to consider whether their account is secure when it takes such little effort for them to use it.
What does the data say?
FICO’s latest survey of 1,000 UK consumers into preferences around fraud shows a need for banks to strike a balance between identity checks and a smooth customer journey. It will not take much disruption for consumers to switch providers, with 35 percent saying they would do so if a legitimate online transaction was blocked three or four times.
One of the biggest irritations UK consumers have with banking security is when they are cycled through different forms of authentication, with 21 percent stating this as a concern. Consumers are also irritated when their cards are blocked for legitimate purchases (19 percent); when they never receive messages about fraud and have to call the bank to resolve an issue (7 percent); or when their time is wasted by delayed fraud messages (8 percent).
Banks walk a tightrope to protect consumers’ funds but also keep them engaged with the security checks that take place along the customer journey. To mitigate any losses on either side, banks must ensure their fraud systems are up to speed and reduce false positives, so they don’t delay a legitimate consumer’s purchase. Consumers expect instant results when purchasing and safety measures must be streamlined, direct, and effective.
The key message is, it’s not one size fits all. Not everyone is comfortable with biometrics and not everyone is happy with using WhatsApp for one-time codes. This is a nuanced, complicated scenario and to simply feed everyone through the same process will turn away customers, potentially give worse results and probably cost more in the long run.
The answer is an overarching system that orchestrates the use of customer identity verification be that biometric, behavioral, knowledge- based or possession factors. Deploying the correct checks to the account and transaction and creating the right level of friction in the journey. These systems will not only help with approaches to customers with different preferences, but also provide banks with a means of switching providers if they need to. With all their biometric solutions organized under one system, banks could swap one for another without losing out on a crucial piece of data.
Orchestrating the data
Banks have a long list of possibilities for carrying out identity checks. They can ask for fingerprints, facial scans, passwords, and PIN numbers but how should they go about these checks? What are the parameters that govern their approach and how are they implemented?
- To make good decisions they need to get the right data to the decision every time and they need to streamline the process as much as possible. Not every transaction is the same and all customers vary in their willingness and ability to engage with different methods of identity checking. Added to that is the complexity of managing the regulation and scheme rules as well as the banks own risk appetite and the need to contain costs. It goes without saying it takes a great deal of orchestration to do this effectively and that is why a centralized approach is needed. The benefits of managing identity verification through a single platform include: Make the right decisions on the identity checking deployed, based on the most important parameters be that customer preferences, level of risk, cost of verification or anything else, use the data and intelligence you have about the customer and transaction to drive the decision about which solutions are deployed.
- Unify the data from your various identity proofing solutions into a single decision point that gives appropriate weight and balance to all the information they provide to remove contradictory indicators from different systems.
- Remove the ties that bind you to individual point solutions. There are great options for identity proofing and new and exciting options arrive all the time. But making any one of them the basis for decisions, ties you to that provider. Using an open platform with easy to establish API connectors means that you can keep decision making in your control while you add and remove data providers as you see fit.