Society is fast becoming digital first, and mobile banking adoption is increasing year on year. This transition is bringing in a new set of challenges, especially when it comes to identification. Customer expectations are shifting. They expect tailored, personalized experiences and are willing to abandon transactions if those expectations aren’t being met. Then there’s technology, which is bringing a whole host of new opportunities for fraudsters, such as those that malware and bots present. Not to mention the fact that the more traditional authentication mechanisms are proving to be of a low fidelity – leading to increased attack vectors. When it comes to identity, organizations have more to consider than ever before.
This progression has seen identification move beyond fraud and security departments being the primary gatekeepers. With compliance, risk and customer experience teams now having a vested interest and each working to their own goals and objectives, divisions and compromises are becoming commonplace. The trouble is, such a siloed view of fraud creates weak points and inconsistencies within multi-channel user journeys, particularly as functions look to anti-fraud or authentication solutions that focus on solving unique channel or departmental problems.
Below we take a look at some of the impacts (and compromises) this siloed approach to identification can have across four key business functions. And why it might not necessarily be organizational structures alone that are at fault.
As technology evolves, so does fraud, making it harder than ever to combat. From an ever-increasing array of attack vectors such as the recent SS7 vulnerabilities, to technologies bolstering more traditional tactics like social engineering. Fraud prevention has never needed to be higher on the agenda for most organizations.
Whether it’s introducing additional authentication steps or driving users to more robust authenticators, the solution tends to be Fort Knox style security methods. Often sacrificing the user’s interests for added risk assurance. Whilst this seems to be the ideal solution from a fraud and security perspective, it’s the customer experience teams that have to find a compromise - foregoing personalized and tailored user journeys for blanket authentication actions. This often slows down response times, adding unnecessary friction to customer journeys. Initially this may seem logical, until the Net Promoter Score starts to drop, and customers start to move over to competitors in the quest for less obtrusive customer journeys.
Merely putting tougher security in place won’t work. User’s don’t want to experience unnecessary friction when logging into their account to check the balance – particularly when a blanket approach is used, as not all customers will be able to use your preferred authenticator. Apply this across your entire customer base and the increase in abandoned transactions and lost customers might not be offset by the money saved from fraud losses.
Forcing users down the same journeys can lead to large sections of the customer base becoming isolated. Not every person has access to the latest smartphone, the capability to use technology / authenticators in the same way, or to be culturally willing to share data such as biometrics. Employing solutions for the average person leads to everyone being underserved to a greater or lesser extent, and this can lead to lost revenue.
With ‘old-fashioned’ customer loyalty dwindling as customers are more willing than ever to switch brands in the search for the best experience, it’s no wonder organizations are prioritizing user experience. The trouble is, it can be easy to loose sight of other priorities.
Whether it’s streamlining onboarding journeys, eliminating abandoned transactions or simply reducing transaction times, it’s security that tends to be forfeited in order to improve customer’s lives. With such an imbalance it becomes even easier for fraudsters to ‘game’ the system. A simple reduction in SMS one-time-passcode (OTP) requests might help take out some of the friction in the user journey, bringing fewer abandoned transactions. The flipside is that the fraudster now has one less barrier to get through.
In some cases, it may be that the fraud costs are offset by the reduction is SMS fees. But again, this is another compromise (by both the fraud and security teams) and such a model isn’t sustainable in the long run. Not all costs can necessarily be offset, and with the reputational damage that can come from an increase in fraudulent activity, customer retention isn’t likely to increase…
Put simply, having a short-term, bottom line focus can damage both fraud rates and user experience. Neither of these are quick win solutions and take time, investment and collaboration to get right.
Being cost conscious is vital to remain profitable, particularly with low margins in a highly competitive market. However, in a siloed organization, with single focus solutions bought with a mandate to resolve immediate channel or functional need, this capability over applicability approach to the buying process isn’t sustainable. Not only can single focus solutions directly impact other business functions, who need to integrate with them or adapt existing processes / journeys. They can significantly impact fraud rates, potentially delivering conflicting risk strategies leading to inconsistencies or weak points within journeys that fraudsters can exploit. The greatest cost savings an organization can make is purchasing solutions that consider the varying needs from across the business, ensuring all requirements are met.
Often, when low-cost, quick win solutions are considered over wider business needs, it’s the customers that tend to take the brunt as they are driven down conflicting or circular journeys.
This all falls down to capability vs applicability – with the latter overlooked. A short-term fix, whether it’s a new authenticator or anti-fraud solution will likely save immediate costs. But when the applicability of a solution across the entire organization is considered, multiple business needs are solved and significant cost savings can be made. This situation couldn’t be more apparent when a low-cost approach meets new regulatory requirements.
Regulatory compliance tends to be a binary decision for most organizations (and rightly so). The risk of hefty fines and loss of reputation are too much to gamble on. Organizations tend to approach compliance by implementing solutions without considering the needs and implications across the rest of the business. Regulatory compliance is, after all, aimed at specific requirements.
The trouble is, conformance doesn’t necessarily mean a reduction in the issues the organizations may face. Regulations are purposefully broad and all-encompassing and don’t cater to individual scenarios or specific risk appetites. Whilst organizations must consider compliance as a minimum necessity, it’s how they choose to go beyond what’s required in order to fulfil their specific and unique objectives. Whether that’s reducing fraud or improving customer experience.
When it comes to regulation it’s important that organizations take a step back and consider the wider implications and what changes to processes or technology might have on wider business objectives.
The need for a holistic approach
The thing is, it’s not organizational decision making that’s at fault. As we’ve discussed there are significant and varied demands placed on them. Some of the blame should also lie with the vendors themselves, who typically offer single focus solutions, which can only add to this business imbalance.
Typical fraud solutions only detect fraudulent activity and aren’t designed to identify the user, and one vendor’s perception of fraudulent activity may not be the same as another. So how can we expect organizations to be able to tackle these challenges head-on if solutions in the market are only looking at single capabilities. Organizations need a vendor that offers them the ability to adapt as their landscape evolves if they are to effectively meet the varying demands placed upon the business.
Before joining Callsign our engineering and design teams have spent a considerable amount of time in their earlier careers working within these industries, so they understand the challenges and complexities. This has ensured that we not only build for capability but applicability also, considering needs not just within fraud, but across user experience and compliance. We understand that priorities shift throughout the year. Whether it’s a known flaw in a device, reducing operational costs or improving the NPS score, the organization needs to be able to adapt accordingly. This holistic approach to product development means unnecessary costs can be avoided, whilst the needs of the entire business can be met.