Fraud is big business. Well-funded, well-orchestrated, sophisticated fraud rings aggressively change tactics and invent new technologies to cash in on the unprotected assets awaiting plunder.
Every organization that provides individual service to its customers, employees, members or community is faced with the very real concern of gaining and keeping their users’ trust. Public awareness of phishing attacks, identity theft and online fraud makes informed users wary of disclosing personal information without strong assurance that their data is safe and that the entities with which they interact are what they claim to be.
The economics of doing business online are compelling. However, online fraud and identity theft continue to rise. Customers are increasingly aware of the potential risks associated with disclosing personal data, which is having a dampening effect on their willingness to transact online. Savvy organizations understand that they can’t sit idly by — they must aggressively fight the fraud and they must simultaneously educate and assure their customer base, providing visible, additional measures to insure and reassure their communities that transacting business online is safe.
Recent Aberdeen research has shown that those organizations that are getting the best results in both growing user confidence and reducing fraud have over the last 12 months been able to reduce the number of incidents of fraud and reduce financial loss attributable to fraud. Simultaneously, they were able to increase the number of user accounts, the number of online transactions and the number of online transactions per user.
Survey results show that the top performing firms enjoying Best-in-Class performance share several common characteristics:
- Ninety-two percent authenticate users at the creation of the account;
- Eighty-four percent use encryption; and
- Sixty-eight percent monitor transactions.
Preventing Fraud in Real Time
Although the No. 1 goal cited by Best-in-Class organizations is to increase or sustain account holder confidence, close on its heels is to protect account holder data. Indeed, these two strategies go hand in hand but require different initiatives and focus.
A significant advancement in thwarting fraud is being made by trying to identify the fraud while it’s taking place rather than after it’s happened. To this end, organizations are using varied technologies to provide data for real-time analysis and reporting. Organizations that use real-time reporting and analysis and avail themselves of the use of an antifraud directory are getting better results than those that don’t.
They are adding more layers of user authentication, geolocation, and device authentication to the arsenal of fraud defense. As fraud becomes more sophisticated, so must the defense. The more data that can be brought to bear without creating false positives that result in lost business, the better.
Organizations must not only protect their own account holders but also guard against the use of synthetic identities — identities created from pieces of legitimate criteria cobbled together for the express purpose of committing fraud.
Best-in-Class account providers are nearly 50 percent more likely to use real-time reporting of fraud than the Industry Average, 33 percent more likely to use geolocation services, and 20 percent more likely to use device authentication — all technologies aimed at stopping fraud in action.
To achieve Best-in-Class performance, companies must continuously educate themselves on both the new and different fraud threats and on the new and emerging security enablers. Best-in-Class companies are getting tangibly better results than Industry Average and Laggard organizations because, across the board, they are adopting stronger security solutions.
Here are some progressive steps to take to reduce fraud and bolster customer confidence:
- Implement initial authentication of account holders by deploying an authentication solution.
- Implement data masking, compliant with the Payment Card Industry Data Security Standard.
- Provide support for online transactions. Helping account holders through transactions helps boost confidence and complete transactions.
- Measure the number of incidents of fraud and the financial loss associated with each incident. Measure how many user accounts are active, how many transactions each generates, and the value of those transactions.
- Provide phone support for online transactions. Investing in phone support can help bolster account holder confidence and help deter fraud.
- Use an automated antifraud directory to eliminate transactions with entities already identified as fraudulent by other account providers.
- Move toward more real-time fraud analysis and the integration of elements such as geolocation and device authentication.
- Provide account holders with choices of additional security such as hardware tokens. It is important to offer solutions appropriate to the expectations and competencies of the account holder.
- Reward account holders for the adoption of stronger security mechanisms. This makes the transactions safer and actively engages account holders in the protection of their account and in turn contributes to building account holder confidence.
The increased sophistication and determination of contemporary fraudsters continues to up the ante with insidious pernicious attacks that keep account providers on the defensive. As organized gangs create synthetic identities, spoof location, and perpetrate massive automated attacks, account providers must be diligent in providing the best security possible: a moving target. Yesterday’s protection is simply not enough.
The complete report that identifies what Best-in-Class companies are doing to achieve their superior results as well as concrete steps to reduce fraud is available here.
Carol Baroudi is a research director in the security group at the Aberdeen Group. She can be reached at firstname.lastname@example.org.