In this financial crime webinar, learn how mobile telephony can prevent fraud.
----------------- TRANSCRIPTION ----------------
Good morning to this second in the series of webinars, organized by ACI. The title of today's session is "How Mobile Telephony Can Prevent Fraud", and specifically,with we're looking also at the difference between using text message as a fraud prevention solution versus voice type solutions like IVR.
My name's Gerard Vos. I run Spectrum Messaging Services Proprietary Limited which is a company focusing on interactive SMS and mobile browsing, mobile banking, mobile payment solutions.
One of the areas that we look at on how fraud can [inaudible 00:45] is first to scene the scene on what are the numbers in the industry. So if we look at the theory then we seeing that there are 7 billion people currently in the world, and out of those 7 billion people there are 5 billion mobile phones. A mobile phone seems a very logical way to get in contact people as they normally leave with their wallet and their mobile phone.
In contrast, there are about 1.2 billion PCs in the world. So there is definitely a very high penetration ratio, and in most countries, virtually a one-on-one ratio between the number of mobile phones and the number of people and card holders.
What we've also seen is a trend is that in the first quarter of this year, for the first time the smartphone and tablet shipments exceeded the number of PC shipments. So especially the advance of social media has definitely created a shift in consumer behavior that many people shift to smartphones with browsers and are expecting to be contacted very much through their mobile phone.
If we now look at what's been happening in the industry for a fair bit, and at the IVR side, we see that it's generally widely disliked. Many people do not like to have to answer a call, interact with a computer not at their request. And basically it takes a lot of their time too, and it's also not a validated call. You don't really know who's calling you.
The fraud impact is debatable, and in many cases, it's also used to perpetrate fraud by basically starting a call and asking the cardholder to enter their card data.
On the SMS side, it's unobtrusive and fast. You can have your phone on silent. You can still quickly look at the messages coming in and if it requires no action you delete the message. It's a very convenient way of contacting your cardholder and for the cardholder.
It's also an easy tool to use in case of mass compromise. You can script in the PRM system that all cardholders that have, for instance, been at the site that was compromised that they receive a higher level of alerts for a certain period for transactions that are deemed associated with that compromise.
You can also send people a text message to warn them to be vigilant with their transactions for a certain period after a breach, which is a lot quicker than trying to call 20,000 people or re-issue 20,000 cards. It's also very cost-effective. Sending a text message's generally a lot less expensive than making a phone call from a call center or making phone contact in another way.
Finally, if you allow the consumer to select their own preferences and to say "Send me an alert when it's an ATM transaction over 200 Euros, for any foreign transaction or for a card not present transaction" then generally they are prepared to pay for it and there are many examples in the world where banks have been able to generate a revenue stream as well as reduce their fraud.
Finally, it's proven to reduce fraud, as we will later show in the case study. In the areas where it has been implemented, it has really significantly reduced to fraud to one of the lowest values in the world. SUBSCRIBE
Jasbir Anand discusses how some of the current weaknesses in payment systems are exploited by fraudsters, and why institutions need an Enterprise Fraud Management strategy.
The more sophisticated customers have started to almost do the reverse of what a fraud rule does. In the past, people would write conditions to try and recognize fraud. So, this is a high risk purchase, in a high risk country. Our most effective customers have started to almost write rules for the opposite of that, which is to try and recognize good behavior. So, identify customers that travel frequently. Identify customers that usually have high risk purchases, and filter those customer transactions out, again in an effort to reduce the overall false positive rate.
I think, with the implementation of chip and PIN technology now, there's going to be a greater requirement to start to decision higher risk transactions while still allowing customers to transact. And, as many examples of really effective strategies that our customers have deployed. For example, they can start to leverage location-based information from an online transaction. Compare that to a credit card or debit card transaction. And, identify if the probability of that customer being in those locations is even viable.
So, the flexibility of the solution allows you to implement rules and conditions that are not limited to the analytics that are delivered with the solution, but in fact allow our customers to be ingenious and create new and effective strategies to stop fraud and mitigate risk, while still keeping the customer as the central focus. Yes. What it means is that you are actually making decisions for that customer based on all of their transactions across all the channels as opposed to simply looking at their behavior across the debit card channel or the credit card channel or online channel, independently.
So, that's a step towards an enterprise fraud decision solution that allows you to, not only recognize the behaviors of the customer across the channels, but then also identify anomalous transactions very effectively, by realizing if the behavior is simply a movement across one channel, or is a net new transaction. So, for example, a customer pays their bills at the branch, and then starts to use online banking. If you only looked at it from the perspective of online banking, it would look like net new high risk behavior. But, understanding that it's normal behavior that's transitioned from the branch to the online channel, allows us to identify it as normal customer behavior and prevent false positives from being created.
Mobile banking is a new transaction channel. If the customer has ? in place, he can leverage that same solution, add the mobile banking transactions to the solution and start to protect that channel from fraud. ACI Analytics are behavior-based analytics, that store information forever. We store information in something called the profile. A profile is simply a statistical representation of behavior. So, for example, the average amount taken out in an ATM could be a profile-based variable. We can store that variable over a month, a week, or a year, and use that variable to compare against the current transaction.
Now, maintaining behavior-based profiles allows us to quickly identify transactions that are anomalous to profiles. A rule, for example may say, if the transaction amount is $500 and this is the first time that you've used an ATM, that's high risk. A profile variable would compare that high risk transaction to known past behaviors. So, if this customer has a propensity of normally taking out $500 at new ATMs, it's not as high risk as if a customer always uses the same ATMs and generally only takes out $200. So, by comparing via a combination of both rules and behavior-based analytics, we provide the best of both worlds or the best capability to really focus in and zero in on the transactions that are most suspicious.
The secure business line is releasing capability solutions. Capability solutions are really a combination of products that are geared towards solving a particular business problem. So, for example, in the wholesale environment right now, there's a fear of men-in-the-browser type attacks, where there's actual, physical code that resides inside the browser that enacts after a customer authenticates. That code has the potential to execute transactions even after a customer's authenticated, bypassing the effectiveness of authentication. So, we've created a capability solution specific for wholesale transactions, that combines both an approach for dashboarding and management of the operations team and rules, as well as an interoperability between our online banking platform, Enterprise Banker, and ACI PRM, which is our secure, fraud prevention product.
Uploaded 1 Play0 Likes0 Comments
In this webinar, Michael Grillo of ACI discusses how companies can improve customer service and fraud operation by using mobile alerting.
Have you ever wondered what layered rules really were and how they could help your financial institution catch more fraud and prevent you from chasing legitimate transactions?
Join ACI's Russ Mandel as he leads us through an educational session to learn how layered rules can positively enhance your use of Proactive Risk Manager and minimize customer impact. You will learn a new way to work with smarter rules and protect your financial institution in your efforts to fight fraud.
Russ Mandel is a Principal Solution Architect with ACI Worldwide. Russ has 25 years in payments and fraud prevention experience and specializes in implementations and solution consulting engagements.