Mobile banking is exploding in popularity, but so is fraud. Banks need to protect their customers, but outdated technologies and manual processes are making it increasingly difficult. This post explores the benefits and perils of moving to more modern fraud protection systems.
Fraud is on the rise, and criminals have mobile banking in their sights. In 2016 alone, U.S. banks stopped nearly $17 billion in fraudulent transactions, but still faced $2.2 billion in fraud losses. While mobile and online banking have made it easier for customers to interact with banks, they've also opened the floodgates for attackers and thieves. If banks want to compete in the digital age, they need to offer convenience to customers without inviting fraudsters.
But balancing convenience and security is becoming increasingly difficult. According to the 2018 Global Fraud and Identity Report from Experian, 80% of consumers trust banks to protect their personal information. Not only are banks often on the hook for fraudulent charges, they also need to take into account compliance with guidelines such as GDPR and PSD2, which impose even stricter demands on securing customer data.
Traditional Fraud Protection Tools are Problematic
While existing fraud protection systems work, they're often costly, labor intensive, and inefficient. According to the Cybersource 2017 Online Fraud Benchmark Report, 79% of North American businesses conduct manual reviews of orders. However, this only accounts for 25% of all orders, and of those orders only 11% of were denied. This may seem like a low rate, but consider that in 2016, 35% of all orders rejected by large retailers turned out to be legitimate.
Automated detection tools have removed much of the costs and labor of fraud detection, but they aren't without their issues and still are resource intensive. Like manual reviews, many modern automated review processes only conduct a single screening of orders and mobile banking sessions. This presents only a single hurdle for fraudsters to overcome in order to avoid detection.
Modern Tools Have Unexpected Consequences
While the shift to automation has made fraud detection somewhat more efficient, it hasn't been without its problems. Banks face increasing costs from two factors in particular: false positives, and transaction abandonment.
High False Positive Rates
False positives are legitimate transactions mistakenly identified as fraudulent. Banks commonly use transaction monitoring systems to scan accounts for suspicious behaviors based on a set of rules. If an account violates these rules, it's flagged for review. However, over 95% of these are identified as false positives, and only around 2% are ever reported as genuine suspicious activity.
Users are Abandoning Transactions
Transaction abandonment occurs when a customer begins a transaction but fails to complete it. This can be due to a variety of reasons, but for many customers it's a direct result of the fraud prevention process. 42% of millennials say they would conduct more online transactions if there weren't so many security hurdles, compared to 30% age 35 and older. In terms of mobile banking, the leading abandonment causes include customers forgetting their account credentials, finding the process too complicated or time consuming, or difficulty using the interface.
Businesses recognize the need to balance good security with good user experience. 75% want to provide advanced authentication and security without significantly impacting the customer experience. That means implementing automated solutions that can verify customer transactions without requiring constant input from the user.
A Delicate Balance
False positives and abandoned transactions are unfortunate consequences of fraud prevention systems, accounting for billions of dollars in lost revenue. While they cannot be completely eliminated, banks can choose fraud detection solutions that reduce the probability of false positives seamlessly without driving customers away from transactions.
To solve this problem, banks are turning to behavioral biometrics-based continuous authentication. By identifying users based on their unique behavioral characteristics, users can be authenticated continuously making it virtually impossible for fraudsters to imitate them. We'll explore continuous authentication and how it can shed light on the dark side of fraud protection in a later post.