Protecting the Customer

Fighting Bank Fraud in a New Environment

Changing customer demographics, expansion of banks into new markets, and the adoption of new technologies and channels present new challenges in fraud protection. Rapid technological and social changes alter the relationship between banks and their customers in a way that creates new opportunities for fraudsters. In addition, customers expect to be protected from fraud, but also want anti-fraud tools to look at them holistically, assessing the fraud risk of transactions based on their individual profile. Faced with a rapidly changing marketplace, new fraud threats and evolving customer expectations, banks may wish to re-focus and enhance their approaches to fraud management and prevention. Technology, analytics and customer-service capabilities are likely to evolve and may be tailored to differing customer expectations and fraud threats across mature and emerging markets.

Technological and social change present new fraud prevention challenges

Changing customer demographics Populations are aging, creating a large group that has assets but is vulnerable to attack. In the U.S., seniors aged 60+ are 15% of the population, but make up circa 30% of fraud victims.1 Whilst some financial crime committed against the elderly is committed by strangers, this group can also be vulnerable to exploitation by relatives and caregivers. According to research by Age UK, 5 million elderly people believe they were targeted for fraud in 2010, and 2.5 million of those people were fraud victims.2 Age UKs research found that many victims are unlikely to tell anyone about it, and that there is still a feeling of embarrassment related to being scammed. Only 8% went to the police, 9% got advice from organizations such as the Citizens Advice Bureau, and 72% did not tell friends or family about it. The research also found that the most common type of scam people fell for was online fraud, with 34% of scams occurring via the internet.2 According to Alzheimers Disease International, the federation of Alzheimer associations from around the world, they estimate that there were 35.6 million people living with dementia worldwide in 2010 and that number will increase to 65.7 million by 2030 and 115.4 million by 2050,3 while data from the U.K. Alzheimers Society indicates that people suffering from dementia have lost as much as 100 million pounds to fraud in that country alone. The U.K. MetLife Study of Elder Financial Abuse (June 2011) found the annual financial loss by victims of such abuse is estimated to be at least $2.9 billion dollars in 2009, a 12% increase from the prior year.4 As the numbers of people using family or other caregivers to help them manage their finances rises, banks may want to re-think their approach to how customers identify themselves (and validate their identities), as the customers team will require access to funds in this environment. To do this successfully, banks would have to look at each customer as an individual and, by extension, look at each individual transaction holistically.
3

Market expansion Banks expansion into emerging markets is likely to continue as they represent circa 50% of GDP and only 30% of the global consumer banking revenue pool. However, fraud management and prevention techniques in emerging markets are not fully mature and a rush to expand into these markets could lead to significant fraud losses. Limited availability of bureau, address and Know Your Customer (KYC) data in emerging markets pose specific problems for banks seeking to limit fraud losses. In addition, international cyber-criminals will be tempted to operate in markets where they feel fraud controls are less sophisticated and local criminals may migrate to bank fraud from other crimes. Rapid urbanization accelerates the trend toward increased fraud, putting criminals in closer proximity to each other and encouraging the sharing of information as well as the recruitment of allies and accomplices. Among the top 150 cities worldwide, 116 are in emerging markets. The volume of international payments traffic will also increase in line with growth in emerging markets, which makes it easier for perpetrators of fraud to conceal their activities. This creates the risk of volumes overwhelming existing (often manual) fraud controls. Large migrant communities may need transfer and payment systems to support the flow of remittances to home countries. Indeed, remittances sent home from migrant workers are estimated to be three times the flow of aid sent from rich countries to poorer countries. While much of this money is used for immediate family needs, there is a significant portion available for savings and investment and banks have targeted this market with new products and offerings. Adoption of new technologies and channels - Broad adoption of new technologies such as social media and mobile internet has created new channels for transfers and purchases, along with numerous new opportunities for fraud. Social networks can be used by fraudsters to secure customer

data, share methodologies and recruit new accomplices. Over 600 million individuals were on Facebook by early 2011, and nearly 3 billion consumers worldwide will be global 3G subscribers by 2014. New payment channels such as mobile phones create technical risks for the banking sector to manage. Remote banking access, presenting low personal risk, is attractive to criminals, and attacks on remote access points are likely to continue to grow in value, speed and sophistication. The opportunities to do so, will also grow as more people become comfortable with the digital environment and bank online; 62% of U.S. citizens, for example, said they preferred to bank online in a recent survey, including 57% of those over the age of 55.5 As the customer experience is transformed, banks should consider combining two previously distinct functionsIT Security and Fraud Managementto address the increasingly technical nature of fraud attacks. Our experience working with clients across geographies leads us to believe that direct channels to the consumer will see continued largescale attacks, with criminals sharing and even jointly developing new methodologies. Banks that are slow to adapt new protective measures may find themselves ruthlessly attacked. Customers typically prefer to interact with their bank through their chosen channel with simple and convenient on-boarding and ongoing identity and verification (ID&V) procedures. The growth of new markets and the proliferation of channels, means that banks must explore innovations in ID&V, including biometrics, to secure both themselves and their customers from new kinds of attack. For example, a U.S. company, is using geographic data from remote transactions to notify customers of possible fraud,6 and one global payment system firm has announced a new service that uses a mobile phones location in conjunction with where one of their issued credit card is being used to identify, in real-time, possible fraudulent transactions.7

Customers expectations continue to evolve

Accentures research in financial services indicates that customers expect a higher degree of individual attention, along with a more tailored service offering.
Customers want products that are quicker, faster and easier to use, delivered through the platforms of their choice and incorporating effective fraud prevention and detection measures. The customer expects to be protected from fraud, but also demands anti-fraud tools and techniques that can look at their profile holistically and assess the fraud risk of transactions in that context. Older consumers will look to their bank to enhance fraud controls and will expect their bank to take the lead in protecting them from fraud. At the same time, other groups of consumers will be looking to help shape their own fraud controls. Applications that enable customers to set withdrawal limits, identify countries to which they are likely to travel, and highlight stores in which they are likely to shop will be delivered through the customers platform of choice. Ultimately, customers could even provide banks with tracking information through their mobile devices to indicate their shopping and travel preferences. Well-publicized examples of fraud against the consumer will also cause customers to demand better protection from their banks.

Enhancing fraud prevention capabilities

Banks that can leverage advancements in technology and analytics to improve fraud prevention will reduce their fraud losses.
Those that can do this in a way that is acknowledged and valued by the customer may also improve customer trust and retention as a result. As for banks that use technology in a way that is considered cumbersome, or provide a service that is seen to be impersonal, they may damage their reputation and actually cause customer attrition.

Innovation
Customer self-service

Fraud prevention enhancement

Enhanced information provided by the customer

Impact on the customer

Fraud service simplification Less disruption by reducing level of false/positive interventions Quicker servicing Easier to do business with

Current

Workforce enablement

Streamlined workflow and case management Integration of AML/fraud operations and technology Increased efficiency of fraud management processes

Holistic customer analytics

Customer behavioral segmentation Multi-channel modeling Digital data mining Quick deployment of new fraud strategies

Fraud interventions are value add Less disruption by reducing level of false/positive interventions

Next generation cards

Card security monitoring Multi-functional with GPS and/ or biometric data

Easier to do business with

Pan-channel authentication

Biometrics for remote channels Use of covert measures such as GPS Voice and/or face authentication for face to face transactions

Removal of intrusive two-factor identification Easier to do business with

Internet digitization

Social media data mining Simulation on fraud for vulnerable customers

Improved customer protection

Next generation branch

Digital pen and paper with automatic signature verification Window/wall touch kiosks with face and/or voice recognition

Quicker servicing Non intrusive authentication My bank knows me

Future

Market Trends
The key trend being seen across the industry is integration and optimization of fraud management tools and capabilities.
Any failure to effectively manage fraud could result in significant losses for individual institutions and could undermine consumer confidence in specific products and/or channels. Customers will be watching closely and security will be a key factor in choosing a bank. Integration of IT security and fraud management capabilities to address the increasingly technical nature of fraud attacks, as well as the impact of innovations in the banking sector such as mobile applications and payments. Greater use of social network analysis and cyber data mining to identify the propensities of both new and existing customers to participate in fraudulent activities (using bank and 3rd party data to create insight about individuals and their behaviors at the customer level). Upgrades to international payment fraud controls. Consolidation of legacy systems, including cross-financial crime prevention toolkits. Strengthening of Fraud Control Framework for outsourcing contracts and offshored services. Increased industry co-ordination and improved fraud reporting. Development of pan-channel solutions for customer on-boarding and ongoing ID&V. Desire to move to global solutions to deal with fraud and anti-money laundering problems, to reduce the cost of financial crime prevention.

Making it happen What are the actions needed to transform fraud capabilities?
To optimize fraud capabilities in response to social and technological change, banks should progress the following actions. The details and order will vary depending on each banks level of maturity in managing fraud, but the steps will be broadly the same:
1) Assess Fraud Implications of Banks Strategy 2) Model Customer Demographics & Build Strategies 3) Develop Dynamic Analytical Models 4) Develop Pan-Channel Customer Authentication 5) Develop IT Strategy for Holistic Decisioning

1) Assess Fraud Implications of Banks Strategy

The fraud function has an opportunity to transform its role and status by thinking and acting more like a stakeholder in the business. This involves assessing the risk factors and their relative volatility, adopting a more commercial and customer-focused approach and using technology innovation to provide customer-centric solutions. Understanding the risks will enable capability or knowledge gaps to be identified and mitigating actions to be taken. Our research has found that the innovation agenda is central to banks strategic growth plans and therefore will open up new risks for banks in the areas of fraud management and IT security. Experience also shows that business units in many organizations elect for point solutions. When this occurs, there is a clear risk that a lack of coordination and integration will seriously undermine the effectiveness and efficiency of enterprise-wide fraud management.

fraud management into a competitive advantage by developing products and services that meet the needs of customers.

4) Develop Pan-Channel Customer Authentication

Customer on-boarding and ongoing authentication policy are no longer the preserves of the compliance function or of the individual channel owner. These are essential elements of the customers experience and therefore key to business growth and customer retention. The fraud management team, as trusted advisor, needs to work with the business to develop a pan-channel, customer-centric authentication strategy that provides consistency of customer experience and reduced cost for deployment while managing risk. The authentication strategy will shape the IT strategy, and the development of strategy should cover the following four key elements to optimize the business value derived: first, define authentication; second, develop the authentication solutions; third, mobilize the change, and fourth, communicate the strategy.

3) Develop Dynamic Analytical Models

Our experience is that banks have historically deployed anti-fraud and antiAML solutions without the appropriate capabilities for dynamic optimization. AML and fraud management must be highly responsive, as criminals are more sophisticated and increased processing power is available through cloud technologies. Organizations that fail to maintain and optimize their systems are likely to be targets for fraudsters. Typically, to optimize analytical models, banks need to interact more closely both with internal and external analytical resources and with software suppliers. Fraud teams need to be equipped with the skills and processes to manage this. Governance of models, analytics and rules changes is coming under increasing regulatory interest and therefore, as part of developing this capability, proper governance should also be established. In the past, fraud managers would have a hypothesis which they would test with analytics (often calling on credit risk resources to perform the analysis). Going forward, fraud managers will start with a business outcome or goal rather than a hypothesis. They will use analytics to gather historical data that will help them find the answer. They will then reuse analytics to create statistical or machine-learning models of the data to answer their question. This will create an increasing need to bring various data sources together, particularly if an organization has deployed a number of non-integrated point fraud solutions.

2) Model Customer Behaviors and Situations

Fraud solutions and offerings should be developed and refined to address the risks of individual customers or customer segments. Fraud interventions which impact the customers should be based on individual customer behavior and circumstance. This positions the fraud management function as an insightful guide to the business, enabling the design and implementation of robust fraud mitigation as part of the overall customer offering. For example, gaining a better understanding of current and future customer demographics provides the opportunity to predict future vulnerabilities thereby turning
7

5) Develop the IT Strategy for Holistic Decisioning

The first steprevising the IT strategy to incorporate Customer Authentication Strategy and Analytical Capability Requirementsis considered very important. Second, banks should consider what changes would need to be made to effect decisions based on a holistic overview of the many different aspects of a transaction, whether such aspects involve a customer, member of staff, retailer, device or anything else. Typically this approach incorporates an assessment of the As-Is and a definition of the To-Be state, with definition and strategy formulation followed by IT Roadmap development.

How can Accenture Help?

Accenture has developed an approach to transform fraud management capabilities and that employs four levers:
1) Fraud diagnostic to assess current state and design future blueprint; 2) Threat assessment to identify future risks and opportunities; 3) Analytics innovation; and 4) Optimization of fraud management processes and tools. These can be used to facilitate the transformation journey:
A) Assess Fraud Implications of Banks Strategy 1) Fraud Diagnostic

B) Model Customer Demographics & Build Strategies 2) Threat Assessment

C) Optimize Analytical Models

D) Develop Customer Authentication Strategy

E) Develop IT Strategy for Holistic Decisioning

3) Analytics Innovation

4) Optimization of Fraud Management Processes & Tools

Conclusion
Banks are facing major demographic shifts, entry into new markets, technologies and channels, and changing customer demands.
As such, they need to innovate to stay ahead of fraudsters and build customer trust in their anti-fraud controls. Accenture can help banks transform their fraud prevention capabilities by identifying areas of capability improvements (using the fraud diagnostic and threat assessments), upgrading analytics and optimizing fraud prevention tools across channels.

Notes
1. Senior Scams, Just Say No!, presentation by Consumer Action and Capital One partnership, April 29, 2011. Accessed on February 22, 2012: http://consumer-action.org/english/ articles/preventing_senior_scams 2. Fraudsters claim nearly 2.5 m victims in 2010. The Guardian, December 30, 2010. Accessed on February 22, 2012: http://www.guardian.co.uk/money/2010/ dec/30/fraudster-scams-affect-over-2million-in-2010 3. Alzheimers Disease International The Global Voice on Dementia: http:// www.alz.co.uk/media/quick-facts 4. The Metlife Study of Elder Financial Abuse. Accessed on February 22, 2012: http://www.metlife.com/mmi/research/ elder-financial-abuse.html#key findings 5. American Bankers Association Annual Survey, September 2011. Accessed on March 20, 2012: http://www. americanbanker.com/issues/176_175/ online-banking-surges-1042001-1. html?zkPrintable=true 6. Beyond the Check-In: How Location Services Can Now Fight Identity Theft. The New York Times, October 12, 2010. Accessed on February 22, 2012: http:// www.nytimes.com/external/readwri teweb/2010/10/12/12readwritewebbeyond-the-check-in-how-locationservices-c-77169.html 7. Visa Europe/ValidSoft fraud solution. Visa website, news release, November 23, 2010. Accessed on February 22, 2012: http://www. visaeurope.com/en/newsroom/news/ articles/2010/validsoft_fraud_solution. aspx

Accenture Analytics Innovation Center

In 2011 Accenture opened a research, development and innovation center in Dublin, Ireland, to develop predictive analytics solutions for clients worldwide.
Predictive analytics applies advanced statistical modeling techniques to internal and external data sources to generate deeper insights that help businesses and governments drive better outcomes. The Accenture Analytics Innovation Center (AAIC) forms part of a wider Accenture global network of innovation centers dedicated to the demonstration, research & development and delivery of predictive analytics. The Dublin center focuses on the innovative development of sophisticated techniques in fraud analytics to address many of the key business challenges facing Accentures clients today. The global Accenture Innovation Center network supports activities related to delivering business insight innovations, both descriptive and predictive analytics, to clients across multiple industries and business functions. Each Accenture Innovation Center focused on business analytics is designed and equipped to address a wide range of issues that companies may be facing as they seek to glean deeper insights from data and to improve decision-making processes. Other centers in the analytics network are located in Bangalore, Chicago, Milan, Mumbai, New Delhi and San Jose, California, with others across the world planned.

10

About the Authors

Chris Thompson
Chris is an executive director, Risk Management, Banking and Capital Markets North America, New York. Specializing in complex, large-scale finance and risk programs, he works with some of the worlds leading retail, commercial and investment banks. Chris brings his nearly 20 years of broad-based experience in financial architecture, risk management, performance management and trading to organizations determined to become high-performance businesses.

About Accenture Management Consulting

Accenture is a leading provider of management consulting services worldwide. Drawing on the extensive experience of its 16,000 management consultants globally, Accenture Management Consulting works with companies and governments to achieve high performance by combining broad and deep industry knowledge with functional capabilities to provide services in Strategy, Analytics, Customer Relationship Management, Finance and Enterprise Performance, Operations, Risk Management, Sustainability, and Talent and Organization.

Heather Adams
Heather is senior manager, Risk Management and leads the Accenture Fraud and Financial Crime business services, defining and developing capabilities to support clients in their fraud and financial crime prevention efforts. Based in London, Heather has extensive experience in delivering large-scale complex business change for banks and has worked with senior leaders to define and implement fraud and financial crime prevention strategies to drive high performance.

About Accenture Risk Management

Accenture Risk Management consulting services work with clients to create and implement integrated risk management capabilities designed to gain higher economic returns, improve shareholder value and increase stakeholder confidence.

About Accenture
Accenture is a global management consulting, technology services and outsourcing company, with more than 246,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the worlds most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$25.5 billion for the fiscal year ended Aug. 31, 2011. Its home page is www.accenture.com.

Jackie Morley
Jackie is a senior manager, Risk Management and leads the Accenture U.K. Fraud Group within the Risk Management practice. Based in London and with more than 10 years of consulting and industry experience in internal, advanced, third party and first party fraud prevention and detection within financial services, Jackie is focused on delivering process, organization and technology change programs to drive high performance.

Copyright 2012 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

12-0850 SL