When I’m talking to fraud professionals or consulting businesses on best practices, fraud prevention can often become much more complicated than it needs to be. Although the proper approach to fraud prevention is a layered one, that doesn’t mean that the more complex the system the better it is. I typically have 3 steps to building a successful fraud strategy program.
I have been asked by many in the industry how I have managed fraud teams in the past, and my approach to developing a strong fraud strategy program. Below are my three focuses to ensure that my team is constantly collaborating to enhance controls and mitigate loss.
3 Steps To Fraud Strategy
1st Step – Prevention
The key controls and technology solutions that are put in place fall under the prevention category. These are the systems and processes that address key risks and fraud trends. The Management team is typically responsible for these as they manage losses and make the decisions on what technology is used, and what business processes are implemented.
I typically have two types of preventative categories:
- Static – These are the boundaries and risk framework that establishes strong fraud prevention such as policies/procedures and core systems and limits.
- Dynamic – As fraud evolves you need to be able to adapt quickly. Under this category you’d find your fraud solutions, any kinds of business rules that have been created, and thresholds that are established.
2nd Step – Detection
Everyone in the fraud prevention industry understands that you can’t stop all fraud…well, unless you wanted to close shop. But you can take action to further mitigate losses. Successful prevention is derived through effective detection. The faster you’re able to detect successful fraud attempts, the quicker you can investigate and adapt. Early identification leads to quick investigation. Quick investigations lead to swift strategy adaptation. Adapted strategies lead to reduced losses.
Here are three different tools I focus on when it comes to fraud detection:
- Pattern Analysis – Create systems to monitor for certain patterns of fraud that get through current controls. Whether these are certain triggers based on a dollar values, transaction velocities, or even complex queries that look for very particular patterns.
- Key Performance Indicators (KPIs) – These measure how your prevention strategy is truly performing and whether tweaks might need to be made. Measuring things like reduced losses, capture rates, false positives, and even ROI. Reviewing these on a consistent cadence will help alert you to whether things are working as intended, or maybe performance is beginning to drop. Personally one of my favorites (and is the most simplistic) is to track attempted fraud and measure how well you prevent it. This can be at the granular trend level, or at the macro level. As new approaches are taken, and new solutions are implemented you should see lift in how well you prevent fraud as a whole.
- Key Risk Indicators (KRIs) – KRIs act as a barometer for risk forecasting. When assessing perceived risk and potential future risk, having KRIs in place will help you monitor whether you are within your allotted appetite, if you need to make adjustments, and how to anticipate the future. However, it is important to ensure that you’re measuring risk relative to the overall business. By simply measuring losses, any kind of growth may be alarming. But what if losses has increased because sales have been climbing steadily? In this situation you would want to be measuring the growth in losses compared to the growth in sales. If fraud is outpacing sales, then that is a great indicator that you have a problem.
3rd Step – Investigation
Finally, after successful fraud has been identified, you can investigate how it was possible. Where did the controls fail? Has the trend changed and you need to adapt your approach? Through investigation you should be attempting to find the root cause. Is the gap found in:
- Onboarding – Can the risk be identified at the new account stage? Was fraud committed at the start of the relationship?
- Access – Are there gaps located where customers log-in or access their accounts? Maybe there needs to be better authentication methods?
- Behavior – They’re a legitimate customer, and access controls worked as intended. But is it truly the customer? Does the activity align with their normal behavior? Maybe there are red flags or alerts that can be caught here.
Once the root cause is identified through your investigation, your conclusion can then be integrated into your prevention strategies. Now the process has come full circle and you are constantly getting better in the fight against fraud.
Fraud professionals need to constantly be adapting to changing trends. This system is simple and gives you the means to always make sure you’re improving. These 3 steps to fraud strategy also create strong collaboration between teams as it requires strong feedback from each. Strong detection feeds the investigation unit, and thorough investigations drive effective fraud prevention strategy.