Money mule accounts are the final destination for the funds from scams. These accounts are a growing threat as criminals recruit individuals into their schemes. Recent data found that 42% of first-party fraud (fraud committed by a bank customer) is related to money mule activity.

Banks need to enhance their inbound payment monitoring to help scam victims, detect and close accounts controlled by criminals, and reduce their risk exposure from scam losses. The growing expectation that receiving banks must refund scam losses to victims makes this final point even more important

Learn how Feedzai’s innovative 3-in-1 approach, from account opening to inbound payment monitoring, uncovers money mules. Discover how our comprehensive solution addresses financial institutions’ complex challenges that money mules present.

4 Key Money Mule Detection Challenges

Stopping money mules is a challenging feat. Financial institutions and banks often face three key issues when addressing the money mule threat.

1. Mules Often Fall in the Anti-Money Laundering Silo

First, banks have traditionally treated money mules as part of their anti-money laundering (AML) efforts. Many banks still use legacy AML systems, which rely on rules designed before the rise of real-time payments. This has resulted in lower rates of intervention over long periods of time. It also limits detection and intervention in the case of money mules to a bank’s AML team while limiting the ability of fraud analysts to step in.

2. Intervention in Mule Accounts is Seen as Low ROI

Criminals need money mule accounts to cash out the proceeds of fraud. Blocking or closing a customer account is costly. Many banks want crystal-clear indicators of a breach or criminal activity before taking the drastic step of closing an account. Many banks only intervene in extreme cases because remediation is so costly and involved.

3. Rise in Money Mules and First-Party Fraud

Every fraud requires laundering illicitly obtained money. Typically, most low-value, small frauds, such as scams or unauthorized fraud, must be washed. This happens through mule accounts. 

Money mules have increasingly become a problem in recent years. The threat has increased significantly with the ease of digital account creation. 

Money mules come in three categories: 

• Complicit: These actors are connected to the criminal network behind fraud and financial crime. They play a critical role in opening accounts and recruiting other money mules.
• Witting: These actors suspect or know they are engaging in risky money mule activity. However, they are willing to act as mules due to financial strain or other circumstances.
• Unwitting: These individuals are unaware they are being manipulated as part of a money mule scheme. They often believe they are earning money from a job they found online.

Unwitting money mules are especially troublesome for banks. Criminals recruit legitimate customers and pull them into money mule schemes. They do not realize they are committing first-party fraud until too late.

4. Existing Money Mule Detection Tools are Siloed

Too often, financial institutions take a siloed approach to stopping money mules. This usually means reviewing only outgoing payments or activity on a single banking channel.

This approach limits banks’ ability to fully identify money mule activity because it only provides a partial view of relevant activity. Channel-based fraud detection systems can’t connect data from other sources. Important insights will go undetected if banks can’t pull critical contextual data to detect and prevent money mule activity effectively.

For example, let’s say a bank account experiences a series of low-value incoming deposits from different accounts. This might not seem suspicious on its own. However, a closer look at the bank’s activities shows that the bank account saw a sizeable outgoing payment after receiving the smaller sums. This is a serious red flag that a money mule controls the account.

Feedzai’s 3-in-1 Approach to Uncovering Money Mule with Inbound Payment Monitoring

Feedzai’s RiskOps platform tackles the money mules threat differently by collecting data across multiple channels in real-time. This approach offers banks three key opportunities to stop money mules before they can be used to transfer illicit funds.

Intercept Money Mules Account Opening

Account opening is the ideal way to stop a bad actor from accessing a legitimate bank account. Feedzai’s Digital Trust solution can review device intelligence, behavioral biometrics, and network identification.

Banks can use these insights to assess if this customer is too risky to onboard. Having these insights is the most effective way to stop money mules because it stops criminals at the financial institution’s front door.

Ongoing Monitoring Activity

When it comes to monitoring existing accounts, many banks simply review session data for suspicious activity. Feedzai’s solution goes a step further in understanding what users do while in session and how they navigate across different accounts. 

For example, let’s say an account is opened, immediately adds a beneficiary, and suddenly goes dormant. This could be a red flag that the account is intended for money mule activity. Adding the beneficiary at an early stage avoids detection later for transfers.

Inbound Payment Monitoring

An incoming transaction of a similar or greater value precedes most suspicious outgoing payments. Inbound payment monitoring provides banks additional contextual data that a siloed view approach doesn’t allow. 

Inbound payment monitoring will become increasingly important as some regulators expect banks to reimburse their customers for scam losses. The UK’s 50-50 liability split will mean banks that receive money from scams or fraud will be forced to share the loss with the sending institution. Inbound payment monitoring will be critical to minimizing scam losses.

Feedzai’s 3-in-1 approach offers a comprehensive solution that aligns with the evolving demands of today’s financial crime trends. New obstacles don’t deter criminals; they just find new ways around them. Banks need the same innovative attitude to enhance their fraud and scam prevention capabilities and protect their customers and bottom lines. 

The report assesses fraud and financial crime risk from pre- to post-payment. Containing four RiskTech Quadrants®, it evaluates Feedzai’s RiskOps platform on three categories: card, account-to-account (A2A), and alternative payments, as well as an overall ranking.

In all three categories, as well as the overall ranking, Feedzai was ranked as the top category leader for payment risk solutions, outperforming 21 other vendors.

How Feedzai Stands Apart as a Payment Risk Leader

The report found that Feedzai’s unique RiskOps approach to financial crime ranked best-in-class in four out of seven categories for A2A payments: methodology and technology, real-time capabilities, risk and fraud models, and post-payment risk.

Chartis outlined Feedzai’s differentiators as:

• Breadth across multiple use cases
• An array of different risk typologies
• Adaptability to meet individual bank challenges
• Volume and processing speed
• A strong presence in Europe, followed by North America, LATAM, and APAC

“Chartis ranked Feedzai as a category leader in its Payment Risk report across all categories: card, account to account and alternative payments, and in our overall quadrant,” said Nick Vitchev, Research Director at Chartis. “Feedzai’s heritage, solution focus, and RiskOps platform enable it to deliver a combination of risk solutions – notably for AML and fraud – at scale and speed across a myriad of payment types and use cases, reflecting the needs of the market highlighted by our research.”

Pedro Barata, Chief Product Officer at Feedzai, said, “As more options become available for consumers to pay and move money, the risk of fraud also grows. Feedzai’s unique, market-leading RiskOps approach builds a holistic view of the risk landscape and, as a result, a stronger way of detecting crime. It ensures consumers are protected from fraudsters, in real-time and at scale, no matter how they choose to pay.”

How Feedzai’s RiskOps Platform Changes Stands Apart

This recognition from Chartis is a strong affirmation of Feedzai’s RiskOps platform and our unique approach to managing risk in the digital banking landscape. 

Feedzai’s RiskOps platform is a comprehensive solution that addresses the full spectrum of financial crime risks, from fraud to money laundering. It combines machine learning, artificial intelligence, and human expertise to deliver a real-time, unified view of risk across all payment types and channels.

Some of the world’s largest banks and financial institutions use Feedzai’s RiskOps platform to protect their customers from fraud and financial crime. It has a proven track record of success, having prevented billions of dollars in fraud losses.

This recognition from Chartis is the latest in a series of accolades for Feedzai and further confirms our commitment to stopping financial crime. Quadrant Knowledge Solutions recently recognized us as a Leader in both Anti-Money Laundering and Behavioral Biometrics. Earlier this year, Feedzai aligned with the Global Anti-Scam Alliance (GASA), a non-profit organization dedicated to protecting consumers from financial crime and its harmful effects.

We’re honored for this recognition as payment risk leader. We view this recognition as proof of our commitment and obsession with protecting our customers from financial crime risks. 

Why Ongoing Monitoring Merchant Acquiring Fraud Risk is Critical

Merchant monitoring must be an ongoing process beyond the onboarding stage. Acquirers and PSPs should regularly compare merchants’ current behaviors with their initial expectations during the onboarding stage to ensure they still align. It also pays to ensure the merchants are behaving similarly to other merchants in the same category code.

Acquirers and PSPs must be able to quickly flag these merchant accounts for further investigation whenever a merchant is believed to be engaged in suspicious activity. Without rigorous due diligence and monitoring, these merchants will continue to engage in risky behavior and leave PSPs and acquirers vulnerable to different fraud schemes, financial crimes, and ultimately the financial liability of transactions they’ve processed.

The Top Merchant Acquiring Risks to Follow

PSPs must be able to quickly flag merchant accounts for further investigation whenever a merchant appears to be engaged in suspicious activity. These suspicious behaviors could be indicative of serious fraudulent activity, including:

• Bust-Out Fraud: This is arguably one of the most feared outcomes for acquirers and PSPs. But there’s certainly enough historical precedent of bad actors committing fraudulent transactions and leaving acquirers and PSPs to face significant financial losses. Worse yet, fraudsters are proving to be both clever and patient when it comes to committing bust-out merchant fraud. Some are taking the time to learn an acquirer or PSP’s different tiers of limits. They will continue to process what appears to be legitimate transactions taking months or even years until they can maximize the value of a bust-out event. 
• Money Laundering Threats: Acquirers and PSPs will want to closely monitor their merchants’ risk profiles to ensure they aren’t enabling potentially criminal activities. For example, let’s say a merchant onboards offering an online marketplace to buy and sell used books or clothes. But a closer inspection of their transaction activity reveals their transactions include several high-risk – and possibly illegal – transactions. This could range from trading counterfeit goods, illegal drugs, weapons, and other illicit activities. Acquirers and PSPs will put their own organization at risk if the activity goes undetected for too long. 
• Credit Risk Exposure: Sometimes, a merchant’s entire industry sees a rapid shift in risk levels. Take a look at the travel industry, for example. Just a few short years ago, numerous travelers canceled their trips when it became clear the pandemic was rapidly spreading. As cancellations rolled in, acquirers and PSPs faced a deluge of chargeback fees from disgruntled travelers looking for refunds. As industry risk levels change, so should acquirers and PSPs. Both parties should make sure to adjust their onboarding and monitoring procedures and protect their exposure from riskier merchants.

3 Steps to Implement a Strong Ongoing Merchant Acquiring Fraud Risk Assessment

The most efficient way for acquirers and PSPs to identify risky merchants is to overhaul their onboarding process. Pinpointing inefficiencies in the onboarding process is a proactive step that can offset bigger problems down the line. However, assessing a merchant’s risk level must continue well beyond the onboarding stage. 

What does a strong ongoing merchant acquiring fraud risk management process look like? Here are three things acquirers and PSPs can do to upgrade the process.

Build a Cohesive Strategy and Culture

It’s too common for different departments and divisions to create silos around their different responsibilities. Meanwhile, many organizations lump together various point solutions for each challenge they uncover. This approach causes communication breakdowns between both teams and technologies. 

Acquirers and PSPs need a cohesive team structure and processes to make sharing information easier. This approach allows Fraud Prevention and Risk Analysts to easily and confidentially share details with their Anti-Money Laundering (AML)/Compliance colleagues if they suspect a merchant’s behavior is raising alarms.

When it comes to technology, consider using a solution that offers a holistic view of risk instead of a system of disparate and disconnected point solutions.

Embrace AI and Automation

Automation is critical for acquirers and PSPs to detect risky merchant behaviors as they unfold. Artificial intelligence (AI) can not only detect bad behaviors, but AI can also benchmark good behaviors and flag unusual deviations, something that rules-based systems struggle to do.

Acquirers and PSPs that operate with higher-risk merchants need to be especially vigilant about their portfolio of merchants. This is especially true for merchants that are more susceptible to fraud and money laundering risks, such as those in online gaming, adult entertainment, or legalized gambling. Organized crime syndicates are heavily involved in these businesses and know how to avoid getting caught. Using automated and AI solutions to review transactions can connect multiple data points and shed light on emerging patterns that human analysts are likely to overlook.

Regularly Compare Merchants’ Performance with Onboarding Records

Review how a merchant is currently performing compared to how they were expected to perform at onboarding. Acquirers and PSPs should schedule regular touchpoints to perform merchant reviews as regularly as possible. 

At the same time, regularly check how payment networks’ rules and regulations are changing. Following Russia’s invasion of Ukraine, for example, many acquirers and PSPs started to see a rise in merchants taking money from consumers intended for humanitarian charities. However, several of these charities turned out to be fake. Some card network operators issued new regulations and guidance to help acquirers and PSPs understand where charities should be listed and which ones could be trusted.

Acquirers and PSPs are never done keeping tabs on merchants. Practicing ongoing merchant acquiring risk monitoring is critical to avoiding financial liabilities and ensuring they treat merchants according to their appropriate risk level.

Download our Merchant Risk Management for Acquirers Solution Sheet to learn how our solution enables acquirers to quickly onboard new merchants with confidence.

Feedzai’s Customer Obsession Pays Off

“Win Together, Lose Together” is one of the core tenets we live by at Feedzai. While it’s easy to view this as an internal-facing statement, these words are also how we weigh our relationship with our customers. Customer success is our obsession! Our recent string of accomplishments is a testament to just this devotion.

In early August, we were thrilled to receive the Fraud Impact award for Best Transaction Fraud Monitoring and Decisioning Innovation by Aite-Novarica. Being recognized by a leading advisory firm for the financial services industry, such as Aite-Novarica, is a huge accomplishment on its own. However, for me what really set this award apart is that we achieved the award together with one of our customers and partners, Lloyds Banking Group. 

Lloyds provides critical financial services to millions of customers in the UK and across multiple global communities. Using Feedzai’s RiskOps Platform, the bank reduced fraud losses and increased protection for its customers. 

Feedzai and Lloyds: A Partnership Built on RiskOps

We adopted a RiskOps approach last year. RiskOps is a framework for managing financial crime risk, along with the platform to support it. Operationalizing risk ensures a standard approach that turns abstract concepts like risk and opportunity into measurable and actionable insights. RiskOps isn’t just a product. It’s a unified approach that encompasses fraud, money laundering, compliance, and risk policies. 

Being able to highlight how teams at Feedzai and Lloyds worked together to achieve this and pioneer an approach with AI at its core is at the heart of why we do what we do at Feedzai. We want true partnership with the customers we work with –  our success is nothing without their success. Many Feedzaians have worked at banks and have experienced the challenges of mitigating fraud risk firsthand. It’s their experience that has helped us shape what we deliver for our customers and achieve this recognition. 

In addition to Lloyds, I was also thrilled to see our investor and partner Citi receive their own award from Aite-Novarica. Citi was recognized as Best Orchestration Innovation in Aite-Novarica’s Fraud & AML Impact Awards. The award recognized Citi’s Payment Exchange solution for its ability to seamlessly integrate multiple fraud prevention solutions into one payment portal. We’re always thrilled when our partners are recognized for their fraud-fighting efforts. These efforts move our entire industry forward.

Why are we obsessed with our customer’s success? For starters, we don’t view them as customers. They are our partners; it’s a relationship that is more  involved than simply selling our products to buyers. In other words, our relationship with our customers isn’t over at the point of sale. Instead, we’re committed to providing our customers with our intelligence and insights, ensuring that all of us are in the best possible position to stop online fraud.

Download our case study to learn more about our collaboration and partnership with Lloyds Banking Group that resulted in a significant reduction in false positives.

This award recognizes the Feedzai RiskOps Platform as a vital tool for banks in the fight against financial crime. This is especially true in terms of protecting bank customers from scams. Our platform works by breaking down financial institutions’ internal data silos that often emerge between different departments and job functions. The RiskOps Platform uses state-of-the-art machine learning technology to provide banks with a 360-degree view of payment risk, enabling more informed and smarter decision making. It also enables banks to enhance customer experiences by putting digital trust at the forefront of every interaction.

Aite-Novarica Group is a global advisory firm that provides global banks, insurers, payments providers, and investment firms and the technology and service providers that support them with mission-critical insights on technology, regulations, strategy, and operations. 

Aite-Novarica Group specifically pointed to the platform’s “tangible benefits” for customers that played a significant part in earning this honorable distinction. These benefits include:

• Financial crime risk mitigation: the platform enables both higher fraud detection rates while simultaneously reducing false positives, enabling banks to catch more fraud and reducing the harmful impact that fraud and scams have on customers.
• Enhanced user experience: our RiskOps Platform also reduces unnecessary friction for good customers, resulting in fewer unnecessary communications with analysts or call centers to resolve disputes.
• Operational efficiency: the platform also reduces intervention rates and reduces complexities among both model-driven and rules-driven systems.

How Feedzai Keeps Commerce Safe for Global Banks

To earn a Fraud Impact Award, Feedzai was evaluated by a panel of both internal Aite-Novarica Group advisors and external industry experts from across different financial institutions and media organizations. The panel evaluated each candidate’s level of innovation, competitive advantage, market needs and drivers, impact and value, and its future roadmap.

Feedzai’s RiskOps Platform has already demonstrated its effectiveness at reducing fraud with a leading global bank. Lloyds Banking Group, one of the world’s largest retail banks, is among the financial institutions currently experiencing its benefits in mitigating fraud risks. Lloyds provides critical financial services to millions of customers in the UK and across multiple global communities. Using Feedzai’s RiskOps Platform, the bank has seen reduced fraud losses and increased protection for its customers.

You can find a detailed case study of Feedzai’s partnership with Lloyds Banking Group here.

Aite-Novarica Group Award Comes at a Critical Juncture for Financial Crime

The Aite-Novarica Group 2022 Fraud Impact Award comes at a time when financial crime is on the rise. Financial losses due to identity fraud reached $52 billion in the US. In the UK, meanwhile, authorized push payment scams surged by 70% in the first half of 2021, resulting in £355 million in losses.

This recognition by Aite-Novarica Group further strengthens Feedzai’s position as the world’s first RiskOps Platform. This tremendous news comes on the heels of Feedzai being recognized as a Strong Performer in the Forrester Wave: Anti-Money Laundering Solutions Q3 2022 report. Last year, Feedzai was officially designated a unicorn following a $200 million Series D investment round. That same year, we also acquired behavioral biometrics solutions firm Revelock. 

With this distinct honor from Aite-Novarica Group, Feedzai demonstrates its unwavering determination to keep banking and commerce safer for customers worldwide.

Download our case study to learn more about our collaboration and partnership with Lloyds Banking Group that resulted in a significant reduction in false positives.

Richard Harris: Hello! And welcome to the pilot episode of Feedzai’s RiskOps Stories. With me here in the studio, I have Dan Holmes from Feedzai. Dan, welcome.

Daniel Holmes: Thanks, Rich. Good to be here.

Richard Harris: Scams is very much the hot topic. In the last year, scams cost banks more than card fraud. I mean, that’s a massive change in the industry. Can you talk us through how we got here?

Daniel Holmes: If you rewind four or five years, account takeover or third-party compromise was the primary threat to industry. And as a result, the banks responded to that, right? So the banks brought in new technology, device recognition, behavioral biometrics, malware detection, locational analytics, all to augment what they were already doing from a transaction monitoring perspective. 

Daniel Holmes: And that gave the banks a really good opportunity to recognize third-party compromise. So it was pretty easy for me as the bank to say, “This isn’t Rich’s usual device. His behavior looks fundamentally different to what I expect to see from Rich. And the location that he’s coming from today is also very different.” That’s conducive for a good risk strategy around account takeover. Banks were able to get their detection levels up to 80, 90%. So the fraudsters were failing far more frequently than they were succeeding. 

Daniel Holmes: Fraudsters are a resourceful group. They go away, and they think about, “How do I give myself the advantage?” The conclusion that they reached was that the fraud’s prevention ecosystem is no longer the weakest part of the chain. The weakest part of the chain is now the customer themselves. So they target the customer, and that’s how scams become the prominent threat. And clearly now it’s on the banks to respond and think about how to get themselves back on the front foot. 

Richard Harris: I’ve noticed that myself with the banks that I use. When I’m adding new payees or sending money to people that I’ve not interacted with previously, I’m now seeing quite a lot of additional noise and messages and clicks that I have to do to accept the fact that I’m either taking an additional risk in the transaction or that I’m acknowledging that I’m sending money to a new payee, and I understand the risk of a scam, et cetera, and I am to tick a box. Is that everything that the industry is doing, or is more happening behind the scenes?

Daniel Holmes: So there’s a lot more happening. If I’m in the bank’s hot seat, and I’m the one responsible for scam detection, I’m thinking about a combination of two things: it needs to be adopting new technology, purpose-built for scam detection. But it also needs to be putting a different lens on your existing data capabilities to make sure that how you’re looking at that data and how you’re utilizing it allows you to stop scams as well as the historic fraud typologies. 

Daniel Holmes: Secondly, it’s about data consolidation and making sure that you’re utilizing those data capabilities in the right way. What we often see through speaking to banks is that you’ve got four or five point solutions or islands of fraud tools, and they’re not interacting with one another. You need to make sure that you’re not just taking insights from four products individually or four data sources individually. You’re driving them together in the way that allows you to get the most out of that data. 

Daniel Holmes: And then thirdly, it’s education and awareness. If you think back through the last three or four years, education and awareness in a mobile app or an online banking platform was hidden away in the corner. You had to actively go looking for it. Whereas to your point, now banks are actively bringing that back into the session. So education and awareness has got to take on a whole new meaning. It’s got to be real-time, it’s got to be dynamic, and it’s got to be presented at the moment of risk. 

Daniel Holmes: Typically, when you think about the profile of a scam victim, you might think about an older, perhaps more vulnerable, customer. Data shows that it’s not just older, more vulnerable customers who are likely to fall for a scam. We’ve seen younger generations, we’ve seen middle-aged generations, we’ve seen extremely intellectual professionals all fall for modern, sophisticated scams. And your education and awareness strategy has got to reflect that. You’ve got to appeal to all levels of consumers, both in-channel at the right time, but also engaging through platforms that banks have typically avoided in the past. We’ve seen TV adverts on primetime TV slots, we’ve heard radio adverts, we’ve seen banks start to engage with younger customers through YouTube and other social media platforms. 

Richard Harris: I noticed through the pandemic, you’ve seen an entire generation of customers suddenly become native digital bankers. What are the vectors and the challenges that are happening to the other demographics out there? 

Daniel Holmes: What it’s done is it’s enabled them to consume their bank services more easily. But as more people have come online, what that’s done is it’s widened the risk exposure for the banks. What the data analysis shows, the younger population are almost as vulnerable as the older population. You almost end up with a bathtub-type view. 

Richard Harris: A u-shaped curve, yeah. 

Daniel Holmes: Exactly. You’re hypothesizing around why this is. My personal opinion on this is that they’ve come through in a generation where it’s just more normal to interact and share data and share stories online. And the scams reflect that as well. No longer do scams take the form of bogus lottery wins like you might have assumed ten or 15 years ago. They often play on what we call “fear or reward.” So fear of my accounts are at risk and I need to secure my accounts now and move money to a so-called safe account. 

Richard Harris: We’ve seen that with a “Your account has been compromised”-type approach. 

Daniel Holmes: They often play on current events, whether that be economic turmoil, whether that be COVID-19. We’ve heard examples of, I call you and say, “Hey Rich, I’m from your bank. There’s a transaction to Apple in the last 20 minutes for $1,000, was this you?” You say, “No.” I say, “Right, OK, what we need to do is secure your accounts. I’ve set you up a safe account over here. Please transfer all your funds there while we investigate this suspicious transaction.” You unwittingly go ahead and do that. 

Daniel Holmes: But often what will happen before you commit to making that transaction is you almost want a sense of validation that you are speaking to the right person. And some examples of how we’ve seen the fraudsters tackle that is that they’ll say, “Rich, look, I know I’ve called you out of the blue. Let me give you some comfort. Call the number on the back of your card. Make sure that you‘re speaking to the bank. Let me give you that confidence. Then we’ll proceed with the conversation. I can quite easily leave the line open so that when you dial back, I’m still on the other end of the phone.” 

Daniel Holmes: And what we’ve also seen is, I could play a false IVR. I could give you options of “Press four because you’ve received a call relating to fraud.” It just creates that extra level of assurance from your perspective. And even things like, when you do connect back to me, I might give you to somebody else and say, “I was speaking to this guy Dan, can you connect me back to him?” And they’ll do that, and they’ll be call center noises playing in the background. 

Daniel Holmes: Scams are sophisticated. You mentioned at the start that scams have cost the UK industry more than card fraud for the first time ever. This isn’t just a UK problem. This is a global problem. We’re hearing from banks in APAC who are experiencing this challenge. North America. This is a challenge that’s truly global. And what I’d also love to see more of is dialogue between banks in different parts of the world sharing experience around the learnings that they’ve taken away in this space, and how we can almost create a global ecosystem when it comes to sharing best practice. 

Richard Harris: This is going to be a big U.S. problem. It is already a big problem in APAC, so getting ahead of the curve, getting tools in place and solutions in place to be able to combat this is going to be critical. OK, that’s great. Thank you. 

Daniel Holmes: OK, thanks.

If you are looking for a fraud solution that provides strong protection from scams, we’d like to help you. Schedule a demo with us today to see how our experts and our technology can help establish digital trust for you and your customers. 

What is Digital Trust?

In financial services, digital trust is a principle when a bank or financial institution is highly confident in two key factors. First, that the person with whom they are dealing through digital banking channels really is the person they are claiming to be; and, second, that the person is authorized to perform the financial transaction or task they want to perform. In practical terms, it’s a digital handshake between a bank and a customer where both parties meet and transact together with confidence.

But it’s important to note that digital trust also applies to customers, not just banks. As fraudsters get inventive with their tactics, bank customers want assurance that their financial institutions can keep them secure. Just as banks want to have confidence that they are dealing with the people who they claim to be, bank customers expect their banks to know who they are and how they normally transact. If something about their behavior seems suspicious, customers expect their banks to be able to keep them secure.

Banks can build an understanding of how their customers normally behave by building a digital profile based on their behaviors. This begins with the information the customer provides during the onboarding process and continues to refine over time. Each translation, mobile device, and new address adds to the profile and helps banks understand who their customers are and how they normally transact.

Digital trust is a two-way street in this respect. Both banks and customers expect to be able to engage and interact with each party with confidence and security.

Why is Digital Trust Important?

Digital trust is essential for both banks and their customers. There are three key reasons why banks should increase their focus on developing digital trust.

• Fraudsters target customers: Banks have invested in a wide range of fraud detection solutions that have made it much harder for criminals to breach a bank’s system to commit fraud. As a result, fraudsters are focusing their attention on the next most vulnerable cog in the transaction: customers themselves. After all, customers are people and are easier to coerce or manipulate into taking action on a fraudster’s behalf. Fraudsters might prey upon potential victims during a moment of weakness like a medical situation or by taking advantage of world events like the pandemic to push a scam. 
• Banks intervene in customer transactions too often: Digital trust is essential for banks to allow customers to transact as they want and without a significant level of intervention. If the bank can’t trust the customer is who they claim to be or that they can perform the transaction they wanted to perform, they will have to take measures to authenticate the customer at multiple steps of their journey. Too much intervention leaves customers feeling irritated and annoyed at their bank.
• Bank customers expect to be trusted: Customers also believe that their banks should know who they are based on their provided data. In their opinion, their bank should know that if their home address is in London, but they are suddenly making a high-value transaction in Brazil, something may be suspicious. But if they’re carrying on with their daily routines and have to authenticate themselves repeatedly, they’ll think their bank doesn’t trust them.

The 3 Core Components of Digital Trust

So what goes into building strong Digital Trust between banks and customers? The key principles of digital trust are a combination of three key components. 

• Can the device be trusted? In an age where almost all interactions happen digitally, it’s essential for banks to be able to trust the devices involved in an interaction. Banks should develop an understanding of the mobile devices, laptops, and other electronic devices that a customer uses to log into their account. New devices should be flagged at first but banks should watch how the user utilizes them to ensure they are being controlled by the customer.  
• Is there malware at play? Trusting the device and the user’s behavior is the first step. But banks should also be on the lookout for suspicious programming like malware that may infiltrate a device without the owner’s knowledge. By relying on the user’s digital profile banks can assess whether it’s the user or a bad actor compromising their account using malicious software like malware.
• Can the person and network be trusted? Finally, banks must be able to trust the users behind the devices. This means trusting that the user is behaving normally based on the digital profile the bank has built up over time. Is the customer logging in from a geographical location that makes sense or that raises suspicion? Are they using a network they normally use? And are their interactions with their device, including the motions they normally use to touch their screen, their language setting, and even the angle at which they hold it familiar? These are all questions banks must address to determine if they can trust the user behind the device.

For a Digital Trust strategy to be effective, all three components must be in place. If one or more of these three components is not addressed sufficiently, banks’ Digital Trust capabilities could fall short. As banks face the new realities of their digitally-oriented customer base, establishing and continuously building strong Digital Trust will ensure they are only dealing with trustworthy customers – even if they never meet them face-to-face.

Watch our on-demand webinar Reinventing Digital Trust Across the Customer Journey to learn how to proactively stop ATO attacks to prevent transaction fraud.

The findings outlined in the Wolfsberg Group’s report are likely to carry significant weight. After all, the report was issued by a group of some of the most influential global banks. This means there is a high probability that financial regulators around the world will consider integrating the report’s recommendations into their future guidelines and strategies. 

The New Rules of Digital Customer Lifecycle Risk Management 

For some banks and financial institutions (FIs), learning about the realities of digital customer lifecycle risk management (or client lifecycle management (CLM) in some cases) might make them feel like The Wizard of Oz’s Dorothy Gale as she stepped out of her black and white home and into a bright world of color. Like the film’s heroine, the financial services industry is not in Kansas anymore (unless of course, your bank happens to be located in Kansas!)

As Wolfsberg Group’s report notes, this brave new world of digital banking means the entire customer lifecycle can be entirely digital. Customers will onboard with a bank remotely, authenticate remotely, manage their accounts remotely, and transact remotely in many cases without ever setting up an appointment at a bank branch. Typically most of this interaction will be through one core channel – their mobile device. Many customers are likely to keep transacting from their mobile devices rather than a laptop or in-person at a bank branch. In the US, for example, a recent survey found 76% of American consumers prefer to use their bank’s mobile app for everyday transactions. 

Given this scenario, banks would be wise to update their approach to risk management to accommodate this new reality. Fortunately, the effort to embrace efficient digital customer lifecycle risk management is within reach. 

3 Steps for Efficient Digital Customer Lifecycle Risk Management

Here are three steps banks can take right now to embrace strong digital customer lifecycle risk management, including compliance which are referenced in the report: 

1. Switch to Events-Based Risk Assessment 

The rise of digital banking technology makes it possible for customers to interact with their bank on a 24/7 basis. Given this reality, it makes little sense for banks to follow a calendar-driven schedule of compliance. Let’s say a bank follows a calendar for risk assessment that re-evaluates a customers’ risk rating every 90 days. If the customer’s profile changed significantly after their last assessment, the bank will not be aware of this change until at least 89 days later. The bank won’t realize how drastically the customer’s behavior has altered until the scheduled re-assessment. In the old world of slower transactions, more manual handling of events, and interactions maybe this approach could survive. But it’s clear in a fast-moving purely digital environment this kind of delay between assessments is becoming increasingly ineffective.

Considering how quickly customers’ risk profiles can change – and how much customer and client data is available to monitor their changes –  it makes much more sense for banks to embrace an events-based approach to risk assessment. Events like making transfers to unfamiliar locations, high-risk countries, or a series of transfers between bitcoins can all trigger a new risk assessment – instead of waiting weeks or months see what’s changed.

2. Escape Internal Data Silos

Not only are digital transactions increasingly becoming the norm, they are also moving faster and generating significantly more data than ever before. This avalanche of data creates both significant challenges for banks to process and find insights in real time. 

At the same time, it also creates opportunities for banks to break down data silos that often exist between their internal teams. For example, fraud prevention and detection teams can review data and share potentially useful information with the sanctions screening team, customer due diligence (CDD), or transaction monitoring (TM) operations. Each team can run their reports on a daily basis and share its findings with different divisions. This enables banks to stop more fraud, flag riskier transactions early, and prevent their organization from becoming a haven for financial criminals.

Furthermore, when the two teams can work from a shared infrastructure with common capabilities, interoperability of the system creates significant economies for management, reporting, and even ensuring there is the right number of headcount available on any shift.

3. Develop a Holistic View of Bank Customers

With customers’ digital identities often spread across multiple devices, social network accounts, or even different banks, it’s more important than ever for banks to be able to trust their customers are who they claim to be at all times. This means banks must be able to seamlessly authenticate their customers from their mobile devices and trust they are who they say they are.

Banks can use behavioral biometrics technology to authenticate a customer’s identity from their preferred mobile device. Behavioral biometric solutions go beyond authentication methods like PINs, email addresses, or passwords. They rely on unique personal identifiers like fingerprint scans or facial recognition and even how customers hold their mobile devices and touch their screens. All this information can be collected and used to build a digital profile of the customer that continuously evolves. Establishing and monitoring these profiles enables banks to build up their digital trust over time.

How Banks Can Deliver Strong Digital Customer Lifecycle Risk Management

In an age where the entire customer lifecycle is likely to be based in the digital ecosystem, banks need to be able to trust their customers at every interaction – and this requires a more dynamic approach to managing risk. As regulators take stock of these new realities, banks must carefully consider their digital transformation roadmap and how they will approach risk for digital customers.

The good news is that banks already have many of the tools necessary at their disposal. But having the right tools at your disposal is only the first step. Banks also need to make strategic use of large volumes of data while ensuring their internal teams work together cohesively. Combining the right tools, making effective usage of data, and enabling collaboration gives banks a risk operations (RiskOps) framework to manage risk more effectively. With a RiskOps framework in place, banks can easily shift to events-based approaches to customer risk, break down internal data silos, and deliver more seamless digital customer experiences built on digital trust. 

At the end of the day, it’s not enough for banks to solve these problems. Instead, they must solve the problems strategically to ensure no opportunity goes unnoticed and that their data is used as effectively as possible. RiskOps enables banks to embrace a more strategic and modern approach to risk management that will better prepare them to address future challenges.

What do you need to build an effective AML compliance program? Download our Ultimate AML Compliance Checklist for FIs to make sure your organization checks all the boxes. 

What is RiskOps?

A RiskOps platform provides banks with a framework to more effectively manage financial crime risks. This ensures a standardized approach to risk management that makes abstract and hard-to-define concepts like “risk” and “opportunity” easier to gauge. Having the ability to measure and analyze risk management enables banks to think of risk assessment as a science, instead of an art form and thereby make more confident decisions.

As its name suggests, RiskOps operationalizes risk by putting customers at the center of decisions and treating them fairly. It also empowers FIs to react fast to new opportunities, uncover suspicious behaviors, identify criminals more accurately, and stop more fraud. In other words, RiskOps allows FIs to seamlessly handle the challenges of identity, real-time data, and collaboration across teams and systems to deliver better, more trusted services to customers.

The 3 Pillars of RiskOps

RiskOps platforms are supported by three key pillars:

• Comprehensive Architecture. Banks rely on data from multiple sources, in multiple formats, directed to multiple systems to make informed decisions. But banks need to process this widely disparate data at both speed and scale. RiskOps works in real time, providing a single, centralized location for data to be ingested and interpreted.
  What this means for banks: A RiskOps platform’s comprehensive architecture gives banks a centralized hub to identify emerging fraud threats, new business needs, and insights into user experiences and operational performance. Banks can foresee where their priorities should lie instead of waiting to react to the latest trends.

 

• Human-centered AI. An unfortunate side effect of technology is that it becomes easy to think of customers as data points instead of people. If bank customers aren’t scored based on their individual behaviors, they can unfairly be grouped into cohorts and experience unnecessary friction. RiskOps platforms employ multidimensional data that enables banks to put customers at the center of AI. The platforms build hyper-accurate risk profiles based on customers’ individual behaviors – enabling banks to detect changes in behavior and stop financial crime more easily.
  What this means for banks: Having highly accurate views of how customers behave and transact enables smoother customer onboarding and can reduce the risk of offboarding a customer. These insights can also reduce customer attrition and reduce the threat of AI bias by treating a customer as an individual instead of as part of a cohort.

 

• Collaborative Analytics Suite. It’s very common for silos to exist between fraud prevention, anti-money laundering (AML), and risk teams. Each department focuses on their respective role leading to communication gaps. RiskOps platforms eliminate these silos by offering a single location for a bank’s entire team to access the data they need and opens new doors to communication and collaboration across the organization.
  What this means for banks: Enabling internal users to work together more effectively allows teams to reduce fraud losses, prevent more financial crime, and improve customer experiences. It also enables fraud prevention and AML teams to work smarter, resulting in greater job satisfaction and more rigorous AML compliance.

5 Tips for Implementing RiskOps

Now that you are familiar with RiskOps platforms, their architecture, and how it changes risk management, the next question is how can you prepare your FI to embrace it? Here are five steps banks can take to start their RiskOps journey. 

1. Evaluate Your FI’s Self-Service Risk Appetite

Risk management has historically required banks to implement a variety of point solutions to address each individual business need. RiskOps eliminates the inefficiencies that emerge from relying on multiple point solutions by consolidating data and offering staff a collaborative suite of tools. The result is teams take greater ownership over the organization’s risk framework. The platform enables greater coordination between teams and personnel to exercise more control over their destinies. Establishing how much control should be exercised and by which teams in advance will go a long way toward making RiskOps platforms work more effectively.

2. Identity Opportunities Your Bank Previously Overlooked

Approaching risk as an art form can have a serious impact on a bank’s bottom line. Specifically, it means banks might err on the side of caution and bypass opportunities. With a RiskOps platform in place, financial institutions’ risk teams look at their risk assessment across the organization to better understand where their earlier approach to risk left them exposed. Having RiskOps in place gives banks a 360-degree view of a customer’s risk profile, opening new opportunities for banks to understand why they previously declined to take on a customer and whether that was the right decision. Banks can identify more opportunities by having a clearer, up-to-date understanding of the customer’s risk level.

3. Clarify Your Organization’s Data-Sharing Guidelines Upfront

A disparate array of point solutions can lead to organizational silos and communication gaps. RiskOps offers a consolidated view of data and opens new opportunities for your teams to collaborate more effectively. That said, data is highly regulated in this day and age. As RiskOps makes data more easily accessible across an organization, set clear expectations on how the data will be handled. These rules should make clear what types of data can be shared, who can access it, and how it can be used. Setting internal procedures will be important to protect your customers’ data and how your organization follows regulatory compliance and conducts internal audits.

4. Establish Your Bank’s Priorities

RiskOps platforms offer clearer insights into customer behaviors, present new collaborative opportunities for banks, and offer a centralized hub for data. While your organization will be tempted to take these capabilities and quickly pursue new business opportunities, it’s also important to assess your organization’s vulnerabilities to financial crime. Regulators constantly scrutinize banks to ensure they follow best practices. Take a hard look at your organization’s vulnerabilities and identify and address the biggest weaknesses to make the most of the opportunities your RiskOps platform offers.

5. Declutter Your Bank’s Internal Systems 

Consolidation of disparate systems is one of the biggest benefits that RiskOps platforms offer. Take the time to audit your bank’s internal systems for solutions that are no longer necessary. If a single point solution’s functions can be performed by the RiskOps platform, consider replacing it. It’s important to note that your organization should not remove or replace all systems entirely. If your company has signed a long-term contract with a vendor or if a system is tied to a specific business use case you could interrupt important functions by replacing it. Instead, look carefully at which systems can be phased out immediately – and which ones will be replaced in the longer term.

Risk has been viewed as an art form for far too long. RiskOps platforms break the illusion by giving banks the tools they need to make informed, intelligent decisions about how to manage risk more effectively. With the right RiskOps platform in place, banks can improve their internal collaboration capabilities, improve customer experiences, and consolidate their data operations. 

Instant payments are popular with both customers and fraudsters. Download our new eBook Prevent and Detect Payments Fraud with Feedzai to learn how to keep your customers safe.