Four key capabilities to strengthen a fraud management system

| Article

Skyrocketing levels of fraud, enabled by the accelerated adoption of digital commerce and the ever-increasing sophistication of fraudsters, have overwhelmed traditional controls in recent years. This surge has led to increased fraud losses and damaged customers’ experience and trust.

Across the banking, payments, insurance, e-commerce, and telecommunications industries, as well as in governments, leaders must find new ways to fight evolving fraud threats while still delivering world-class client experience and enabling new business. Beyond the risk and economic impact, each fraud event is also an opportunity for companies to support and stand by their customers to create relationships of trust and loyalty.

Some organizations will hesitate to act, and when they are tested by fraud actors, they may have their weaknesses exploited at a scale they have not previously experienced. For large organizations beset by a large-scale attack, losses from fraud may exceed many hundreds of millions of dollars—a figure that excludes regulatory implications, damage to the brand, and customer attrition. These companies will also face challenges in achieving strategic growth objectives on digital channels.

In the first article in this series, we proposed a new approach to addressing the new reality of escalating fraud threats.1A new approach to fighting fraud while enhancing customer experience,” McKinsey, November 8, 2022. This approach includes ensuring the company has an end-to-end fraud strategy, creating a reputation that deters fraudsters, conducting constant risk and threat assessment, establishing a flexible, adaptive control strategy, and taking a proactive approach to consumer awareness and education.

To succeed in these efforts, companies need to strengthen their fraud “immune system.” That strength involves four capabilities, which are the topics of this article:

  • enhanced threat intelligence along client journeys
  • fast-cycle testing to stop threats as they emerge
  • advanced application of data, technology, and analytics
  • constructing and using an integrated operating model to support the business in making trade-offs among fraud, client experience, sales (volumes or revenue), and cost

Enhanced threat intelligence along client journeys

Even as fraud threats have become more sophisticated, customers are demanding more streamlined and low-friction journeys. Addressing these challenges requires an enhanced strategy that has strong customer experience and fraud prevention components and bases its long-term success on prioritizing 360-degree intelligence: you must know your customer (via authentication, usage profiles, and preferences), know yourself (business activities, vulnerabilities, and capability gaps), and know your adversary (for example, competitors’ motivations and tactics). This additional threat intelligence equips organizations to design the appropriate controls and deliver them across their customer experiences seamlessly.

However, analyzing the huge volume of intelligence data now available is a real challenge. The traditional manual approach driven by individual investigators no longer will suffice. Instead, companies need a new at-scale technology-enabled solution and multidisciplinary approach. A client intelligence and fraud prevention center can better source and integrate threat intelligence and analysis to serve antifraud decision making. This involves the creation of trusted stakeholder networks—that is, a “team of teams”—both within the organization and among clients, partners, and government entities, to facilitate collaboration across silos and organizations.

The cross-functional team includes business leaders, experience designers, marketing specialists, product development specialists, fraud specialists, investigators, operations specialists, data scientists, technologists, and cyber experts. Exhibit 1 illustrates the process by which organizations convert intelligence from multiple sources into actionable strategies, enhanced controls, and operational improvements.

1
Companies can convert intelligence from multiple sources into actionable strategies, enhanced controls, and operational improvements.

Fast-cycle testing and feedback

To ensure that client journeys and controls provide the required protection against vulnerabilities and that the organization meets defined objectives (losses, volumes or revenue, customer experience, cost), companies normally perform two types of testing:

  • Retro-testing. This entails running anonymized data on an aged file to identify nonfraudulent and fraudulent behaviors and match them against actual outcomes, using historical data. At one organization, business leadership was surprised when a new fraud control caused the loss of a significant amount of business. This could have been largely averted by retro-testing the control against historical populations to gauge the outcome before implementation was under way. Spelling out all the key outcome drivers would have allowed the company to determine which variances, if any, were the root cause of the lost business and enabled it to devise a plan to address these variances.
  • Champion/challenger (A/B) testing. This entails identifying test parameters, related drivers, success measures, and a test population (the “challengers”) opposite the designated “champion” group, in a live business environment. Leaders in the payments industry rigorously use A/B testing to randomly present champion and challenger versions of the client journey and control setup in live tests. Determining which version performs better enables them to identify the impact on fraud rates and customer satisfaction. This is one of the most effective ways to quantify the trade-offs between customer experience and fraud losses. For example, a leading financial institution wanted to increase application completion rates without raising fraud levels. The institution used A/B testing that evaluated different thresholds for identity verification and device risk, thus determining impact of fraud rates and customer satisfaction (Exhibit 2).
2
Threshold testing for identity verification and device risk helps determine the impact of fraud rates and customer satisfaction.

Learning from ongoing tests requires a mindset shift by business leaders and specialists in operations, technology, customer experience, and compliance and risk. Test results should be synthesized and reviewed in a rapid feedback loop (for example, less than one week and increasingly in real time). By adopting this rapid testing cycle, the organization can continuously adapt its fraud controls and prevention measures as fraud threats evolve.

Advanced data, technology, and analytics

Companies need multilayer defenses with sophisticated data analytics that enable rapid decision making for applications and nearly instant response rates for transaction monitoring. Technology needs to be flexible, adaptive, and quick enough to react to fast-paced fraud attacks. Equally important is the need for insightful and actionable analytics to identify fraud attacks quickly, enabling the company to modify controls and strategies and win the fight against fraud.

Similarly, companies need to build the data and analytics that allow them to understand customer experiences and changes in behavior after a fraud incident and across journeys. They also need predictions and triggers to handle customers’ fraud experiences rapidly and proactively, such as communications about why fraud occurred and ways to protect the account in the future.

This requires data models that incorporate both internal and external sources. Internal data, which should be combined across product silos, could be related to fraud, identification, transactions, account and customer profiles, and connected interactions across channels. External sources could include device, biometric, transaction, and social data. The model should also be updated to include new value-added data sources continually. Additionally, it requires an orchestration layer that integrates different systems and allows fraud management teams to think across the value chain, capture complex fraud patterns, and identify fraud earlier. It should also enable them to orchestrate the response and communication to customers so team members can handle the experience in a personalized and empathic way.

Leading organizations are already taking advantage of advanced analytics to create a step change in effectiveness and efficiency. That might involve several methods:

  • Alternative data sources. Companies could draw on alternative data sources, such as social media, phone usage data, purchasing history, digital communications, geospatial data, and satellite imagery.
  • Machine-learning models. System developers could build integrated machine-learning models for client targeting, pricing, proposition, experience, credit, and fraud to optimize for multiple constraints simultaneously. Models should be subject to rapid testing-and-learning cycles and self-calibrate within defined guardrails.
  • Advanced modeling. Analytics could include sophisticated modeling techniques such as deep learning and human-in-the-loop artificial intelligence.
  • Automation. Companies could introduce automation such as natural-language processing and cognitive-computing algorithms.

For example, to respond to the COVID-19 pandemic, a government agency needed to disburse a massive volume of funds within a very short time. Not coincidentally, the agency was targeted by sophisticated fraudsters. By combining new data sources and sophisticated analytics, the agency increased fraud detection by approximately 60 percent while simultaneously reducing false positives by approximately 50 percent. This led to a dramatic decline in fraud losses.

Transformation of the operating model

Finally, to support advanced fraud management, companies should consider enhancing their operating model across six key dimensions: operations and performance management, organization and governance, customer centricity, roles and responsibilities, ways of working, and vendor management.

Operations and performance management

A company’s process and approach to fraud management should be consistent across divisions and stakeholders, including marketing and operations. Each company should have a risk appetite framework and a threat control library (TCL), as well as streamlined information sharing and coordinated planning to improve response speed and effectiveness. The company also needs a single set of end-to-end metrics to drive performance across the enterprise. The approach should promote a rigorous focus on efficiency, effectiveness, and continuous improvement while having fraud loss, customer experience, and process optimization as its key performance indicators.

Organization and governance

An agile fraud unit should aim to provide best-in-class enterprise capabilities to support fraud prevention, detection, and investigation (recovery) across all segments, products, and channels, with clear lines of responsibility. The first line—the business units, call center, and operations—is responsible for managing risk and trading off objectives (for example, fraud losses, business volumes, and client experience). The second line—the risk function—sets policies and requirements and provides oversight to ensure the effectiveness of key control components, such as risk appetite and assessment.

Customer centricity

A company must have the required customer insights and operations and the right capabilities in customer experience design and communication to deliver fraud experiences that consider customers’ preferences and needs. These insights and capabilities must be able to prevent fraud as well as support customers when a fraudulent event happens. An institution should embed the objective to improve the customer experience throughout its processes for fraud prevention (such as authentication, onboarding, and fraud alerts) and fraud management.

Roles and responsibilities

It is important to have staff with the right fraud management skills, process knowledge, and analytic capabilities. Staff members also must be given responsibility for effective fraud management and customer experience.

A company should link planning for fraud roles to business dynamics and skill profiles and implement adaptive training programs. It can enhance fraud intelligence by promoting collaboration and information sharing across related areas (such as the business, data and analytics, and cybersecurity) and the broader ecosystem (such as industry bodies and forums).

Ways of working

Agile ways of working across the business, operations, call center, and fraud, data, and technology teams can help drive required innovations in rapid cycle times (Exhibit 3). The fraud management function must participate in the product development process to close fraud-related gaps, build controls in the process, or both. Otherwise, delays will occur, or products will be launched on time but with unacceptable risks.

3
An agile, fast-cycle control center calibrates each tool and responds to fraud attacks.

Vendor management

Fraud and compliance leaders have developed advanced vendor approaches by creating a “fraud lab” for testing new technologies and data sources as fraud continues to evolve and for correlating fraud prevention technologies to optimize coverage. A company should have a continuous process to source, test, and integrate innovative solutions to improve fraud management.

Getting ahead of the challenges

To get ahead of the challenges, companies should take several steps immediately:

  • Set up an enhanced threat intelligence unit that can absorb data from across the organization and deliver prevention across client experiences.
  • Push fraud expertise into the businesses to embed defenses in the design of products and customer journeys.
  • Increase the pace of the operating model through agile practices, bring new skills to invigorate the investigative process (for example, pair data scientists with fraud investigators and business leadership), and let engineers reinvent reporting processes to surface insights in real time.
  • Adopt a test-and-learn approach, which is used by the world’s largest and most advanced payment and e-commerce companies. This approach continuously quantifies the impact of fraud rules to see which ones do or do not work and which fraudulent activities are slipping through the cracks.

Leading organizations will adopt these practices to become more resilient, provide better customer experience, support growth, and deliver lower risk and sustainable returns to shareholders.

Explore a career with us