Optimizing Your Environment to Fight Fraud in Today's Digital World

In an era marked by digital innovation and evolving threats, safeguarding against fraud demands a proactive and comprehensive approach. This session will explore practical tactics for optimizing your environment to effectively combat fraud. 

What you'll learn
  • Upgrading existing systems vs. starting from scratch 
  • Creating a Seamless Unified OLB/Mobile Platform
  • Latest on Security/Fraud Concerns and Fraud Claims – P2P, A2A, Wire, Mobile Deposits
Transcription:

Tim Chambers (00:10):
Okay, good afternoon everyone. Hope everyone's having a good day. Had a good lunch. We'll try to keep this entertaining so you won't get the after lunch snooze, but we're happy to be here with you and have a few minutes to talk about fraud and financial services and in the digital world. I'm Tim Chambers, Head of Products and Services for Mission Omega, mission driven fraud services company. I have been in financial services for 30 years, 28 of that in-house at Big five Financial institutions and over that tenure have led everything across the fraud lifecycle of prevention, detection, and resolution. So before we get started, and before I introduce my fellow panelists, I want to share just a couple of stats with you all. And some of you may have seen earlier this year, I think it was in February, that Alloy put out their annual state of fraud benchmark report.

(01:14):
And as evidenced in there, mobile banking and online banking were identified as the top two channels for banks having the most impact on fraud. In addition, 74% of regional banks and 69% of credit unions and community banks saw sharp increases in attacks through those channels on their consumer customers from 22 to 2023. And then lastly, 71% of credit unions and community banks emphasize that they now have a greater focus on enhancement, both technology people process in the fraud space. So we want to spend a few minutes today and talk about tactics to help you think about that and how you optimize in your environment, not only in the digital space, but also when customers cut across call center as well as in branch. But before we launch into that, let me just take a minute and introduce our panelists. I have with me Stacy Suggs, who's the executive Vice President and Chief operations Officer at Bank Independent.

(02:28):
Stacy as well has more than 30 years in financial services with a whole host of activities there at bank, independent across audit fraud, risk management credit, and other areas. So welcome Stacy. Thank you. And then as well Matt overran with Logic's Federal Credit Union, Matt as well, better than 30 years in the industry as well. So we made sure we brought all the old timers to this panel. But Matt as well has a lot of experience across retail, commercial, residential insurance, and for the last 10 years has led fraud risk management at Logix. So welcome Matt. Thank you. So just a couple opening thoughts and then we're going to go into some questions, but I thought it was interesting the stats that I just shared, but also for those of you that yesterday morning saw the information American Banker and Mitek did and kind of the fraud survey about what's transpiring out there, it's obvious that fraud tactics in all are greatly accelerating in the industry.

(03:34):
I don't think that's news to us, any of us here, but I really think that acceleration though is driving the need for the industry to really adopt better technology and people and process to mitigate that fraud and the personal impact that comes to each and every one of the customers and consumers that are impacted by it. So with that in mind, Stacy, I'll start with you. And I think a good starting point is keeping the end in mind and kind of what I mean by that is behind every transaction that happens is a human being that's impacted in some way or another directly or even indirectly. As we all know, a lot of the funds that happen through fraud go into trafficking of people, weapons, drugs, all kinds of things. So can you share a little bit about bank independent and how you keep the customer kind of front and center and how you look at all your fraud activities?

Stacy Suggs (04:33):
Sure. So thank you for being here by the way. I am excited to be here and talk with you all about fraud. So as far as customer experience goes, I think for us customer experience is always top of mind and everything we do, we want it to be a seamless positive experience, whether it's in person or through our digital channels. And one of our strategic objectives is balancing risk and reward. I think that really comes into play here when you talk about the risk and rewards. So I think it's important that we strike the right balance between our fraud mitigation efforts and the customer experience. And I think that can be challenging sometimes for all of us. We have to ensure that our fraud mitigation efforts are both efficient and effective, but also not obtrusive to our customers. And so we need to understand that impact.

(05:30):
I think it's important that we understand that trust and security are foundational to that customer experience and everything we do. And if we don't strike the right balance, we can lose the customer's trust. I also think that how we communicate with customers is very important. Communication is so key in everything we do. I think especially when we're adding new tools or systems, is important to keep that communication and understand the impact to the customer. So our goal is to always build trust with customers, but while also preventing fraud, we have to keep the customer front and center in all of our fraud mitigation efforts. So I think it requires a customer-centric approach. So when we're optimizing our fraud strategy, it's just always thinking about the impact to the customer from beginning to end. So I think in everything we do, we just have to always keep the customer top of mind.

Tim Chambers (06:31):
So, and Matt, I'll start with you. I want to kind follow up on something Stacy was talking about is related to whether you think about fraud detection or resolution, kind of following the thread on customer experience across channels. How do you really look at that seamless experience? If a customer, excuse me, you're reaching out to them maybe on a suspicious transaction or they're trying to report a fraud transaction or what they may believe is a fraud transaction, how do you try to work at Logic to have a consistent experience whether they go in brick and mortar or they come through a digital channel?

Matthew Overin (07:16):
So that's something we're really working on in Logix right now. We have a digital system that are kind of split. We have a mobile system that's one, and we have a online banking system that's different. We're now putting that together in a unified platform and that's really going to help have all of that look and feel like everything else on our website, everything else we see in the branches. So no matter where the member wants to go, they're going to get that with that omnichannel experience. They're going to get the same service, they're get the same look and feel, and they'll have that ability to do what we want them to be able to do what they want to do and not force 'em to one channel or another.

Tim Chambers (07:49):
And so Stacy, when you think about that in what you're experiencing, do you feel its customers are looking beyond, right, to your point, the perfect experience. We all know when any of us has a fraud event, that it's a moment of truth for some customers that may be the difference or whether they can make a mortgage payment tomorrow, put food on the table today. So do you find that your customers beyond just wanting the experience also, are they looking for alternatives like self-service options versus having to call and talk to a call center rep or walk in and talk to your warn reps? Can I just as an example, make a claim through the mobile app so that I can kind of self-serve?

Stacy Suggs (08:32):
Sure, sure. I think that's important too. There's lots of different situations that impact the customer. I think it depends on the situation. I think self-service works very well for, as you all know, verifying whether debit card transactions are legitimate. So we can do that through email or text and I think that's convenient for both us and the customer. I think the ability to give customers travel notices, some of us probably did before we came to the conference to do that through online banking or mobile banking. I think they like that order report a card lost or stolen. So I think those options are important, but I think that it's also important that we understand the value of human interaction. Some people and some customers prefer to speak with someone in person. So I think we have to be mindful of that. They may, and I think especially in distress situations, which we know fraud can create a lot of distress for a customer, especially if it's the first time that it's happened or to your point, it's taken a lot of money out of their account, they have to make their house payment.

(09:46):
And so those are situations we have to be very sensitive to. I think that also their preference for what channel they want to use can depend on their age, their technical savvy, if they feel comfortable with the digital tools or not, and also the urgency of the situation. So I think those are also factors that go into it. So I think the bottom line is customers want a choice in how they interact with us, and I think we have to provide all those channels and give them the option of how they want to interact with us when it comes to fraud.

Tim Chambers (10:20):
Yeah, I think that's right. I think one of the things, and I'll just share from one of my prior lives, we embarked on an effort to allow the ability to make disputes and fraud claims through the mobile app and the debit card space. And there were a couple things that transpired there that one of which I wasn't sure I'd even contemplated and that we saw an uptick in claim filing. And so we did a lot of research and we also had Gallup surveys just as offering that service to see the success of it. And it turned out that many customers were like, oh, if I don't have to call and spend 30 minutes on the phone with somebody to dispute $5 transaction with wherever, that's only happened once and I can just point and click and answer two or three, five questions in the app and be done.

(11:25):
They're like, I'll do that. They're like, normally I would not mess with it for five bucks if it's not a reoccurring transaction and spend a half hour on the phone speaking to a rep. But then I think conversely, on the other side of that, I think the other piece of risk mitigation is self-service options can also, if you're not careful, open up the opportunity for first priority fraud through abuse and things like that. So you also have the right level of control in offering that. So I think it's always making sure you have that kind of holistic approach from a fraud risk assessment on anything that you do in that space. Matt, how about, I mentioned earlier in the stats 71% in 69% of credit unions have this focus. Can you tell a little bit about at Logic, what's your focus in the technology space and also how you really look to try to balance, to your point where you had some disparate systems there, but how do you look at what you all may do in-house versus what you may want to use in third parties?

Matthew Overin (12:29):
So I really think my approach to fraud has always been a layered approach. And if you have the technology and the resources do stuff, I think it's a good thing, but it's also a good thing to go out and get new tools from vendors and making sure that your vendors are giving you what you need. We had an issue late last year with some Zelle fraud, a lot of Zelle fraud, and our vendor that we had couldn't really give us much help with it. Their systems weren't available to do it. So we kind of did a deep dive on what we saw the actual fraud was coming from, how it was being perpetrated, and we did a in-house analytic that stopped the fraud. So since January 1st, we've had almost zero Zelle fraud from that type of fraud. And that's really something that we had to do ourselves that our vendor couldn't do for us.

Tim Chambers (13:17):
Okay. Stacy, how about bank independence?

Stacy Suggs (13:20):
I think we kind of have the same approach. I would say as Matt, we have had situations like that. We've had zeal actually fraud as well that we kind of had to spend a lot of time on it to figure out. So I would probably agree with what he says.

Tim Chambers (13:39):
And I think a big piece is always that we always had a lot of conversations internally about is the orchestration, right? Because you have so many tools that you can leverage for fraud across onboarding, through transactional behavior, right through the life of the account and what's the right way to integrate those together and orchestrate the behavior. Otherwise you can end up spending lots of money if you're running everything through every solution you have when it may or may not be necessary. So I had to shift gears for a minute, Stacy, and kind of talk about, we hear a lot, whether it be out of the regulatory space or just in general about the importance of fraud awareness, fraud training, advocacy and trying to arm the customer. And I think everybody focuses on scam popups and their mobile apps or have a security or fraud center on their online banking by whatever name you might give it. So I'm just curious, for bank independent, how do you all look at that and can you really even measure and tell the success or you feel the success of those types of things?

Stacy Suggs (14:57):
I think we can, and I'll talk a little bit about that in a minute, about how we can measure some of those things, but I think customer education is really important for us to continue to raise awareness, continue to educate. I think it's important, it's both comprehensive and proactive. So we collaborate with a lot of industry groups, a lot of other sources of information to help share valuable information with our customers. We've used different channels for this. So initially at account opening we provide the information a lot of you probably do to educate customers on fraud, how to protect their information. And then for continuing education and current scams, I think it's really important that we jump on that when there's a current event going on. We send information by email, we use blogs through social media post on our website. We also send messages through online banking and we also use our intranet.

(15:59):
So for our team members, we also want to make sure they're staying on top of these things. They're staying updated and educated on what's going on so that they can better serve our customers. So I think customer awareness and education is not once and done, it's ongoing. We have to continue to work at that. I think clarity and transparency is important. So when we have some sort of potential event for fraud or something that's very prominent or affecting a lot of our customers, it's important that we communicate that. I think that helps reduce anxiety for customers and gives them assurance that we're empowering them to protect their information. I think one thing that's important, and I know we all probably do this, we continue to remind our customers that we'll never ask for their online banking credentials or MFA information. They still do it. They still do it, and it's very frustrating and disheartening for them and us too because we don't want them to fall for those type of scams.

(17:10):
And then for business customers, I think one of the things that we all probably have experienced with counterfeit check fraud that we're continuing to educate business customers on is positive pay ways that they can protect themselves, positive pay with the payee verification. I think we're all promoting that more and more now because of the increase in check fraud. We're also encouraging them to use more electronic channels like a CH bill payment, their debit cards. So I think we have to continue to raise awareness about fraud prevention and use all the channels we can to do that.

Tim Chambers (17:49):
Yeah. And you mentioned the employee piece. I wonder if you could talk a minute, I know we had a conversation yesterday and you were sharing some of the work you all have done in brick and mortar with kind of arming your teller team and kind of a reward program for them and trying to look at and identify some of the unfortunate challenges you all are having in the counterfeit space. So can you talk a little bit about that?

Stacy Suggs (18:13):
Sure. So one of the things we do that has been very successful, very helpful to us when we talk about educating our team members, we have a counterfeit check bounty program. So it's an incentive program for our team members. And many of you probably have something similar. We track that. So we measure that as well. This year we paid, and this is just in five months through the end of May, we paid our team members $6,100, but they saved us $558,000 in counterfeit check fraud. So talk about the value. So we also report that up to our board, to our audit committee to show what they're doing. We've recognized them from an employee recognition standpoint and promote that it has worked very well for us. And those are checks presented at our branches. Obviously in person where they see the check, they can stop it right there.

(19:12):
And sometimes we have law enforcement right on their trail too, where they can be there to take care of the fraudster. We also, I think just we also have verifying that we use for fraud monitoring. So one of the things that we do from tracking our value there, it has saved us in the five months this year, $384,000. So we are also tracking that. I think it's important that we show the value of the tools, show the value of what our team members are doing and continue to promote that because it Inc. senses us to continue down that path.

Tim Chambers (19:53):
Yeah, I think that's right. And I know we deviated a little bit there into the branch space and we're focused in digital here the last couple of days. But I think one of the important things is we always have to remember at the end of the day the fraudster is trying to find lease resistance. And as we tighten down things with identity and moving in through biometrics into our digital and online channels, the fraudsters circle back to where you have brick and mortar or call centers where they can social engineer themselves in as we tighten down in these channels. So thanks for that. Matt. How about at logic? How do you all look at the educational piece?

Matthew Overin (20:39):
Yeah, so my department, one of our biggest things that we do, we educate all levels of the credit unions that come through. So we have an hour piece in our new employee orientation for all employees talking about what my department does and how we interact with our employees and our members. And then it goes on to teller new accounts. There's an hour in training of each one of those. And then when the loan training, we do a couple different loan trainings where we go over loan fraud and credit cleaning and how that affects you and how you can catch that at the front line. And then we have specialized training for our underwriters and for our loan resolution collections people too. And we have a fraud crime busters program. So same kind of thing. You save the member something, you get $25, you save the credit union some money, you get $50, you catch identity theft, it's a hundred dollars and it's unlimited. I don't have a budget for it. The money can just flow out and they get recognition in a monthly meeting. They get recognition with an email and we pass around copies of the checks that we find to help tellers look for those types of checks as well.

Tim Chambers (21:37):
That's good program. That's great. Yeah, that's great. And I would tell you, and just share as we talk about, especially the customer awareness, I shared with somebody yesterday, I've been in the business 30 years, all of that in fraud and security. And so my parents would tell you I nauseum, I talked to them about my dad who still lives in his early eighties. And last time I went to see him, he took out this little spiral bound five by seven notebook that had three columns front and back on each page of what turned out to be phone numbers. I had to ask him and I'm like, what are all these? And he's like, these are every phone number that's calling me on my cell phone trying to sell me something, trying to get my information right. And it's unfortunate, right? Somehow they've identified his age and so they're targeting him specifically.

(22:31):
But my point being, even after everything he's heard from me for years, three years ago he got a text message thinking it was his bank, and he clicked on the link and put in his debit card and then it took him to another screen wanting some else. And fortunately he closed out and immediately called me. So it's one of those things that sometimes even though how much you hear it or you get the education around it, you still, whether you're in just a moment of rush or you're not thinking and you just act, and it caught him in that instance. Fortunately again, he called me and we got it before anything could happen. But who knows what he could have if he wasn't thinking gone and given them probably credentials was probably the next screen, I'm sure post the card number, I would guess. So before we take a few questions from the audience, I would just like to ask each of you, can you just share a couple minutes on maybe the top two or three fraud things that your teams and your institution are really focused on? Is part of strategic initiatives go forward, whether it's people, process, or technology? Sure. So Stacy.

Stacy Suggs (23:41):
Yeah, so one of the things that was interesting, I had attended a Jack Henry SI conference a couple of months ago and they had done a survey with all of their banks and credit unions and the survey was the top fraud concerns. And so a lot of what was in the survey actually aligned with our top fraud concerns. So number one was check fraud, we've all talked about that was the top fraud threat. And for us last year, regions Bank, which is based in Birmingham, Alabama, they lost 135 million in check fraud. So it's not just hitting the large banks, it's hitting a smaller community. Banks, credit unions, it's everywhere. So they're going back to the old ways of washing the checks and doing some of those things. The second was romance or investment scams, which we've all experienced. But the third one was account takeover fraud. And this is something that we haven't had a significant number of losses on in the last few years, but it is growing and I think the attempts are growing.

(24:50):
So just this year we had a few smishing events, which I'm sure you've all had as well, where they're texting, they're texting our customers with a fictitious link that has a fake domain. And so we have been looking at tools to help us with that and I think that's something that is going to continue to grow. But our overall approach is multi-layered, kind of like Matt said. I mean there's not one silver bullet for fighting fraud. We have to continue to find ways to help us. And then I think that just looking at tools out there, I think we look at our existing technology, make sure we're fully utilizing the existing technology we have, but also if we have gaps, what are some other tools out there to help us? And we're all looking at AI use cases and things like that. So I think that's probably our top fraud concern, counterfeit check fraud and account takeover fraud just because it's continuing to grow.

Matthew Overin (25:58):
Matt, I think at Logix, I think our top concerns right now are identity theft and through the online channel and then our loan fraud. We have a pretty big loan fraud ring that hits us in the LA area and we know how it works and we are pretty good about being able to figure it out. But getting new tools has really helped us as well. We got a tool just to the end of April and it's a document authenticity tool that's called Inscribe and it takes pay stubs, w twos and bank statements and it tells us if they're fake or if they've been altered or manufactured. And even since the end of April, we've saved almost $600,000 in loan fraud from it and that really helps. We've also used that same tool to authenticate members if we're needing proof of residency and it's caught a bunch of fake utility bills, lease agreements, things like that.

(26:55):
It's helped us a lot. Another tool we always getting new tools. In 2024, we brought on two new tools. Another one was a system that works along with FIS check systems and it looks for velocity against the social, the address, the name, the birthdate, the email address, and the IP address and lets us know if the IP address or any of those things have been used with multiple people in the FIS system. And it identifies identity theft within 30 seconds of running the first verifier. So those things are really things that we've been hit hard with and we've bought tools in 2024 to combat that and hopefully bring that down.

Tim Chambers (27:34):
Nice. Alright, so we have a couple minutes left. Any questions out in the audience this afternoon? Right, right here in the front. Alright.

Matthew Overin (27:45):
Okay, that's not fair. Go ahead.

Tim Chambers (27:49):
You probably go ahead, we'll repeat it

Audience Member 1 (27:52):
For Stacy. Stacy, you mentioned members giving away to f FA and so fee being a dirty award. Have you guys contemplated potentially charging a fee to members that continually do that?

Stacy Suggs (28:06):
We have not gone that far. We do. I mean we feel obligated to continue to educate. I think from our perspective it is a very difficult decision. And when you decide when someone does give out their information, do we reimburse that customer? Do we let them suffer the loss? I think we have started pulling a team together to have those conversations based on a certain dollar amount. So we have not gone that far. We may all get there one day, I don't know. But I think that's a good question. There's got to be accountability and we talked about this yesterday on the customer, they've got to have some responsibility and we can't continue to pay for these losses financially. There's huge financial risk and fraud. There's also a reputational risk that we have to consider and those go hand in hand because if we have a huge amount of fraud and it gets in the media, that can be detrimental as well. So the customer experience is important and there's a balance in that. Yeah,

Tim Chambers (29:23):
Yeah. And the gentleman in the back there, yes.

Audience Member 2 (29:26):
I've got a question for the group, maybe Tim, from your perspective, is there anything that you use to benchmark broad in terms of is there an alpha target and then the same for Matt, Stacy, is there anything that you look at, so maybe Tim, is there industry benchmark, this is like, hey, we can get you to X of target fraud, whether that's a loss loss number or a loss rate or just anything that you guys use to benchmark how you perform?

Tim Chambers (29:56):
Yeah, so the questions around benchmarking, I would say from the industry perspective. So my prior life we spent a lot of time interacting with Ariana and the card space and tracking basis points, obviously losses, recovery rates, not just purely loss. And then some of the same things, American Bankers Association for a period did something very similar, but on the deposit side and looking at check losses, a CH, other things like that. So I think that's a lot of it, but I would tell you we got to the point where it wasn't just about benchmarking fraud, but benchmarking return on investment internally, the cost of attrition of that customer, if they had a bad fraud experience and exited the cost of losing top of wallet if they didn't react about a new debit card. So it wasn't even just anymore about tracking fraud in losses, but the customer impact.

(30:56):
Because I had a regional banking executive many years ago when I first started that told me he was like, Tim, you and the fraud department are like life insurance. I have to have it, but I don't want to pay for it. But over time folks have realized, wait a minute, it's a huge cost to us if that customer walks to replace all of the income and their balances and all with one customer or maybe several. So I would say there's certainly those industry things, but I'd also make sure that includes customer metrics, not just fraud.

Stacy Suggs (31:29):
Well, and I would add to that too, I think the customer experience, as we all know is very important. I also think it's about risk tolerance. So I think we all have a budget for fraud. Unfortunately we have to budget that every year. It increases every year as we grow or our deposits grow. So I think there's a risk tolerance that has to be set at the top. I also think that we have to understand the risk and reward. So we do measure from a benchmark standpoint, our debit card fraud, we measure it against interchange income, so it is a percent. So there's an offset to us offering debit cards. So there's value in having those customers that do use our debit cards and there's value in offering all these channels and digital products and services. But we have to look at it, what is our tolerance? I always say when I get a call from my CEO about something, then we're over our tolerance. So what happened? So anyway, I think it's important that we all set that tolerance though at the beginning and sometimes it has to increase based on our growth.

Matthew Overin (32:44):
I mean we track fraud loss per member. It's kind of a good overall thing where we're going. We track it a year over year so we can see if our membership's going up 12% a year and our fraud losses are not going up that much, that's good. If they're going up too much, we got to do something about it and look and see where the fraud's coming from. Keeping track of all the sources that it's coming from and making sure that we can identify where we have gaps and fix that.

Tim Chambers (33:09):
Appreciate it. Alright, well thank you all very much. I see well over our little thing down here is really flashing. It's really, so thank you all very much. We greatly appreciate it. We'll be around for a few minutes, so if you didn't get your question answered, feel free to come up and we will do it one off. So thank you all very much. Thank you.