How Much Is Too Much with Fraud Alerts?Christine Brundage |
Having worked in this industry now for many years I, like many of my fraud management brethren, have heard the jokes. You know the ones, “You’re not fraud prevention, you’re sales prevention”, and all the other permutations. I have had the good fortune to work with fraud strategists and managers from issuers and merchants around the globe, and I have yet to meet one who doesn’t “want any transactions to happen.” But I’ll come back to that in a moment.
I am sitting at my desk this morning preparing for a workshop that I am set to facilitate at the MasterCard Academy of Risk Management Global Conference for The Americas on “Simplifying Advanced Fraud Management,” when an email from a colleague pops into my inbox. It includes a link to an article from American Banker titled “How Many Fraud Alerts Is Too Many?” and since there is a direct connection to my current focus, I stop to read this brief piece. There are several great points made in the article. However, when I finish reading, I am compelled to comment on two points.
First, there are several statements that imply, if not say, that issuers should build rules and create alerts based on their capacity to work them, a concept that I find just perplexing. Why would a fraud organization not want to at least alert on all activity where the risk exceeds the tolerances that the institution has laid out? In other words, why not create the alerts and get through as many as you can with what you have to work with? Just because you can’t get to them shouldn’t mean that your tools shouldn’t at least give you the ability to find out about them, right? We’re not talking about declining transactions, just alerting on them. And if you can show that there is a value to being able to work more alerts, great, put together that business case! And then staff or implement technology to address that risk.
This article also contains the opinion that “We are talking about two ends of the spectrum. On the one hand, you have the business guys who want to do everything for that customer, and you have the security guys that don’t want any transactions to happen — so you have to find the right checks and balances…” Now to be completely clear, I totally agree with the last piece of this statement: it IS all about finding the right checks and balances. But I must respectfully disagree with the rest and set the record straight on this outdated stereotype.
“Security guys” ARE “business guys.” My experience is that fraud management folks understand the way their organizations work and how they make money. Today they are the ones making the tough decisions about how to balance fraud mitigation with sales approvals in order to ensure profitability for their organizations.
Topics: Payments Strategy