The definition of account management authentication is: Keep your customers happy, but don’t lose sight of fraud risks and effective tools to combat those risks.
In my previous posting, I discussed some unique fraud risks facing institutions during the account management phase of their customer lifecycles. As a follow up, I want to review a couple of effective tools that allow you to efficiently minimize fraud losses during post-application:
Knowledge Based Authentication (KBA) — this process involves the use of challenge/response questions beyond “secret” or “traditional” internally derived questions (such as mother’s maiden name or last transaction amount). This tool allows for measurably effective use of questions based on more broad-reaching data (credit and noncredit) and consistent delivery of those questions without subjective question creation and grading by call center agents. KBA questions sourced from information not easily accessible by call center agents or fraudsters provide an additional layer of security that is more impenetrable by social engineering. From a process efficiency standpoint, the use of automated KBA also can reduce online sessions for consumers, and call times as agents spend less time self-selecting questions, self-grading responses and subjectively determining next steps. Delivery of KBA questions via consumer-facing online platforms or via interactive voice response (IVR) systems can further reduce operational costs since the entire KBA process can be accommodated without call center agent involvement.
Negative file and fraud database – performing checks against known fraudulent and abuse records affords institutions an opportunity to, in batch or real time, check elements such as address, phone, and SSN for prior fraudulent use or victimization. These checks are a critical element in supplementing traditional consumer authentication processes, particularly in an account management procedure in which consumer and/or account information may have been compromised. Transaction requests such as address or phone changes to an account are particularly low-hanging fruit as far as running negative file checks are concerned.