Loading...

The Business Case for Defense in Depth

Published: December 29, 2020 by Stacey Wishowsky

Previously, we discussed the risks of account takeover and how a Defense in Depth strategy can protect your business. Before implementation it’s important to understand the financial benefits of the strategy.

There are a few key steps to assessing and quantifying the value of Defense in Depth.

  1. Transaction risk assessment: This requires taking inventory of all possible transactions.
  2. Session-level risk analysis: With the transactions categorized by risk level, the next step is to review session history based on the highest risk activity within the session.
  3. Quantify the cost of a challenge: There are multiple costs associated with challenging a user using step-up authentication. Consider both direct and indirect costs – failure rate, contact center operational cost, and attrition rate following failed challenges (consider lifetime value of account)
  4. Quantify the expected challenge rate: This can be done by comparing the Defense in Depth approach to a traditional approach.

Below is a calculator that will help determine the cost of the reduced challenges associated with a Defense in Depth strategy versus a traditional strategy.

In addition to the quantitative benefits, it is important to consider some of the qualitative benefits of this approach:

  1. Challenging at moments that matter: Customers appreciate and expect protection in online banking, especially when moving money externally or updating contact information. This is a great way to achieve both convenience and security.
  2. Improved fraud management: By staging the risk decision at the transaction level, the business can balance the type of challenge with the transaction risk.

There are incremental cost considerations to include in the business case as well. For instance, there is an increase in transaction calls for a risk assessment at the medium/high risk transactions – about 10% in the example above. Generally, the increased transaction cost is more than offset by the reduction in cost of challenges alone.

A Defense in Depth strategy can help businesses manage fraud risk and prevent account takeover in online banking without sacrificing user experience. If you are interested in assistance with building your business case and understanding the strategies to implement a successful Defense in Depth strategy, contact us today.

Contact us

1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020

Related Posts

...

Published: June 6, 2023 by admin

According to Experian data analysis and a recent study on unemployment insurance fraud, at least 25% of new claims are a result of identity theft.

Published: April 15, 2021 by Eric Thompson

It’s critical for credit unions to understand the specific threats presented by life online and be prepared with a fraud detection and prevention plan

Published: April 13, 2021 by Alison Kray

Subscription title for insights blog

Description for the insights blog here

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Categories title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Subscription title 2

Description here
Subscribe Now

Text legacy

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source.

recent post

Learn More Image