The Business Case for Defense in Depth

Previously, we discussed the risks of account takeover and how a Defense in Depth strategy can protect your business. Before implementation it’s important to understand the financial benefits of the strategy.

There are a few key steps to assessing and quantifying the value of Defense in Depth.

1. Transaction risk assessment: This requires taking inventory of all possible transactions.
2. Session-level risk analysis: With the transactions categorized by risk level, the next step is to review session history based on the highest risk activity within the session.
3. Quantify the cost of a challenge: There are multiple costs associated with challenging a user using step-up authentication. Consider both direct and indirect costs – failure rate, contact center operational cost, and attrition rate following failed challenges (consider lifetime value of account)
4. Quantify the expected challenge rate: This can be done by comparing the Defense in Depth approach to a traditional approach.

Below is a calculator that will help determine the cost of the reduced challenges associated with a Defense in Depth strategy versus a traditional strategy.

In addition to the quantitative benefits, it is important to consider some of the qualitative benefits of this approach:

1. Challenging at moments that matter: Customers appreciate and expect protection in online banking, especially when moving money externally or updating contact information. This is a great way to achieve both convenience and security.
2. Improved fraud management: By staging the risk decision at the transaction level, the business can balance the type of challenge with the transaction risk.

There are incremental cost considerations to include in the business case as well. For instance, there is an increase in transaction calls for a risk assessment at the medium/high risk transactions – about 10% in the example above. Generally, the increased transaction cost is more than offset by the reduction in cost of challenges alone.

A Defense in Depth strategy can help businesses manage fraud risk and prevent account takeover in online banking without sacrificing user experience. If you are interested in assistance with building your business case and understanding the strategies to implement a successful Defense in Depth strategy, contact us today.

Contact us

¹Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020