If risk management teams hope to effectively detect and prevent fraud—and at the same time keep fraud prevention tools and processes from impacting customer experience—they need to partner with a number of key functions in the organization.
This is the first of a series of briefs that take a look at these key partners, and what risk management teams need to focus on when working with them.
Partner: IT and Cyber Security
Main responsibilities: These departments (and in many cases cyber security is part of the IT management operation) are responsible for building, maintaining, and securing the technology infrastructure that supports the business.
This includes on-premise data centers and all their components, desktop and mobile devices and applications, and all networking facilities. But increasingly the infrastructure encompasses public and private cloud services, whether they’re used for applications (software-as-a-service), infrastructure (infrastructure-as-a-service), or software development (platform-as-a-service).
Many organizations are moving to a hybrid or multi-cloud environment, which can make IT and cyber security management even more complex.
It can’t be overstated how important it is for fraud leaders to work closely with the IT and security functions, given that they are the primary gatekeepers of one of the organization’s most valuable resources: information.
Who you should be working with: Ideally, risk managers will work with the C-level technology executives, including the CIO, CISO, and CSO. But there is a wide range of potential stakeholders, including cloud architects, network managers, CTOs, database administrators, and others with home risk managers can collaborate.
How fraud can have an impact on this function: With the rise of digital transformation initiatives at so many organizations, the opportunities for instances of fraud via IT infrastructures are increasing. Bad actors can exploit any number of vulnerabilities in applications, systems, devices, and networks, including growing mobile environments and the multitude of cloud services.
According to a January 2020 report from Gartner, “How to Create a Payment Fraud Detection Strategy at the Organizational Level.” among the key challenges IT and security teams are dealing with are:
- Automated bad bot traffic on networks
Additionally, new email-based threats are arising all the time, including many related to the coronavirus pandemic.
In March, the Global Investigative Operations Center (GIOC) of the U.S. Secret Service, part of the Department of Homeland Security, put out an alert about the types of email scams associated with the virus. These include the wide distribution of mass emails posing as legitimate medical and or health organizations, which can cause malware to infect systems or prompt users to provide email login credentials.
In many ways, IT and security are the front-line forces in the fight against fraud at organizations, and should therefore serve as key partners in enterprise efforts to reduce or eliminate the incidence of fraud.
Solutions to consider: Risk management executives can work with IT and security to help reduce or eliminate fraud or minimize the impact. Best practices include:
- Tracking fraud in all its forms, both successful and prevented attempts, in order to measure the full scope of risk and respond accordingly.
- Authenticating both physical and digital attributes of users, such as digital identity and behavioral biometrics.
- Using a layered solution approach to fraud that addresses both identity authentication and transaction verification.
- Looking for outside expertise with deep data and analytics resources to help identity fraud.