It is no surprise to hear card fraud continues to rise in every country around the globe, according to the survey published by ACI. With the never-ending fraudulent assault on your customers, how do you keep them happy? As the ACI report states, fraud isn’t
just about the financial loss to the bank, it’s more than that; it actually undermines the ‘stickiness’ of your customers, and your brand reputation – something far more difficult to repair than losing a few pounds.
Every organisation in the world has in place, no matter how simplistic or technologically advanced, systems to detect (and ideally prevent) fraud. These systems are there to protect the company’s customers from loss, and ultimately to help insulate the organisation
from damage. In the case of a bank, these systems will look after many different products on many different channels, covering everything from; chip-and-pin credit card payments, direct debits, and online payments. The burning question is this – how do I protect
my customers while ensuring they are provided with a world-class customer experience? The answer lies in good communication between the fraud systems and the customer.
Typically I only hear from my bank about fraudulent activity after a block has been placed on the account. Not only can I no longer use my banking facility, but I am inconvenienced further by the need to go through a lengthy reactivation process – particularly
frustrating if the activity that led to the block is legitimate. What is more frustrating is not being informed of the block at the moment it is placed on the account. What is needed is an open approach, directly proportionate to the perceived risk.
These days, customers are far more knowledgeable about the dangers of fraud and the various ways in which they may become victims – this means they are now more tolerant of fraud checks, and understanding of why the banks do what they do. An increased level
of proactive communication from banks around account security would therefore be welcomed by most customers. People want to hear about suspected irregularities on their account as soon as possible, even if the activity hasn’t led to suspension of service.
They certainly want to be told before a block is placed on their account – after all, fraud systems will never be right 100% of the time, which means a certain percentage of this poor customer experience can be regarded as unnecessary. Here are a couple of
very rough design ideas to spark debate:
- When fraud systems detect something unusual (but not suspect enough to block the account), both an SMS and email are sent out to the customer informing them of this, asking them to respond if the activity does not belong to them. This way, issues are trapped
earlier on (for instance, people ‘pinging’ a card to check validity), and we can now classify transactions that may previously have been flagged as suspicious as valid.
- If suspicious activity is detected which warrants suspension of service, a real-time customer notification is sent before a block is placed on the account. This would take the form of an SMS, email message and phone call (both home and mobile) to the customer.
The message would give them a 1 hour window to respond before the account is formally suspended, and the response from the customer must at some point involve a phone call for security reasons. In the ‘grace’ period of 1 hour, no further debits from the account
would be permitted, but other banking activity could continue.
It is important that we tunnel the notifications above over more than one channel (SMS, email and voice in this instance), not only for security reasons but because it also increases the chances of a customer seeing the message. Insisting on a call also
reduces the risk of a fraudster falsifying responses to the bank, if for instance they have hijacked a customer’s email account – although there may be other more secure, automated, ID verification means by which this could also be achieved.
There are a couple of further considerations to be made, such as at what time is it reasonable to reach out to your customers? If it’s 1am, you probably don’t want to disturb them with a phone call, although SMS and email are fine; after all, if they are
legitimately using their banking facilities at that time, they will receive the notification and call back. If they are the victims of account takeover, the account becomes fully blocked after an hour anyway. Finally, the hour window may be seen as no different
to having the account suspended, but psychologically it makes a difference to the customer; they now feel in control of what happens to their account, and are given the option to have their say before they lose access to the service.
Taking the approach of block now, ask later, is simply outdated and not compatible with today’s world of rich communication devices, and people that are always connected. Given the ease and speed with which banks can establish communication with their customers,
in cases of suspected fraud I would suggest letting the customer establish legitimacy before withdrawing their service and assuming the worst. With little additional expenditure, the strategy of proactive, early communication should provide much more in return
by increasing customer loyalty and improving brand perception.