Blog article
See all stories »

Corporate Account Takeover Protection - Do we know our customers well?

Should banks go alone in the fight against customer financial depredation? The answer lies in the multi dimensional collaboration that banks are ready to establish with their customers and with the banking industry at large on a per customer basis. Actionable awareness of the customer, the customer's business and the ecosystem as a whole determines the level of success in bringing about a wholesome threat mitigation plan. KYC is often treated as a one-time activity and not as an ongoing exercise to maintain the bank's consciousness of a customer, an important sliver of which can be used as a vaccine to protect the customer and in turn the bank's reputational existence. The KYC done during customer on-boarding just serves to introduce the customer to the bank. Ongoing KYC is about knowing customers inside out by continuously watching their transactions to help the bank form its threat perceptions and keep them realistic. But this buildup of transactional profile needs time. What if the bank wants to activate protective measures from the word go? Customer registration tools do not stress enough on the capture of primary control data that can be recorded during customer enrollment.

Profile strength:

Banks are anxious to keep the client registration process within predefined time limits in order to quickly empower them to present payment orders. This is seen to compromise with the quality and depth of payment preference profile that gets created in the client file. One of the evolving best practices is to assess profile strength at the end of the client emergence process. This is similar to password strength that is shared with a customer to help determine if the password provides adequate protection. On similar lines, a bank can indicate to the client if the profile allows enough control parameters for the bank to be used in validating if payment orders are in alignment.

How much is enough?

How much of payment preference data should be collected during client registration? There is no definitive answer to this but with a little effort, payment disposition can be categorized into broad heads that can help the bank decide and even share with the client, if the bank has gathered enough about the payment subscription profile in order for it to create specific early warning rules for the client. Some of the leading banks in this space effectively capture the following:

Payment schemes – FedACH, Fedwire, SWIFT, SEPA, BACS, FPS, CHAPS, others

Payment types – Credits only or even direct debits

Preferred channels of payment origination

Destination countries to which or from where payments can be sent / received

Preferred payment currencies

Amount range within which each payment item would lie

Counterparties to whom payments would be sent or received from

Payment File formats – Creating and linking proprietary or industry standard formats to the customer id with format version number with flags to indicate whether control total / check sum validations are to be enabled, knowing if the file would be encrypted and if so what encryption methods would be used by the client. carrying hybrid payment types,

Purpose (s) for which a payment would be made

Payment Frequency in terms of how frequently would payment requests be made?

Peak days of the month for payment activity

Whether future dated payments would be originated?

Identifying a core minimum

It is important to expeditiously enable a new client for payment order presentment and hence decide what should form a minimum core set of profile attributes that the bank could start out with and capture. The client should be provided with the scale of awareness that the bank carries on its payment disposition and how it can be bettered to ensure effective account protection. A clear agreement for profile enrichment would need to be reached with the client in order for the bank sales team to schedule additional interviews.

Check the conduit

Banks using customer on-boarding solutions grapple with the issue of ‘data scoop diameter’. This is in other words is asking how wide mouthed can the on-boarding solution be in order to feed client payment preference data into the payment processor. The reference data store for on-boarding clients for payments business dictates how much of this data can be burrowed from the client. This also influences what goes into the interview sheets that the sales team would use while engaging a prospective client. Functionality to add new data elements helps to make it a part of the customer payment preference profile expands the ability to write customer specific payment validation rules.

Data is dust if…

Data is dust if left still. This is true for banks that are constrained in using client payment preferences to interrogate the payment orders. Specialized solutions for fraud prevention should be given access to client payment orientation data in order to maximize efficiency gains. Fraud rules can kick in early on in the life cycle of a singular or a bulk payment order by engaging the payment order(s) in a comparative analysis with client payment profile data to see if there are any deviations. On the basis of severity of deviations the payments can be routed into an exception queue triggering client callouts. Client overrides could lead to updates to the profile. Banks should actively look to maintain client profile data to ensure that the rules are hitting against the latest version.

Smart sampling

With increased sophistication being brought in the area of threat monitoring, the thought of not monitoring all transactions for violations is increasingly gaining favor. Banks having robust criteria definition for risk scoring are exploring prudent ways to not subject 100% of their payment volumes to arrhythmic heart beat checks. Similarly complex methods such as web crawling and web sucking for rich data mining around payment recipients can be selectively done to payments originated by customers scoring high on the risk index or to recipients where the hit match confidence exceeds a bank defined threshold. Smart sampling  without compromising the bank's risk cover is opening doors to cost savings.

Cautious Alliance:

‘When fears are common, join hands’ is relevant to the fight against financial injury. It makes ample sense for a bank to know views of other banks on a new client it is welcoming into its fold. Likewise any information that can be garnered around a certain counterparty that a customer is enlisting with the bank can be invaluable. Partnering with other banks to compare:

-           list of customers with a high risk index (This would say to the other bank... We are sensing these customers to be high risk, does your bank see them the same way?)

-          list of counterparties that have been blocked (This would mean to say. Our bank has these entities that have been blocked by our customers for collections. Can you check if they are on your block list too?)

-          list of customers with excessive number of returned direct debits (This would read. Here is our list of customers that have had excessive number of returned direct debits for the reason unauthorized debit. Do you have similar experience with them?)

could help reveal common entities that are viewed similarly by other banks leading to further enlightenment that can feed into customer dealings.

Final word

There is no final word no endgame in the fight for customer financial protection. Enhanced customer awareness is taking centre stage in the strategy of banks that seek supremacy in the battle against account takeover. These banks have trained themselves to keep asking the question - Do we know our customers well?


Comments: (0)

Now hiring