Managing transactional fraud is like searching for a needle in a haystack. Except the needle is moving and the haystack is growing! Faced with an environment as complex and daunting as this, banks invest large amounts in increasingly sophisticated fraud detection systems. These systems are typically built around a statistical model and aim to identify those transactions which most closely resemble previous fraudulent transactions. These systems seek to increase the efficiency and effectiveness of the system by increasing the probability that each customer contact will detect and confirm fraudulent spend while simultaneously increasing the total number of fraudulent transactions detected.
Investment in large transactional fraud systems is justified by the ever-increasing cost of fraud losses. However, the idea that they alone can solve the problem is based on an old paradigm.
Traditionally, communicating directly with customers was expensive and time-consuming. To confirm fraudulent transactions banks needed to contact customers telephonically. Since it was not financially viable for banks to contact every customer to confirm every transaction, they invested in systems and analysts that could screen the mass of transactions and identify only those transactions likely enough to be fraudulent so as to warrant the cost of a confirmatory phone call. This was true even while the configuration of those systems necessarily resulted in fraudulent transactions being ‘missed’. The companies that produced these transactional fraud detection systems, meanwhile, focused their efforts on making them ever better at calculating the probability of any one transaction being fraudulent.
But the key underpinnings of this paradigm – namely that staff and communication are both expensive – are no longer true. Once the old paradigm is abandoned, it is possible to find significant value in simple and cheap solutions like SMS transactional alerts.
An SMS transactional alert is an informative SMS that is automatically generated whenever a transaction meeting pre-set criteria is processed on a credit card. These SMS alerts typically include some basic information about the transaction and ask customers to phone or text the bank in the event of that transaction having not been originated by themselves.
SMS alerts are inspired by a new fraud management paradigm, one that is underpinned by the assumption that ‘staff’ can be free and that communication is very cheap.
SMS alerts clearly don’t change the direct costs of employing staff. Rather, they transfer the workload of screening alerts from paid employees to unpaid customers. If the bank sends an SMS alert to a customer, it is that customer who takes the time and effort to validate the transaction. So, where once a large team of employees was needed to analyse transactions and to contact customers to confirm suspected frauds, it is now possible to screen almost all transactions with a small team of employees and a very large ‘team’ of customers.
It was the high cost of communicating with customers that made it essential for suspicious transactions to be manually screened and reduced before customers were contacted. But, none of this is necessary now that banks can contact customers instantaneously and very cheaply through SMSes.
As a fraud prevention tool, SMSes do not preclude the need for traditional fraud management tools. Rather, they free up manual resources and allow staff to focus immediately on the highest risk as identified by these systems.
When implementing SMS alerts, it is important to avoid two common mistakes that are often made when old paradigm thinking is allowed to persist. Customers should not be charged for the service – though in some markets the practice does exist – and the triggers should be easily understood.
The value of an SMS alert system increases with its coverage, not with its efficiency. Every SMS alert saves more money than it costs. Therefore, the bank saves more money as each additional customer is enrolled in the programme. By trying to recover the running costs directly from its customers, a bank limits the scope of its programme and, in so doing, limits its savings. Though, in some markets banks have successfully charged for the service without major reductions in customer take-up rates.
Alerts should be sent for all transactions over a nominal value-based trigger – either enforced or customer-selected. It may be more efficient to send alerts based on calculated fraud rules but this, again, is false economy. Because staff are free and communication is cheap, it is now cheaper to send alerts for all transactions than it is to risk missing a fraud. It is also preferable to meet customer expectations by generating alerts when – and only when – they are expected.
These alerts are not just a cheap way to limit fraud, they’re also a very effective way to do so. When used fraudulently, an account that receives SMS alerts is likely to suffer losses fifty to seventy percent lower than those experienced by a similar account not receiving SMS alerts.
The benefits are not restricted to fraud savings either – customers value SMS alerts. An SMS alert programme is therefore a win-win offering that reduces fraud losses while improving customer service. The second non-financial benefit is an improvement in customer contact data. Because customers expect and appreciate SMS alerts, they quickly become aware of any breakdown in communication between the bank and themselves. And, because they appreciate these alerts, when they become aware of these broken communication lines they are more likely to pro-actively contact the bank to update their contact details. Since all functions of the bank can access this information, they too benefit from better contact rates for their strategies.
In summary, a bank with a good SMS alert programme is likely to have lower fraud losses, lower fraud operational costs, happier customers and better customer contact details.
[…] Once an authorization decision has been made, that data is passed into the offline environment where it passes through a series of fraud rules and sometimes a fraud score. It is in this environment that the most value can be attained from the addition of a customer-specific history. Because this is an offline environment, there is more time to query larger data sets and to use that information to prioritise contact strategies which should always include the use of SMS alerts as described here. […]