Report Report A Must in the Age of Multi-channel Digital Commerce
Report Stopping Fraud in Real Time A Must in the Age of Multi-channel Digital Commerce Digital commerce takes place across multiple channels and devices over extended periods of time, affording criminals multiple opportunities to commit fraud and steal personal information. A multifactor, layered approach is required to prevent fraud and promote trusted communications between companies and their customers. January 2015 Dan Miller, Senior Analyst, Opus Research Opus Research, Inc. 350 Brannan St., Suite 340 San Francisco, CA 94107 www.opusresearch.net Published January 2015 Opus Research, Inc. All rights reserved. 2
Scoping the Fraud Loss Problem The economic cost of cybercrime on a global basis was estimated at $400 billion dollars in 2013, according to a McAfee Security report from June 2014. While the Ponemon Institute reported that more than 40% of all companies have experienced a data breach in the past year, the frequency of such data breaches and theft of personal information is accelerating. Criminals obviously have ample incentive to continue to mount persistent efforts to gain access to customer data in order to commit fraud. From the point of view of digital and phone-based commerce, it is more important to note how personal data and identity-based information has been exposed to criminals. All told, the number of individuals whose personal information has been exposed is in the hundreds of millions. While consumers are often shielded from economic loss by their payment card issuers or retailers, they are still vulnerable to identity theft and account takeover. Criminals are leveraging exposed data and engaging in social engineering to build out consumers profiles and implement their fraud schemes. The Phone Has a Special Role to Play Recent research reflects the fact that the phone is the primary channel for digital commerce in almost 70% of all ongoing conversations, according to a study recently completed on behalf of Opus Research by Coleman-Parkes. Figure 1: Channels Employed by Today s Shoppers 80% 70% 60% 50% 40% 30% 20% 10% 0% Email Phone Website Social Media Mobile Store Web Chat SMS SOURCE: COLEMAN-PARKES AND OPUS RESEARCH (2014) Social engineering is the art of manipulating people so they give up confidential information and it is used by fraudsters to gain critical security credentials needed to access legitimate customers accounts. The sustained popularity of the phone channel and the susceptibility of customer service representatives to social engineering tactics of criminals make the phone a soft target for professional fraudsters. Critical fraud enablement activities, such as address change and password reset, occur most often over the phone. That is why all individuals should be wary of carrying out business with companies that rely on inadequate techniques, such as easily circumvented challenge questions for security protection. 3
MultiFactor Meets MultiChannel and OmniChannel The Coleman-Parkes survey also showed that, on average, consumers follow a shopping, buying and support pattern that spans 4.5 different channels. But, once again, more than two-thirds of ongoing digital conversations involve phone calls as a primary channel. To Opus Research, this indicates the following trends are well underway: The shift to digital and mobile customer engagement is full-on: spanning brick-and-mortar stores, contact centers, Web sites, email and social networks Each channel exposes digital natives to data breaches and theft of personal data: leading to fraud loss as well as loss of trust Yet we also observe positive countermeasures by both security and customer experience solutions providers: Emerging authentication technologies promise less fraud and greater trust: leveraging device characteristics, analytics, biometrics as appropriate Authenticate Early and Often : a watch-phrase that resonates across all channels over time and is supported by today s solution providers. More Crime in Real Time Today s digital natives have adopted mobile and online practices that heighten their exposure to theft and misuse of personal information. At the same time, they are the ones that will benefit greatly from emerging multi-factor authentication methodologies that provide strong assurance to vendors that they are who they claim to be. While customers expect instant service, fraudsters are also leveraging the real-time nature of commerce to carry out increasingly sophisticated schemes that make fraud losses harder to recover. This list of fraudulent activities outlines some use cases that require real-time intervention: Wire transfers funds are immediately transferred to a third party account while speaking to an agent Purchases with stolen cards goods are purchased and instantly collected, such as software or event tickets Same day shipments goods are ordered and ship from the warehouse within a few hours, for example a new phone device FREQUENT, PERSISTENT AUTHENTICATION IS CRUCIAL FOR SIMPLE, SPEEDY, SECURE PROBLEM RESOLUTION AND FULFILLMENT. 4
The increasing ubiquity and scope of such schemes require rapid real-time, friction-free authentication of legitimate customers and identification of criminals to optimize customer protection and value to the organization. Frequent, persistent authentication is crucial for simple, speedy, secure problem resolution and fulfillment. Even though biometric-based approaches to authentication have focused on strong authentication and fraud reduction, in many instances they are just as important as a mechanism for speedy, personalized service. Promoting Profitability, Security and Trust When a company is confident that the individual making a call is indeed the legitimate customer, it is able to provide the most appropriate responses quickly. By the same token, when the company identifies a potential bad actor on the line it can move quickly to protect customers and the organization. By definition, this spells higher profitability, based on shorter call handle times, greater customer satisfaction and reduced fraud losses. Context is key. Persistent authentication paves the way for customer interactions to be informed by recent activities, data from the CRM system and metadata from any number of sources. What s more, analytical engines can be employed to detect when anything amiss and business rules can be applied to detect potential fraud and shut it down before an imposter gets any further on his or her path. Trust is the foundation of better customer experience, increased loyalty and decreased fraud loss. Realtime authentication and fraud detection is the foundation of trust. TRUST IS THE FOUNDATION OF BETTER CUSTOMER EXPERIENCE, INCREASED LOYALTY AND DECREASED FRAUD LOSS. REAL-TIME AUTHENTICATION AND FRAUD DETECTION IS THE FOUNDATION OF TRUST. Serving Several Masters In a survey of customer experience executives, Opus Research found that they attached almost equal levels of importance to three distinct but closely related objectives: Lowering customer effort to save valuable time for customers Improve security to maintain or further the trust of my customers Align departments/teams and break down silos in my organization to provide a unified customer experience 5
Figure 2: Priorities for Improving the Customer Experience 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Lower Customer Effort Improve Security Provide Unified Experience SOURCE: OPUS RESEARCH (2014) The good news for these decision makers is that each of these goals are supported by an approach to customer protection that is closely linked to ongoing, real-time monitoring, analytics and application of appropriate security methods, including passive voice biometrics. Faster and more secure customer protection NICE Systems have taken these objectives on board in the development of their customer protection offering. Through their combined Real-Time Fraud Prevention and Real-Time Authentication solutions, NICE is enabling faster and more secure customer authentication. The solutions employ multi-factor protection within a passive approach, to simultaneously verify the claimed identity and check that the caller is not a fraudster in the background within the first few seconds of every call. This passive approach enables companies to better serve legitimate their customers and keep fraudsters out without creating additional service hurdles. NICE Real-Time Fraud Prevention and Real-Time Authentication bring to market a holistic approach for addressing the growing need to thwart criminals in real-time, as well as adhering to the key objectives laid out by customer experience experts. 6
Lowering customer effort to save valuable time for customers Securely authenticate customers in real time with no customer effort for expedited time-to-service Passively enroll the vast majority of customers seamlessly by leveraging previous call recordings Improve security to maintain or further the trust of my customers Screen all interactions for fraud using multiple modalities such as voice biometrics, speech analytics & desktop analytics for improved detection Generate real-time alerts for high risk interactions and guide agents in real time to take the next best action Provide more contextual risk-based authentication by leveraging transactional & interactional data Align departments/teams and break down silos in my organization to provide a unified customer experience Understand what s being said and what s being done for more contextual, smarter real-time decisioning for seamless customer experience throughout their engagement Manage and investigate fraud incidents across all channels with next generation NICE Actimize Integrated Fraud Management Platform A Defining Moment for Secure Customer Engagement As customers and consumers take control of how and when they make contact with selected companies, they become direct beneficiaries of new technologies for both authentication and personalization. Whether it is a bank, brokerage, healthcare provider, airline or retailer, strong assurance of identity is foundational for establishing the levels of trust that promote both security and efficiency. Fraud loss reduction often provides the key financial justification for deploying new authentication technologies. Yet the new approaches, which span biometrics, analytics and risk awareness have the added advantage of creating a measurably better and more secure customer experience, while also laying the foundation for highly-personalized intelligent assistance that can only be provided when a company is confident that they have established a trusted line of communications. 7
About Opus Research Opus Research is a research-based advisory firm providing critical insight and analysis of enterprise implementations of software and services that support multimodal customer care and employee mobility strategies. Opus Research calls this market Conversational Commerce with tailored coverage and sector analysis that includes: Self-Service & Assisted Self-Service, Voice & Call Processing, Web Services, Personal Virtual Assistance, Mobile Search and Commerce and Voice Biometrics. www.opusresearch.net For sales inquires please e-mail info@opusresearch.net or call +1 (415) 904-7666. This report shall be used solely for internal information purposes. Reproduction of this report without prior written permission is forbidden. Access to this report is limited to the license terms agreed to originally and any changes must be agreed upon in writing. The information contained herein has been obtained from sources believe to be reliable. However, Opus Research, Inc. accepts no responsibility whatsoever for the content or legality of the report. Opus Research, Inc. disclaims all warranties as to the accuracy, completeness or adequacy of such information. Further, Opus Research, Inc. shall have no liability for errors, omissions or inadequacies in the information contained herein or interpretations thereof. The opinions expressed herein may not necessarily coincide with the opinions and viewpoints of Opus Research, Inc. and are subject to change without notice. Published January 2015 Opus Research, Inc. All rights reserved. 8