As financial fraud continues to become more intricate and more commonplace, and risk remains a deterrent for innovation, the inadequacies of “black box” solutions of third-party fraud vendors are coming to light. To effectively detect and mitigate fraud – and protect the FIs, their customers and their shareholders — banks need full transparency into the strategies, tactics and performance of their third-party fraud solutions.
Transparency between parties is the key to successful fraud mitigation, and during a recent PaymentsJournal podcast, Matt Raile, SVP of Fraud & Bill Pay Operations at BillGO, and James Wester, Director of Cryptocurrency and Co-Head of Payments at Javelin Strategy & Research, delved into the importance of choosing the right third-party vendors to mitigate fraud, the red flags FIs should look out for, and why transparency is the linchpin in the battle against financial fraud.
Identifying Red Flags with Third-Party Vendors
When vendors approach financial institutions, it’s common practice for them to proverbially beat their chest and announce just how many transactions they have processed, along with other success stories. Although this information may sound impressive, it does little to demonstrate what they can do for a particular organization.
“There [needs to be a] hard conversation with these vendors,” Raile said. “That’s great what they’re advertising for other portfolios, but what are they going to do for your portfolio? How transparent are they going to be with you on the performance of your specific portfolio? And how they are managing your portfolio?”
According to Wester, the right technology partners will offer a more customized solution, not just something out of a box. It’s a partnership, and an important one.
“A key point that really resonates in terms of the research that we’re doing when it comes to vendor management is that idea of the cookie-cutter model versus what a vendor is actually providing—either more personalized or actually being a partner and knowing what a financial institution is really looking for,” Wester said. “That takes time. It takes effort.”
Transparency Overrides Everything Else
A true partnership between a financial institution and a third-party vendor involves sharing goals and pooling resources and information to meet those goals. Above all else, there needs to be trust. For that to develop, transparency is necessary.
“If you’re running a rules-based environment or if you’re running a model, you’re going to know exactly the model that’s running on your behalf, the rules that are running on your behalf, the configuration thereof, and you’re going to have performance data that speaks to every rule and or every model on a daily frequency,” Raile said. “You’re going to have the same level of knowledge and insights with BillGO as your third-party vendor that you would inside of your own organization.”
Overall, it’s in the best interest of customers that financial institutions continually monitor the environment to ensure there is no disruption of service.
What FIs want to avoid—particularly amid the lack of transparency that’s still consistent in the industry—is being told by a third-party vendor that something is “taken under advisement.” It’s equally suspicious when vendors refuse to share any further details because of concerns about their intellectual property. In fact, Raile points out, when third-party vendors refuse to share how their solution identifies a set activity or how it’s performing in that activity, a red flag automatically goes up.
FIs shouldn’t have to make a special request to receive more information. Rather, they should have access to information about how certain fraud patterns are ultimately affecting their portfolio.
“You hear vendors talk about their ‘secret sauce’ all the time,” Wester said. “And it’s like, well, why do you have a sauce that’s secret, especially when you’re talking about things like protecting customers or fraud or security or any of the things that go into the costs that a financial institution has to bear to protect their customers?
“Sometimes I have to take off my analyst hat and put on my consumer hat and say, ‘Why would you do that?’ It’s better for all of us—as consumers of financial institutions—to know that fraud patterns are being shared, that they are being looked into, that they are being looked at from a vendor standpoint to protect those consumers.”
Flexibility, Agility, Full Transparency: The Essentials for Innovation
If third-party vendors want to remain competitive, they need to tackle potential fraud risks more effectively. As compliance requirements grow, that would also be a key differentiator when it comes to selecting a third-party vendor.
“If you have a new fraud pattern, if it takes you days or weeks or months for your vendor to listen to you and to deploy a solution that specifically addresses your attack vector, then that’s not good enough,” Raile said. “That’s not good enough for your consumer. That’s not good enough for your shareholders.”
As Wester points out, regulatory oversight and compliance risk won’t get any easier. “We are seeing things happen in the payment space, especially as we begin to see developments in things like A2A or P2P payments, or all of these new payment types that we’re seeing come out,” he said. “We’re seeing more regulatory scrutiny, and we all know that’s going to be the case, so I would think that anything that would make those discussions easier would be a good thing because, again, it’s not going to become simpler or faster.”
How Transparency Enhances Fraud Mitigation
Time is of the essence when it comes to fraud mitigation. To protect consumers and their experiences, third-party vendors need to be more responsive. As soon as they are made aware of a new pattern, the solution must be deployed.
“I’ve got an example here with one of our clients where a new fraud pattern had been detected on the financial institution side,” Raile said. “Thankfully, it had not yet penetrated its way into bill pay.
“However, the experience was shared with us and we were able to test and ultimately move our solution up through our production environment and have it deployed on this particular client’s behalf in just under six hours. For any of those out there listening today that are managing fraud vendors, I know when I was detecting new fraud patterns in former workplaces that response time was usually measured in months, if not quarters.”
Wester said a slow response seems to be the modus operandi for most third-party vendors.
“Not doing that [response] quickly is actually kind of alarming that it’s allowed to go on for as long as it does because it’s not just a cost to the financial institution, but you have to think about it from that consumer standpoint, from that end-user standpoint, the cost and the inconvenience and everything else that goes into that,” he said.