• No results found

Transforming the Customer Experience When Fraud Attacks

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Transforming the Customer Experience When Fraud Attacks"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Transforming the

Customer Experience

(2)

About the Presenters

Sean Daly, COO, IDT911

• Oversees IDT911 worldwide expansion and financial strategies • 25 years in financial industry

• Former SVP & CFO at Camden National Corporation, a $2.3 billion publicly traded community bank

Mike Young, VP, Product Team, Everbank

• Manages consumers and business banking products, as well as online and mobile banking services

• 20 years in financial services industry

(3)

Page 3

(4)

The security of a

customer’s financial accounts—their basic

privacy—is jeopardized every time there’s an internal security

incident or cyber-attack on a retail firm like Target, Home Depot

or JPMorgan Chase.

What we do after a security incident occurs is as important as

what we do proactively to try and prevent them.

(5)

Page 5

Definitions

• Data Breach – sensitive, protected or confidential data that has

potentially been viewed, stolen or used by an individual

unauthorized to do so

– personal health information (PHI)

– personally identifiable information (PII) – trade secrets or intellectual property

• Security Incident – a violation or imminent threat of violation

of computer security policies, acceptable use policies, or

(6)

Definitions

• Customer Fraud – money or purchases made by fraudulently

posing as the customer through use of a credit/debit card or

other method

• Customer Identity Theft – the fraudulent acquisition and use of

a consumer's PII for personal gain

– financial – medical – tax

(7)

Page 7

Attacks and Impacts

(8)

Failures that Lead to a Breach

• Physical – Lost control over a physical asset

– Documents

– Portable storage media – Computer hardware

• Logical – Intentional access to information by unauthorized insider or outsider exploiting a vulnerability

• Procedural – Mishandling information exposing it to unauthorized parties

– Website

– Misdirected faxes, mailings, & emails – Improper disposal or abandonment

(9)

Page 9

Security Incidents Impacts

Having personal and/or credit card data stolen is traumatizing and presents a host of difficulties to consumers. As more transactions take

place online, opportunities for fraud and identity theft increase.

• Estimates indicate data breaches cost $5.9 million for affected companies. Ponemon Institute 2014 Cost of a Data Breach Study: Global Analysis

• Companies affected by a data breach incur average costs of $201 per compromised record, and in a typical data breach, more than

29,000 records are compromised. Ponemon Institute 2014 Cost of a Data Breach Study:

(10)

Security Incidents Impacts

• Banks spend $10 per card to cancel and reissue.

"The True Cost of Data Breaches" Bank Systems & Technology (08/08/14) Yurcan, Bryan

• Consumer Reports survey indicates one in seven U.S. consumers notified of personal data breaches in 2013.

(11)

Page 11

Defining The Problem

(12)

Looking Inward

• Utilize a layered security approach – no security filter will catch all fraud attempts but a layered approach can help prevent most

• Make it intuitive (easy) enough for customers to navigate but tough enough to prevent fraud

(13)

Page 13

Security Incident Avoidance

• Conduct annual security assessments

• Maintain system access controls & reporting

• Manually review large transactions and exceptions • Mask account numbers

• Monitor inactive and returned mail accounts • Manage Vendors

• Employee Training • Customer Education

– Monitor transactions

– Provide mobile and email alerts

“I was happy that my online account was

suspended when I hadn't logged in for

a while. Thank you for that.”

Real Reaction from EverBank Customer

(14)

Unauthorized Access Avoidance

• Implement and maintain a vigilant account opening review/approval process

• Utilize 3rd party resources to verify applicant identity

– Address verification – Credit history

– Out of Wallet questions

– Establish approval authorities and usage levels

– Business confirmation

Account Opening

“I love the security features you have in

place to keep our information secure. I wish all banks would

do the same.”

Real Reaction from EverBank Customer

(15)

Page 15

Unauthorized Access Avoidance

On-Going Account Management

• Utilize device identification (fingerprinting)

• Protect against account takeover with 3rd party technology solutions

• Offer Debit Blocks and Positive Pay • Utilize step-up authentication

• Block IP address of known fraudsters

“Account was disabled after a couple of attempts, my call was answered quickly and issue was resolved, I

appreciate security measures being tight.”

Real Reaction from EverBank Customer

(16)

Unauthorized Access Avoidance

On-Going Account Management

• Implement call center authentication codes

• Utilize session timeout and lockout users that enter incorrect credentials multiple times

• Require token and dual control usage • Limit transaction size

• Don’t store sensitive data on devices

I greatly appreciate the security. Most likely, the best way for a thief to rob a bank is to go online and hack somebody's account. For this

(17)

Page 17

Post Security Incident

• Have a plan in place for employees to follow whenever a security incident has occurred

• Practice the plan

• Have a dedicated group to handle customer inquiries who:

– Understand the difference between a lost/stolen card/checkbook and identity theft and how to service each situation

– Know the difference between an

internal security incident and external fraud – Have been trained to be empathetic

and reassuring as they talk to customers that have experienced identity theft

“When hackers broke into our acct –

you noticed and contacted me right away. The issue was

quickly resolved. Thank you!”

Incident Response Plan

Real Reaction from EverBank Customer

(18)

Post Security Incident

• Communication should be guided by legal counsel and

professionals experienced with breach notification

requirements, client relationship and brand management

– May be limited by state laws, regulator or law enforcement – Avoid using industry jargon

– Don’t just tell customers about a breach – provide information about what they can do to protect themselves

– Include information on how to manage account takeover and identity theft situations

– Reassure customers their information and money are safe

(19)

Page 19

Post Security Incident

•Consider offering enhanced products and services (may be

required)

– Appropriate offering will improve customer retention and minimize complaints – California recently became the first state to require that its citizens impacted by a

security breach be offered credit report monitoring

• Inform customers about free tools they can use to monitor their

accounts

– Free apps like BillGuard

– Free credit reports available once a year from credit reporting agencies

(20)

Post Security Incident

• Don’t close accounts unless necessary • Monitor account(s) for suspicious activity • Order replacement debit card(s) and send

via overnight delivery

• Offer an identity theft monitoring service like LifeStages® • Provide customers with information on things they can do to

protect themselves against future fraud

• Advise customers to monitor accounts online and to call if they notice any suspicious activity

Make online banking absolutely secure, as

well as user-friendly.

Account Takeover

Real Reaction from EverBank Customer

(21)

Page 21

• Close account(s) and monitor for future activity

• Advise client of any activity on closed account to determine if transaction needs to be transferred to new account or if it’s fraud • Expedite delivery of new debit card and checks

• Transfer online banking payees and external transfer accounts to new account

• Provide clients with information on things they can do to try and protect themselves against future fraud (client education)

Post Security Incident

(22)
(23)

Page 23

Customer Identity Theft Avoidance

• Offer easy to understand educational materials to customers • Use real-life, relatable examples

• Advise customers to: – Manage passwords

• Change passwords regularly • Use strong passwords

• Consider password management software

• Don’t use the same password on multiple accounts – Avoid phishing, malware and other online risks

– Regularly access accounts and immediately report suspicious activity – Use anti-virus software

– Monitor credit activity

“I was prompted to change my password. I appreciated the

reminder.”

Real Reaction from EverBank Customer

(24)

Fraud and identity theft services as a banking product

• Expands relationship beyond account focus • Improves financial literacy

• Builds loyalty and trust

• Offers additional customer touch-point

• Enhances the institution’s brand and competitive distinction

• Provides revenue enhancement with upsell of monitoring products

(25)

Page 25

Defining The Problem

Identity Theft Scenarios

• Compromised bank accounts • Set-up wires

• Re-routed customer phone numbers to their mobile phones • Moved cash to Eastern Europe

• Man-in-the-browser malware; session takeover

• Fraudsters attempted to set-up new ACH transfer account • Transfers require token to log-in and token to transfer funds

(26)

Post Security Incident

Customer Feedback – Identity Theft Assistance

“From my very first contact, I had expert and caring support in solving my problem. Bridgette went way beyond what I was expecting in

resolving the issue. Her access to the right people answered questions quickly and her advice was extremely valuable. Her follow-up was a service rarely seen these days. Bridgette was fantastic and caring.”

“Stephen is the best! At a time when our

financial world was in chaos, Stephen stepped in and helped us manage a meaningful way

forward out of the morass. Having Stephen explain what happened and what we could

(27)

Page 27

Key Takeaways: Transforming the

Customer Experience When Fraud Attacks

1. Use technology and services to protect customers before a breach and provide peace of mind after.

2. During any security incident, communicate quickly and clearly to maintain customer trust.

3. Train employees how to handle these situations and consider a

dedicated group to help customers that experienced a breach.

4. Provide customer educational materials and consider expanding to identity management services.

(28)

2015 Predictions: Transforming the

Customer Experience When Fraud Attacks

• Tokenization – random numbers that take the place of account

numbers when data is transferred between retailers and payment processors

– With the launch of ApplePay, the payment industry will be working diligently to take advantage of this new security feature offered through

Visa/MasterCard

• Biometric Authentication – measureable characteristics used to

identify individuals – Fingerprints

– Facial recognition – Voice recognition – Iris scans

References

Download now ( PDF - 28 Page - 1.78 MB )

Related documents

ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

The second issue is that fraudsters will use victim email access for reconnaissance with that person’s choice of financial services providers, bank account types, card statements

Profibus

Ethernet UNITY Pro V5.0 Profibus PA PRM Input Profibus DP DP Class 1 PRM master DTM Generic DTM.. PRM Generic Profibus Device DTM ● Generic Profibus

TRINITY EVANGELICAL LUTHERAN CHURCH AND SCHOOL (The Lutheran Church Missouri Synod)

Mercifully make us co-heirs with the King in His glory and bring us to the fullness of our inheritance in heaven; through the same Jesus Christ, our Lord, who lives and reigns with

How To Use Peoplesoft

Management The system must deliver automated functionality to track legal settlements based on terminations for convenience or default, claims and/or disputes, their processing and

Comparative Proteomic Analysis of the PhoP Regulon in Salmonella enterica Serovar Typhi Versus Typhimurium

Conclusions/Significance: This study is the first protein expression study of the PhoP virulence associated regulon using strains of Salmonella mutant in PhoP, has identified

Impact of Temporal Features of Cattle Exchanges on the Size and Speed of Epidemic Outbreaks

Finally, a few cascades start in the OUT component, or at other nodes that do not reach the largest strongly connected component (7% of them), they reach only a small part of

Identity Theft: When You Are the Target

Identity theft occurs when someone uses your personal identifying information, like your name, Social Security number, or credit card number, without your permission, to commit

PRACTICAL MONEY GUIDES IDENTITY THEFT. How to safeguard your identity and financial information from theft

up or shred credit card statements; ATM, credit, or debit card receipts; bank deposit receipts; loan solicitations; and other documents that contain personal financial