A Fraud Tsunami and the Road Ahead
0 comment(s)
The Heartland breach is a revealing example of a fraud tsunami. As most of us know by now, hackers penetrated one financial intermediary – a relatively small ripple – which eventually grew into a tidal wave that affected hundreds of institutions and hundreds of thousands of consumers. To date, over 650 institutions have been impacted, from Alaska to Florida. Thousands of customer accounts have been closed and new cards issued. Millions of dollars have been spent and the cleanup continues.
The structure of the financial industry, with its many interconnected intermediaries, is one of the underlying factors of the scope of the Heartland breach. In financial services, economies of scale matter. Processors make big upfront investments in infrastructure, and then rely on generating huge volumes of low margin transactions over which they can spread the fixed costs. . In Heartland's case, this means over 100 million transactions per month. The highly competitive financial services industry has come to rely on these super efficient, low-cost-per -transaction intermediaries. And, customers have come to expect more convenience and more options when accessing, transferring or depositing their funds. To stay competitive banks will likely become more interconnected, not less.
From a fraud management perspective, this presents a difficult dilemma. An isolationist strategy is impossible, yet utilization of necessary third parties opens the door to risks banks can't possibly control. Data breaches at intermediaries and other 3rd-parties aside, even customers themselves are unknowingly handing their information to bad guys by responding to phishing, 419 and other scams.
So what if we just assume that all customer data is compromised? That every interaction should be questioned for authenticity? What would fraud prevention systems look like then? Is this paranoid view of the world too pessimistic, or is this the road ahead?