Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.
Virginia Credit Union has software to do that kind of after-the-fact analysis, but CIO Chris Saneda says his company saw a chance to actually prevent theft. The credit union built an analytics system to stop fraudsters who, with a bit of personal information, can con call center workers.
"We're trying to get in front of it before real fraud happens," Saneda says. Virginia Credit Union, with 570 employees and an IT department of 38, earned a CIO 100 award this year for the project.
Using an agile approach, the fraud-risk-management team, a staff developer, and a contract developer started building the analytics system last year. They identified scenarios that could indicate fraud, based on input from the fraud-risk-management department and the contact center at the credit union, which has $2.5 billion in assets. The system, called Fraud-Fighter, starts working as soon as a call comes in to the contact center, using algorithms to analyze the interaction and historical information associated with the account.
Challenges arose in accessing some of the required data, Saneda says. First, the credit union did not have all the information in its warehouse at the project's start. The team also had to forgo some information it wanted to gather from its online banking system--specifically IP addresses from recent logins. The vendor that hosts the online banking system couldn't provide the data without additional development work.
Saneda declined to disclose details about which elements of a customer interaction would raise red flags; he doesn't want to educate potential criminals. But, he says, general tip-offs include uncharacteristic online activity followed by requests for address changes or multiple calls to the contact center in quick succession. If these or other warning signs show up, the system provides a yellow or red alert to the call handler. The software also suggests steps employees can take, such as calling a manager or invoking additional authentication procedures.
4 Fishy Cases
In the first three months after Fraud-Fighter launched last September, the system flagged four cases of potential fraud, where someone who hadn't been authorized by the real account holder contacted the credit union.
The system alerted front-line staff to take extra precautions to authenticate each caller's identity. Each time, the caller failed increased authentication tests and the transaction was halted. Fraud-Fighter recouped what it cost to build in those first three months, Saneda says.
Tim Phillipps, a global consultant at Deloitte Analytics, says many call centers improve customer service and increase sales through analytics, but he hasn't seen many companies adopt analytics to fight fraud. "It's a really interesting way to combat an age-old problem," he says. "I'd be surprised if this doesn't become more common."
Virginia Credit Union plans to make the system more sophisticated to keep up with evolving social engineering and fraud tactics, Saneda says. He sees Fraud-Fighter as a tool to protect his company's 235,000 credit union members "from monetary loss and endless personal grief."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.