In my first blog of this series, I highlighted that the measurements of success for Customer Identity and Access Management (CIAM) and Fraud Management teams are not aligned, which creates confusion and blind spots within the digital ecosystem, leading to higher fraud losses, strained operations, and unhappy customers.
In my second blog, I suggested that with an appropriate level of executive exposure and support, the gap between these and other functions critical to the fraud imperative can be successfully bridged. I cited that one of the reasons this is difficult today is that Fraud teams are not aligned consistently across organizations and typically roll up to any variety of C-level executives (Chief Risk Officer, Chief Compliance Officer, Chief Security Officer, etc.), each of which is translating the reality of the Fraud challenges against their own core functions. To remedy this, I recommended that fraud leaders should be communicating directly with the C-Suite, and executives should be committing to a hard limit on fraud loss as a critical step in demonstrating social and financial responsibility in the pursuit of profits.
Having established the core challenges and fundamental perspectives required to drive lasting change, this final installation will introduce some realistic strategies that can be (and are being) used to minimize the disconnect among fraud-critical teams and other core security functions.
The reality is there is no individual team or function that has a proper 360-degree view of fraud-related risk, but this very necessary view exists between and among these functions. This is the gray area where cybersecurity, authentication, identity verification, and fraud meet. While it makes sense on the surface for these teams to collaborate, we find that due to disparate success metrics and drastic differences in funding, collaboration among these teams is rarely robust, if it exists at all.
Traditionally, these teams (Fraud, Cyber, and Digital) have not been structured to collaborate. As usually happens within corporate structures, each team tries to broaden their perspectives and add new layers to their controls, inevitably running into each other. As the Cyber teams seek to leverage more signals (such as IP and device reputation) and Digital teams capture additional critical data (such as behavioral biometric signals) at on-boarding and during authentication to paint a more reliable picture of the true customer, the Fraud teams are looking upstream in the technology stack for those signals to enhance their detection strategies as well.
Unfortunately, this can become competitive where each team wants the best tools and to be credited with having the strategy that most effectively and positively identifies the authentic customer. Or worse yet, teams may use the tools only for their myopic purpose, ignoring the value it has across the organization. So instead of sharing and collaborating, they create silos that quickly become ineffective and stagnant.
In healthy organizations, these teams will collaborate, but often from a distance. They will share specific datasets for analysis, they mare share external intelligence subscriptions, and they will collaborate on strategies (IF they happen to use the same analytic platforms, which isn’t common – let’s not forget these teams were not designed to collaborate.)
For organizations that are healthy AND forward thinking, they will identify the “aura” of overlap among these disciplines, and allocate resources to optimize collaboration, often resulting in a new function that fully addresses the entire gray area. When forward-thinking financial institutions started to embrace this, additional efficiencies were identified by extending that collaboration to the entire spectrum of Financial Crime, including AML and in some cases, Physical Security.
Several best practice organizations have been working with this concept over the last several years, which has given birth to the practice of “Cyber Fraud Fusion” or what is sometimes called “Cyber Fraud Convergence.”
Optimizing shared security, forensic, and analytic capabilities will be critical for financial institutions to survive what is sure to be an onslaught of new fraud enabled by the rampant use of AI/LLM technology, including deep fakes, by global criminal organizations. And executives’ commitment to limiting fraud losses is more important now than ever because each dollar forfeited to fraudsters is another investment in the criminals’ capabilities and strategies to use this technology against customers.
Cyber Fraud Fusion may sound complicated and expensive, but progress toward a functional Fusion Center can be made by any organization willing to think differently. The most effective Fusion teams across the industry frequently contain some combination of the following capabilities to be approached in a collaborative manner across Cyber, Fraud, Digital, and AML:
- Specialized Investigations
- Bespoke Analytics & Link Analysis
- Internal and External Controls Testing
- Internal and External Financial Crimes Intelligence
Any immediate effort to identify where silos may exist across these functions and a willingness to allocate resources and/or cycles to breaking down those silos is an effective start. This is often most successful with some level of executive support and setting an expectation of cooperation and collaboration. Additional success will be found in organizations that develop metrics specific to these collaborative goals and hold stakeholders equally responsible for attaining them.
For organizations that see the value up front, a governance structure and multi-year funding commitment will allow for quick gains from this program. But more cautious organizations can begin to see benefit simply by allocating time and existing staff to explore ways to accomplish collaborative value with existing tools.
We continue to see acceleration of the Cyber Fraud concept in published research analysis and product development across the industry, and it is only expected to grow. Organizations that embrace these concepts early stand to benefit as they will be more prepared to handle the evolution of advanced attacks looming just around the bend.