Fraud prevention and data security are of critical importance to both companies and customers, meaning they play a big role in the customer experience. And since a key factor in whether customers are loyal to a company is trust, companies must earn – and retain – that trust every day.
The issue has caused headaches for both parties, as major data breaches are being announced regularly, and the resulting attempts to tamp down fraud are causing consumers to become frustrated at increasingly complex password and identify verification procedures.
It’s a maddening game for customers – every company has different rules (can’t use special characters, must use special characters; must be a minimum of 8 or 10 or 12 characters, etc.) and yet when you forget your password, the company can’t remind you of those rules for fear of helping the criminals.
Related: Forgotten Passwords
Add to that the fact that customers are sharing more data than ever – especially in social media – and that they expect companies to protect that data, and the result is one of the most complex aspects of customer experience.
Make no mistake: security and fraud prevention are part of the customer experience, no matter whose fault a data breach may be.
Insights from the Financial Services Industry
According to a 2020 report by OneSpan and Information Security Media Group entitled “The State of Digital Account Opening Transformation,” 51% of survey respondents in the financial services industry said they “do an excellent job onboarding and verifying digital identities and have few if any resulting security/fraud incidents.” That’s only half of financial institutions! What did the other half say?
44% report that “our digital account opening process is somewhat secure; however, we continue to have some security/fraud incidents” while 5% – still way too many – said that “our process is not secure and results in many security/fraud incidents.”
According to the same study, stolen identities (55%), synthetic identities (44%), and bot activity (23%) are some of the most common forms of fraud.
In 2024, Investopedia reports that the most common types of consumer fraud are identity theft, mortgage fraud, credit and debit card fraud, deceptive interest rate reduction robocalls, fake charities, prize and lottery fraud, and debt collection fraud.
A 2023 report by LexisNexis Risk Solutions entitled “True Cost of Fraud Study” found that 57% of financial services organizations and 66% of lending organizations reported an increase in overall fraud levels in the past 12 months. “Identity theft and fraud targeting mobile transactions outpaced other fast-growing vectors, with account takeover fraud and scams also increasing at over half of surveyed firms,” according to the report.
The report also highlighted that for every $1 of fraud loss, financial services firms incurred $4.41 in costs such as fees, labor hours, and other internal costs related to preventing and mitigating fraud.
Related: Resolving Customer Disputes: Patience, Empathy, And The Ability To Walk Away
Technology Impacts Fraud Prevention and Customer Experience
Besides increasingly complex password rules, companies often rely on security measures such as knowledge-based authentication (KBA). This is when the customer is asked to select a previous address from a list, or a make and model of a registered vehicle, or a bank from which they’ve taken out a mortgage. It’s a stressful experience, and it isn’t nearly fail-proof – legitimate customers often can’t remember their own information, and fraudsters can often capture the information through nefarious means.
“By forcing customers to answer personal identification questions each time they call, KBA imposes a high-effort, low-speed experience on customers,” notes Customer Contact Week in a report on contact center security and fraud prevention. “Customers are enduring frustrating experiences without even receiving more security.”
In recent years, there has been a growing adoption of biometric authentication methods, such as fingerprint, facial recognition, and voice recognition, which can provide an additional layer of security while enhancing the user experience. These methods leverage unique physical or behavioral characteristics to verify identities, reducing the reliance on traditional passwords or knowledge-based authentication.
Multi-factor authentication (MFA), which combines multiple authentication factors such as something you know (e.g., a password), something you have (e.g., a token or mobile device), and something you are (e.g., biometrics), has become increasingly prevalent across various industries to combat account takeover attacks and unauthorized access.
The increasing use of artificial intelligence (AI) and machine learning algorithms has revolutionized real-time fraud detection and prevention. These advanced technologies can analyze vast amounts of data and identify patterns and anomalies that may indicate fraudulent activity, enabling proactive measures to be taken before significant harm occurs.
Regulatory Compliance and Data Privacy Laws
The implementation of data privacy regulations, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States, has had a significant impact on data security practices and consumer trust.
Compliance with these regulations is not only crucial to avoid potential fines and legal consequences but also to demonstrate a commitment to protecting customer data and fostering transparency in data collection and usage practices.
Companies must ensure that their data security measures align with these regulations and provide clear communication to consumers about how their personal information is handled, stored, and secured.
Balancing Fraud Prevention and Customer Experience
While robust security measures are essential, companies must also strive to strike the right balance with a seamless and user-friendly customer experience. Complex security protocols, such as lengthy password requirements or intrusive knowledge-based authentication, can lead to customer frustration and potential abandonment.
To address this challenge, companies should focus on user education and clear communication regarding security protocols, as well as simplifying processes without compromising data protection. This could involve implementing user-friendly interfaces, leveraging contextual authentication methods that adapt to the user’s behavior and risk profile, or exploring innovative solutions that combine security and convenience.
What Companies Can Do
Here’s what you can do to protect your business and your customers, and to ensure that a poor customer experience doesn’t become a bigger risk than fraud prevention:
- Collect only the data you absolutely need to service the customer, and don’t allow anyone to access it unless it’s absolutely necessary. When I worked in the credit card industry, there were very strict rules about data privacy and security; simply looking up a celebrity’s account without an actual business need, for example, was grounds for termination. While occasionally there were people on my team who had a legitimate need to access customer data, I always recommended they get it from Customer Service instead, and I never agreed to get access myself – I didn’t want the risk or the responsibility.
- Apply the same or similar security measures across channels. Just as the customer experience itself is omnichannel, so too is security. It’s hard enough on the customer to remember one security protocol; more than one will likely cause them to look elsewhere for service. And different security measures mean thieves will simply target the most vulnerable channel.
- Communicate with your customers about safety and security, and educate them on your procedures and why they are necessary. Whenever possible, help them without helping the bad guys; for example, consider reminding customers of the general password requirements on the “Forgot Password” page without revealing which of the requirements was missed.
Customers reward safety and security with loyalty, but the reverse is also true: One of the fastest ways to lose a customer is to not protect their personal information. Make sure to balance the need for strict security protocols with the basic tenets of customer experience including simplicity, speed, and convenience.
Future Outlook
Recommended best practices for data security and fraud prevention include regular software updates to address vulnerabilities, comprehensive employee training on cybersecurity awareness, and the development of robust incident response plans to minimize the impact of potential breaches.
Additionally, companies should stay informed about emerging technologies and trends in the field, such as the adoption of blockchain technology for secure and transparent data management.
As cyber threats continue to evolve, companies must remain vigilant and adaptable, continuously innovating and improving their security measures to maintain customer trust and protect valuable data assets. And to be fair, consumers must remain vigilant as well, protecting their own data and remaining skeptical of seemingly innocent requests.
Think you can’t be fooled? After enduring countless fraud and social engineering training sessions, I fell victim to a scam in 2018 that cost me $1,000 – all because the scammers perfectly impersonated the company’s CEO, right down to how he talked.
By incorporating these strategies and best practices, companies can effectively balance the essential need for data security and fraud prevention with the equally critical objective of delivering exceptional customer experiences.
Photo by Jefferson Santos on Unsplash.