High-profile fraud cases from 2020 — such as Coronavirus stimulus check scams, the Wirecard scandal and the breach of Colonial Pipeline at the hands of a ransomware group — underscore the rising threat of cybercrime. The high cost of fraud can have a significant impact on an organization’s bottom line, and in extreme cases, put companies completely out of business.
Since the onset of the pandemic, the fraud landscape has heated up considerably — and it doesn’t look like it will turn around any time soon. In fact, fraud attacks have increased 46% since the beginning of the pandemic, as more people and organizations rely on digital commerce, entertainment and online banking services. Reuters reported that fraud losses in the U.S. related to Covid-19 fraud reached $100 million by August last year, much of which was attributed to identity theft. And According to ZDNet, six ransomware groups are wreaking havoc on U.S. businesses, and have bypassed the cybersecurity defences of nearly 300 organizations this year alone, taking more than $45 million in ransom from their victims.
But understanding the total cost of fraud (TOCF) goes beyond determining the number or frequency of attacks. A successful breach results in more than just monetary losses — it can degrade customer trust and lead to customer attrition. It can also damage your brand’s reputation and make it difficult to generate new business. What’s more, fighting fraud has historically been a costly endeavor, requiring organizations to dedicate skilled resources to the time-consuming task of analyzing customer and transaction data. According to the Association of Certified Fraud Examiners (ACFE), fraud costs organizations an average of about 5% of annual revenue.
To reduce TOCF, organizations must look beyond the obvious goal of reducing the number of successful fraud attempts with effective detection and prevention strategies. Of course, this is an essential first step — stolen or lost funds due to account takeovers, fake accounts and applications, chargebacks, money laundering, promotional abuse and other types of fraud can be devastating. It’s critical that organizations have technology in place to prevent an attack. However, a more holistic approach — one that takes into consideration the hidden costs of fraud — will help minimize the cumulative financial impact and deliver better ROI for your fraud prevention efforts.
How legacy fraud solutions can increase TOCF
Let’s examine the hidden costs of fraud prevention that contribute to TOCF:
- High overhead for disconnected point solutions: While technology can be used to help organizations detect suspicious activity and reduce the number of successful attacks, they can also contribute to TOCF. According to Gartner, organizations need a broad spectrum of capabilities to effectively prevent fraud, including bot and malware detection, device identification, behavioral analytics, transaction monitoring and more. When organizations implement legacy point solutions to address each of these areas, the costs start to rack up. Managing and maintaining numerous tools increases overhead substantially, not to mention the cost of each individual tool. Integrations can be unreliable, and data ends up in siloes, making data analysis extremely challenging.
- Specialized staff for data analysis and case reviews: Organizations using legacy fraud prevention solutions — especially those lacking automation — have to hire specialized personnel to make sense of all the disparate, siloed data and review potential fraud cases. They must have extensive experience in data science and fraud prevention to be able to make decisions with confidence — and that costs money. An experienced data scientist with just 3-5 years of experience has an average salary of nearly $140,000 in the U.S., and that number increases every year.
- Customer attrition due to increased friction: In order to combat fraud, many organizations implement strict fraud prevention tactics. Reactive rules-based solutions that rely on historical data and labels often result in high rates of false positives, which is extremely frustrating to good customers. On top of that frustration, organizations lose money because they deny legitimate transactions. For merchants, this can result in an abandoned shopping cart. For financial institutions, customers may decide banking with you is just too difficult and take their money to your competitor.
- Reputational damage: Whether your organization falls victim to a successful attack or is creating too much friction for good customers, your reputation will suffer — and it might be difficult (and expensive) to repair. Ponemon Institute found that the average diminished brand value following a breach is about 21%, and it takes about a year to restore it. Over the course of that year, organizations lose sales and revenue, which can make it difficult to operate effectively and stay out of debt.
Tips to mitigate TCOF
So, how do you combat these hidden potential costs of fraud and increase the ROI of your fraud prevention program? Here are some recommendations to keep in mind:
- Increase detection to reduce fraud rates. This seems like a no-brainer, but the game has changed. Today, organizations must arm themselves with AI-driven solutions that operate in real-time to keep pace with increasingly sophisticated fraudsters. While rules-based solutions can identify known patterns, only solutions that leverage advanced machine learning can spot unknown patterns and help fraud teams connect the dots between various fraud signals that may initially seem unrelated. Additionally, capabilities such as device intelligence are needed to detect manipulated or rooted devices, device emulators, and repackaged apps.
- Automate investigation and case review. Manual case examination takes significant time and resources. In the case of a bot-powered attack, there can be tens of thousands of cases to review. Automated case management and bulk decisoning features eliminate the majority of manual tasks associated with case reviews, enabling fraud teams to visualize links between signals and entities, and conduct group- or user-level review and take bulk actions. Not only does this reduce time spent on reviews, it enables teams to stop an attack faster, before it causes damage.
- Reduce false positives and customer friction with machine learning. Studies show that 39% of customers stop using a credit card after just one false positive, and another 25% use the card less. That’s why it’s critical to reduce the friction caused by overly stringent, rule-based fraud solutions. New machine learning techniques such as unsupervised machine learning (UML) can be leveraged to discern patterns in large unstructured data sets in real time, without relying on labels and rules. Combined with holistic data analysis, graphing techniques and advanced features engineering, UML can help to eliminate false positives and ensure good customers are not turned away.
- Take a holistic approach. Point solutions drive up costs — and there’s no getting around that. Unified solutions not only reduce overhead, but provide fraud protection across every customer touchpoint. They typically offer more comprehensive capabilities, as well, and because all of the data resides within a single platform, you end up with a 360-degree view and faster, more accurate detection.
TCOF is a complex and multi-faceted measurement that encompasses much more than tangible fraud losses following an attack. With a more thorough understanding of what comprises TCOF, you can better arm yourself with the right strategy and tools to combat fraud effectively — and reduce its financial impact to your organizations.