Balancing Fraud Prevention and Customer Experience
Data security and fraud prevention are of critical importance to both companies and customers, meaning they play a big role in the customer experience. And since a key factor in whether customers are loyal to a company is trust, companies must earn – and retain – that trust every day.
The issue has caused headaches for both parties, as major data breaches are being announced regularly, and the resulting attempts to tamp down fraud are causing consumers to become frustrated at increasingly complex password and identify verification procedures.
It’s a maddening game for customers – every company has different rules (can’t use special characters, must use special characters; must be a minimum of 8 or 10 or 12 characters, etc.) and yet when you forget your password, the company can’t remind you of those rules for fear of helping the criminals.
Add to that the fact that customers are sharing more data than ever – especially in social media – and that they expect companies to protect that data, and the result is one of the most complex aspects of customer experience.
Make no mistake: security and fraud are part of the customer experience, no matter whose fault a data breach may be.
According to a 2020 report by OneSpan and Information Security Media Group entitled The State of Digital Account Opening Transformation, 51% of survey respondents in the financial services industry say they “do an excellent job onboarding and verifying digital identities and have few if any resulting security/fraud incidents.” That’s only half of financial institutions! What do the other half say?
44% report that “our digital account opening process is somewhat secure; however, we continue to have some security/fraud incidents” while 5% – still way too many – say that “our process is not secure and results in many security/fraud incidents.”
The same study found that fraud is usually executed in the form of stolen identities (55 percent), synthetic identities (44 percent), and bot activity (23 percent).
Besides increasingly complex password rules, companies often rely on security measures such as knowledge-based authentication (KBA). This is when the customer is asked to select a previous address from a list, or a make and model of a registered vehicle, or a bank from which they’ve taken out a mortgage. It’s a stressful experience, and it isn’t nearly fail-proof – legitimate customers often can’t remember their own information, and fraudsters can often capture the information through nefarious means.
“By forcing customers to answer personal identification questions each time they call, KBA imposes a high-effort, low-speed experience on customers,” notes Customer Contact Week in its 2019 report, Contact Center Security & Fraud Prevention. “Customers are enduring frustrating experiences without even receiving more security.”
Think you can’t be fooled? After enduring countless fraud and social engineering training sessions, I fell victim to a scam in 2018 that cost me $1,000 – all because the scammers perfectly impersonated the company’s CEO, right down to how he talked.
Here’s what you can do to protect your business and your customers, and to ensure that a poor customer experience doesn’t become a bigger risk than fraud prevention:
- Collect only the data you absolutely need to service the customer, and don’t allow anyone to access it unless it’s absolutely necessary. When I worked in the credit card industry, there were very strict rules about data privacy and security; simply looking up a celebrity’s account without an actual business need, for example, was grounds for termination. While occasionally there were people on my team who had a legitimate need to access customer data, I always recommended they get it from Customer Service instead, and I never agreed to get access myself – I didn’t want the risk or the responsibility.
- Apply the same or similar security measures across channels. Just as the customer experience itself is omnichannel, so too is security. It’s hard enough on the customer to remember one security protocol; more than one will likely cause them to look elsewhere for service. And different security measures mean thieves will simply target the most vulnerable channel.
- Communicate with your customers about safety and security, and educate them on your procedures and why they are necessary. Whenever possible, help them without helping the bad guys; for example, consider reminding customers of the general password requirements on the “Forgot Password” page without revealing which of the requirements was missed.
Customers reward safety and security with loyalty, but the reverse is also true: One of the fastest ways to lose a customer is to not protect their personal information. Make sure to balance the need for strict security protocols with the basic tenets of customer experience including simplicity, speed, and convenience.