When you look at the productivity gains that we’ve seen over the last decades, it’s hard to imagine a life today without our electronics. But there’s also a lot of vulnerability around digitalization. The word “privacy” takes on a new meaning when files are digital, and I often wonder if “privacy” is a concept that is available only to those thoughts that are held internally and outside the digital world.
My company, Fortress Risk Management, is at the very center of the digital world. We exist to protect financial institutions against transactional crime. When we analyze who the ultimate victim of financial crimes is, it is society in general, which includes not only financial institutions, but also government entities, businesses and consumers. Vulnerability continues to increase as every data point become available online. Customers demand ubiquitous connections to their accounts, and these connections create vulnerability that the fraudsters exploit. The more we digitize, the more vulnerable we become.
When you look at the history of crime, what jumps out at you is the scalability of crime inherent in digitalization. In the 1700s, a criminal would hide in the alley and hold a knife or gun up to a victim and steal their money. This type of crime was not scalable — you could only rob so many people each day. In the 1800s, the same criminals found it easier to jump on the train and rob those passages sitting in a car of a train.
Now, without leaving your home, you can steal millions of credit cards, with very low risk. For instance, in the Target breach, there were over 110 million cards stolen — that represents a quantum leap in crime productivity. And these criminals are not targeting any one particular institution or person; they are attacking everyone and anyone.
When we look at the statistics, in 2015, about 80% of all financial institutions in the United States admitted to being a victim of credit or debit card fraud; 76% have had check forgery; 50% have been a victim of phishing fraud; 43% have been victimized by account takeover, which normally reveals itself as ACH or wire fraud; and 35% has had POS and ATM skimming. This only takes into account the actual events that were caught, which obviously do not include the transactions that were never spotted. There are other surveys that show much higher levels of suggested fraud. Keep in mind that financial institutions do not want their customers to know that they have been victimized. So, many institutions hide fraud as much as possible, as there is a stigma to being the victim of fraud.
You may ask: How large is fraud within financial institutions? The American Bankers Association estimates that annually, deposit account fraud, not taking into consideration card fraud nor credit unions, represents $1.9 billion in losses. LEXIS-NEXIS estimates there is $10.9 billion in card fraud, and of that, $2.7 billion lost on debit cards. And on top of that, check fraud accounts for $600 million in losses. And remember, these are annual figures. These numbers continue to grow and grow.
When we consider solutions, we could eliminate almost all fraud by simply creating verifications back to the account holder for every transaction. But when a financial institution thinks about asking their customers to spend time monitoring their accounts, this is very unappealing for the end-user customer. The customer considers that this is a financial institution’s problem and not their own, so it is difficult to get customers to become allies in defense. Sending alerts to customers, if done occasionally, is tolerated. If it is excessive, the customers will ignore the alerts or move accounts. The financial institutions have to come up with defensible strategies. At Fortress Risk Management, we have an extensive arsenal of machine learning algorithmic models that try to predict fraud in advance and in real time. We are throwing the best data scientist at this problem and having great success. But these fraudsters keep us on our toes.
As our lives are converted from analog to digital, there is a lot of great productivity behind the conversion. But the conversion is not without risk, and the vulnerability is huge. One thing we know is that we aren’t going back to analog, so we need to figure out quickly how to protect ourselves and our assets in a digital world.