Here’s a brain twister — banks are drowning in data, yet they still have a data drought problem. Financial institutions have access to a vast amount of customer data, including account information, transaction history, and credit scores. However, much of that data is siloed by different payment platforms and networks and out of reach when fraud teams need it most — at the point of authorization for a transaction. As a result, financial institutions are making risk decisions (approve or decline) without the right insight, often resulting in trustworthy customers being declined.
We all know that fraud is costly, but false declines are literally leaving millions of dollars on the table for merchants. In fact, for every $1 retailers lose to fraud, our first-party data estimates they forfeit an estimated $30 by declining legitimate shoppers. The 2023 Consumer Trust Premium report found that 56% of U.S. consumers were falsely declined over a period of three months.
So, how can data sharing address those problems? Instead of basing risk decisions on limited and often static transaction data, issuers and merchants can assess the trustworthiness of the identity behind each transaction. For example, Internet Protocol addresses and geolocation data can provide reassurances to a bank that a good cardholder is traveling.
A lack of adequate data holds banks back in other ways, too. Without access to the right kind of data, it can be difficult to offer customized products, such as personalized loans or credit card offers, which can result in customers having to pay higher interest rates or fees. For financial institutions, not having access to this data means higher costs and reduced efficiency. Banks may need to spend more money on manual processes and customer service if they don’t have access to data about transactions.
There are some unique peculiarities to the banking industry that make the situation more challenging. For instance, the financial industry is heavily regulated, which slows banks in their efforts to modernize. Banks are also subject to data privacy and data governance rules that can interfere with their efforts to share data with external partners, even for fraud prevention purposes. Another issue is banks’ reliance on legacy technology, such as mainframe technology solutions hosted on-premise instead of modern API-based technology built in the cloud.
Things are changing, slowly. We’re seeing technology evolutions over time that are helping to reduce the risk of fraud. For instance, verification technology has shifted from always having to request customer interaction (3DS 1) to frictionless, behind-the-scenes authentication (3DS 2). European regulation has led to massive industry adoption there. A study from VISA found that 3D Secure 2 can reduce credit card fraud by up to 35%.
Preventing Fraud, Mitigating Business Risks
So, what can banks do now to address this transactional data drought problem? Here are four recommendations that can help prevent fraud and mitigate other business risks in the absence of full data access.
Modernize the tech stack: Financial institutions should embrace the cloud. Doing so will enable issuers to be more flexible from a systems perspective. Banks should also prioritize modernizing the authorization and authentication engines. E-commerce is only going to accelerate, and these institutions cannot continue to leverage systems that were built only to handle card-present transactions from 40 years ago.
Get creative with rails in place today: Banks should take a look at the data fields that are not being used and ask merchants to send them insights that can inform more accurate risk decisions. They should align on the data they would like to receive from merchants that will be most helpful in approving legitimate transactions and declining fraudulent ones.
Lean on providers to gain scale: Building bespoke solutions for every merchant is not scalable, so banks should work with tech providers to create an ecosystem where a trusted customer to one is a trusted customer to all. The ultimate goal is for banks to recognize that they’re dealing with a trusted merchant based on the identity and trust data from their tech providers. When this happens, banks can relax their risk decline logic and approve more transactions.
Push for innovation: There is power in numbers. The more card networks, banks and merchants that are part of the trust ecosystem, the more insight there is to inform risk decisioning.
I should note that the financial industry is making some headway in addressing the lack of transactional data. For example, many banks are now investing in new technologies to collect and analyze transactional data. Additionally, the Open Banking movement is making it easier for banks to share transactional data with each other and with other financial institutions in a secure and privacy-preserving way. Still, there is much more that needs to be done.
Rich transaction context will be table stakes in five years. Issuers won’t be able to hire quality fraud teams if they don’t have data for them to build models on. Merchants that don’t participate in this space will have significantly lower approval rates than those that do. And cardholders will come to expect a level of precision and accuracy from their banks. If not, they will migrate to banks that can provide that. That’s a risk no financial institution can afford in today’s competitive environment.
Jeff Hallenbeck is a proven risk and payments leader, with expertise in product and program partnerships. He has delivered and led fraud, risk and product programs for high-profile brands such as Microsoft and Nordstrom. He is currently building partnerships with leading financial institutions around the world for Forter, helping mutual customers approve more transactions and reduce fraud and expense. Hallenbeck holds a degree in Business Administration from Seattle Pacific University.