First-Party Data: Manage Risk While Protecting User Privacy (Part 2)

In part one of this series, we covered some major risks financial services companies face when building fraud mitigation strategies on top third-party data networks.

In this second part of the series, we’ll list the compliance and efficacy advantages in an alternative approach (using first-party data), and some practical steps those companies can take for adoption.

Use First-Party Data to keep compliant and prevent fraud

There are several advantages financial institutions gain when using a first-party data ecosystem as the foundation of their risk mitigation strategy.

Minimize inter-company data surface risk

As we covered, financial organizations are subject to numerous compliance frameworks when storing and processing consumer data. Compliance violations trigger fines that can range from thousands to millions of dollars per instance, and often damage company public perception.

These risks increase when first-party data is shared with third-party aggregators and bring a separate problem of relying on a third party’s own security measures to keep first-party customer data secure from attacks on their systems. When companies use first-party data to build fraud models, data governance falls under their own sphere of control, simplifying an already complex compliance table and reducing risks of instances where customer data problems are “out of our hands”.

Regulators will always hold companies accountable for the governance of first-party data, despite it being stored in a third party.

Accurate and fine-grained data

In a financial services context, reducing assumptions made about the user as early as possible and as often as possible in their journey results in the highest possible accuracy of fraud models. This is achieved through gathering fine-grained behavioral data on users across their entire device ecosystem (mobile, desktop, mobile web, etc.) with minimal friction in their online experience.

When using third-party data and global data aggregators for fraud modeling, companies plugged into them are beholden to the limitations of those models and the data types they capture across consumers, thereby raising assumptions made about users in a given service instead of reducing them (due to the volume of data across multiple applications). If fine-grained, first-party data can be captured often and early by companies, they can create more specificity within their fraud modeling, reduce false positives on cases, capture higher instances of general fraud, and fine-tune models for targeted fraud.

Personalized user security experiences

Security from fraud and online attacks are often expected features for customers of financial organizations and are demanded by those customers more than in any other industry. No customer would consider a service like a bank if they had the slightest fear of risking their financial well-being.

Customer security experiences online are the other side of the fraud modeling coin. When first-party fine-grained data is utilized in fraud modeling, companies can prevent specific in-app behaviors from occurring based on calculated risk tolerance (like a security question prompt or an MFA prompt to another known device) and tailor these checks to the points in the funnel deemed the riskiest based on context.

Alternatively, first-party data allows companies to draw conclusions on where security checks are not needed given the richness of the data gathered, which reduces friction within the customer experience.

These kinds of user security experiences are one of the ways financial brands can nurture long-term customer trust in a world that is rapidly moving toward more privacy and greater distrust online.

Steps to augment fraud models with first-party data

Implementation of first-party data in fraud modeling is often viewed as challenging, given that many financial organizations have not built in the capabilities to collect fine-grained data types on their customers for incident detection.

But done properly with the right steps and tools, financial organizations can smoothen the process to capture rich behavioral data through the customer journey, and begin reaping the advantages.

Here are some steps that can be taken to integrate first-party data into analytics and scoring tools that inform risk team policy decisions:

Reach team consensus

Risk and fraud teams have many stakeholders, all of who will have input on what first-party data should be gathered, where in the user journey it will be collected, and how it should and will be used. Once consensus is reached on these points, it simplifies the decisions involved in implementing technical changes to begin data collection.

Standardized the data

Once there is general alignment on first-party usage, work toward standardizing the data naming convention and schema, and establishing a source of truth that defines what is collected with context on how it should be interpreted.

At Moonsense, we do much of this lifting for risk teams by providing a standardized data model across desktop, mobile web, Android, and iOS native applications.

Validate what’s collected

Ensure that what you collected matches the format you defined in the standardization steps. It is important to establish precautionary QA checks to make sure your data reaches its end destination in the conventions you expected. This is another step made easier through Moonsense’s standardized naming conventions.

Reach consistency across tools

Before actioning your collected first-party data into your fraud models and analytics, ensure that it is consistent across all the tools it will be used. A data value that changes in one tool should also change in all others. Once data updates are consistent, teams can avoid data discrepancies and inaccuracy that are common when working across various data silos.

First-party data: a future-proofed strategy

First-party data usage in fraud modeling is a powerful way to stay flexible when compliance and regulatory frameworks inevitably grow in scope. It is also a strategy that protects company and customer financial interests as consumer demands for privacy evolve.

By following these steps and working with technology partners that lean into “privacy-first” trends, companies can better position themselves to protect the trust of their customers, and distance themselves from the very data-sharing practices which spurned compliance regulations in the first place.