Risk Management As A Dimension Of Your Data Analytics Strategy

“Know Your Customer”, three words that for two decades have defined in principle how banks and financial organizations should identify users and know their associated risks.

Minimizing assumptions made about how customers interact with online services has been (and still is) the dogma for preventing illicit activity in such a high-risk industry. Despite this standard, many companies struggle today to truly understand their customers’ behaviors, devices, and interactions with their services in the necessary depth, much to the detriment of their businesses.

As one example, customers commonly switch between multiple devices in their household for the same types of tasks, and the device count has more than doubled in the past few years. And yet few companies gather signals like pointer data or accelerometer changes to account for how the same user might behave quite differently across their device ecosystem.

What should be a complete behavioral profile of every customer is instead a surface-level snapshot, inviting a number of different risks that come with a data analytics strategy built on a limited set of dimensions.

In this post, we’ll cover some factors that pull a financial organization into a foggier view of what its customers do online. We’ll also cover the benefits a company can gain from a complete customer risk picture, address common pitfalls in attaining this view.

“Growth at all costs” leads to outgrowing analytics tools

An organization’s analytics strategy is often centered on gathering data context to learn the optimal ways new customers can be reached, and what services can be sold into the existing base. Ancillary aims like making sense of data breadcrumbs that inform the development of new products are also within this focus.

Data labels represent context, and context is tied to goals. When a company’s primary directive is revenue attainment, analytics tools that cater to marketing or sales contexts are adopted first as data foundations. Though when these kinds of analytics tools serve as the initial data foundation, functional goals that fall outside of the revenue attainment sphere become difficult for an organization to achieve through that tooling alone.

As companies grow their user bases and services when pursuing revenue growth, more questions arise about customers in different contexts (ie risk and fraud vs. sales and marketing). The needs for specialized data types and signals grow, but risk or fraud teams are often last to the table when decisions are made on the types of data needed for the company to succeed.

Fraud and Risk are Dangerous as Afterthoughts

Many of the factors which bring customer expansion and revenue growth are the very same factors that expose a company to greater risks related to financial crime and fraud.

A growing user base. A more robust suite of products and services. Enhanced feature utility. Product promotions. Integrations with third-party tools. The more utility offered to the customer, the more potential utility for an attacker to exploit.

The key reason many rapidly growing financial organizations mistime when they should begin developing data sets to combat fraud is that the outputs of growth strategies take quarters or years to realize. Growth is the focus, and only after achieved do the costs of fraud become clear, suddenly compounding at what seems a rate impossible to combat.

When fraud and risk are treated as secondary tracks under the broader data analytics strategy, companies are forced into a dangerous, exposed position without the proper tools for mitigation.

But for companies that view fraud analytics as a parallel track to growth, and who incorporate behavioral data contexts for fraud when determining the growth goals years or quarters out, dealing with the inevitable fraud waves becomes manageable, and even lends advantages that enhance growth within their space over competitors.

A Complete “Customer Risk” View A complete customer risk view is built on behavioral data gathered at the source, directly from customers’ interactions with products at any stage in the user journey.

Getting fine-grained data types like text field input patterns, mouse/pointer movements, location data or accelerometer readings ensures risk models have the most diverse set of ingredients possible and allows teams to answer sophisticated questions within risk contexts that will evolve over time.

Here are some powerful benefits to having a complete customer risk view:

Gain an actual source of customer truth

For fraud detection, many organizations rely on third-party data networks and outsourced modeling to profile customers for risks. These models require pooling customer data across applications and sorting risks according to the lowest common denominators across the broadest possible set of apps, and often are not robust enough to track individual customer movement between several owned devices. Through gathering fine-grained behavioral data directly from the source (the customer interaction with the app itself), any interaction from any device or between devices can be captured with the highest possible fidelity. Fraud analytics can then be built on true customer behavioral data, instead of on abstracted outputs of models built on how users behave when in other apps.

This also allows in-house control of what features are gathered and included in models, how they will be used, and how risk contexts and questions should evolve with the business through its unique trajectory.

Answer every risk related question of any customer

Continued growth not only invites more fraud volume; it also invites more sophisticated service abuse as product utility expands.

Common fraud types like account takeover, mule account creation, money laundering schemes, and others grow both as a percentage of total users and in total dollar losses when companies expand their customer base. And new synthetic fraud typologies appear when users have more functionality within the same apps. When fraud volume grows and new typologies surface, teams need to develop better hypotheses and answer more uncommon questions to build robust enough models for detection.

Building a complete customer risk view on fine-grained behavioral data keeps the data foundation flexible enough to develop new risk contexts quickly, enabling companies to combat specialized kinds of fraud bound to appear before they actually do.

Personalize customer security experiences

Customers today are well aware of the risks they face when using financial services online. Many are wary of the potential damages they will see if their accounts, profiles, or funds are compromised by attackers. Gaining a complete customer risk view with behavioral data brings a nuanced understanding of how every single customer interacts with services across their entire device ecosystem. When the source of truth is fine-grained, this allows companies to craft personalized, low friction security experiences delivered to the right users when new products are released or when feature utility is enhanced.

Customers then gain an enhanced sense of financial security (leading to more usage), and risk teams get a better sense of which customers on which devices pass these checks, furthering the efficacy of the models built on top of the data.

Obstacles to seeing a complete customer risk view

Despite the benefits of a complete customer risk view built on first-party behavioral data, many financial organizations are ill-equipped to navigate the obstacles that come with implementing a revamped fraud analytics strategy.

Siloed and fragmented data

Each team within an organization has its own specific data needs, uses its specific processes, and may use different analytics tools for their tasks.

As the organization grows more complex, more customer data and data types are spread across various buckets which are not synchronously updated for truth. How common is it for a CRM sales record to also contain data fields on ‘device type’ interaction? It becomes impossible to get a complete customer picture within any tool, a problem compounded when fraud and risk teams do not have initial input into what data should be gathered, who should be granted read or write permissions, and why.

Compliance and regulation adherence

Financial services companies face a formidable list of regulatory frameworks they must abide by or, else face violations, fees, and lawsuits. These include industry-specific laws like SOX, PCI DSS, BSA, GLBA, FINRA, and PSD 2, not to mention general data governance regulations like GDPR or CCPA.

The more reliance a company has on third-party data networks and first-party data sharing, the more complex this regulatory puzzle grows.

Obstacles here include gaining assurances that various vendors do not share or sell their first-party data, having enough security protocols in place to protect their own systems from a breach, and having legal rights to share their own data sources with the acquirer.

When the inter-company data paths of first-party data are this unclear, it can be impossible to know if a vendor knows the company’s customer better than the actual company itself.

Legacy technical infrastructure

Most analytics tools that were adopted early on in financial companies as a data foundation do not provide fraud teams with all the needed behavioral data for modeling, despite collecting data across the organization.

These tools are often unsynced with others tacked on to solve functional areas like fraud or risk, and often focus on sales or marketing flows, meaning their fields, naming conventions, and contexts are grossly misaligned and confounding to interpret. Risk and fraud teams simply do not have the right tools to gather the behavioral data they need and answer the right questions about their customers. Nor do many have the engineering bandwidth to build a system from the ground up, given core company focus was aimed at selling financial products instead of behavioral data gathering. Know your customer and how they change Through an SDK specialized for fine-grained behavioral data gathering, it is now possible for companies struggling with these challenges to at last ensure fraud analytics becomes an equally important and prioritized dimension of the overall analytics strategy.

We’ve even listed out some initial steps companies can take to move in this direction toward building a complete customer risk picture.

When these fine-grained data types serve as the foundation for a risk data ecosystem, a user can be truly known across all their devices, and fraud models can be built on the highest possible confidence that behavioral data was gathered directly from the source of truth.