Fraud can’t be stopped without knowing the threats your organization faces and which ones are trending. This requires detection efforts that allow you to identify the types of fraud being used against you—and how criminals are getting away with it.
But for risk teams to actually prevent fraud from happening and reduce fraud losses, they need to be able to prevent fraud that’s in progress or anticipate when it’s about to happen—and that requires prevention efforts.
To help teams do this, we’ll explore how organizations can move from fraud detection to fraud prevention, and what to prioritize for best results, by covering the following:
This piece was developed using interviews and insights from five leading fraud risk experts that deal with fraud regularly. This work is a byproduct of their unique experiences which have been interwoven throughout the narrative of the article.
Let’s start by exploring why fraud detection isn’t enough and why fraud prevention efforts are crucial to mitigating fraud's impact.
Plain and simple, the main shortcoming of fraud detection is that it’s a reactive—rather than proactive—strategy. Risk teams that focus exclusively on detecting fraud will always struggle to mitigate fraud losses if they can’t actually stop the fraud from happening. Otherwise, teams will simply be reporting on the fraud that occurred.
As Christopher Danvers from Helix by Q2 states, “Fraud detection without prevention is just creating a data function designed to report bad news. Impressive decks and pretty graphs can help take the sting out of the message, but at the end of the day you’re just reporting that fraud has occurred, and it was at this cost to your organization.”
“Fraud detection without prevention is just creating a data function designed to report bad news. Impressive decks and pretty graphs can help take the sting out of the message, but at the end of the day you’re just reporting that fraud has occurred, and it was at this cost to your organization.” — Christopher Danvers, Sr. Manager, Card & Payment Strategy at Helix by Q2
Fraud detection is abut identifying transactions or behaviors that don’t belong. More specifically, it’s about identifying events after they’ve occurred. It’s much like investigating the past with no actual insight into the future.
While fraud detection will always be important (as it’s essential to be able to identify the instances of fraud that are taking place), it’s not enough to actually mitigate the impact it has on your organization. Fraud detection should always be a task that’s used to identify the main fraud trends you face, and should be paired heavily with fraud prevention efforts so that this data and information can be leveraged to actually reduce fraud losses over time.
Fraud prevention—as opposed to fraud detection—is a proactive process, allowing organizations to get ahead of (instead of just react to) instances of fraud. Risk teams that focus on preventing fraud can actually stop fraud from occurring in the first place, significantly reducing fraud losses and inhibiting bad actors' ability to exploit their organization.
Risk teams can also use preventative measures to stop instances of fraud they’ve detected from recurring, as they’ve now identified the strategy being used against them (and developed a way of preventing it from happening in the future).
For this reason, fraud detection and fraud prevention are both vital elements of this process. To properly prevent fraud, you need to know what types of fraud you’re facing, which requires fraud detection and identification first. After all, without knowing what threats you’re working to prevent, you’ll never be able to develop effective strategies for preventing them.
Prevention—unlike detection—involves proactively implementing controls to block fraudsters from accessing a financial institution's product, or exploiting the platform once they’ve accessed it.
Since fraud prevention actually empowers teams to mitigate fraud losses, it has a more significant impact on organizations’ bottom line—resulting in a more effective use of the risk team’s resources. Fraud detection efforts, while important, don’t actually mitigate the fraud losses, as the fraud has already occurred. It simply enables teams to understand their biggest threats—and work towards stopping these threats more effectively. The more time teams can devote to true preventative measures, the more they can actually save.
According to Chris Dean, Co-Founder and CEO at Treasury Prime, by actively preventing fraud rather than merely detecting it after the fact, organizations “can build trust with customers, protect their reputation, and avoid significant financial losses.”
“By actively preventing fraud rather than merely detecting it after the fact, you can build trust with customers, protect your reputation, and avoid significant financial losses.” - Chris Dean, Co-founder & CEO at Treasury Prime
Fraud detection is an essential component of preventing fraud—without identifying malicious behavior, it’s impossible to stop it. Unfortunately, without being able to convert detection data into prevention strategies, teams will struggle to actually mitigate fraud losses and optimize resources and productivity.
Below, we dive into the top strategies for leveraging fraud detection efforts to maximize fraud prevention strategies and operations.
1. Assign Dedicated Teams for Each
Fraud detection and fraud prevention—while both are important pieces to the puzzle—are very different tasks. Assigning dedicated teams to each allows these teams to specialize in their area of expertise to better develop and deploy strategies respective to the task at hand. Specialization can help teams perfect both, and cooperation can then ensure these teams work most effectively on behalf of the entire organization.
For instance, fraud detection and identification relies heavily on data collection and analysis. To do this effectively, professionals need to be able to actually understand and find meaning in the data they have available. The more data teams have, the more context they can glean from the information they have at their disposal. These professionals need to have a clear understanding of different types of fraud—and what signals indicate these different types of fraud.
In contrast, fraud prevention involves understanding the types of fraud that are the biggest threats to your organization and details about how criminals conduct these attacks. From there, teams need to be able to implement preventative measures that effectively stop these threats. As Christopher Danvers from Helix by Q2 states, to find meaning, organizations need to “understand the context behind the data, and be familiar with the transaction types or behaviors that created the dataset.”
“To find meaning you’re going to need to understand the context behind the data, and be familiar with the transaction types or behaviors that created the dataset.” - Christopher Danvers, Sr. Manager, Card & Payment Strategy at Helix by Q2
In some cases, having separate and dedicated focuses can be advantageous, as long as that still includes a collaborative approach between detection and prevention teams.
2. Enable Communication and Cooperation Between Those Responsible for Detection and Prevention
Detection and prevention—while they can have separate and specialized teams—should never be fully separate from each other. The aim should be to detect fraud and identify the newest and most prominent fraud trends and then leverage that data and knowledge to inform fraud prevention strategies.
The faster teams can turn this detection information into prevention strategies, the faster organizations can get to mitigating and reducing fraud losses. Otherwise, you’re still just detecting instances that have already occurred rather than actively working toward prevention. By perfecting both, you’ll not only reduce fraud losses, but you’ll also reduce the impact on your team’s resources, output, and overall productivity.
Not only that, but teams need to be able to visualize detection and prevention data in a single place to make the fastest, most meaningful insights. As Brendan McDermond from Protiviti states, the “development of a centralized fraud data hub will provide accessible, available, and instantaneous reporting of the current fraud environment” for organizations.
“The development of a centralized fraud data hub will provide accessible, available, and instantaneous reporting of the current fraud environment.” - Brendan McDermond, Senior Manager, Financial Crimes Compliances at Protiviti
To do this most effectively, teams need to be working closely to turn fraud detection into fraud prevention. As soon as new and trending fraud schemes are identified, teams need to be able to build out prevention rules that can actively stop these trending fraud schemes. For this to be possible, detection and prevention operations need to work closely and cooperate.
3. Leverage User Onboarding Controls to Keep Bad Actors Out
A major part of fraud prevention is keeping bad actors from accessing your platform, products, or services in the first place. After all, if fraudsters don’t have access, they can’t commit fraud.
According to Ethan Singleton, Principal at FS Vector, enacting—and improving—customer onboarding controls can go a long way in preventing fraudsters from accessing (and exploiting) your services. “From my experience, particularly with Fintechs, one of the most effective ways to shift from detection to prevention is implementing sophisticated fraud controls during the customer onboarding process. This can severely impede a fraudster’s ability to successfully access the FI’s products,” says Ethan.
“From my experience, particularly with Fintechs, one of the most effective ways to shift from detection to prevention is implementing sophisticated fraud controls during the customer onboarding process. This can severely impede a fraudster’s ability to successfully access the FI’s products.” - Ethan Singleton, Principal at FS Vector
This won’t entirely stop fraud, of course, as savvy criminals will still bypass onboarding protections and be able to use sophisticated fraud tactics. However, it will drastically reduce the amount of time and resources that teams need to devote to combat fraud and close vulnerabilities.
Fraud detection plays an important role here, as the more data you have to identify what types of users or behavior could be fraudsters, the better your organization will be at doing this. The more data companies have at the point of onboarding, the better they can perform identity verification processes.
Fraud prevention tools and strategies should go beyond basic regulatory requirements of identity verification (collecting a prospective customer’s name, date of birth, address, and SSN) and use advanced controls to collect as many signals as possible.
This includes using device verification, IP address validation, VPN monitoring, document and biometric verification, and more. This is especially important for digital-only institutions, as they never have a face-to-face interaction with the customer, making it much more difficult to verify their identity. Advanced measures can go a long way in ensuring that a prospective customer is who they claim to be.
Chris Dean mentions that, by mitigating potential risk before they even arise, organizations can “ensure that clients’ accounts are fortified against fraudulent activities from the outset. The most effective method to prevent fraud is to inhibit malicious actors from gaining access to your system in the first place.”
“By mitigating potential risks before they even arise, you can ensure that clients' accounts are fortified against fraudulent activities from the outset. The most effective method to prevent fraud is to inhibit malicious actors from gaining access to your system in the first place.” - Chris Dean, Co-founder & CEO at Treasury Prime
4. Use Transaction and Data Monitoring to Stop—and Predict—Fraud
Preventing users from accessing your platform will never be foolproof—savvy fraudsters are constantly finding loopholes and organizational weaknesses. After all, they are spending just as much time trying to breach a system as your team is trying to defend it. To make sure fraudulent attempts don’t get through, you’ll want to do all you can to detect fraud in real-time (or near-real time) or use predictive analytics to identify when an account is likely to commit a fraudulent act.
Transaction monitoring tools are an ideal solution for this, as they allow risk teams to monitor transactions and identify suspicious transactions. Even better, true data monitoring solutions can go beyond looking at just transactions, leveraging other user signals—such as logins, account changes, device information, and more—to predict when suspicious activity is likely to occur.
Dan Pinto, CEO & Co-founder at Fingerprint, explains that other solutions and strategies can be implemented to take a more proactive position in the fight against fraud. He notes that “financial institutions suffering significant losses due to solely detecting fraud can use device intelligence to strengthen their defense by detecting anomalies, such as logins from new devices or locations, which might indicate account takeover attempts.”
“Financial institutions suffering significant losses due to solely detecting fraud can use device intelligence to strengthen their defense by detecting anomalies, such as logins from new devices or locations, which might indicate account takeover attempts.” - Dan Pinto, CEO & Co-founder at Fingerprint
With these tools at their fingertips, risk teams can actually step in and stop fraud as it’s occurring or block fraudsters before they can even attempt attacks. In some cases, they can even develop automated rules that will stop fraudsters without requiring a manual review or investigation.
Leverage Unit21’s Solutions to Turn Fraud Detection Into Prevention
Fraud detection—while essential for organizations—doesn’t actually do much to stop fraud from happening. For teams to reduce fraud losses, protect customers, and keep their platform secure, they need to turn the data from detection into fraud prevention strategies and efforts that actually prevent fraud from happening.
Cooperation between detection and prevention operations (and—for some organizations—teams) is absolutely essential. The more communication between these teams, the faster risk and compliance teams can turn the identification of a new fraud threat into a prevention strategy—and subsequently implement that strategy. This cooperation allows teams to shift detection efforts into prevention efforts.
Having dedicated detection and prevention teams—while challenging for smaller organizations with fewer resources—can be advantageous. These practices—despite being closely related—are drastically different and require different skill sets. Having specialized teams can ensure each performs their role most effectively. Keep in mind, cooperation is still imperative, so organizations always need to ensure that this specialization doesn’t come at the cost of cooperation.
Fraud prevention shouldn’t be limited to just converting detection data into prevention strategies. Teams also need to use systems that allow for real-time transaction and behavior monitoring that let them hone in on signals that could indicate when fraud is happening or about to happen.
On top of this, teams should use robust customer onboarding systems that employ Know Your Customer rules to prevent fraudsters from accessing an organization's products or services in the first place.