Investing money into detecting, mitigating and preventing fraud has become just another part of doing business.
But rather than the fraud department being seen as just another cost center to throw money at, it may be time for senior leadership to start looking at business-driven fraud management differently.
Unfortunately, the messaging from security teams to upper management doesn’t always come across as crystal clear.
A recent report from RSA revealed that fraud practitioners often struggle with effectively communicating fraud threats and trends to senior leadership. This gap in communication can also make it difficult to secure buy-in on new initiatives and technology investments when it comes to fraud management.
Angel Grant, director of Product Marketing and Global Marketing at RSA, explained that many of RSA’s customers expressed difficulties when attempting to communicate issues up to their boards and senior leadership, finding that the message did not resonate because there wasn’t an understanding of the business context surrounding the issue.
In order to effectively manage enterprise fraud risk, business leaders have to understand the “so what?” behind the fraud issues facing the company. Without that knowledge, there won’t be clarity on the potential impact to the business, and action may not be taken until it’s too late.
Clarity Is Key
In its report, RSA sought to analyze three barriers facing business-driven fraud management: understanding the most common metrics being used to align fraud issues with business priorities, identifying the most effective way to communicate fraud trends and metrics to senior leadership and discovering the best practices in the financial services and retail space to drive future investments for stronger fraud prevention mechanisms.
“The reality is that digital channels have become ground zero in the fight against fraud,” Grant said, but if senior leadership doesn’t understand the return on investment for protecting these channels, then fraud and security teams may not receive the support they need from the organization.
“In some cases, this ultimately leads to even greater fraud losses, serious customer satisfaction issues and potential brand reputational issues if fraud is exposed publicly,” she added.
Grant said that fraud teams must speak to leadership in what RSA calls “bizurity” — the combination of business and security, which expresses the details of security in the language of business risk.
Fraud is no longer just a security technology problem — it’s a business problem.
This is why Grant said it’s so critical for organizations to recognize what the impact and risk is to the bottom line in a way that’s clear, concise and actionable.
Why Metrics Matter
The three stages of business-driven fraud management are to measure, communicate and act.
Before effective communication can be put into practice, a fraud team must understand the right metrics and ensure they align with the key performance indicators (KPIs) that matter most to senior leadership, which are fraud losses, expenses and the impact on the customer.
Grant identified operation expenses as a KPI that is critical to both financial services as well as card issuers and retailers. As transactional volumes continue to increase — especially in the retail and eCommerce space — there has been a drastic increase in the rate of fraud. Organizations across all industries are struggling with managing the operational expenses that come with having the right fraud detection tools in place.
However, financial institutions also tend to focus heavily on the metric of fraud losses, which has grown in importance as these businesses look to build out their omnichannel strategy. In the retail sector, measuring false-positive rates is a critical metric because of how damaging and expensive this particular type of fraud loss can be. A retailer that struggles with false declines may experience negative impacts to their customer satisfaction, brand loyalty, repeat purchases and overall financials.
This is why it’s so important to understand the business context around cybercrime incidents, Grant explained, in order to help business leaders better manage their risks according to their organizational risk tolerances and strategic priorities.
“Leadership looks at a fraud department as a cost center, but this mentality needs to shift,” she said.
“We want to make sure that they understand there are tools out there that not only help organizations to reduce the fraud, but that they also allow them to balance risk, costs and customer convenience while opening up doors to improve operational efficiency and generate additional revenue,” Grant added.
To download: RSA’s Business-Driven Fraud Management-Analyst-Report, fill out the form below:
Information on RSA can be found here.