Several financial services security and IT executives gathered Tuesday in New York to discuss the importance of online banking to the institutions' bottom lines, and tout an anti-fraud service offer by RSA Security designed to help banks shut down fraudsters.
RSA uses technology and infrastructure put in place by Cyota, which RSA bought earlier this year, to monitor online transactions for possible fraudulent activity and then report such activity to an online financial fraud network known as eFraudNetwork, which is available to all RSA risk-based authentication services customers. Banks and other businesses have in the past felt that they should control their own customer data, but this thinking has evolved as banks in particular realize they can benefit from an aggregated pool of transaction logs that can better help them identify fraud that cuts into their bottom line.
RSA customers say eFraudNetwork is paying off big time. HBOS plc, the U.K.'s fourth-largest bank created in 2001 by the merger of Halifax plc and Bank of Scotland, has seen an 80% reduction in costs related to fraud since it began participating in eFraudNetwork, Gordon McFadyen, manager of fraud prevention for HBOS Card Services, said.
Barclays Bank U.K. has experienced more than a 60% reduction in fraud-related costs, Ian Morgan, head of operations and development for Barclays Bank's electronic banking, direct channels, and U.K. retail banking division, said.
RSA's eFraudNetwork addresses a major concern related to data sharing by not posting any information about a transaction that would identify the consumer. Instead, the network provides a listing of information that includes transaction amounts, the IP address where the transaction originates, and the location where that IP address is registered. If, for example, a transaction is made to an account using an IP address registered in Oslo, Norway, and another transaction to that same account is made using a different IP address, registered in, say, the Bahamas, the eFraudNetwork can either raise a flag to the bank where that account is managed or block the second transaction.
Combating "fraud is at the top of our agenda," Morgan said. In fact, convincing Barclays customers that the bank is serious about fighting fraud is paramount to allowing the bank to expand the breadth of online services that ultimately can cut costs for Barclays.
Migration to online banking services has helped Barclays throttle back other customer-service channels—such as ATMs, bank tellers, and telephone services—that are more expensive to maintain. In fact, 37% of all Barclays customer transactions are done online, more than any other channel the bank offers, Morgan said, adding that "any reversal of this trend" would hurt the bank's cost and revenue models. "Online is also an opportunity to cross-sell customers different services," he said. "People don't go to their bank every day, but they are online every day."
More than 98% of Stanford Federal Credit Union's transactions take place online, a factor that has helped keep down costs, said Sam Tuohey, the credit union's chief technology officer and VP of technology and e-commerce. To ensure that Stanford can continue to follow the online model, customers must trust the credit union, which means not only protecting customer data but also protecting customers from phishing attacks. "If we lost e-mail as a communications channel with our customers, that would have more of an impact on us than the money going out the door to fraudsters," Tuohey added.
Alessandro Colafranceschi, head of online banking for UniCredit Banca, agreed: "Concern over security alone is enough to drive people away from online banking." Like Barclays, one-third of UniCredit Banca's customer transactions are performed online. "This increases profits to the bank and boosts loyalty," Colafranceschi said.