Posted: 6th August 2018
First published via ABI.org.uk in July 2018
We live in an age in which we have two identities to manage; our physical identity and our data identity.
In the physical world, we are acute to crime and are more able to protect ourselves. However, in the digital world, our identity is rarely entirely within our own hands, instead scattered across multiple organisations, leaving us to rely on the industry to protect us. Unsurprisingly, many customers are frustrated when data is breached or when funds are stolen as a result of inadequate cybersecurity measures or fraud prevention controls.
According to a recent study by Top 10 VPN, our data identity is worth around £820 to criminals. This may not seem a huge amount but, if you multiply that figure by the number of identities stolen in the typical data breach, cyber-criminals are walking away with a collection of data that is of significant value.
The General Data Protection Regulations (GDPR) aims to manage this issue by reducing unutilised data and requiring firms to report any breaches within 72 hours to the supervisory authority.
“Under the GDPR and the new Data Protection Act 2018, individuals have stronger rights and more control and choice over their personal data. If organisations ... do not properly safeguard their customers’ personal data, they may find customers taking their business elsewhere.” - James Dipple-Johnson, ICO
Despite increased vigilance, cyber-attacks are becoming more sophisticated, with both individuals and organised crime groups targeting financial services to steal data. This data is then used to commit further fraud.
In 2017, there were numerous high-profile data breaches and impersonation fraud cases within the industry. Cifas, the not-for-profit fraud prevention service, has recorded a year-on-year rise of identity fraud, noting almost 175,000 cases in their latest report. It is therefore crucial for firms to protect existing customer data by employing robust fraud controls.
So what constitutes robust controls?
The fundamental element of preventing any financial crime is knowing your customer. Firms therefore need access to quality customer information that allows them to detect anomalies and make effective decisions. This process is not solely confined to detecting fraud, as it also generates alerts on sanctions and politically exposed persons for Anti-Money Laundering (AML) purposes.
However, it is well known that in-depth know your customer checks can not only be a costly process but also slow down the onboarding process, which is a challenge when customers are expecting a frictionless experience at all points of their journey. More and more firms are subsequently moving towards a holistic approach to understanding their customers by cross-referencing information into a single customer view. This will not only prevent fraud but will also increase efficiency for AML compliance. Automating client onboarding and ongoing due diligence processes throughout the entire customer journey can close AML gaps and reduce fraudulent activity.
Robotic process automation is a powerful tool for combatting the threat of financial crime, which is continuing to evolve in our digitised world. If firms adopt a systematic technological solution with robust defence measures, then we will, together, break the chain of data breaches and fraud.