Secure Financial World
Plus TI's podcast about fraud prevention, financial crime, anti-money laundering, technology and trends in banking security. Find us at www.plusti.com
Secure Financial World
The Art of Preventing Fraud Without Hindering Business
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
The nature of risk is constantly evolving while fraudulent activities continue to innovate, and therefore our security members simply cannot afford to be left behind. This is Secure Financial World, your podcast dedicated to cybersecurity, fraud prevention, IML, fincheck, and comprehensive risk management. In every single episode, we bring you clear insights, real-world trends, and essential tools designed to effectively protect the entire financial ecosystem. Join us and let's collaboratively transform every challenge into a valuable opportunity. Preventing fraud without hindering business. This is one of the biggest challenges facing financial institutions and fintech today. Protecting users, maintaining agility, and allowing business growth and all of this simultaneously. Welcome to Mundo Financiero Seguro, the Plus T podcasts. I'm Juan José Rios, and today we are going to talk precisely about how to achieve that balance between security, service, and growth. Of course, without compromising the trust or the experience of the clients. To delve deeper into this topic, we are joined by Gabriela Alvarado from Monterey, Mexico. She is the director of operations at FinTech on Demand. Gabriela leads both the fraud prevention unit and the customer service team, which daily puts her before the challenge of protecting without slowing down and growing without exposure. And also joining us for this discussion is Hector Morales, the product manager for payment methods and transactional security at Plus T, who will contribute the technological and strategic insights regarding this important balance. To both of you, thank you very much for joining us today. Welcome.
SPEAKER_02Disty is thank you so much, Juan Jose. It's a pleasure and a privilege to be here with all of you discussing this very important topic.
SPEAKER_01Thank you very much, Juan Jose. It's a great pleasure, as always, to be with you. Gabriela, thank you so very much for joining us today. We are absolutely certain that your valuable contribution will be of immense help to our entire community of individuals who are striving for a much more secure financial world.
SPEAKER_00Absolutely, Gabriela, thank you very, very much. And I'd like to begin with you, as I know your work is precisely at the intersection of security and on the other hand, customer experience. So, from your unique perspective, I want to ask you, how can financial and fintech companies effectively prevent fraud? This, of course, without negatively impacting that crucial customer experience they so carefully cultivate.
SPEAKER_02Of course, Juan Jose, you know, we often tend to forget to put the client at the very center of absolutely everything that we do. Our institutions are constantly expanding, and very often the fraud prevention department ends up being completely isolated and separated from, for example, the product development side or the customer service division, and they don't always receive that vital feedback. And that causes them to become isolated from this topic. So I always tell the young people that despite everything, even though our job is literally to prevent fraud, we must never forget that the customer is at the center. That should always be our focus. And so, how do you manage one thing without impacting the other? First and foremost, by truly understanding your client, not treating every single one of them identically and creating processes that are extremely cumbersome and difficult for them. For example, by creating detailed profiles for each customer segment you might have, managing their spending amounts, their scales, and the average transaction value for this specific customer segment. So that, based on that, we can design strategies which perhaps aren't totally personalized one-on-one because it's yes, it's complicated, but you can do it based on segments. You're uh designing these strategies and you're learning, you're getting to know the client to say, ah, okay, look, for this type of client, their average ticket is always low. They always transact a thousand pesos in physical stores. If suddenly there's a wave of very high transactions in an e-commerce store, for example, then you will act in a certain way. But on the other hand, if you have a client profile that is dedicated to, for example, uh purchasing flights, booking hotels, or renting cars, where by its very nature their average ticket will be high, well, upon seeing any type of alert in your system, you're not going to immediately stop them. Not every single transaction necessarily requires the exact same level of friction. If you classify risks based on behavior, you can then request additional steps only when it's truly necessary. An additional authentication, a push notification, a UTP, however, your institution chooses to implement it, but you need to keep evaluating what the best strategy is that works for you so that you can, on the one hand, continue to prevent issues without the client perceiving it as a friction. Because we already know that when a customer can't buy, they'll most likely use another payment method and will hardly ever use you as their primary payment method again.
SPEAKER_00Gabriela, uh I really like what you mentioned: uh deciphering the client, what, when, and how they buy. And something you'll agree that always generates debate is precisely the balance between technology and human judgment. From your perspective, from your experience, what role should each one play today to achieve truly effective prevention?
SPEAKER_02Let's move on to the next point. Certainly, Juan Jose. Now, consider what I was just mentioning earlier about developing strategies for each customer segment. I always say that this must be accompanied by what I personally refer to as the three pillars processes, people, and technology. Because if you are missing even one of these three elements, you cannot establish truly solid foundations no matter how much you might possess. For instance, people with an excellent attitude or with very strong analytical capabilities, if you do not have the appropriate technology to support them in this modern era, you will inevitably fall behind. But also, if you don't have processes that people must adequately follow, along with policies that are in accordance with your institution, it won't be effective. Another example, nowadays there's a great deal of discussion about artificial intelligence, yes, but without the proper foundation. That technology which is so prevalent today, machine learning, for instance, if you don't have the appropriate processes in place, nor the right individuals to manage them, technology, after all, isn't some kind of magic. What I mean is you really need to know how to properly utilize it, and you must have the appropriately skilled people. One point I often bring up is that you absolutely must have a truly good culture also within the institutions themselves. Speaking about the subject of people, because as I was just mentioning a moment ago, there are times when institutions grow so much that they end up becoming isolated or they start operating in silos and they find it difficult to receive proper feedback from the individuals who are most closely associated with the service. The culture is truly important, that is to say, to promote a culture of prevention within the organization in every single way, both internally and externally. And so the most effective anti-fraud strategies really work when the internal culture is truly solid, when everyone genuinely understands the why behind the controls, not just the what, right? It's extremely important that the people on the front lines clearly understand the why. It's not merely about I'll prevent any fraud from happening. Beyond that, as I said earlier, you have a customer, a person who is trying to make a transaction. So you need to rely on these three pillars to build your strategy and your complete vision for the business, particularly in a fraud prevention area.
SPEAKER_00Perfect area, Gabriela. Now, if you're ready, let's talk about growth. Let's discuss the overall balance of growth, the performance in some of the key areas and the points that are in its favor and those that are against it. Many companies want to increase their authorization levels, process more volume, let's say, approve things faster, but without opening themselves up to risk, as you just mentioned. So, how can a company increase its authorization levels and at the same time remain protected?
SPEAKER_02You know, that's the most valuable question for any business, because that's precisely where your profitability truly lies. If you block transactions solely out of fear of potential fraud, you're definitely going to lose out on significant income. But if you authorize and authorize without any proper control, in the end, you'll also lose a lot of money. Therefore, the real art lies in being able to find and maintain a very delicate balance. And how do you manage to find that balance? It's precisely about the decisions that you make based on the data you have. Companies that grant more approvals aren't necessarily the ones taking on more risks, but rather those who truly understand their data best. Probability models, historical analysis, all of that tells you exactly where you can afford to be more flexible without compromising your position too much. That's the first point to consider. The second point, for instance, involves fine adjustments. What I mean is not everything is simply black and white. It's not merely about giving approval or outright rejection. It's about approving, but with certain specific conditions, for example, by limiting the total amount, requesting a second layer of validation, verifying the specific device being used, the geographical location, and so on. As I was just mentioning a little while ago, everything totally depends on how thoroughly you understand your specific customer segment because this then transforms into a smart, intelligent control and not merely a restrictive break. And so finally, your fraud prevention area can be positioned as an improvement in your unit economics. Because as you reduce customer claims and chargebacks and authorize more valid transactions, you improve profitability per client. And so this is where preventing fraud is not just about safeguarding, but also about being able to achieve the most optimal operational efficiency because ultimately the business needs to profit from both aspects. And one thing I'd like to point out to you is that it's not simply a matter of approving more or rejecting less. It's about being able to approve things more effectively, you see, so that what we truly want approved gets through, and what we don't, we shut it down properly as it should be. And something that's really important is to maintain communication with the client. Sometimes we forget that. And that's something super, super important and valuable. Nowadays, there are many channels and tools that can help us with this. You can do it through the channels your institution provides, whether it's WhatsApp or SMS. It could also be an email, but this channel is gradually becoming a little more obsolete and obviously a phone call. It's very different when a customer receives a prior warning, a notification that their card, for example, is compromised and they must contact the institution for assistance compared to simply wanting to make a purchase, having to deal with rejection at that moment when perhaps they urgently need it. So, as I mentioned, it's it's a balance that you have to be constantly keeping an eye on, how to put it into practice.
SPEAKER_00That's very clear, Gabriela. We understand then that we shouldn't see the client as just a number. We must treat them as an individual with their own specific needs, not merely as a simple data point in a statistic. Now, Hector, it's your turn. And I'd like to ask you, do you view this from a different perspective, specifically from the technological side, that underpins and supports everything? So, how can prevention solutions truly support that delicate balance Gabriela was talking about between preventing, serving, and growing?
SPEAKER_01Thank you very much, Juan Jose. In addition to the topics Gabriella has already discussed, I would like to contribute some characteristics of the support models. Firstly, these are with respect to the detection model. So, from that point of view, what we're looking for is a system that alerts infrequently only for things that truly warrant our attention. It should detect a lot utilizing a comprehensive combination of various detection technologies, always taking into account the unique particularities of each client. We must employ a combination of detection technologies. Pause. On the one hand, we have expert models. These expert models specifically enable me to identify fraud patterns that other institutions have already experienced and that are widely recognized within the industry. And on the other hand, machine learning, which is going to learn from new fraud patterns that happened to me. A very helpful aspect is for the researchers who use the application to properly evaluate the results of the investigation processes so that what wasn't fraud they mark it as not fraud and what truly was fraud they mark it as such. The systems will then learn and become more accurate every single day and they will detect more cases. Another important thing is not simply to say, this is an alert. We need to generate a score indicating the possibility of fraud, and then, based on that score, decide what the most appropriate action to take is. In the digital world, when there are gray areas that raise questions regarding whether it's fraud or not, and we need to confirm with the client, we must do so as little as possible to cause the absolute least friction and use the most suitable confirmation methods for each specific situation and for each client.
SPEAKER_00In that regard, Hector, I'd like to ask a follow-up question. What is it truly meant to do? Well, what is the entire range of a tool's function so that it doesn't end up becoming, you know, an impediment?
SPEAKER_01As I was saying, we really need to uh fine-tune the detection model very carefully so that the indicators and their respective alerting percentages, their level of detection, how many times we need to contact the client and whether the evaluation was appropriate are all precisely calibrated and so on. In other words, we need to properly measure all the performance indicators that we have for the support application.
SPEAKER_00And so to wrap things up, Hector, could you please tell us a little more about those optimal customer contact methods and what else they can be used for regarding fraud prevention? Please.
SPEAKER_01Yes, with pleasure. As we were discussing, we must strive to implement actions that require the end customer's involvement as minimally as possible. If I know something is a normal transaction, then as far as possible, we should not contact the customer. If we are absolutely certain that something is fraudulent, for instance, if numerous uh transfers are being initiated from the very same device, all in the names of multiple different clients, then we must immediately take the necessary action to uh block and safeguard the funds within those accounts that are currently under attack and only reach out to the client when it is truly appropriate. And there's one thing that we need to take into account the processes of double factors of authentication, which are the normal measure, we have to consider that they are not interceptable. There's a lot of malicious software. Hackers are experts at intercepting double factors of authentication. Therefore, our systems must be sufficiently robust to discern what authentication factor should be employed and to guarantee that it is not intercepted. Furthermore, it is essential that the confirmation strategies themselves are adequately structured. This is extremely important. If an automated system is going to interact, for example, via WhatsApp with a client to ask if it's truly them who is carrying out the transaction or not, then that process has to be very, very well structured. The way the questions are phrased needs to be very carefully planned. If it's going to handle 300,000 customer interactions for me, the very least we need to ensure from the outset is that it's completely infallible. For example, if it asks me, Did you perform this transaction, yes or no, they is and if I type in your and they type yes in uppercase, lowercase with an accent or a period, etc., the system should detect it correctly and not get stuck. Because if an automatic communication system fails me and leaves me looped in the same option, I'll get desperate as a customer and won't want to use it again. So it needs to be crisp, preferably using buttons. Did you perform this operation? One button for yes, another for no. I liked what Gabriela said. Don't lose touch with the client. Always ask them, did this work as you wished? Yes or no. That's regarding the automatic system. Now, if I realize or if I know that a client doesn't like using automated methods but prefers direct communication, then a human person should be the one to contact them. In Kier, it's very important to avoid arbitrary decisions. We often assume people will say the right words, and 95% of the time that's not true. They need to know their script very well, the words they are going to use, and the tone with which they will use them to avoid them feeling that they are being attacked or that we are judging them as fraudsters or anything else that could be misunderstood or motivate self-fraud, for example. So, those presentations given by our well-trained staff, and by the way, when you listen to a truly competent person who interacts with customers, it's genuinely delightful to hear the way they express themselves because they significantly boost customer loyalty towards the business. So, whether it's an automated communication process or a human one, the message should be as much as possible infallible. Also, another important aspect is to use the authentication methods that the client prefers. For instance, Gabi already mentioned that email is beginning to be used less and less. A recent statistic tells us that in Latin America, 87% of the people surveyed have stated, specifically in Spanish-speaking Latin America, that their preferred communication platform is WhatsApp, a full 87%. Messages must be very concise, as I mentioned, and completely free of errors. You were also asking me what else we can detect. Detection models can also detect business opportunities. We are absolutely convinced of this. Throughout all these years, we've been able to confirm it. We must offer the correct service at the precise moment it is truly needed. For example, imagine a person is making an overdraft on their credit card because they are paying for something that is an emergency in a hospital. The service of offering an overdraft, of reacting, of providing support enormously increases customer loyalty. So we can use, we can create business opportunity rules to uh capitalize on that exact moment.
SPEAKER_00That's truly very interesting, Hector. Well, we're now reaching the moment to highlight and underscore the most important aspects of our dialogue in this chapter as we move into the following conclusions. So I would like to begin with you, Gabriela.
SPEAKER_02Well, I think we're taking away quite a few lessons today. I'm going to list at least six conclusions that I'm getting from what we're discussing. First, start by knowing your client well. We can't treat everyone the same. We need to profile, we need to segment, adopt a dynamic risk model, one where the rules are updated precisely according to the behavior, the season, the product, and your client's profile. For example, the level of purchases we see in January is not the same as what we experience right now between November and the beginning of December, is it? Your regulations must be, as I've said before, dynamic because anything that remains static today will inevitably become obsolete tomorrow. This entire process is advancing continuously, day after day. our clients. Hector just mentioned quite well how that communication should be so that the client feels confident about who is speaking to them and that it's not just another fraud they could be falling victim to. Four, automate the repetitive and strengthen the critical. Technology must free up your team so they can focus on analyzing the most relevant cases. Five, measuring what matters authorizations, false positives and chargebacks. This is the perfect triad to understand if your anti-fraud strategy is enabling the business or hindering it. Because sometimes we only measure chargebacks and false positives and we leave out the level of authorizations. It's very important within a fraud prevention area to measure it. Finally build a culture not just processes or not just technology. We must train, communicate and constantly provide feedback to our teams because prevention is an everyday thing and for everyone. And so to conclude I'd like to point out that fraud is combated yes with systems but it's also prevented with a very clear purpose. We must take care of our clients, our business and our team equally because if we prevent better, we serve better and ultimately we grow better. Thank you very much.
SPEAKER_00Thanks Gabriela I'll keep that in mind. We really need to take care of the client.
SPEAKER_01Hector now we've come to the moment for your summary your full recapitulation well Gabriela took six very important points from me. So the size of my list was was reduced but to complement those those six points which I think is a great and very good summary I'd like to add that the system must be able to measure the level of of risk. I want to reiterate that point it's crucial to detect the level of risk in order to take the most suitable action for each unique situation issuing few alerts and only when it truly corresponds to a significant variation or something substantial regarding the customer's behavior.
SPEAKER_00Well then it's become very clear today that preventing fraud without slowing down business isn't some kind of utopia. It's a delicate balance a balance that is entirely achievable when we combine good technology on the one hand a robust operation and a truly customer focused vision. We understood that security and service should not compete with each other but rather work as true strategic allies to effectively drive our growth forward. Gabriela thank you so much for sharing how this delicate balance is managed day by day from the operational side and the customer experience perspective. And Hector, thank you too for showing us how technology can be an enabler and not a hindrance when implemented intelligently and to all of you listening thank you for joining us in this conversation in this dialogue your interest and your time make this space possible where we seek to provide clarity and practical tools to face the challenges of fraud in our region.