Secure Financial World
Plus TI's podcast about fraud prevention, financial crime, anti-money laundering, technology and trends in banking security. Find us at www.plusti.com
Secure Financial World
The Challenges of Channel Adaptability and Integration in the New Hybrid Environment
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
The nature of risk is constantly evolving, while fraud schemes continue to innovate, meaning that our security measures simply cannot afford to fall behind the curve. Welcome to Secure Financial World, the definitive podcast dedicated to exploring the complex landscapes of cybersecurity, financial fraud, AML compliance, modern fintech, and comprehensive risk management. In every single episode, we deliver clear insights, analyze real-world trends, and provide the essential tools required to protect our financial ecosystem. Join us as we learn how to transform these complex challenges into valuable new opportunities. How's it going? How are you all doing? Welcome to a new episode of Mundo Financiero Seguro, the Plus Ti Podcast. I'm Juan Jose Rios. Today we're going to talk about something very interesting, something we've all experienced but rarely analyzed in depth. And I am specifically referring to the way in which these financial channels have fundamentally changed and what that truly signifies for all of our financial institutions. For years we've talked about digitalization, apps, and fintech, but today the conversation is different because it's no longer about separate channels, but a complete ecosystem where the customer starts a transaction in one channel and finishes it in another. And in the midst of all this, fraud emerges as a critical issue. But this isn't just about digital fraud, it's also about the fraud that happens in spaces many think no longer matter. We're talking about branches, back office operations, and internal processes. Joining me today to discuss this topic are Giovanni Castellanos and José Ruiz. Giovanni serves as the senior vice president of sales and marketing over at Plus TI. He is a brilliant strategist and a true expert in unconventional thinking, deeply passionate about the power of simplicity, and he possesses extensive experience in innovation as well as in business as a dedicated solutions provider and trusted partner to financial institutions in the ongoing fight against financial crime. Furthermore, he is the creative producer behind this very podcast series. We are also joined today by Jose Ruiz, the product manager overseeing transactional security and digital fraud at Plus TI, who is dedicated to fostering a deeper understanding of our evolving digital landscape, not merely to guarantee security, but also to cultivate a distinct competitive advantage and lasting customer loyalty. I would like to thank you both for being here with us today.
Jose RuizIt's a pleasure to be here, Juan Jose.
Giovanni CastellanosThank you, Juan Jose. It is a real pleasure to be back here with you and Jose for this brand new edition of Safe Financial World. I am quite certain that we are all going to enjoy it.
Juan José RíosGiovanni, it is a pleasure to have you here. Let us get right to the heart of the matter, starting with the core fundamentals of the industry. How exactly has customer financial behavior evolved into this hybrid model where the concept of separate channels no longer exists? If you are comfortable with that approach, let us begin with you, Giovanni.
Giovanni CastellanosAbsolutely, Juan Jose. I think the first thing to understand is that the change hasn't just been technological, it's been behavioral. And that is precisely the root of the entire business dynamic, of the challenges that banking faces. It's a behavioral issue. Customers have changed the way they move and interact. In the past, customers typically chose a channel. They would go to a branch, use an ATM, or later on online banking. More recently, it's been all about online banking and apps. But that has, in a way, disappeared. Our customers don't really think in terms of channels, they are focused on solving a specific need. We talk a lot about multi-channel, but we also need to talk about omnichannel, where the customer remains the exact same person across every single channel. So today, the customer can start, or perhaps even has to start, a process within the mobile app, specifically the mobile banking app, but they ultimately end up going to a local branch to complete a validation process or more than likely to resolve the issue. This fundamental shift changes banking logic as we can no longer analyze individual behavior in isolation. Also, consumer expectations are a major factor as modern customers demand instant interaction. We have reached a point where we want everything right now. That is, that is our new approach. We want continuity to be seamless and zero friction. That is what customers demand, and it forces institutions to operate as an integrated ecosystem, or it should force them to operate as an integrated system, not as separate areas.
Juan José RíosGiovanni, I'm taking away this key point of yours that the customer has stopped thinking in terms of channels and is instead focused on solving a problem. However, many institutions still haven't, and that's where the first gap begins, right? Jose, r egarding this, during the pandemic and with the rapid digitalization that took place, there was a lot of talk about the disappearance of branches. But hey, they're still here. They didn't disappear. So that brings up the question: what is the role, the role they play now?
Jose RuizYes, that was exactly a prediction that didn't come true, but one we assumed would be true because we saw that the adoption of digital channels and the focus on what is considered convenient was what grew rapidly. I mean, yes, it seemed to be true, but what happened wasn't uh Tastanaza Dosetose, the Malayinaza Tataron Nessa po Wesapiere Malia Siratero, but rather that they changed their function. In the past, uh the branch was primarily transactional in nature, but today it has evolved into more of a dedicated problem-solving hub, much like what Giovanni was mentioning earlier, where customers can go to receive personalized advice or to manage various aspects of their complex financial business, which ultimately is something that truly humanizes the entire experience and builds greater trust as well. And that is the key aspect of these traditional channels, because while digital platforms will continue to grow and see a significant increase in their overall transaction volume, in the end, based on what we are currently observing, the physical branch will only continue to grow in its operational complexity. The core problem is that many banks have heavily shifted their investments toward the digital landscape, but they have failed to completely rethink or even fundamentally restructure the actual role of the physical branch. And so the result is complex high-impact operations that also require interaction and a bit of the human touch, but from a security perspective, they haven't evolved like digital channels in terms of the controls they have in place, and that's where significant risks start to emerge, which are often not being monitored.
Juan José RíosThat is an interesting observation. In conclusion, the branch has not actually disappeared. The situation became increasingly critical over time, even though it was not always handled or managed with the level of care that it truly required. I would like to hand the floor back over to you now, Giovanni. Considering all of this inherent complexity, how would you define a truly holistic understanding of the customer across all of our various engagement channels? Furthermore, what are the potential consequences or the fallout when that essential unified vision is completely missing from the strategy?
Giovanni CastellanosJuan Jose, that's the million-dollar question, because we've been talking about a holistic view of the customer for decades. This is nothing new. This has been a topic that's been around since since we had digital customer information, since mainframes existed. Sorry. We were already looking for this. So that is a I it's a modern need, definitely uh current. That involves completely changing the traditional mental model of banks, which only see transactions or see products or see channels. They all belong to the same customer, and that is that is part of the challenge. Whatever the customer does, regardless of the channel, regardless of the product or the channel, uh or the channel sorry, that they use, it all belongs to the same customer. It's the same customer, but they often see it in isolation. That has been the challenge, as if the customer weren't the same person. And that in a way, I would say, is a problem because fraud, and here, let's try to get a bit closer to the essence of what we are going to discuss, is that modern fraud does not happen in a single isolated event, but rather it occurs in a sequence. So let me tell you this, Juan Jose. Let me put this into a bit of context for you. Just imagine an employee, for example, who identifies specific accounts that could be prime targets for fraud. Believe me, that is a very common occurrence. And they are working with a group external to the institution. And there are N scenarios here because the employee decides to do so because they are in a country highly exposed to gang-related issues and therefore they could be extorted. There are N scenarios as to why that might happen. However, this employee, regardless of the circumstances or their particular contextual situation, their own personal situation, finds that for those accounts that do not have much recent activity, they are able to modify an associated email address and subsequently they are able to change the account password. Then another member of the gang, since he is working with outside allies who are actively colluding with him, proceeds to log into that account immediately after resetting the password, initiates a wire transfer to a new account, and finally receives the required OTP. That OTP, or to be precise, the one-time password, which is typically triggered whenever there is an email address modification, is sent directly to the new email address that the employee has updated within the institution system. Once this code is entered to validate and finalize the transaction, the money simply vanished. That particular payment was actually sent over to a completely different account, and quite often, this email notification returns to its normal state only after the transaction has been fully and officially confirmed by the system. So the real issue here is that we are looking at this entire sequence of events as if they were completely separate and unrelated incidents. And let me be perfectly clear with you, at this current stage of the game, many financial institutions still treat these as operations, they know are absolutely critical. Yet they aren't being properly monitored by anyone at all. And this means it's a latent risk, but if we don't have it integrated, it's impossible to detect the fraud. But when you look at it as a story, when you look at it, when you see that the traceability, the sit the sequence of what happened, it's crystal clear what's happening. And that is the reason why a truly comprehensive view of the customer when dealing with fraud must allow us to detect those complex patterns, understand that specific behavior, and react in a proactive manner, or at the very least, in a timely fashion before the fraudulent activity occurs.
Juan José RíosThat is a truly fascinating perspective, Giovanni. I believe your analytical work here is absolutely essential to our success. You see, fraud is fundamentally a complex story. It is never just a simple isolated transaction. If you fail to connect all the disparate dots, you will inevitably miss the core of the problem entirely. Jose, we have seen truly massive investments being poured into the realm of digital fraud prevention lately. However, I would like to ask you to what extent is internal fraud being neglected or the kind that occurs within our local branches and the back office departments?
Jose RuizThe answer to that specific question is actually quite a bit more significant than is currently acknowledged, but unfortunately, nobody in the public sphere really knows just how much it truly is. As for the complex matter of fraud, the primary focus has always been on what happens in e-commerce, digital banking, and various types of external attacks. And I'm not sure why. Sometimes I think there's a bit of naive trust, that sometimes the recommendation is to trust but verify. And so internal fraud continues to exist and evolve. And when I say that, I am referring to specific instances such as unauthorized system access, unjustified inquiries, unauthorized data modifications, and cases of internal collusion where, quite frankly, the employee becomes involved and takes undue advantage of their privilege access and the knowledge of the institution's weaknesses. So the problem is that often that activity doesn't correlate with what happens afterwards. Furthermore, there appears to be a perception that traditional channels are lower risk when in reality they are significantly more difficult to monitor. And what ultimately happens is that the dangerous imbalance is created, where there is an abundance of digital controls, but very few internal ones, and there will always be opportunistic individuals ready to take advantage of that situation.
Juan José RíosThat is a powerful, thought-provoking statement, Jose. To conclude, it's clear that fraud doesn't just come from outside and internal activity isn't monitored as well as it should be. Giovanni, how prepared are our financial institutions to correlate these complex events? And by that I am referring to changes to your personal data, general inquiries, or interactions at the branch that result in subsequent transactions.
Giovanni CastellanosLook, Juan Jose, if we take a moment to consider the path we have been observing, it is clear that we still have a long road ahead of us. We have been working in this industry for 25 years, or perhaps even a bit longer now, and it is something we have been evangelizing for a very long time. But the reality is that most systems are currently designed to analyze transactions rather than to analyze the actual events themselves. That's likely the limitation because the anticipated events are what provide context to the operation, and that's what matters. Today we're talking about contextual fraud analysis, and contextual means where it occurred, on what device, through which channels the fraud is taking place. The device, characteristics, the transaction characteristics, and the type of transaction that client performs. But often in that context, we exclude all internal operations, such as whether it's common for that client to go to a branch to perform transactions. That's why it's important to know who accessed it, who made the changes, and where those changes were made from. If we don't know that, it's ultimately an isolated operation, regardless of how much context it has. But if we don't have those kinds of details, uh it remains it remains isolated and lacks complete visibility. It doesn't have that 360-degree view from a fraud perspective. So it might appear normal even if it isn't. Or in the case I mentioned earlier, the operation might actually be normal, but there was some internal manipulation. Furthermore, many institutions maintain separate siloed systems for cards, for digital banking, for branches, and for all the other legacy systems they might have. In most cases, this fragmented approach is quite common. It is clear that the banking sector has worked very hard to implement robust integration platforms that utilize data integration buses. And this technology has certainly continued to evolve over the course of time. However, Fraud has not necessarily followed the same pattern. That fundamental principle of orchestration combined with those various systems that do not communicate with one another is precisely what causes the problem. So the other part of the problem is it's not that data is missing because the data is already in the bank systems. It's that we need to correlate it, and often we don't correlate it because we think there's data that isn't worth correlating. This is especially true for our technical teams, which means that any data that seems non-critical is frequently left out, and as a result, we lose that comprehensive, contextual, and truly real-time visibility of the customer.
Juan José RíosI'll take that point, Giovanni. The problem then isn't a lack of information, it's a lack of connection. Now let's talk about modernity, if you'd like. With all the progress we've seen that we've experienced in machine learning, I want to ask: is there still a row for expert knowledge? Over to you, Jose.
Jose RuizYes, that is absolutely correct, Juan Jose, because when you look at the big picture, neither the current supervised models nor advanced systems like Claude nor any of those tools have reached a level where they could replace a human expert, particularly for identifying complex or infrequent uh fraud, because human judgment and intuition remain absolutely essential. Machine learning is certainly powerful and has its uses, but at the end of the day, it's just another tool. It's not an analyst, which means you have to know how to use it as the tool it is. Machine learning is excellent at detecting repetitive patterns and analyzing large volumes of uh data. Tasere Sala Little Forasinos he was a seller and Monamay Sierra said it will be of great value in most anti-fraud work. But that is the truly difficult part, in that it really does require a massive amount of data, as well as the frequency with which those specific events tend to occur. Now, when we consider those particular types of fraudulent activities that occur only on rare occasions or are highly specific in nature or perhaps entirely dependent on the surrounding context, take, for instance, the case of fraud involving prepaid cards where the perpet the perpetrator uh loads up the funds and then proceeds to withdraw them immediately at merchant locations that they know lack the necessary security controls, and consequently they permit these types of rapid cash-outs. It would be a very specific case because there is particular knowledge of that, of that vulnerability, and that's why it's exploited. But machine learning won't know that. It won't necessarily be able to see it. That's where human judgment comes in, because an experienced analyst can delve into more detail and spot things like an unusual sequence, behavior that's out of the ordinary, or simply something that doesn't see fit or doesn't make sense, and that often doesn't appear in the data uh in an obvious way. Well, to provide a thorough answer to your specific question, it is not simply a matter of choosing one or the other, but rather the unique combination of technology, experience, and situational context that will truly add significant value and allow for the best possible result.
Juan José RíosWell, Jose, I must say that your answer is really quite reassuring. The application of machine learning in this context is certainly not intended to replace human beings entirely. Instead, humans will continue to complement the nuances that these computational models simply cannot always capture. To bring this chapter, this entire analysis, and our discussion to a close, I would like to invite each of you to offer a final recommendation or a closing thought regarding this specific topic. If you are ready, Giovanni, perhaps we could begin with you.
Giovanni CastellanosThank you for the introduction, Juan Jose. Absolutely. From a strategic standpoint, the fundamental question is what institutions should prioritize today. It is a vital question to address. In my view, there are three key things. Now let us return once again to the concept of a truly unified customer view. We are going to continue to keep hammering away at this objective because it is absolutely essential that this remains something we constantly strive for. And here, we are specifically addressing the fraud prevention units because the various business units are already taking action simply because the business itself is fully behind it. However, now that we recognize fraud as an integral component of the business experience, we must develop a vision that is fully aligned with the organization's strategy. Furthermore, the customer must be provided with a clear, holistic perspective regarding the business. That is a critical area that everyone in the industry is currently investing in. In fact, 100% of all banks are actively doing exactly that. This has been a fundamental component of the banking evolution process, yet it has not unfolded in the most optimal manner regarding a unified view of the customer from a fraud prevention perspective. Therefore, it is absolutely imperative that we cease analyzing our various products and channels in total, complete and utter isolation. This process leads us to correlate all of those events, not just individual transactions or, shall we say, the limited contexts we believe we have, but rather the entire actual context in its entirety. And when I refer to the full real-world context, it is like if I am making a transaction on my mobile banking app, having the context of where the transaction is being made, the channel and the device characteristics, but I also have to look at the other transactions or the various administrative events that are occurring surrounding that specific individual transaction in its entirety as well as the history. Therefore, it is absolutely essential that I manage to correlate every single one of these events. First of all, the greater the number of events that I am able to correlate, the significantly higher my overall accuracy will be. And secondly, I am going to be able to substantially reduce the amount of loss that we are experiencing. I am going to be significantly more operationally efficient because I am going to reduce the number of false positives and I am going to create a much more frictionless experience for the customer, providing them with a truly seamless and effortless experience. Now, this evidence undoubtedly points us toward traditional channels as our third area of concern. We must not neglect the transactions or events that occur in the trans air traditional channels, which is to say the physical bank branch, because significant risks continue to manifest there quite frequently. And much of the narrative we have been exploring and what we have discussed here is, first and foremost, the necessity of a unified customer view, the importance of correlating events, and ensuring we do not neglect traditional channels, such as the branch, even if the transaction volume there might be relatively low. And that is precisely why the point Jose made earlier, that human expertise and machine learning are truly complementary, is correct because they really do complement one another. After all, when it comes to identifying the complex risks that frequently occur within our branches, I absolutely require that deep specialized expert knowledge. And above all, the key takeaway here, the foundation of these three of those three points, I would say, Juan Jose, is to avoid continuous. Continuing to operate in silos in isolation, creating these islands of information in the fraud units. That is the biggest enemy today, maintaining fraud prevention units that may have different platforms but are operated in isolation, not correlating with each other. Because that, as a consequence, gives me a fragmented view of the customer, and therefore there's a significant risk that will negatively impact the customer experience. Guarding against, guarding against, guarding against financial loss. And that says a lot about the institution, and that is what institutions need to work on today.
Juan José RíosThank you very much for sharing that truly insightful information with us, Giovanni. Building upon those points, if we look at the strategic side of what these institutions really need to prioritize right now, Jose, I would love to hear what we can add from the operational side of things as well as from the broader customer experience perspective.
Jose RuizI would say it's important to humanize fraud management and be mindful of the selective use of friction. Not everything can be friction, but it can't cease to exist either. It is an important part of security and it's always a trade-off between risk appetite and business goals. But it is also important to improve the experience on digital channels because we see that there has been a lot of investment in implementing and growing them, but maintaining them and keeping them attractive to the customer is always a challenge. So, like when you're chatting with the bank and it takes them 25 minutes to reply, but if you don't respond within five minutes, the session closes and you have to start all over again. This isn't uh sustainable, and we need to strengthen that customer service. Because just imagine what if at a if what if that customer is reaching out because their account was drained. These specific types of cases will have the most significant impact on the net promoter score of our entire institution. Successfully recovering a customer who has experienced fraud is quite difficult, but with the proper level of dedicated attention, you can not only retain them, but you can also fully regain their lost trust and loyalty.
Juan José RíosThere is absolutely no doubt that providing excellent customer service is the absolute key to success. To summarize, we can highlight several powerful and very important points. For one thing, the customer no longer sees these individual channels at all. On the flip side of that, however, the banks themselves certainly still do. Point two, bank branches did not simply vanish into scenario, they have evolved into something entirely new. Point three, fraud is not merely a single isolated event, it is a complex and ongoing sequence. And most importantly, technology is key, but without context and human judgment, it falls short. Thank you, Giovanni. Thank you, Jose, for this conversation, for this analysis, and to those who join us and listen to every episode. The question isn't whether your bank is digital, but does it uh truly understand the customer across their entire ecosystem? This has been Secure Financial World , the Plus TIi Podcast. I'm Juan José Rios. We look forward to seeing you next time.