How fraudsters surprised British banks
A decade ago, the U.K. instituted its real-time payments system, Faster Payments. In its first five days, it processed 334,000 transactions. Now the system handles more than 230,000 transactions an hour.
As the transition to real-time payments begins in the U.S., American banks can learn much from the British experience, particularly in fraud protection, according to Mary Ann Miller, the fraud strategy leader at Varo Money.
Miller was at Lloyds Banking Group at the time of the U.K. system launch. Now she is helping Varo build on its leadership role among challenger banks, an effort aided by recognition from both regulators and investors.
The San Francisco-based company in September became the first mobile-only bank to receive preliminary approval from the Office of the Comptroller of the Currency for a national bank charter. Varo also is a venture capital darling, having raised more than $45 million in a January funding round.
Though U.S. banks have the advantage of seeing what worked for their British counterparts in a real-time payments system, Miller expects they still will face challenges going forward.
Following is a transcript of a Q&A with Miller, which has been edited for length and clarity.
What were some of the bigger challenges banks in the U.K. faced with fraud and real-time payments?
MARY ANN MILLER: Many executives underestimated the relationship between fraud and speed. The banks all took different approaches to faster payments. Some folks put hardened security at the front door, which really isn’t a good customer experience.
Other banks took an approach that put passive controls in the background and really looked at all the events that were occurring in the faster payments environment and really using a scoring approach to the risk element. There were different approaches, but there was really an underestimation from a very high level in the organization.
If you think about it 10 years ago, we weren’t at the mobile stage. We knew it was coming and it was looming. Online banking was maturing back then. With that came the maturity of the attacks. When speed was introduced, the criminal element was ready. It wasn’t very long after Lloyds went live, my team said to me that the fraudsters were treating the online portal like a casino. The criminal element was attracted that they could get immediate gratification from the proceeds of their crimes. So, it was important for us to make sure that all the channels you can launch faster payments in, whether IVR or online banking, that there was equal protection in all channels.
The U.S. market has the advantage to leverage those lessons learned, but also has had its own lessons learned in the early stages here from the mobile payment platforms that have been rolled out.
It’s important for The Clearing House to support this conversation today so that we can all start having that dialogue as an industry and that we are noting what is important for us to incorporate into our strategy and approach.
How do you make fraud/security controls simple as to not hinder the customer experience?
I’m a big proponent of passive security. There’s rich data. There’s rich information in every interaction the bank has with the customer. In every way, we can help the customer navigate their journey in a very positive way, I’m a big supporter of that.
As a mobile bank at Varo, we have the opportunity to actually speak to our customer during an event. We can actually do that within our app with a push notification during the transaction and actually come to resolution quicker than getting a phone call. Customers are expecting payments to move faster. We have the objective of understanding if it’s our customer conducting that transaction or if it’s a fraudster.
What’s the role for challenger banks in driving the conversation about fraud issues around real-time payments?
We have the ability to take a fresh approach. We’re not so much dealing with legacy infrastructure and legacy approaches to things. We can start with a fresh approach and start with the customer at the heart of our risk approach and make sure our products are competitive in the marketplace from day one.
As a challenger bank in general, is there more pressure on the company when it comes to fraud prevention?
When you’re trying to scale, when you’re growing as fast as Varo is growing, certainly that is a unique challenge for a challenger bank. We’re definitely going to experience the same kinds of risks as the big banks experience. Eventually we’ll get on the radar of fraudsters.