Frictionless Fraud: Best Practices for Delivering Secure Customer Experiences

In recent years, there has been a rapid acceleration in efforts to transform the customer experience in banking, making it easier for customers to open accounts, deposit money, make payments and verify information. At the same time, banks face increasing fraud risks, placing an emphasis to mitigate that risk at the center of any customer experience initiatives. In this session, American Banker research lead and industry panelists explore the best practices that banks and credit unions are adopting to manage and mitigate fraud risks, specifically looking at the tools and technologies used to verify and authenticate customer identity to ensure secure, low friction experiences across all channels.

Transcription:

Janet King (00:11):

Hi everybody. Good morning, and thank you so much for joining us today on our last day of our digital banking conference. I hope everybody's had a wonderful event. It'd be nice if the rain stopped a little bit, maybe for those of you who might be sticking around. I'm Janet King, the senior vice president of Content Strategy for American Banker's Marketing Services team, and I'll be moderating today's panel discussion on frictionless fraud: best practices for delivering secure customer experiences. Joining me today in that conversation is Jaya Kendaswamy, who is the Senior Vice President of AI and Innovation for Citi National Bank, and Lamont Young, who's the EVP and the head of digital and omnichannel banking at Citizens. Welcome, you guys. Thank

Jaya Kendaswamy (00:53):

Thanks, Janet.

Janet King (00:53):

To get started, can you guys take just a brief moment to tell us a little bit about your roles at your respective banks, just to have a little context for the conversation. Let's start with you, Jaya.

Lamont Young (01:05):

Well, from the goal standpoint, it is always important to just keep track with the customers because that is our heartbeat. So where they are, that's where we want to meet them. That will be our objective, regardless of which business unit you're from.

Jaya Kendaswamy (01:22):

So my responsibilities lie across client servicing, cutting across all the primary consumer servicing channels. Our team is also responsible for enterprise UX and enterprise research.

Janet King (01:34):

Awesome, thank you. That's helpful context. So every year at American Banker we conduct a number of original research surveys. Let's see if I can get this slide to come up for me. Oh, great. So we conduct a number of original research surveys, and today we're going to be sharing results from one of those surveys that's on best practices for managing and mitigating fraud, with an emphasis on looking at how banks are doing that and trying to juggle that against the goal of delivering more seamless customer experiences. This is an annual survey, and this year we conducted the research in March, and we had 121 banking professionals take the survey, and they really represent a range of perspectives across different roles and titles. So we've got a good mix of C-level senior level executives, mid-level executives, and banks of all sizes and flavors: global banks, regional banks, community banks, and credit unions.

(02:30):

But I want to start by talking about customer experience and specifically the initiatives that banks are focusing on in the context of their larger CX strategies. I think we've all witnessed over the last few years a rapid acceleration in efforts to digitize the banking experience, right? We're all trying to make it easier for people to open new accounts, to deposit money, to make payments. In the race to do that, sometimes we may have erred on the side of convenience, where fraud was certainly part of the conversation, but maybe was looked at as something that was being solved in a silo rather than an integrated part of the conversation. What we're seeing in the data here is that fraud prevention and mitigation has really become the center of the CX conversation. So it's really on par with convenience in those efforts, and no longer something that bankers are trying to solve in a silo in response to new CX initiatives. So I'd love to get your perspective on that, and I guess I'll start with you, Jaya. What do you think is behind that convergence, and what advantages do you think that offers banks?

Lamont Young (03:41):

Yeah, this is a really good question. My role in overseeing digital channels for consumer and small businesses, the key thing that we're looking at is there are two objectives, mostly. Number one is the client segments. Gen Zs and others are digital natives or digitally consumed. So the importance of CX and the digital transformation is important. But in any place that you have value generated, there will always be an occurrence of fraud. Somebody would want to steal that value and use it for their own benefit. So when we think about banking, we want to leverage digital experiences, which is more susceptible to fraud, which then brings this, "I have a client who really wants to use digital experiences," and "we also have fraud that is just integrated with it." So I don't see these two as two separate bars. It has to be one. Anytime you think about digital, you have to think about fraud, and that is how product roadmaps have to be built. How about you, Lamont? What do

Jaya Kendaswamy (04:54):

You think? Totally agree with the points you just made. I'd also add that I think oftentimes banks separate digital channels from the physical channels, and the physical channels are also ripe for fraud. There are plenty of banks that still rely on the human eye test when clients come into your branches versus utilizing the same tools that you would use to automate fraud detection in your digital channels. Same thing on the contact center side of the house. I think far too many banks don't invest in tools that allow you to utilize biometrics in your contact centers to be able to help combat fraud. So I think as we start to think about the competitive advantage of a good fraud program around CX, part of it is just making sure that we don't ignore any of the channel or customer touch points.

Janet King (05:44):

So what tension do you guys see between those priorities, like that effort to reduce fraud while still trying to improve that customer experience and deliver those more seamless experiences?

Lamont Young (05:55):

Well, the tension happens because at least in this slide, we are showing it as two silos. Those two silos have to—it's a push-pull in some ways. If you have to address the client needs, then you want to be as fast to the market with whatever the latest, slickest customer experience, digital experiences you can offer. But then if you have to make sure it's a secure solution, the fraud controls have to be in place in order to address the inherent risk. It is a push-pull, like I said. So the friction is inevitable. The only way to think about this is how you can conceive concepts about digital experience with fraud as part of that roadmap is the only way to avoid this friction. Then you won't have your sales leaders, your business leaders go and commit to, "Hey, we'll have this face ID and all of this amazing biometric stuff implemented," while you are struggling with the fraud tools and the integration, and so on and so forth. So the commitments and all of those will be aligned holistically, so you will be able to mitigate that friction in some ways.

Janet King (07:07):

That's a really good point. What do you think, Lamont?

Jaya Kendaswamy (07:10):

I think the biggest friction is probably how many of your organizations are actually aligned around the advent of fraud. There's probably no shortage of four or five organizations within your companies that actually touch the experience that is fraud, right? You've got your teams that are responsible for fraud, and they have their own sort of KPIs and incentives. You've got digital team members that are a part of it, you've got operations, you've got your P&L folks, and I think oftentimes that natural conflict between what deems success across each of those groups causes that friction across the board. So I think one of the biggest things we all can do is just make sure that we've got teams actually organized around the experience versus being organized around their silos. I think you can take a lot of the friction out of the ecosystem by really making sure that everybody's on the same page around risk thresholds and risk tolerance, that we're all on the same page about what constitutes friction and what actually doesn't. I think doing that will help you deliver a pretty seamless experience for clients.

Janet King (08:08):

Having everybody aiming for the same outcomes. Right. That's important. Another interesting thing, Lamont, I'd love your feedback on is this second data point about improving product origination and onboarding because that's a priority that we've really seen a jump in the number of banks that are saying that's on their top three year over year. We're kind of thinking that maybe that has something to do in part, at least, to the pressure banks are facing to grow deposits. I'm curious whether that theory seems sound to you, but I also am curious how a heightened focus on origination and onboarding might change a bank's approach to fraud prevention.

Jaya Kendaswamy (08:46):

Yeah, I think for so many of us traditional banks, we're recognizing just how important first impressions actually are. So if you think about how fintechs have attacked the problem, they've made the notion of starting a new relationship with them so seamless and so easy that I think we all as traditional banks have to recognize that we've got to take friction out of the account opening process or the relationship origination process. There are three things for me that come to mind when actually strengthening our ability to make that good first impression. Number one is don't ask customers for information that we should already have. If you think about the home equity process today, you can get home evaluations from publicly available information. You can get equity in homes from publicly available information. Ask a customer for things that you should already have. The second thing to do is, if you deal with any really good FinTech that has an account opening process and they introduce friction around identity verification, it's usually always something very, very cool that lets the customer know, "I'm doing this to protect you, protect your information, protect your account."

(09:52):

So I think over-communication is key. Then I think the third one is just making sure that you don't treat every customer with the same scrutiny. If you're running truly risk-based models, you're going to have heightened scrutiny on certain applications, you're going to have lower scrutiny on others. I think making sure that you are treating customers like the individuals that they are is the other concerted point to remove friction from that account opening process. We all want to make that really good first impression with clients because that is what leads to relationship deepening and obviously greater share of wallet.

Janet King (10:25):

It's a great point, and we're going to dig more into that later, that point about treating customers differently based on where they are in the customer journey and other things. So thank you for foreshadowing that a little bit. I think we all know that there are lots of industry stats out there that are really shining a spotlight on the growing rate of fraud in banking today. When we were prepping for this panel, I was looking at some of them that one recent stat says that more than 50% of banks and credit unions have reported an increase in business fraud this year, over two-thirds an increase in consumer fraud, and collectively consumers have experienced $10 billion in cumulative fraud losses. So banks are juggling a lot. We wanted to understand what kinds of fraud, what types of fraud specifically, is your institution most focused on preventing?

(11:17):

These were the top five: card fraud, check fraud, wire transfer fraud, real-time payment fraud, and money laundering. Lamont and Jaya, when we were talking about this leading up to today's panel, you both said that these kind of lined up as you would have expected. But one of the things that we saw year over year was a pretty big jump in the percent of banks who are mentioning card fraud as a top priority this year. I'm wondering what you guys think is driving a higher level of attention there, and maybe we'll start with you, Jaya.

Lamont Young (11:47):

Yeah, so this goes back to the customer behavior. Lamont addressed the need for seamless onboarding to address the client needs. Similarly, the Gen Zs and digitally savvy customer base are looking to just have more online transactions. Nobody really wants to go around shopping in malls. They are all looking to just sit at home at their comfort and luxury of their couches and shop whatever they want, which makes the card fraud a lot more. The card-not-present is one of the biggest contributors in seeing this card fraud jump. One way to prevent that is how can we think about product features like locking cards and freezing, and so on and so forth. The other thing is also how can we leverage data to be monitoring transactions? If it is in CNP (card-not-present) fraud, how can we think about this transaction? What does that mean? Banks have started to get really more savvy with their technology. If your risk score is not really comfortable, then they do send a text message saying, "Hey, did you go to the store and shop for $3,000? You don't live here. Are you really sure? Should we approve it?" Keeping the customer in the loop and working with them is the best way to avoid fraud.

Jaya Kendaswamy (13:13):

Yeah, I think it's that, but I also think that it's their opportunity. Your bad guys go where they see the advent of vulnerabilities. Funny enough, I'm sure there's probably a number of banks represented in this room that still use systems that rely on static models versus being able to use dynamic models to score risk amongst clients. The funny thing about static models is you've got to actually see the fraud happening before you can actually create new models to be able to combat the fraud. By the time you've actually created new models and you've gone through your governance processes, the guys have already changed up routines. I give you guys a funny quote from our COO who says all the time, "Our fraudsters don't actually have to go through model governance in order to actually change their patterns." They simply take a look at what we do and they do the exact opposite. A lot of that happens based off of just the way we are. We've got to make sure that as organizations, we stay on our front foot when it comes to actually how fraudsters begin to migrate their patterns.

Janet King (14:13):

Absolutely, and I love that quote. It's interesting because we dug into this a little bit by different types and sizes of banks, and so you can see that we've split it out by national, regional, community banks, and credit unions. These were the four areas where we saw significant differences between the biggest banks and the smallest banks. The thing that really stands out is the difference in real-time payment fraud that is significantly more likely to be a priority for the largest banks than the smallest banks. I'm just wondering what you think factors into how banks view the risk from that kind of fraud. We'll start with you, Lamont.

Jaya Kendaswamy (14:51):

I think it's volume. One of the reasons why you see the real-time payments component impact your money centers or your national banks most often is just because of the massive amount of transactions that go through these institutions. Oftentimes it takes a small fraud ring the ability to capture a small number of customers, and the volumes I think play into their advantage. Your clients are oftentimes your most important resource when it comes to combating fraud, especially on the real-time side of the house. Educating them around the latest fraud schemes, ensuring that as you're instituting the ability for them to move money, you are reminding them of certain parameters that revolve around moving that money. The fact that for programs like Zelle, once the money is gone, the money is ultimately gone. The more you can educate your client and have them be that first line of defense against the kind of fraud that you see in real-time money movement, the better off your organization is going to be in combating that fraud.

Janet King (15:48):

Anything to add to that, Jaya?

Lamont Young (15:49):

Yeah, absolutely. Agree with the education aspect that will always be a common thread across regardless of credit card fraud to real-time fraud. The one other thing I'll add on top is real-time. It's instant for sure. So how do you then think about some of the levers on the product side when you design your mobile app? What are some of the speed bumps that you can introduce? Showing another additional dialogue box saying, "Are you really sure? Can you double check the payee? What's the riskiness? Do you have them on any list?" Data is always your friend. How can you make sure this payee is the one that this client wants to send funds to? The other thing also is with respect to behavioral biometrics, how can you monitor the behavior on your devices, mobile or online, and see how the pattern is happening?

(16:43):

For example, if I log in and just jump to Zelle and they're seeing this pattern account after account—somebody is logging in and going to Zelle and instant transfer or external transfer—that means that there is this fraudster who's looking to just take over accounts and start with fraud. They should know my behavior is I log in and I just scroll down and then I do something else. So they should know that pattern, and that's why they have to have that real-time monitoring and introduce additional speed bumps to say, leverage technology, leverage your product features to also help the clients just pause and think a moment before you hit the button.

Janet King (17:24):

It's really leveraging data wisely. That's something that the three of us talked about a lot is really at the foundation of so much of this. So if we circle back to the start of our conversation today, and we think about this idea that we know that more and more banks are starting to put fraud at the center of that CX initiative, and that they're really making an effort to balance those fraud prevention measures with their desire to deliver a more seamless customer experience. We wanted to understand how well banking leaders think they're doing at marching towards that goal. What we found here is that the majority say we're moderately effective at that. We're getting a pretty good balance, some occasional friction issues. Only about one in four think that they're really excelling at that. If you look at that on a bell curve, it's kind of like they're grading themselves as a B or maybe even a B minus in some cases. You kind of talked about this a little bit in a previous answer, Lamont, but I'm wondering how you think about striking the right balance between protecting customers from fraud and really providing that seamless customer experience.

Jaya Kendaswamy (18:35):

I guess I look at it as there are two sides of the coin. There is the preventative aspect of good fraud management, and then there's the recovery side. When fraud has actually happened to a client, how do you actually make them whole? On the preventative side of the house, this is where I think banks are smart to introduce good, sound friction because you can actually explain it to a user. The rationale for this friction is to actually protect you as an account holder. On the recovery side of the house, you have to think about the emotional state of most clients when fraud has actually happened to them, regardless of what client segment they're in, regardless of how much money they have at your institution. The fact of the matter is somebody has actually violated their privacy, and so it is an emotional timeframe, whether your client has $10 million with you or a thousand dollars with you.

(19:26):

We actually push forward to say, how do we remove almost all of the friction when it comes to the recovery side of the house? Because it truly is one of those moments that actually matter to clients. If after an event like fraud, you can make a client feel like you've got his or her back, you can make them feel like you're in their corner, you're going to make it easier for them to be able to recover from that fraud. I think you've got an opportunity to deepen that relationship with a client over the course of time. So our approach is to make sure that we're striking that right balance, that we're introducing friction on the preventative side where we need to, but we're doing our best to make sure that we take it out on the recovery side of the house.

Janet King (20:03):

Yeah, I think that's so important, right? Because what customers are going to be expecting in that moment is going to be so different. So I think that's such a great point. How about you, Jaya?

Lamont Young (20:11):

The word is balanced because it's always very tough to maintain. When it comes to balance, I agree with what Lamont said about front-loading on the prevention side because you don't want to get on the recovery side of the house. So how much can you front-load? But then we have to think about front-loading with fraud. You don't want to choke the client or the customer to the point where they cannot do anything. The key here is also about including the customer in the decision-making and how you can just provide optionality for the customers to say, "I want to be stepped up every single time," versus "I understand," versus "I'm okay with risk." Clients are in a different spectrum. So how do we introduce optionality for the clients so they can choose what they want? Also, to the comments we made in the previous question, there are things that you can phase out.

(21:16):

I am a big believer in banking out of the box. A client approaches your bank for opening an account. They just would like to move money. That's the basic premise. I want to get money and move it to whatever needs I wanted to focus on. So in order to do that, what will banking out of the box mean? It doesn't mean I need to allocate $25,000 limits on transfers right away. I don't have to just increase my Zelle limits right away. I can just allow you for $500 to start with so I can onboard you seamlessly. I can give you certain limits, and then based on your pattern, behavior, and et cetera, we can seamlessly graduate you to better limits so that we feel comfortable, you feel comfortable, and you also are able to get your job done.

Janet King (22:05):

So then making some decisions for the customer ahead of time based on their behavior, their data, but also giving 'em that optionality to pick the level of authentication that they want or when they want to be intercepted.

Jaya Kendaswamy (22:18):

And scoring clients. I think it all goes back to recognizing that fraud is one of those things that can have impacts on growing share of wallet or attrition overall. If you guys go back and do analysis on clients that have actually tried to leave your organization in the last two years or so, I guarantee you some element of fraud and lack of recovery or a delay in recovery is probably one of the top five to seven reasons why clients either leave your bank altogether or they have accounts that are dormant. So we try our best to take a look at where's the potential loss revenue or share-of-wallet opportunity against the potential loss of fraud. Sometimes, guys, you have to understand we're in a risk-based business in banking. It is inherently a risk-based business, and sometimes you've got to balance out saying, "Am I willing to potentially give up maybe 50 bucks in fraud?" I'm making up numbers, "for a relationship that might yield me a couple hundred dollars a year for the next seven years or so." I think that's important as well.

Janet King (23:18):

Great points. Okay, let's move on because if we're holistically grading ourselves as a B across the industry, I'm curious to know what's getting in the way. What are we really struggling with? These were the top three answers, but the one in the pink is the one that really popped the most in a number of places, which is efforts to reduce friction from the customer verification authentication experience is a key point of friction for a lot of banks. When we dug a little deeper into that, we had some follow-up questions, and we found that most banks are only somewhat confident that the identity solutions that they have in place are keeping pace with the emerging pace of fraud. So we know this is a big challenge for banks. They're focused on modernizing these capabilities, but they're not always fully confident that the tools and solutions they have in place are getting the job done. I'm curious to know, Lamont and Jaya, what you see contributing most to the challenges banks face getting the right identity tools and solutions in place. Who would like to go first?

Lamont Young (24:24):

Thanks. All of these again, I don't see them as three different factors. They all kind of lead into each other because if you have to have manual review, that's friction naturally. If your data is not talking to each other, then that introduces friction or incomplete decisions. What is the challenge that we face in putting the right identity tools? It is because of the complexity in how we support our clients and the silos. Organizationally, like, "I'm part of the operations," or "I'm part of the product org," "I'm part of the technology org." Then we all have separate budgets, and we all go after RFPs and vendor solutions differently. On one end we have Nice implemented; on another end, we have something else. These tools just produce data in a format that they don't talk to each other. We're banks, not technology companies.

(25:19):

So then we have to now figure out how do we take things from Azure, from an on-prem, from other identity solutions, and mix it all together to figure out, is Lamont the one who logged in, and is key the one who's making these payments, and how do I enhance the experience or how do I put a speed bump? That is the challenge, and it is a more thoughtful approach that banks need to take when they are thinking about signing a vendor solution. Is this the right thing for the enterprise, and how do we just have more common tools instead of having tools that do the same thing with a lot of overlap?

Janet King (25:58):

Yeah, we see that in a lot of the research we do. That real challenge of connecting the front-end customer to the back-office experiences and trying to figure out how to do that based on where people are in the customer journey or what part of the organization you're in is certainly a big challenge for banks across the board. So Lamont, anything to add to that?

Jaya Kendaswamy (26:19):

Not much other than I think especially when you start talking about banks that are not a part of the big six or big seven, a lot of what you have is an amalgamation of systems that have been purchased from other vendors or homegrown systems that all use different protocols. I think one of the biggest challenges to number one is the fact that there's usually not a unifying layer that sits on top of all of your applications that manages authentication, especially when you start to talk about how to identify and authenticate customers who use multiple channels. I think it's important for us to recognize how do we break down both the silos of our channels and break down the silos of our applications to ensure that unified authentication experience across platforms.

Janet King (27:07):

Well, and AI is certainly going to change that conversation or already is changing that conversation, right? If we think about AI—and I know there's been a lot of discussion about AI in the conference this week and conversations happening on the floor—in the space for fraud, it's obviously both a very effective tool for fighting fraud. You talked about data and recognizing patterns and identifying next best actions, things like that, but it's also an accelerant for fraud. I saw this survey or this report that recently came out from Deloitte. They're estimating by 2027 that advances to Gen AI alone are going to cost banks an estimated $40 billion, which is up from $12 billion in just two years ago in 2023. That's almost more than three times increase in the cost of fraud for banks.

(28:02):

We wanted to understand, specifically digging into this one use case of fraud, have banks encountered or prepared for deepfake or AI-driven social engineering attacks or tactics that are used to commit fraud? What are they doing specifically in that space? Just to orient you to the slide, the dark blue is the percentage of banks in different categories that have already experienced an incident and have adjusted processes. The light blue is "we haven't yet had an incident, but we're actively preparing for that." Pink is "we're aware of it, but we've not had anything and we're not really doing anything about it." Gray is the folks that are not really thinking about it. It follows: the biggest banks obviously are the ones that are most likely to have experienced it, followed by those mid-size and regional banks. But most banks are taking action to prepare for the possibility of those kinds of attacks. I'd be curious, Lamont and Jaya, what you think the key takeaways for your peers in the room today are from this data. Would you like to go first?

Jaya Kendaswamy (29:05):

Sure. I think the first thing, every time I'm asked the question about the promise of AI on the preventative side of the house, the first thing I always say is, "It depends on whether or not you've got your data house in order," because garbage in, garbage out. If you are relying on artificial intelligence to comb through data that is not clean, data that's not connected, what you're going to find is more false positives than you actually want, and you're not going to actually do the preventative side that you're looking for. So the first step is always to make sure that you've got a good program where data from all your core systems sits in some sort of data repo or a lake or a hub, and then making sure that what you have is actually usable for any models that you've actually run. It's actually interesting, we've been approached by probably no shortage of a dozen vendors that are all investing in technology to identify deepfakes, whether those are all visual deepfakes, whether they're deepfakes using voice.

(30:05):

I think there's going to be no shortage of firms out there that you all can tap into that'll actually help you attack this growing problem. I think the challenge is going to become more and more how do you begin to identify clients when they're integrated with you in virtual spaces, especially contact center and self-service digital. This is where I think the promise of AI on the preventative side of the house can really help. But I still go back to the promise of AI is based off of the ability for you to be able to use the data that you already have on your clients, understand those patterns, but it's got to be clean data for AI to actually pick up on those patterns.

Janet King (30:45):

Jaya, I'd love your thoughts there, and if either of you want to venture into a guess too, where are we most worried about these attacks? In which channels? Is it digital channels, call center channels, that kind of thing?

Lamont Young (30:55):

Yeah. To answer the previous question about AI, the first thing is to be aware of what are all the types of attacks that are happening and how are banks facing those? Most banks, I'm assuming, will have voiceprint, so there is a high likelihood of AI faking your voice. The first thing is to take an inventory of all the things that can be disrupted by AI. Then thinking about going back to our previous conversation about having a tool that just spans across the enterprise so we can have the data flowing in together so the data and the AI on the good side can be used to prevent fraud. There are so many things to Lamont's point about vendors and solutions that are offered. Deepfake, yes, it is true, but there is also a way to counter that. Can you introduce selfies as part of your step-ups?

(31:51):

Can you make your clients just take a 360 of their picture so that you can then work across comparisons? Eventually—this is my prediction—eventually there may be biometrics integrated with your selfies. I don't know where it'll go. Are we thinking about wearables data, how your biometrics can be integrated with it to authenticate you? Those are all advances that we can expect when it comes to AI. I think the promise of AI has the good and bad, but how we also stay connected, the data, the internal data is a very important piece, but how can the consortiums—all the banks together—work to figure out what's the right path forward? If we don't talk to each other, the fraudsters are likely going to hit both the banks. So how can we work together as banks to fight this AI fraud?

Janet King (32:54):

You mentioned data consortiums, right? Are you participating in any of those?

Lamont Young (32:59):

Not really, but in this conference we found some that we're talking about security-focused bank consortium. So we are looking to see if we can explore that.

Janet King (33:09):

That's great. Okay. Well, this brings us to probably my favorite slide in all of this research, which I think really illustrates the complexity that banks are facing in balancing customer experience with fraud prevention because it's really amplified by the omnichannel nature of banking. The data here reveals some interesting patterns because we asked banking leaders to tell us what methods are you using to verify and authenticate a customer's identity in each of the following channels? I know there's a lot going on in this slide, but the dark pink is the majority are saying that they're using these things, right, in every column. So 70% or more. The darker is like 60 to 70%, and then lighter blue is like 40 to 50, and everything very pale is below 40%. We did it this way because what we really wanted to highlight was the fact that banks are really investing in and using a wide variety of tools to authenticate the customer journey through their digital and mobile channels. But when it comes to the branch and the call center, they're kind of relying on a smaller subset of tools, which could suggest an over-reliance on just that small subset, and it might be failing to provide the best and appropriately secure customer experiences. I'm curious to know from your perspective, Lamont, if any of this surprises you, and what you guys are thinking about as you think about cross-pollinating and extending tools from one channel and one part of the customer journey to another.

Jaya Kendaswamy (34:40):

Yeah, so it's surprising, but not necessarily surprising that so many banks still rely on human identification when you come into a branch. Part of that is you want your retail colleagues to know your customers and have relationships. I don't want Ms. Sally who comes into my branch every Friday to have to go through some biometric update every time she comes in. We know who she is; we want to make sure she's got a pleasant experience, et cetera, which I think that is important. I still do believe that you have to balance that relationship that you want your bankers to actually have with the security needs for all of your clients. The way you talk to customers about the rationale as to why you put friction in certain experiences, I think it's the thing that banks can overcome.

(35:26):

The biggest problem that I think most of us have with this size is the fact that there's not a huge cross-pollination across the digital channels with the contact center and the branches. When you think about why one-time passcode is not utilized across branch and contact center more, when most banks have roughly 60% of their clients using their digital channels, it's mind-blowing why we don't actually see that cross-pollination. I think part of it goes back to the fact that our channels seem to still remain a bit siloed in many of our institutions. Secondly, I think we're still second-guessing that clients—excuse me—that the bad guys won't try to commit fraud across channels, which is a lot of what you see today.

Lamont Young (36:08):

That's the biggest premise. We think that somebody going to a branch is not going to commit fraud. That's the biggest assumption we have, and I am not surprised that this is the result. What I feel like is the primary reason that's stemming this is again, going back to what we have been talking about, we build systems separately for the branch or the contact center or your digital channels. You think your online and mobile assets are separate to what a branch needs to have. I would argue that if you have a digital onboarding solution, you can still have that relationship touch in the branch. You can greet your client, but then as they start, it can be a fingerprint on your iPad, and you start the application on your digital iPad, but sitting right with your relationship manager. So that makes it, the channel continues across digital and in-branch and other places. Then your data flows seamlessly, which will then make all the other things that we talked about contribute.

Janet King (37:15):

Because consumers are expecting that similar experience regardless. They don't care where they are or what they're doing, they just want to get their money out or they want to open an account, and they want it to be the Amazon experience that

Lamont Young (37:27):

Everyone talks about. True. Without having a single system, I don't think you'll get to omnichannel easily. How are you going to understand that Janet came to the branch, she did not finish her application? She is just going to a digital asset and creating a portal. Then she needs to pick up where she left off. That is the true meaning of omnichannel. Omnichannel doesn't mean multi-channels, right? If you don't have one single system, then I will have never known Janet even started an application in the branch. So it is very critical for us to think about that common capabilities and extend those to all the channels we have.

Janet King (38:06):

Absolutely. Okay. To wrap things up, I just want to leave you guys with three key takeaways and then get your final thoughts. As we were working through this conversation and thinking about what we thought were some of the things that you can think about as you leave here today, the first one is that fraud can't be an afterthought, right? It really needs to be integrated and central to that CX conversation. I also think it's important to recognize that it's not about eliminating friction, right? It's about introducing the right amount of friction. We had a lot of good points around that today. Finally, I think it'll become more imperative for bankers to explore opportunities to extend modern identity solutions beyond those digital channels. Jaya, as people leave today, what's your advice to think about wrapping this up?

Lamont Young (38:51):

Great call-outs from there, Janet. A few things that come to my mind is there is never a trade-off with security-focused architecture. When you start thinking about building systems as you're thinking about transformation, always keep security in mind and put encryption, tokenization—all the things that you need to do has to be at the foundation level, otherwise you'll be always catching up, and we'll never be able to get that integrated solution. The second thing is audits and controls are not a bad thing. We always just think like, "Oh my gosh, we want to be at the cutting edge of technology. We want to move faster." But having those controls and audits—and I know it's painful, GRC can be sometimes painful—but we still want to embrace all of the audits and controls to make sure that we are playing that right fiduciary role with our clients.

(39:47):

The third thing is to not see clients as somebody who cannot help you. We want to include them as part of this journey. Yes, we are here to serve them, but we want to make sure we educate them, we nudge them, we empower them with knowledge to say, "Why do we do what we do?" If they get step-ups and they get frustrated, it is to keep your million-dollar wire from going to a fraudster's hand. So it is always keeping the client in the loop and getting their collaboration so that it's a win-win for both the client and the bank. That's great advice. How about you, Lamont?

Jaya Kendaswamy (40:25):

I'll just double down on point number one: not only is fraud not an afterthought for your organization, it is truly one of those moments that actually matter to clients. On the preventative side of the house, we've said this throughout this conversation, it is so important to utilize your clients as your first line of defense. In fact, we've done research that shows that clients actually appreciate when you can include them in the process of helping prevent fraud. In fact, that endears clients to your organization and makes that relationship between client and brand feel that much stronger because they feel like you are partners in actually helping prevent fraud and identity theft for them and their families. On the recovery side of the house—and again, I cannot stress this enough—this is where we actually see both attrition, silent attrition, and real attrition happen.

(41:18):

You have got to figure out ways to be able to streamline your processes. If you are dealing with manual recoveries where you've got colleague workflow tools where colleagues are trying to figure out whether or not fraud claims are the right claims, just do your healthy balance. Why hold a fraud claim over $25 for weeks at a time? I guarantee you, when you balance out what you might lose in terms of greater share of wallet or deepening relationships, those things aren't necessarily worth it. So every organization's going to have its own view around risk tolerance as well as risk thresholds. I would just say make sure that when you are in the recovery process, that you're balancing protecting the organization, protecting losses, with potential future losses of revenue and growing share of wallet.

Janet King (42:06):

Perfect. Well, we used up all of our time, so we don't have time for Q&A, but we will all be around the floor and in the event until the end of the day today, or to the end of the event today. So feel free to come find us, and thank you for joining, and thank you very much for participating. Thank you. Thank you.