The fraud prevention landscape continues to evolve and grow. Just as fraudsters are finding new ways to collaborate to commit fraudulent acts, more financial institutions are realizing they can do the same to prevent them.
Enter fraud consortiums—a group of financial institutions and service providers that decide to work together to better understand and combat fraud. Because consortium members share their data and resources, they can help financial institutions identify known fraud perpetrators and techniques that may have otherwise flown under the radar and develop better anti-fraud practices.
I chatted with three compliance and fraud prevention experts to gain insights on consortium-based fraud prevention and how it fits into their overall strategies to identify and prevent financial bad actors. Thread Bank’s Chief Compliance Officer Kelly Caltabiano, Gusto’s Head of Financial Crime Compliance & AML/BSA Officer John Wiethorn, and SpotOn’s Chief Compliance Officer Lisa Lechner shared learnings gleaned from their success stories and challenges around fraud consortiums.
Q: How do you see consortiums influencing your overall strategies, especially as fraudsters acquire more technology and constantly evolve their tactics?
John: Consortiums provide a fantastic add-on value to an organization’s toolkit, especially when it comes to fraud detection
I think a fraud consortium is a great source of information for red flags. We’re always talking about signals and sources; when you are part of a fraud consortium, that’s what it is. It says, “Hey, this is something you might want to look at.” And how you then interpret that can help lead an investigation, shows things we may want to pay particular attention to, which might have gone undetected.
I see consortiums being really helpful in today’s landscape. So many new products are coming to market, and, particularly within the fintech realm, there might be a lighter Know Your Customer (KYC) process early on in the relationship. For example, a name and email address are sometimes required at the beginning. This is where a consortium can help - that email might be concerning because it’s attached to suspicious activity with another institution. So, it can be a good starting point for investigations and help organizations decide if they want to dig deeper into a customer.
Consortiums are not meant to replace anything, but they’re a great value-add for an institution in terms of detection. Detection is everything in this game. The fraudsters are out there, they’re upping their game. I always joke that fraudsters have quarterly planning just like our compliance teams do. They are out there planning these things, so as much as institutions can collaborate, it helps us fight them more effectively.
Lisa: Consortium data can be helpful across the entire journey, from detection to prevention
As John is leaning toward detection, I use it more for prevention. At SpotOn, I’m responsible for risk and underwriting, so we’ve leveraged consortium data from the outset with merchants. We’re using consortium data to look at other processors' experiences with that entity, from identity theft to fraudsters engaging in money laundering.
Where I come from, we traditionally used e-commerce more on the fraud side. Getting the scores from the credit cards, looking at whether that card has already been identified as compromised, and adding that to the score—a lot of it was a black box. But we would use that certainly as a signal in our decision-making to determine if we were going to accept the card.
Consortium data is useful in many ways, depending on where you want those indicators. Do you want it upfront? Do you want it on the card? Do you want it on an identity? Or do you want it on the merchant processing side? It’s one more indicator to add to your program.
Kelly: Leveraging consortium data in both the KYC/KYB and post-onboarding phases is important
I also have a fraud saying: Kris Jenner works hard; fraudsters work harder. The pace at which fraudsters and their technology evolve should concern all of us. We cannot effectively fight fraud unless we fight it together. So, I think that’s the first real benefit of consortium data.
It truly is a tool in the toolkit. The data is useful in the detection and onboarding phases once someone is on the platform. KYC/KYB verification is really helpful, but it only does so much, so the ability to leverage consortium data and red flags at the time of account opening is really useful. But fraudsters are not always plain “fraudsters” - they can be real human beings or real businesses, so they’re able to get on your platform by passing KYC/KYB with the intent to commit fraud later down the line. So, consortium data is helpful to detect both onboarding and once they’re on the platform.
Q: What are some specific examples of success stories using consortium data?
Lisa: Red flags are not the end-all, be-all; use them as a part of the whole picture
On Mastercard Alert To Control High-risk Merchants (MATCH), we avoid risks every day by leveraging information from somebody else. I would say we probably have at least one-to-two hits per day on MATCH, where it’s either an identity theft or money laundering flag. With the former, it can go a bit both ways, especially during COVID-19, when we had a ton of merchants flagged for identity theft. Sometimes they’re the victim, and sometimes they’re the suspect. So, we need to use those signals to have that one more decision point, but how you use and embed it is also important. For underwriting, using consortium data is everything.
Q. As you decided to participate in the Unit21 Fraud Consortium, what were the objections you faced in your organizations?
Lisa: Data hashing helped alleviate a lot of privacy concerns
We didn’t have objections this time. Normally I have to produce ROI, but it made sense this time. As we leverage consortium data for other things, this is just one more indicator to prevent risk. Of course, we always look at privacy, but looking at how data hashing is being leveraged (Unit21 uses a proprietary patent-pending data hashing method that enables data sharing without ingesting PII), even I, as the privacy officer, was not concerned. I did my full evaluation and determined it was taking care of some of the PII risks I’ve been concerned about myself in other instances. So, I was probably the barrier that Unit21 needed to get past, and once we looked at the privacy issues that have been resolved with the data hashing, then that risk was mitigated.
Kelly: From privacy to executive buy-in, there are challenges that must be addressed but can easily be mitigated
Working for a financial institution, privacy is always a huge concern, and the regulatory pressures around data security and privacy are really important. As Lisa touched on, the data hashing that Unit21 has built is really special and is a great mitigant to that concern. So, I would encourage anyone exploring Unit21’s consortium to take time to dig into that because I think it is a unique process that eased a lot of our concerns.
The other challenge is executive buy-in. With financial institutions in particular, you have an executive leadership team that needs to weigh in on the ROI of a product or tool, so coming to the table prepared with the benefits to help us prevent fraud and save money is really useful in defending the position and explaining why it’s so necessary
Cost can be a challenge - and not necessarily specific to a consortium. In general, there are other consortiums out there that are really pricey or don’t allow fintech platforms to participate. So, I think those are some challenges some organizations can face.
John: Balancing governance and fraud reduction can go a long way in overcoming obstacles to consortium participation
Most of our challenges are not data privacy because we already had a relationship with Unit21. It makes it a lot easier when you have a trusted vendor. Our challenge was how we would use the consortium data and whether there would be an adverse impact on customers based on data we don’t have control over. For example, if we automatically reject someone who appears in the consortium data, and we have no control over who is listed there, then suddenly there’s an adverse impact - that would be a problem. We had to focus on ensuring we had governance in our department and how to use the consortium as a tool and add-on value to detect fraud as part of our Enhanced Due Diligence (EDD) process. But we wouldn’t make off-boarding decisions solely based on someone being in the consortium data.
We love documentation at Gusto, so we were able to set up governance around it and got senior management very comfortable with it. With so much fraud going on, they think anything we can do to reduce fraud is worth exploring. So, we’ve been excited to get it over the line, and it didn’t take long at all, for the most part.
Q: Outside of what was just mentioned, if someone really is struggling to get buy-in on a consortium, what should they do? What is the checklist?
Lisa: For executive teams, it’s helpful for consortium data to be positioned as a value-add, not an overall solution
Every time you build a budget, you still have to build that ROI. If I am on the executive board, I want to know how this will impact the bottom line. If you can reduce fraud, what is the anticipated fraud in numbers that you can quantify and reduce?
Friction and UX are always a concern, so looking at the design and whether it will create friction in onboarding is important. From the fraud perspective, sometimes we over-index and then reject good transactions. If I am on the executive board, I want assurances it’s not just black-box technology. As sexy as AI may be right now, it can also have unforeseen consequences where you’re turning down good business or becoming too reliant on data. If you preface this as just another indicator, it’s a softer entry into using the data. Then, you have to cover any regulatory risks. If there is a privacy concern or consumer protection issue with using the data, then it’s important your board knows you’ve mitigated those risks.
Q: Regulated entities are under a new level of scrutiny. Can you explain what you need to do to clear the regulatory barriers to participation?
Kelly: Demonstrating the benefits of consortium data to regulators as part of the whole picture can be effective
I think it’s really important for a financial institution to demonstrate that it’s considered all of the regulatory implications of participating in a consortium—as mentioned, governance documentation around privacy, how you intend to use it, the added benefits to the institution, and staffing as well.
We also have conversations with our regulators all the time, and what often comes up is how reliable KYC/KYB is in this digital environment with things like deep fakes and AI. KYC/KYB is very reliable, and there are some great tools to help accomplish that. Still, if you add consortium data to your toolkit and use KYC/KYB platforms with that data, you have a good sense of who the customer or account is and what they intend to do. It’s important to demonstrate to the regulatory agency that privacy concerns are remediated, you have the staffing to manage it, there’s a clear benefit, and this really helps you understand the profile of this customer or account at a level that you would not be able to do without this data.
And it’s real-time; it’s information we get a lot faster. Banks can share information through Section 314(b), which is great, but it’s slow, and there are restrictions on the information you’re allowed to share. Consortium data is a lot faster, candidly, better, and more reliable. Explaining this to the regulators and showing how it is different, and different doesn’t mean “bad,” and how it can benefit you and the industry in general can be a good strategy.
John: Framework matters: what is the real impact?
I agree with everything that has been said. Often, it’s not the actual underlying topic, but it’s how you frame it. As compliance professionals and fraud fighters, we want to clearly define red flags and stop those types of customers, and the business partners are going to be thinking about that potential friction. So, instead, I like to frame things around where the real impact is going to be. This will enable faster detection, it will be part of our existing framework - we’re not reinventing anything or changing the user experience. And I think relationships are important. This applies to everything you’re doing as a compliance officer. It’s so important that this doesn’t come out of nowhere. You should be having those conversations about how you’re using lots of tools, and this is one tool you’re adding to the toolbox to fight fraud.
Q: What other advice would you give someone completely new to consortiums?
Kelly: Understanding how connections, partnerships, and relationships are important
Seek out great partners and find contacts who can help you narrow down the tools that can be helpful in your industry. Speaking of relationships, making connections is really helpful. From my seat in the financial services/banking institution world, documentation is key. Approach your leadership team with the documentation, and to John’s point, especially for me in banking, the friction part of this is generally not on the forefront of my mind, but it is for all of our fintech partners. How is this going to minimize friction or not create further friction? These are really important points to think about.
John: Training is imperative to using consortium data successfully
Training is critical. People think they know how to use the tools out there, but often - particularly at larger institutions - there are assumptions made about data sources or whether they have been vetted. Training is an essential component of that.
The Takeaway
Consortiums can provide significant value to organizations. The ability to see things that you know are coming your way, even if you can’t see them yet in your portfolios, means you can put strategies around each MO and process. Someone has to take a loss for others to benefit, but that’s really what consortiums are about - sharing those hits we take amongst our companies so that others can benefit from them, which strengthens everyone in the industry in the fight against fraud.
Fraudsters may be working together more and more to commit fraudulent acts. It’s time financial institutions did the same to detect and prevent them. After all, united, we stand!
Subscribe to our Blog!
Please fill out the form below: