Six Factors to Consider in Determining Customer Risk
In an ever-increasing digital environment, businesses face significant reputational and financial risks with increasing regulatory requirements, identity fraud schemes like phishing, social engineering, cyber-attacks, and account takeovers. With so many different factors, tools, approaches, and standards to take into consideration, it can be difficult to ensure that the most important processes are implemented to decrease risk. There are no one-size fits all processes or assessment criteria when determining customer risk.
Generally, the more complex the business relationship with the customer, the more rigorous the process and assessment criteria. However, even the simplest of customer relationships, still need to consider implementing a basic risk assessment model.
When a customer approaches a business, bank, or financial institution to open an account, a process should be executed to assess the customer’s risk. Some of the most important factors to consider when developing the risk assessment model, its’ process and assessment criteria include the way in which you interface with the customer (digitally or in-person), the products and services, the transaction method, the geography the customer is located, the customers’ behaviors and reputation and the compliance factor.
1. Customer Interface
If you are doing business digitally, there are entirely different forms of risk that must be managed compared to doing business in person. When conducting business online you need to consider the possibility that the person on the other side of the browser or email, is not who they say they are, alternatively is not a person at all, but rather a bot. Hackers steal personal and financial information to sell it on the dark web-enabling other fraudsters to buy identities and take over accounts. One way to limit or prevent these activities is by implementing a fraud detection solution that specializes in identifying these types of transactions.
Today, there are many fraud detection solutions for businesses operating digitally. These systems incorporate technologies that identify bot behaviors on your website, review the IP and devices from your customers, and much more. Essentially, these tools monitor all interactions taking place on your website, score the interactions, and generate a rating from which you can automatically approve, decline, or manually review a customer’s transaction.
2. Products or Services
The products and services that you are transacting are also a very important factors to consider when assessing customer risk. Tangible products have their own set of risks that need to be dealt with differently compared to intangible service type offerings. Generally, you need to look at the nature of your business and the types of customers it attracts. A business that sells a five-dollar product is going to assess customer risk very differently than a business that sells a one-thousand-dollar product. Similarly, a customer making a one-time purchase must be assessed differently than a customer entering a contract for an intangible, service-based offering that is paid over an extended period.
Geography is another factor that must be taken into consideration when assessing customer risk. You may be doing business in other countries that have a higher risk for money laundering. Doing business in other countries also requires evaluating the risks associated with transacting in other currencies. Business owners must look at and understand the normal pattern of activities in each of the different countries they do business in to ensure they are assessing each customer’s risk accurately.
The next two factors, the transaction method, and behaviors are arguably the most important and dynamic when developing a plan for assessing customer risk. Before delving into these factors, businesses should consider reviewing their own risk tolerance. Some organizations are more risk-averse compared to others that are more willing to take on risks. Often an organizations’ risk tolerance is reflective of the industry, products, and geography in which they operate. These factors will drive the underlying requirements or strategy in which the business must assess the transaction method and customer’s behaviors.
The transaction method has quickly become one of the more important factors to consider for assessing customer risk. Transaction methods are essentially the way in which you deliver the goods and services and get paid for them. The most typical ways businesses get paid for their products are by credit card, electronic funds transfer, or check. Businesses must become knowledgeable about all the different risks associated with accepting the various payment methods.
Accepting credit cards opens the doors to card cracking, chargebacks, refunds, account takeover, interception, and triangulation. These risks involve sophisticated fraudsters doing things from purchasing credit card numbers on the dark web and testing small transactions through your eCommerce system, or processing claims for invalid transactions, requesting refunds from stolen cards, to the unauthorized use of other customers’ passwords, and accounts. The world of accepting credit card payment methods is complex. Businesses accepting credit cards for payment methods must incorporate robust credit card fraud detection systems to evaluate their customers’ risk and the transaction method.
Electronic Funds Transfers
Risk must also be assessed when accepting payments through electronic funds transfers. As the number of and use of electronic funds transfer as a transaction method continues to rise so does the amount of risk associated with the use of electronic funds transfers. The FBI states that it was the most common type of cybercrime in 2020, with the number of incidents doubling from 2019 to 2020.
Electronic payment methods include ACH, wire transfer, eCheck, direct deposit, local bank transfers, and e-wallets. The risks assessed with electronic funds transfers must be evaluated differently than credit cards given the difference in their transaction times. Credit cards provide immediate response on the validity and success of a transaction whereas electronic funds transfers can take days. Credit cards provide immediate responses on the status, ownership, and known fraudulent use of an account. Electronic funds transfers are, for the most part, reliant on the information presented by your customer at the time of the transaction.
One of the more common type of risks from electronic funds transfer comes about from phishing schemes. There are several different types of phishing methods, but the most common method involves receiving a call, text, or email requesting the company change the payment method, bank account, on file. A fraudster may call a business pretending to be someone else, send an email with a link that goes to a page requesting login credentials or other information. Once the fraudster has phished the information from the business they use it to masquerade as a legitimate customer, acquire the product, service, or even monies they want to obtain from you.
Payment Fraud Tools
Businesses and payment associations are fighting back as they recognize the need for tools to quickly assess and limit the risk of electronic funds transfers. Tools like ValidiFI’s Bank Account Validation suite offer the ability for businesses to assess the ownership, identity, status, risk, and detection of fraud associated with bank accounts used in an electronic funds transfer payment method. Most financial service and technology companies have incorporated these types of tools into their processes. These companies are providing a financial benefit as their service and, hence, the greater need to ensure that they are delivering that benefit to the correct customer.
Beyond verifying the ownership of an account, it is equally important to understand the status and risk of the bank account early in the relationship with a customer. New business risks are emerging, and new compliance requirements instituted that mandate businesses validate that a customer’s bank account is open and authorized to accept payment transactions. Businesses need to continue to track these trends and assess their customers’ risk in this area. The electronic funds transfer payment method continues to gain in popularity and will undoubtedly be at the forefront for fraudsters’ target of opportunity in the future.
5. Reputation & Behaviors
No assessment of customer risk can be devoid of looking at reputation and behaviors. Reputation and behaviors are factors that can incorporate many broad and sophisticated screening, checks, and validation tools. Depending on your business and industry type there are several types of risks that should be assessed. Categorically, these can be classified into ID verification, fraud detection, risk assessment, financial, and compliance. A business providing financial services will likely take a more comprehensive approach and incorporate more of the categories and tools available to assess customer risk. Whereas a business providing less regulated or tangible products may only need a limited number of checks to ensure they have assessed their customer’s risk accordingly.
Identity can and may need to be verified differently depending on whether a customer is an individual or a business. If your customers are individuals, the identity verification may start with the verification of a social security number, name, address, email, and phone number. A business customer will need to verify some of the same components, but their tax ID will be verified differently than an individual and may include verification of business records at a state agency. Addresses, emails, and phone numbers are more universal in their verification methods. There are cost-effective and helpful tools to ensure that the address presented by your customer does in fact belong to them. Although this sounds trivial, it is an easy and important step to add to your risk assessment process. Similarly, there are tools to validate the status and ownership of emails and phone numbers. This too is a simple and important verification process that can quickly alert you to a red flag with a customer.
Detecting fraud, beyond what has already been described in this article, can incorporate several other factors and tools as well. Some tools may include screening and checks for legal or other types of publicly available records. When looking at public records it is important to evaluate the records in light of their association with the business transaction of your customer. The recency and the severity of the record are important factors to take into consideration to make sure customers are not unnecessarily eliminated from a transaction. Generally, the use of criminal, civil, or any public records are going to be reserved for businesses that are in heavily regulated industries and maintain more complex customer relationships.
One of the most popular factors for businesses in the financial services assessing customer risk sector is the use of credit reports. Credit reports have been around for nearly 30 years. The most common credit score is the FICO score, which provides a history of accounts from the sources including, banks, credit cards, merchants, and collection agencies. There are several components to a credit score, but most of the time it is used to determine whether an individual has the ability to make and afford timely payments.
Recently the traditional credit report has been supplemented with several alternative data sources to provide a more complete assessment of customer risk, given that not all individuals and business customers have a comprehensive credit history. The alternative sources can include data from payroll processors, rental payments, utilities, social media, and banks. Tools like ValidiFI’s Payment Instrument Risk Score and Bank Aggregation enable the assessment of credit risk by obtaining the credit and debit transaction records from an individual or business’s bank account. The transactions are run through sophisticated algorithms to generate a totally different view of the customer’s risk. Many bank and credit unions, especially those offering personal loans, have begun adopting these types of tools as they keep up with alternative financial providers who have already successfully leveraged the use of tools like Payment Instrument Risk Score and Bank Aggregation.
The use of alternative data sources, like banking data, has greatly expanded the ability of alternative financial service businesses to provide new and innovative financial products and services. Companies that incorporate a credit review as a factor in their customer risk assessment processes should consider incorporating these alternative data sources. Not only for a broader view of their customers’ risks but to potentially expand their ability to acquire new customers.
The last factor that should always be included in the assessment of customer risk is a compliance factor. This too greatly varies depending on a business and industry. Some of the most common compliance checks that companies will perform include sanctions and watchlist searches. More complex businesses may incorporate news searches and anti-bribery type due diligence checks. Many niche industries will have their own compliance check requirements too. For example, financial service providers offering products in certain states are required to check an individual’s military status.
Regulators are committed to cracking down on fraud and risk and more recently have encouraged innovative methods to detect risk that many leading financial institutions are adopting. Nacha, for example, is requiring that ACH Originators of WEB debit entries use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. ValidiFI has partnered with Nacha and offers a ground-breaking, combined solution to validate account information with an Account Validation service.
Determining Customer Risk With ValidiFI
As discussed throughout this article, there are several factors that need to be taken into consideration when determining your customer’s risk. The process of selecting which factors are relevant for a business is as important as selecting the right tools to use. Companies should start with determining their risk tolerance. From there, they should identify the factors that are a must-have based on the products, transaction methods, customer types, geography where they operate, and compliance factors. All while keeping a keen eye on trends and the evolving schemes fraudsters are employing.
Having a firm grasp on these factors and the tools available is critical to ensuring your risk model is properly and fairly assessing the risk of your customers. Contact ValidiFI to learn more.
Subscribe to our newsletter, if you would like to receive more posts similar to this: