Matt Raile is BillGO’s Senior Vice President of Fraud and Bill Pay Operations. Before joining BillGO, Raile served as the Fraud and Operations Strategy Manager at Huntington National Bank. His 20+ years’ experience in the financial services industry has given him a deep understanding of the fraud landscape and a unique perspective on how financial institutions (FIs) are responding to new and emerging threats.
We asked Raile to discuss these newer threats, as well as the importance of bill pay fraud protection, how FIs can evaluate and modernize their current fraud mitigation solution, information sharing in the bill pay ecosystem and finding the right balance between giving consumers the online bill pay experience they want while meeting the need for robust payment security.
Q: How has the fraud landscape changed in the past 12 months? Has COVID-19 changed any of the threats FIs are facing?
COVID has not introduced a new fraud threat per se. What it has done is increase the probabilities of existing fraud threats. Businesses have had to make major shifts in how they operate in order to protect their employees and customers during the pandemic.
COVID has also driven consumer behavior to leverage non-traditional means of banking, and we are seeing a large influx of change as banks scramble to keep up with digitally-mature competitors as well as new challenger models from the likes of Google, Apple and many emerging fintechs. As more consumers interact with digital banking tools such as check deposit and bill pay, the importance of strong security protocols increases.
The days of walking into a brick & mortar branch to complete your banking activities have been greatly changed, at least temporarily. The long-term effects of these new habits are yet to be seen.
Fraudsters are like water—they follow the path of least resistance.
Q: How so?
Fraudsters try to leverage any advantage they can. Many employers have shifted to work-from-home models, which can expose companies to more online threats such as higher instances of social engineering, phishing and malware. These threats increase the likelihood of account takeover (ATO) fraud, identity theft and so on.
The large FIs are in pretty good shape—not perfect, but they’ve been doing this for a while and already have a lot of protocols in place. But the small- and midsize FIs are feeling the pressure to catch up.
Q: Do you see any capability or technology gaps with respect to fraud across most of the FIs you talk to?
When it comes to fraud mitigation specific to bill pay, what we see across the financial services industry is a challenge in communication and data insights at the macro level. Many of today’s solutions to thwart fraud are very specific to the transaction level, not the customer level. This creates gaps in the FIs' ability to glean insights.
Q: Why are some FIs slow to modernize their bill pay fraud mitigation?
Historically speaking, there hasn’t been a great business case to invest in new bill pay fraud solutions—that’s the problem. For the most part, FIs dedicate the majority of their resources towards the largest area of fraud loss. In some cases, bill pay fraud loss may be hundreds of thousands of dollars per year, compared to card-fraud loss, which can amount to millions or even tens of millions of dollars. Knowing that’s the score, where do FIs stack the technology and resources? It’s not in bill pay; it’s in the card space.
Q: What kind of investment are FIs looking with respect to new, modern bill pay fraud mitigation solutions?
It can be a sizable investment, but one of the great things about BillGO is we made the investment so the FIs we serve don’t have to. Because we view fraud mitigation as a critical component of the entire bill pay life cycle, we baked in a robust fraud mitigation component as part of our offering. This means our customers get best-in-class bill pay capabilities and boost their overall security posture at the same time. This is a win-win for FIs that are looking to differentiate and modernize their digital banking ecosystem, especially since they may not need to dedicate additional resources to upgrade their bill pay fraud systems.
Combined with the consortium effect we offer, our solution is very attractive to banks that are looking to bolster their fraud defenses.
Q: What do you mean by consortium effect?
Ok, so say there are three banks—Bank A, Bank B and Bank C. One of Bank A’s customers makes a payment to an individual or business that has been deemed as fraud, and the other two banks also have customers sending money to that account. If the other banks haven’t yet identified fraudulent activity, the consortium effect allows us to push information, so Bank B and Bank C are made aware of the threat identification made by Bank A.
Q: So essentially, we’re talking about information sharing?
Exactly. We don’t share any personally identifiable information (PII), but we can notify the other institutions that we have a very strong reason to believe there may be fraudulent activity involved with a customers' activity.
Not only do we have this state-of-the-art fraud mitigation solution running in the background, but - because of the consortium - we can also push intelligence to FIs so they can look more closely at certain accounts or transactions to identify patterns analysts may miss. And once they’re onto something, they can analyze it more closely to uncover things like wire fraud, card fraud or whatever else the case may be.
Q: Are FIs getting all the information they need from their current bill pay fraud providers?
Having been on the bank side for more than twenty years, I know that — for the most part — many FIs work with fraud prevention providers that operate in a black box. They have their own “secret sauce” and many of those aren’t especially transparent or forthcoming with the FIs.
In many cases, the fraud prevention providers want the FIs to keep coming back and renewing their subscriptions, but the other reason they have this mentality is because they don’t want the FIs to take too close of a look at anything that might shake their confidence. Maybe the vendors haven’t updated their fraud detection model in months to years, or perhaps they say they are monitoring specific activity but in reality, no changes have been made to the models.
That’s a real problem, and it’s all too common: fraud solutions are kept under lock and key, meaning the FIs and their fraud analysts lack visibility from the institutions and fraud analysts that rely on them.
Q: Do you think the “black box/secret sauce” model will be going away as FIs recognize the value of more transparent fraud solutions?
I think the MO will stay the same. There’s a lot of information sharing among the industry about threats and how the fraud landscape is changing, but the intellectual capital of these solutions is all the providers have to thrive on, so many of the fraud-prevention providers will likely continue to keep things under wraps as long as they can. This won’t change until either until FIs demand more transparency or until solutions providers see the value in being open. I think BillGO is a catalyst for both.
Q: How is BillGO’s bill pay fraud mitigation solution different?
First, it’s important to understand that BillGO is not exclusively a bill pay fraud solution. We’re providing a mass change in the bill pay ecosystem by baking in state-of-the-art, best-in-class fraud mitigation.
Second, our model is not static. The rules are iterative—we can adjust things, make changes on-the-fly and tweak models to our clients’ portfolios, desires and needs. For example, FI fraud teams may want to look at a velocity-pattern change of a particular consumer slice of their portfolio over the last 12 months; one bank may want to analyze payments more than 1.2X of the standard deviation, while another wants it at 1.5X or even 2.5X. We can do that. Turning the knobs and dials, so to speak, allows us to deliver strategic value to our clients.
And third, because BillGO is changing how the industry manages bill pay, we’re introducing a higher degree of transparency than most other solutions in the marketplace offer. When it comes to the fraud component of our solution, we sit down with the FIs and explain our false-positive rates, fraud detection rates and every rule or model, and then we work with each institution’s fraud teams to ensure their risk appetite is being met.
That level of insight and visibility isn’t currently provided by the typical fraud-prevention vendor, and it’s a real differentiator for BillGO.