Fiserv Inc. has stuck to the same philosophy it had when it formed the EFT Solutions Risk Office three years ago: card-data security isn't an arms race - it's a battle of wits.
"It's brain against brain," says J.B. Rambaud, fraud department general manager for Fiserv Card Services, of the ongoing battle between security professionals and malicious hackers.
When developing Risk Office for Brookfield, Wis.-based Fiserv, Rambaud figured it was a high-stakes game in which people were more important than technology.
"I realized that the enemy we were fighting was a human brain, so I had to engage another human brain to fight against that," Rambaud says.
At Fiserv's Risk Office, individuals pore over payment-card transaction data around the clock to establish fraud-prevention guidelines based on in-depth analytics.
All data security vendors "score" transactions to determine their risk level, with a higher score representing a higher fraud potential, Rambaud says. Risk Office applies additional rules and logic to the data, eliminating unnecessary high scores, thus limiting the number of calls a cardholder might get as a fraud alert, he adds.
"The key is to establish one-to-one relationships with our clients while looking over the data daily," Rambaud says. "We really want to eliminate fraud and limit the impact of fraud cases so we make, maybe, three calls, not 10 calls, to a cardholder to confirm a transaction is not fraud over time."
Human intuition is an important part of fraud detection, says Julie Conroy, senior analyst and fraud expert with Boston-based Aite Group.
"You have to have the human element in all of this because the technology gives humans the tools to decipher the (transaction) patterns," she says.
Vendors form a "really powerful" tool against fraud when they collaborate with other security companies and agencies, Conroy says. "There are a few out there practicing collective intelligence efforts and they are all great," she adds.
Fiserv's mantra is to understand the cardholder's behavior and understand the organization that issued the card, Rambaud says.
"Each bank is different and its customers may have different spending patterns," Rambaud adds. "We want to enable good spending and eliminate bad spending."
Fiserv uses Fair Isaac's Falcon Fraud Manager software to score transactions and provide the basis for case management on each cardholder, Rambaud says.
"The Falcon Fraud Manager does a big job and all of the heavy lifting in letting Fiserv know what we should be paying attention to," he says.
As Fiserv monitors transactions in real time, the merchant at the point of sale "is not looking for anything else from us," Rambaud says.
The merchant knows the liability rests with the issuing bank, and thus relies on the bank and Fiserv for accurate authorization, he adds. "There is no need for exchange of information or for the merchant to collect data," Rambaud says.
However, Fiserv's bank and credit union clients are responsible for establishing screening guidelines and rules unique to their operations.
But over time, many banks choose to defer to Fiserv and allow the vendor's experts to handle all of the fraud-prevention decisions, Rambaud says — though Fiserv does not prefer that scenario.
"We choose to always involve and engage our clients in the process because it keeps the relationship fresh," Rambaud says. "We want them making the big decisions and they can't just blindly establish rules for their transactions."
Ultimately, the banks and Fiserv must realize they are in control of the outcome of the war against fraud. "The hackers try to sneak their way in, but we have the key to the kingdom and the power to deny any emerging risks," Rambaud says.
Risk Office represents a 24/7 monitoring service in which potential fraudsters are being watched at all times, Rambaud adds.
"It's a challenge, but I feel very strongly about the team we have here," he says.
Risk Office clients on average see a fraud dollar-loss reduction of 40% during the first year of enrollment, Rambaud says. "A hacker always tries to go under the radar, and we can get burned on occasion, but we recover and deny transactions quickly," he says.
Executives of a regional credit union in Florida last spring praised Fiserv's Risk Office program, saying it had substantially cut down on the financial institution's costs in screening transactions, while also reducing fraud.