Midwestern Bank Defeats Friend and Family or "Opportunist" Insider Fraud.
One of the Midwestern super regional banks had a problem. Spouses, children and potentially colleagues seemed to be able to routinely guess usernames and passwords, (or find them written down) to gain access to online accounts. Once they had access, they would transfer funds out of the account. Transfers the legitimate account holder would eventually dispute. It was a crime of 'opportunity'.
The bank had difficulty handling disputed transactions and account transfers when the access seemed to be legitimate while the actual account holder was adamant that it was not they who had used the account. Individually, the amounts were not that substantial and often did not meet the threshold for an ISP subpoena and legal prosecution. Collectively, however, the losses were mounting. Something had to be done to thwart "opportunists" besides simply repaying the dissenting account holder.
Authentify was consulted and implemented an automated outbound telephone call process that would be triggered by online fund transfers even with low dollar amounts. The call would be invoked by the Bank's Web server, prior to submitting the transaction to the backend for final processing. Strategic to the process, during the telephone call the user was advised a voice recording was being made and they were prompted to say their name, and speak the phrase, "I authorize this transaction." Speech recognition was used against the phrase utterance to ensure the phrase was spoken correctly. A wav file of the speaker was captured and stored. The cost of implementation and of telephone calls was significantly lower than hard dollars being repaid to accounts and the lost productivity in the customer service department.
Within 45 days of the "go live" date of the phone call process, claims of unauthorized funds transfers had dropped off by 70%. Most "friends and family" recognized quickly that armed with a voice recording, the bank had a better than average chance of proving one way or the other, who had used an account. The risk of being caught was too much for an opportunist or other insider to accept.
In instances when a transaction denial was made, the first step was to retrieve and play the .wav file for the account holder denying a charge. Faced with a telephone record of a call made to a home number, plus a recording of a familiar voice, these "misunderstandings" were cleared up relatively quickly. An additional 10% of routine fraud "repayments" were cleared up quickly. An additional benefit, the process provided protection against key logged account credentials as well. Losses due to credential compromise remained lower than reported industry averages.
While there were hard costs in implementing phone-based authentication the executives at the bank came to realize that more strongly authenticated end users could be trusted with offers that might not be made to the average online user. Instant loans, higher credit limits on existing credit accounts and other offers were extended to the more "trusted" users, not simply the most credit worthy. The revenue per 'authenticated' customer increased along with the reduction in fraud.