PULSE Fraud Expert Describes Six Essential Elements of a Fraud Incident Response Plan
Does your financial institution have a plan to guide its response to fraud incidents? A plan provides a framework for making critical business decisions in the midst of uncertainty and chaos, which are hallmarks of a fraud attack.
Six months after major retail holiday data breaches, Eric Lillard, PULSE Vice President, Fraud and Risk Management, says the time is right to put plans in place because additional attacks are inevitable.
“Over the next couple years, the risk of events like the recent data breaches is going to continue to be a challenge to the industry,” said Lillard.
Fraud Incident Response Plan
Lillard says every financial institution needs a Fraud Incident Response Plan to provide structure and rational thinking during the stress and anxiety that accompanies these events. Essential elements of a Fraud Incident Response Plan include:
- Profiles of your transaction-level activity to aid in the rule strategy development process;
- Contact information for all process participants, including internal and external departments, vendors, decision makers, approvers, etc.
- A clear understanding of your organization’s rule strategy approval process;
- An accurate inventory of all fraud strategies currently in place within your financial institution;
- An understanding of known gaps or risks that you may have in your fraud mitigation program to help reduce surprises during the heat of the battle, and, where possible, identify potential solutions to those gaps;
- Lastly, recognizing that fraud never sleeps, documentation of the hours of operation that your fraud service provider (internal or external) is available.
Lillard recommends establishing an effective communications program to keep cardholders informed about emerging threats.
“Having the ability to communicate effectively and quickly with your cardholders is invaluable,” he said. “Financial institutions should be diligent in their efforts in communicating with their customers about fraud.”
Recognizing that various forms of phishing attacks often follow breaches, Lillard recommends reinforcing the basics in communications to cardholders, such as your policy regarding disclosure of account information and PINs.
Finally, financial institutions need to assess their fraud mitigation tools, systems and resources. PULSE offers DebitProtect®, a sophisticated fraud mitigation service that evaluates debit card transactions in milliseconds, detects fraudulent behavior and can block suspected fraudulent activity before a transaction is approved. As of April 2014, the authorization blocking service had blocked more than 4,000 attempted fraud transactions, saving financial institutions more than $1 million. For more information, visit DebitProtect.