Prior to the COVID-19 pandemic, financial services firms reported that staff spend 80% of their time aggregating data to review and only 20% of their time analyzing that data1. To solve efficiency issues, organizations have looked to Robotic Process Automation (bots or RPA) to automate their more labor-intensive, operational tasks. Their ability to generate significant productivity gains is the positive side of RPA. However, they also pose a threat when misused by fraudsters to steal identities, hack and deplete bank accounts and other criminal activities.
Despite this, nearly every large organization is looking for ways to increase business efficiency for repetitive, more resource-intensive tasks that are costly and inefficient to execute. RPA technologies allow many of the processes to be executed with greater control, lower costs and more productively. Bots are used in numerous processes in customer service and contact centers, where staying a step ahead of the client is paramount to customer retention.
One of the largest pain points for fraud investigators is the heavy case load and time spent inefficiently searching and accessing data, which minimizes time for evaluation and analysis. There is an ever-increasing demand for greater efficiencies in automating searches and reports so investigators can perform manual reviews and accelerate case completions more effectively. The impact of COVID-19 has stretched fraud investigator resources and reduced the number of manual reviews that can be completed by investigators. Some financial services institutions have temporarily discontinued them altogether, increasing their risk of fraud losses and client attrition. With fewer dedicated resources, the inefficiencies become exasperated, so bots appear to have a compelling business case. However, left to their own devices, they are not a catch-all automation tool when it comes to enabling fraud investigators. While they can be programmed to perform upfront search/retrieval tasks and backend case updates, they do not enhance critical, analytical capabilities to review data for red flags, pass/fail consideration and recommended next action steps. Non-bot automated tools are available to organizations to optimize these processes to enhance investigator productivity and effectiveness. While bots may have an upside for organizations looking to increase employee efficiency, according to Forrester2, just under half of the customer service organizations surveyed are using bots. Until a greater adoption of bots occurs, ROI models are not expected to mature and remain untested.
The configuration of bots as a botnet (large networks of bots) when used for nefariously, intrusive purposes costs organizations millions in preventative measures. In the LexisNexis® Risk Solutions 2019 True Cost of Fraud™ Study*, financial services firms reported dramatic increases in controlling botnet activity for new account logins and new account creations. In the most recent LexisNexis® Risk Solutions Cybercrime Report** many banks report double-digit year-over-year growth in botnet activities, and continue to see more bot attacks than any other industry. Driving these malicious activities is the automated creation of synthetic identities. Identities that are created by botnets and under the control of fraudsters combined with an upsurge in online consumer activity is causing particular vulnerability for retail, e-commerce, digital financial services and lending firms, even more so in the age of COVID-19.
As a defense, point solutions are commonplace for organizations combating the threat of botnets fraudulently attempting to create new accounts and taking over existing ones. While important, they don’t provide the holistic approach offered by scalable layered solutions necessary to combat these automated, at-scale, bots and bot networks. These solutions offer persistent, trusted, device, digital and physical identity recognition and a global digital identity network that shares threats and intelligence in near real-time. Adding behavioral biometrics provides the capability to decipher between bot and human interactions on keyboard and mouse movements, and speeds at which they occur. Early adopters in financial services and e-commerce organizations have successfully deployed passive, digital identity-based solutions that detect complex, (synthetic) identity fraud and botnet attacks. They have been particularly beneficial during the pandemic with greater usage of digital, home-based devices not previously exposed to a heavy transactional environment.
Given current economic conditions, bots will be pursued by organizations looking for quick-fix solutions to labor-intensive tasks not requiring high-touch analytical skills. Botnets will continue to be a threat to the increased digital behavior experienced during COVID-19 and beyond. In fact, the pandemic has only hastened the digital disruption which is being exploited by fraudsters and botnets at an ever-increasing pace. There is hope with fraud prevention and investigation tools that measure risk, with advanced analytics and decisioning to answer identity questions and confidently resolve fraud reviews, while effectively combating fraud in today’s ever-evolving fraud landscape.
1. Nice Actimize: https://www.niceactimize.com/blog/improve-fraud-investigations-using-robotic-process-automation-587/
2. Forrester: https://www.forrester.com/report/The+Top+Five+Best+Practices+For+RPA+In+Customer+Service/-/E-RES158360
* Internal Study: https://risk.lexisnexis.com/insights-resources/research/2019-true-cost-of-fraud-study-e-commerce-retail-edition
** Internal Report: https://risk.lexisnexis.com/insights-resources/research/cybercrime-report