Listed below are the top-three best practices to consider in the implementation and ongoing assessment of a comprehensive risk-based approach to fraud management.
Since an authentication score is likely a primary decisioning element in any risk-based authentication strategy, it is critical that a best-in-class scoring model is chosen and validated to establish performance expectations. This initial analysis will allow for decisioning thresholds to be established, accept and referral volumes to be planned for operationally, and benchmarks to be established against which follow-up performance monitoring results can be compared. Just remember, best-in-class doesn’t have to mean most expensive.
TARGETED DECISIONING STRATEGIES
Applying unique and tailored decisioning strategies—incorporating scores and other high-risk or positive authentication results—to various access channels and related levels of assurance simply makes sense. Each access channel comes with unique risks and available data, and various opportunities to apply an authentication strategy that balances risk management, operational effectiveness, efficiency, cost and customer experience. Champion/Challenger strategies also may be a superb way to test newly devised strategies within a single channel or subsegment population without risk to an entire addressable population.
It is critical that key metrics are established early in the risk-based authentication implementation process and are monitored often. If you don’t know where you want to go, you won’t know when you get there, especially if you never look at the GPS! Key metrics may include, but should not be limited to, actual vs. expected score distribution; actual vs. expected pass rates; accept vs. referral score distribution; trends in decision and result code distributions.