E-Banking Offers New Types of Financial Risk Along With Its Rewards, Experts Advise RMA Conference

Each of the participating bankers has had different experiences with the quality of the customers who visited their sites. Joan Mohammed, vice president and head of risk management, Security First Network Bank, Atlanta, observes that approval rates go down in the virtual environment and counsels that banks must adhere to their credit standards.

Nick Carter, director of personal credit policy and risk management, Toronto Dominion Bank, found that the first customers looking for credit on their site were in a higher risk category than the traditional banking customer was.

Chris Conrad, first vice president for fraud management, First USA Bank One, Wilmington, Delaware, said that initially they had a greater number of higher risk applicants. (He also manages the bank's WingspanBank.com business unit which offers credit cards through partners such as AOL, Yahoo, and E*Bay.) He attributes heavy marketing to the adverse selection of applicants, but reminds bankers that they are the ones who determine who becomes a customer. "Your credit quality needs to be in a zone that you feel comfortable with," he adds.

The panelists all agree that application fraud is the biggest fraud risk in e-banking. "The anonymous Internet environment is heavily weighted toward application fraud," says Conrad, noting that his bank sees little of any other type of risk. He advises banks to rely on external databases and credit bureau information to identify fraud attempts. However, he observes that fraud perpetrators are becoming more sophisticated every day and warns banks to stay ahead of them.

Mohammed's bank uses a comprehensive approach to manage fraud risk on the Internet. It screens applicants on the front end, assuring that the perpetrator doesn't get in the door to begin with. She observes that once a perpetrator is in, he usually has enough information to defeat the bank's security screens. The bank tracks unusual deposit activity and combines that with its system to track unusual credit card activity. A cross-trained exception management team handles fraud on both the deposit and credit card sides of the business.

Security First has introduced a bank-wide training program for fraud. "This assures that everyone is responsible for fraud in the same way that everybody is responsible for reputation risk and other parts of our risk management framework," she says. Her bank also has created an MIS infrastructure to assure data integrity.

The participants also believe that verification tools offering real-time data are important for servicing customers who want speedy responses to their applications. They emphasize that banks need tools that can verify immediately the name, Social Security number, address and phone number provided by the applicant. Conrad says it is helpful for banks to build their own database of fraud experience. "We were very surprised when we monitored the volume of repeat offenders coming in and how significant it was."

RMA is the only professional association that specializes in promoting effective and prudent risk management practices for institutions of all sizes, across the entire financial services industry. Its membership consists of more than 3,000 financial service providers, which are represented in the association by more than 18,000 commercial loan and credit professionals in 50 states, Puerto Rico, Canada and numerous foreign cities, including Hong Kong, Singapore and London.