Trying to solve today’s Address Change problems with yesterday’s tools
In a well-aged Minneapolis neighborhood, not far from my office, there is a typewriter repair shop. Every time I drive by, I find myself peering into the shop windows looking for signs of life. I certainly wish the owner of this typewriter repair shop nothing but the best, but I would be lying if I said I didn’t have some serious questions about the long term viability of his/her business. Typewriters were once a great tool, and undoubtedly contributed to some of the greatest literary accomplishments the world has ever seen. But the truth remains, eventually we just found a better way.
So too it seems, the banking industry is poised to find a better way when it comes to address changes. Why are address changes so complicated? The answer is simple: because a significant amount of consumers move each year, and thieves prey on address changes as a gateway to set-up their account takeover schemes.
Whether driven by compliance policy, fraud policy, or some combination of both – banks and other financial institutions (FI’s) have traditionally relied on paper documents to validate their address changes. Namely, notification letters and signature forms. However, there are potentially serious and costly implications when maintaining the status quo on address change controls. In this post, we will dig into some of the pitfalls associated with each of these practices. Side note: For you futurists out there, we are increasingly seeing FI’s use newer authentication techniques for handling address changes. In a future blog post, we will examine some of the associated issues with that as well.
Address Change Notification Letters:
Many financial institutions have adopted the practice of sending address change notification letters in order to comply with federal legislation, specifically the requirements contained in Section 114b of the FACT Act Red Flag Rules. While this practice meets compliance, it does almost nothing to proactively prevent fraud. There are several reasons why letters are ineffective for preventing fraud and solving associated problems:
- Slow – It takes four to six days for a piece of mail to arrive at its intended destination. As today’s fraudsters are sophisticated and fast enough to liquidate an account in a matter of hours, a control that requires four to six days to complete is simply not effective.
- Easy to miss – Modern communication has shifted away from physical mail, and the attention of modern consumers has shifted with it. As consumers today are bombarded with information in the form of “snail mail” and electronic communications, chances are customers will not respond to address change notifications in a timely manner.
- Costly – The cost of postage for a First Class piece of mail is now $0.49, and that cost is expected to rise over the years to come. This cost is doubled for most FI’s, as common practice involves sending one address change notification letter to the customer’s previous address and another to the new address. Additional costs include the production of the letters, the cost of handling mail returned as undeliverable, lost interchange revenue due to card “holds” placed as a result of the address change, and of course, the losses and damages associated with fraud.
Address Change Signature Forms:
Another approach taken by FI’s for mitigating fraud risk and meeting compliance is asking customers to sign a form with every address change request. This process typically requires that the customer visit a branch to sign the form and update their address. This approach also introduces its own set of problems:
- Inconvenient – To require a customer to come into a branch simply to update their address is at a minimum inconvenient, and in many instances, downright impossible if your customer has moved hundreds of miles away and can’t feasibly visit a branch. In an era when more and more consumers are migrating to branchless banking, this practice simply doesn’t meet their needs.
- One-Dimensional – As the industry moves away from signature-based fraud controls (most notably the move from signature-based payment cards to EMV), FI’s are best served by taking a layered approach to fraud prevention. While requiring a signature in person can be a deterrent to criminals looking to hijack the address change process, it shouldn’t be thought of as a comprehensive fraud detection strategy. There are many known fraud schemes that involve runners actually entering the branch posing as someone else to conduct business, and the address change process is no different.
The bottom line is that, while FI’s are “compliant” with regulations by using these outdated paper forms and documents for address changes, they incur large and unnecessary costs (real and opportunity costs), while missing the intended objective and spirit of the regulation: fraud prevention.
Bringing Context-Awareness to Address Change Controls
Hundreds of financial institutions have adopted an automated approach to handle address changes in order to better prevent account takeover fraud, reduce the cost of address change compliance, and streamline address change operations. The end result is a process that is smarter, faster, and safer.
The automated solution runs behind-the-scenes and uses massive databases and context-aware scoring to assess the riskiness of the address change request. To significantly reduce operations costs and investigative expense, this method uses data-driven intelligence to answer the fundamental question: “Based on all of the information available, does this address change make sense?” If the address change is below a certain risk threshold, then the FI can accept the change without any manual intervention—and satisfy compliance requirements. In those much more infrequent cases where the solution identifies the address change as suspicious, the FI has the information needed to take action. This new approach is more effective as a counter-fraud measure, cheaper, compliant, and results in less customer friction.
For FI’s that feel nostalgic, the old paper methods may provide nice memories of a bygone era. A time when address change verification was simple, and replacing the ink ribbon on your typewriter was as easy as a visit to the corner shop. The trouble is that fraudsters love outdated protections and are counting on nostalgia for their next big pay out.
Written by Matt Schraan
Vice President, Product Development and Client Solutions
Matt has dedicated his professional life to building products that reduce fraud risk, meet compliance requirements, and maximize value from fraud detection techniques. He has presented at numerous industry conferences on counter-fraud topics such as account takeover, application fraud, identity verification, and compliance strategies.