Risk & Fraud

Football and Fraud Prevention

By: Dan Draz, Manager, Risk Program Management (Enhanced Fraud Services) at PSCU

Professional football is back! While watching the first weekend of the regular season, it occurred to me that there are strategic similarities between the fundamentals of football and fraud prevention.

Great football coaches study their opponents. On game day, defensive coaches are able to predict with a high degree of certainty what their offensive opponent will do on the field when the down and distance situations are first and 10, second and eight, third and four, or fourth and a mile. Coaches can then position their players accordingly, relentlessly attacking unsuspecting offenses (double teams, safety, corner and linebacker blitzes) from various places on the field. On the other side of the ball, offensive coaches attack defensive weaknesses in the same manner, looking for zone coverage, player vulnerabilities and mismatches in one-on-one situations (6’4 wide receiver against a 5’10 defensive back or a speedy third-down running back against a slower linebacker) that they can exploit.

Like football coaches, fraudsters spend time studying their financial institution targets, identifying vulnerabilities and mismatches to exploit — just like the strategies coaches use on the football field. As organized crime rings attempt to score, a financial institution’s defense tries to keep them out of the end zone.

With that premise in mind, here are five themes at the core of winning anti-fraud and risk mitigation strategies for financial institutions:

  • Be More Proactive than Reactive: Getting out in front of fraud schemes is one of the keys to success. Proactivity takes many forms, but the common goal is to ensure that your financial institution has more well-thought-out, documented and preventative initiatives in place than reactive ones. That’s not to say that reactivity can be eliminated, as organizations are always dealing with some problem after the fact. However, truly great anti-fraud programs are more heavily weighted (80-90%) in proactive measures than reactive ones.

  • Be Fluid and Responsive: Timeliness is critical – engage quickly. Sitting on a risk mitigation decision for an extended period while your financial institution “kicks it around” (often referred to as analysis paralysis) is not a good recipe for any anti-fraud initiative. There’s a direct correlation between the speed of action and the prevention of large-scale losses. The longer a fraud attack goes on without a solid risk plan in place, the larger the losses will be.

    Regularly evaluate your financial institution’s rules, strategies and overarching fraud policy (processes and procedures) to ensure that they’re still working as intended. Update as needed given the current fraud environment.

  • Know Your Opponent: Effective fraud-fighting techniques are rooted in the film study and opponent-type training strategies used by college and professional football coaches. While financial institutions may not actually study game-day film of their opponents, industry training provides a significant amount of information about the type of fraud schemes and attack vectors they are likely to face. Understanding not only what cyber criminals like to do, but also when and how they’re likely to exploit a financial institution’s weakness, is critical to preventing fraud, reducing losses, mitigating risk and ensuring a seamless accountholder experience.

    To be effective, this education must be a continuing initiative. Given the dynamic and fluid nature of the global anti-fraud environment, the fraud which occurs today will likely be different than the fraud of the future. As such, it’s imperative that your employees are not only well-versed in existing fraud schemes, but the fraud trends that your financial institution might see going forward.

  • Compete Holistically: Singularly focused anti-fraud initiatives and risk mitigation strategies are rarely robust enough to solve the myriad of fraud challenges that organizations have. Effective fraud and risk mitigation programs are proactive in nature, but target the problem holistically. Holistic, among other things, means examining the situation with a 360-degree organizational view, including the risks, defenses, technology, assets, data, personnel, vulnerabilities, available resources, policies and procedures.

    While looking internally and thinking critically is a big part of the holistic anti-fraud and risk mitigation equation, there’s more to being holistic than just what’s contained inside a financial institution’s four walls. Don’t dismiss the value of collaborating externally with your industry partners, vendors and technology providers. Integrate them into the challenges and risks your financial institution faces to assist in the development of a well-planned, holistic anti-fraud program.

  • Think Like a Criminal: Your opponents are highly structured, well-funded and extremely organized as they diversify illicit tasks amongst specialists. Individual bad actors and sophisticated global organized crime rings study institutions, learn their tendencies, determine their vulnerabilities and attack when surprise is on their side.

    Identifying the fraud which might be used against your organization can easily be done when risk professionals “flip the script” and put themselves in the criminal’s shoes. If you were an outsider, knowing what you do about your financial institution’s strengths and weaknesses, how would you commit fraud against it, or what vulnerabilities would you exploit and why? Once you’ve identified the areas you’d target, simply go plug the holes before the bad actors get there.

The parallels between football strategy and fraud prevention are clear. Coaches and anti-fraud management teams have many choices when it comes to their offensive and defensive strategies. While there is no single mitigation technique or strategy that eliminates all of the fraud, risk or cybercrime that an organization faces, a combination of collaborative, proactive and holistic techniques will help your financial institution on your way to creating a robust anti-fraud and risk mitigation program. By understanding that one size definitely does not fit all, financial institutions are better able to position defensive resources and prevent opponents from scoring touchdowns every time they get into the red zone.

Dan Draz is the Manager of the Risk Program Management team at PSCU. Via the Enhanced Fraud Services (EFS) solution that he oversees, his team provides “concierge-level” anti-fraud, risk mitigation and member experience services for PSCU partners enrolled in the EFS solution. With 35 years of sophisticated anti-fraud, investigations, and risk mitigation experience exclusively in the private sector, Dan is widely recognized as a thought leader in the enterprise fraud risk management space and has been published in industry, news and trade publications. He has an M.S. in Economic Crime Management and has been a high-profile Certified Fraud Examiner (CFE) for more than 25 years.