by Brian Shniderman

Security Breaches and Fraud: Managing a Trust-Damaging Event

Aug 27, 20085 mins
PrivacyRisk Management

When a credit card company or card issuer fails to manage the impact of a security incident that leads to fraud, customers will likely take their business elsewhere.

How a credit card company or a card issuer manages a trust-damaging event, such as fraud, can have a major impact on long-term customer relationships.

Falling victim to fraud is an event most consumers dread, and for some fraud victims, their worst fears are realized. Just look to the headlines of last week—with the indictment of 11 people for the organized hacking of nine major U.S. retailers—and think about how 40 million cardholders reacted to the news.

Among victims of fraud surveyed by Deloitte LLP, 44 percent said they found the experience to be somewhat or very disruptive to their lives. That’s a significant number, and when an issuer does not effectively manage the impact of a fraud incident, customers are likely to change their behavior in ways that directly affect profitability. For example, 17 percent of fraud victims said their level of trust in their issuer had decreased.

Read tips on how to prevent identity theft and fraud from reformed con man Frank Abagnale. As he says, “If you haven’t been a victim of identity theft or fraud, it is because thieves haven’t gotten to you yet.”

This loss of trust can lead to lost revenues. Roughly half the fraud victims reported having a checking account with the financial institution that issued the cards they used most often and 41 percent reported having a savings account. These products are at risk when a fraud incident is not well managed. Twenty-nine percent of fraud victims said the incident had led them to reduce their business with the financial institution—including using their card less often, canceling the account, or even canceling all products they had with the institution. The result of mismanaged fraud incidents can be lower net interest margin, revenue lost on other products, and higher customer acquisition costs to replace the lost business.

The problems often don’t end there. Dissatisfied consumers are inclined to tell friends and relatives about their unhappy experience—becoming, in effect, the opposite of the positive customer advocates that financial institutions want to create. In fact, roughly two-thirds of the fraud victims surveyed, and half of other consumers, said they knew of friends, relatives, and colleagues who had recently experienced fraud. Simply put, a poorly resolved fraud event creates ripples that travel far beyond the original consumer.

If, on the other hand, a payments provider handles a fraud incident effectively, it can result in a stronger customer relationship. Actions such as alerting customers to potential fraud, quickly stopping use of their card and helping them easily resolve unauthorized transactions tend to resonate with consumers.

While 17 percent of fraud victims said their trust in their issuer had declined, fully 40 percent said the experience had increased their level of trust in the provider. These issuers were able to use the fraud-resolution process to turn a negative experience into a positive bond.

The wide variation in fraud resolution—and the impact on the customer experience and trust—were evident in the comments of fraud victims surveyed. Among those who were clearly less satisfied, one noted, “It took several attempts to get them to refund the cost of the fraudulent transactions. They then reneged on their refund and I had to make several attempts to resolve what seemed to be a clear case of fraudulent use.” Another said, “They continued authorizing purchases for another 72 hours after they were advised that the card was being used fraudulently.”

The question is: What are the factors that determine whether trust will be damaged or strengthened when fraud occurs? The Deloitte survey examined performance on 14 specific aspects—which included accuracy in recording financial information and ability to protect against fraud, among others—of the fraud resolution process and, again, the highest-rated issuer for each attribute was better than the lowest-rated by a wide margin. The highest-rated issuer was rated highly on accuracy and fairness by 88 percent of fraud victims, as compared to only 67 percent for the lowest-rated issuer.

Eight-five percent of fraud victims were very satisfied with the performance of the highest-rated issuer in alerting them to potential fraud, while only 57 percent of respondents felt the same about the issuer that received the lowest ratings. Across all 14 attributes of the fraud resolution process, most institutions need to substantially improve their performance.

An analysis of the survey responses found that consumers’ satisfaction with how their issuer resolved their fraud incident was largely driven by how well they believed their issuer had managed these 14 specific aspects of the process. Among the fraud victims surveyed, a consumer’s ratings of their satisfaction with these 14 attributes of the fraud resolution process explained 75 percent of the overall satisfaction they reported with the process. How well an issuer executes on these 14 attributes is likely to have a direct bearing on satisfaction with the resolution and, ultimately, trust.

Brian Shniderman, is one of the leaders for Deloitte’s U.S. Payments service line and a director of Deloitte Consulting LLP, where he works with companies in the banking and payments sectors.