At 150 years old, the Bank of New Zealand has learned a thing or two about keeping its customers happy. Age has not withered it: instead it remains a lively source of innovation, and retains its commitment to ensuring that its 5,000 staff continue to provide exemplary service to its one million-plus customers.
[youtube]http://youtu.be/3PoUibXDF2A?width=300&height=210&align=right[/youtube]
“We are the oldest trading bank in New Zealand,” says Steven Mockett, the bank’s chief operating officer. "But that doesn’t stop us directing a lot of our energies into making sure we stay at the forefront of modern banking practice, and to bringing the capabilities of the best available technology solutions into our operations.”
“Raising customer satisfaction levels and innovation are key performance indicators at BNZ,” he explains. “All our initiatives are assessed against these criteria.”
Counterfeit fraud – the post-holiday blues
The underlying customer expectation is the security of their data and their transactions. But like all banks, BNZ has to deal with the realities of modern fraud activity. Fortunately New Zealand has escaped the attentions of some of the more dedicated global criminal gangs, and the rate of fraud remains comparatively low compared to other advanced economies. But the country does have a real problem when it comes to counterfeit fraud.
Michael Turner, the bank’s fraud initiative manager says, “When I first started looking at fraud in about 2002 the majority of incidents were related to domestic mail theft and stolen cards. Counterfeit fraud only accounted for about 18 percent of fraud incidents. That situation has reversed over the last few years. Counterfeit credit cards are now the biggest problem that we face, which undermines customer confidence.”
Mockett concurs, “The problem tends to occur when our customers go overseas. New Zealanders are great travelers, but if their cards get compromised when they go on business abroad, or simply go on holiday, it can create all sorts of problems for them when they get home. Quite apart from the financial loss, which of course, the bank picks up, there’s the whole problem of identity theft, and that sense of invasion that they get when someone has been rummaging around their credit card files.”
The other problem with counterfeit fraud is that the traditional remedy is to block the affected account, and re-issue a card. It can be incredibly inconvenient, as Mockett and Turner are the first to acknowledge. Mockett points out, “The last thing you want when you are away from home is to have your credit card blocked. I wouldn’t want to go through it, and we don’t want to put our customer through it. Counterfeit card fraud is a monetary problem – but it’s also a customer experience problem. And that was simply not acceptable to us.”
Locking the back door
BNZ started to look for a solution that would protect its customers by mitigating counterfeit credit card fraud. The advent of chips on cards was considered to be a major step forward, but it still didn’t address the problem completely. Turner explains, “A chip on a card is like having an incredibly strong front door, but because cards retain data in the magnetic strip, you still have a back door that is wide open. In other words chip protection is incomplete. The data on the mag stripe does not normally change for the lifetime of the card. When we looked in detail at what fraudsters were doing and how they did it, it was the data in the mag stripe that was being compromised.”
That realization was the genesis of the new solution. Pulling together members of the bank’s fraud team, Turner and his colleagues came up with a solution they called Liquid Encryption Number or LEN. Turner explains how LEN works, “Very simply, the solution changes the last three numbers on the magnetic stripe each time the card is used in one of our ATMs. By changing the data every time the card is used we make the previous data null and void. If a fraudster has stolen the data from the mag stripe and tries to use it, it will be out of date and the transaction will be flagged and declined.”
Mockett continues the story, “As a solution LEN is incredibly simple and elegant. It doesn’t require our customers to change their behavior – they just carry on using their cards as normal and protect themselves in the process. It also didn’t need a huge investment in technology or new systems.”
The technology toolkit
BNZ had used ACI Proactive Risk Manager™ from ACI Worldwide as its fraud detection and prevention system for a number of years, having been introduced to the technology by parent company, National Australia Bank. Turner says, “Proactive Risk Manager is a critical part of our fraud management program. It is a flexible solution, and its rules are easy to manipulate – you don’t need to be a fraud expert to use it or understand its reports. We get a complete visualization of our entire fraud management operations, and real-time feedback on transactions and operators. We knew that Proactive Risk Manager would play an incredibly important role in any solution we came up with.”
To implement the new solution, Turner’s team at BNZ made some adjustments to the bank’s network of ATMs so that they could change a card’s LEN. It also required work to the authorization system over an eighteen month period. But once in place, the BNZ team made a simple adjustment to the rules within Proactive Risk Manager so that it would highlight and flag up any mismatched transactions where an old LEN was present on the magnetic stripe of the card being used.
“Proactive Risk Manager is a critical part of LEN,” says Turner. “It’s already linked into all our systems, and is capable of performing some pretty powerful analysis. But in this case it was the system’s simplicity that really shone. We didn’t need to bring in the ACI team for a major reconfiguration or update. We simply rewrote some rules, and the LEN solution was fully operational. It’s a testament to how easy Proactive Risk Manager is to use.”
Because Proactive Risk Manager holds historic data for six months, BNZ’s fraud analysts can identify the initial point of compromise. Using Proactive Risk Manager they can then identify all other customers that may have been affected and, rather than having their cards blocked and reissued, customers are advised simply to go to the ATM and use the card to check their balance or make a withdrawal, at which point the data on the mag stripe is changed.
A global success
Since introducing liquid encryption numbers, BNZ has seen up to a 75 percent drop in counterfeit card fraud. In conjunction with Proactive Risk Manager, it has allowed the bank to offer its customers the highest levels of protection without inconveniencing them in any way.
“What I like about LEN is its simplicity. It’s such an elegant solution,” says Mockett. “Our customers go about their daily business, using the bank’s services as they always have, while in the background the LEN system is working on their behalf to protect them. All we really have to do is to encourage customers to make a stop-off at the ATM a regular part of their routine. ATM users are now our safest customers.”
In addition to reducing the losses incurred by the bank from fraud, LEN has also had a reputational impact. “A mass recall and re-issue of cards is not good for a bank’s standing with its customers,” points out Mockett. “It’s bad public relations. Now we don’t have to do that. The card has an internal protection mechanism that the customer can contribute to. We have 750,000 customers on the system now, and they have been very positive about LEN, as have the regulators. But I think our customer service agents are the most grateful of all. They no longer have to tell a customer that their card is being blocked. They just tell them to get down to the ATM – it’s a much nicer call to make!”
BNZ now has plans for the commercialization of LEN, and is in discussions to license it to a number of institutions worldwide. “We think LEN has huge potential,” says Mockett. “Its simplicity makes it easy to transfer across global banking systems. Our card-present fraud has reduced dramatically, and we can now help other banks do the same, while promoting New Zealand innovation.
“It’s not often you get the chance to improve customer satisfaction, boost your own P&L and contribute to the public good,” he concludes. “But that’s exactly what we have with LEN.”
Download full details