Fraud prevention professionals are in a constant competition. Their opponents are organized cybercriminals who innovate new ways to commit fraud like it’s their business—because it is. Based on research from Aite Group, CNP fraud losses will reach $6.4 billion in the U.S. alone by 2021. Also by 2021, the global cybercrime industry that includes all the varieties of online payments fraud may be worth some $6 trillion--equivalent in size to the third-largest economy on the planet.
Fraud and other cybercrimes are driven by the seemingly endless development of new ways to evade security controls to steal merchandise and information, divert funds and hold organizations’ data for digital ransom. Meanwhile, even the best fraud prevention and cybersecurity organizations can find themselves playing catch up as new methods of crime emerge.
Why? The answer may lie in understanding—and overcoming—a situation similar to the Innovator’s Dilemma. This is a concept developed by late author, business consultant and venture capitalist Clayton Christensen in his book of the same name. In the book, Christensen outlined why well-run companies sometimes struggle and fail in the face of new technology and major change. He argued that the behaviors and practices that often make companies successful are at odds with the behaviors and practices that lead to innovation:
“Successful companies want their resources to be focused on activities that address customers’ needs, that promise higher profits, that are technologically feasible, and that help them play in substantial markets. Yet, to expect the processes that accomplish those things also to do something like nurturing disruptive technologies—to focus resources on proposals that customers reject, that offer lower profit, that underperform existing technologies and can only be sold in insignificant markets—is akin to flapping one’s arms with wings strapped to them in an attempt to fly.”
A dilemma that can hinder fighting fraud
Christensen’s Innovator’s Dilemma applies to businesses that face disruptions from competitors within their industry. But we can apply a similar principal to organizations that are successful at fighting the kinds of fraud that exist now, because of how quickly criminals evolve their approaches to fraud. Anti-fraud companies’ resources are directed to protecting customers from existing and emerging threats, and their customers depend on them to provide this protection.
However, in a traditional business structure that may leave few resources available to innovate beyond addressing new threats as they emerge. But innovating beyond rapid response is where the opportunities are to get ahead of opponents in the cat-and-mouse game of fraud prevention. How can companies maintain high quality protection for customers while also exploring new frontiers in fraud-prevention technology?
Building an ambidextrous organization
The key to maintaining a successful business while also fostering innovation is to structure the organization in a way that allows for leverage of the company’s existing expertise and tools—and for exploration that may not have a direct connection to business goals.
The guidance for creating an ambidextrous organization must come from the top and be built into the company’s culture. This may require a shift in leadership mindset.
First, leaders who want to overcome the dilemma of stability versus experimentation need to focus on creating a culture and practice of learning within their companies. Telling people what they should do feels logical when there are business goals to reach and customers with specific needs that must be met. But making space for learning is the first requirement for true innovation.
For example, consider all the ways that machine learning and artificial intelligence have been applied to fraud detection and prevention. AI can already detect fraud clues in individual orders quickly while reducing false positives. That on its own is a major improvement over rules-based fraud screening systems that are slow to adapt to changes in fraud tactics.
But AI systems are always learning, and the data scientists and fraud analysts who work with them are always thinking about new ways to leverage the power of machine learning. As fraudsters get more careful about setting off fraud flags in individual orders, they’re creating more sophisticated, macro approaches to defrauding merchants.
For example, a fraud ring might take over multiple customer accounts at a single bank, then use those accounts to make a variety of fraudulent purchases from a single merchant selling something the fraudsters want to resell. AI can and does learn to spot those patterns, too. Fraud experts have found ways to analyze batches of orders to look for fraud-indicator patterns within larger groups of orders, not only within individual orders. In our example, a spate of seemingly unrelated orders that pass muster might turn out to all have the same bank identification number on their cards, raising a flag to look for account takeover fraud.
What’s next with AI? What comes after or adjacent to AI in fraud detection? A learning organization is well positioned to find out.
Staying ready to pivot
Beyond making learning part of the company culture, leaders need to focus on doing what needs to be done during periods of disruption. This allows companies to sidestep the real trap of the Innovator’s Dilemma, which is staying stuck in patterns that worked in the past but no longer meet the needs of their customers.
For example, video service Netflix has moved away from its core competencies to meet market demands twice since its founding. First, it transitioned from loaning DVDs to members through the mail to streaming those videos online as streaming technology spread. Then it started producing its own original content to supplement its third-party catalog and attract new customers.
Now, during a period of intense consumer and economic disruption, Netflix’ business is growing as people look for entertainment in quarantine. It’s unlikely they’d still be in business if they’d insisted on sticking to their original core competency of mailing DVDs to subscribers’ homes.
The Netflix model of shifting competencies can apply to organizations in many industries. In fraud prevention, the next truly disruptive tools may not come from refining existing tools but from a completely new approach. To find that approach and develop it, fraud prevention organizations must consciously build a culture of learning and be ready to pivot to deliver what customers need.