Fraud Prevention Tips -- Bob Neitz, Wells Fargo
So what can banking institutions do to fight back?
Bob Neitz is the senior vice president in charge of the Fraud Corporate Risk Management Program at Wells Fargo. In an exclusive interview, Neitz discusses:
Neitz is a manager of the Fraud Corporate Risk Management Program at Wells Fargo, responsible for providing leadership and direction around cross-organizational fraud risk management for the enterprise, including all consumer, small business and wholesale businesses. With more than 14 years of experience in a Risk Management capacity, Neitz has held several other positions at Wells Fargo with various business groups, including online banking, consumer products and credit card businesses.
TOM FIELD: Hi this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about fraud prevention, and we are talking with Bob Neitz, Senior Vice-President of the Fraud Corporate Risk Management Program with Wells Fargo. Bob, thanks so much for joining me.
BOB NEITZ: Thanks for having me.
FIELD: Just to give our audience a bit of context how about you, tell us a bit about yourself in your role with Wells Fargo, please.
NEITZ: Sure. Well, I manage the fraud corporate risk management program for Wells Fargo, and what that really means is that I am responsible for insuring the fraud risks are effectively managed at the company across all businesses and channels. This includes insuring that we have effective preventive controls and detective controls to manage fraud risk.
FIELD: Now, Bob, when we talk about fraud at Wells Fargo, what forms of fraud are we really talking about?
NEITZ: In the financial services industry, there are several types and forms of fraud. Really, for our purposes, I would like to spend a lot of time talking about identity theft. Unlike perpetrator fraud, where the fraudster is usually a customer, identity theft is where a fraudster misrepresents himself as a true customer. So kind of to put a definition on that term, according to the Federal Trade Commissions, identity theft refers to the misuse of someone's personal information to commit or to attempt fraud. So this personal information can include name, social security number, address, date of birth or bank account numbers. And to give you some perspective, according to the FTC each year about 9 million Americans have their identity stolen. And in most cases, identity theft is more extensive than an isolated fraud attempt, and although identity theft is portrayed as this high tech crime that affects only people who shop or communicate or do business online, the FTC also reports that old-fashion techniques such as stealing wallets and purses, intersecting or rerouting mail are common tactics that thieves use to obtain the personal information. In the most severe of these cases, the results can be financial loss or damaged credit. It occurs when the fraudster uses the stolen information to perpetrate fraud. So given the magnitude and impact of identity theft to both our customers and our shareholders, it is imperative that the financial institutions understand and manage the fraud risk.
FIELD: So, Bob, given that as context, what is the role of fraud prevention at an institution like Wells Fargo?
NEITZ: First let me say that Wells Fargo believes in a layered approach to managing fraud risk. And while fraud prevention is an extremely important part, it is equally important to have detective controls to have the ability to resolve customer situations in a timely and effective manner, and a culture from the top of the house that addresses the organization's appetite for risk. With that said, an effective prevention strategy is the foundation for a fraud management environment. At Wells Fargo, we believe an effective strategy should include sound policies and procedures, have data driven customer acquisition strategies, strong multi-layered authentication practices, and education and awareness.
Now I would like to dig a little deeper into the importance of education and awareness of both our customers and team members. I believe in educating our customers about how they can protect themselves as one of the best fraud prevention strategies that an institution can deploy. For example, Wells Fargo along with the Better Business Bureau, co-sponsors the Javelin Strategy and Research ID Fraud Survey. This comprehensive survey now in its fifth year is independently produced by Javelin Strategy and Research. It is the nation's longest running study on identity fraud, with about 24,000 US respondents over the past five years. The report helps raise consumer awareness on identity fraud, which continues to be a serious problem in the United States. We believe this research helps consumers become better informed and better armed against fraud. So in the most recent report, there was an added understanding of consumer behaviors, and the situations that surround identity fraud. The research findings indicate that consumers have more control than they think, and many of them are actively taking steps to protect themselves. Since self-detection leads to a faster discovery of fraud, Wells Fargo encourages the use of online and mobile financial services to monitor accounts and reduce paper. Now an active use of online banking, online statements, bill pay, alerts that are sent to email addresses and mobile devices can help identify fraud earlier in the process. I recently read an article [that] sites a new Javelin study where eight out of 10 online banking customers view security as a shared responsibility. So we provide our customers with tools and knowledge to partner with them for stronger security, which I believe is the key to preventing fraud. Now we also utilize our online banking websites as a means to provide tools and knowledge to our customers and to the public. The Wells Fargo Fraud Information Center and Wachovia Security Plus Customer Center provide a great source of information. Both centers list contact information for reporting suspicious or fraudulent activity, tips for preventing fraud, and resources like fraud prevention quizzes, resolution kits, ways to recognize fraud. Some of the tips that we list on those websites include things like memorizing passwords or using combinations of letters and numbers to create your password. You should change your password often. You should never provide your social security number to a website you could not directly access or access through a link. And certainly, you should not download programs or attachments from unknown services. Offline, we also recommend that you retrieve your incoming mail promptly and have it delivered to a locked mailbox, refusing to give out your social security number unless it's absolutely necessary, and eliminating excess information such as driver's license number or social security number from checks. Then finally -- and probably one of the most important resources that customers can do-- is to review their credit report annually at a minimum. You can request a free credit report fromwww.annualcreditreport.com. It is a valuable way for consumers to understand and manage their own personal situation.
So in the same vein, we believe it is important to educate our team members. They are our front line defense to our customers. We provide training and communications on a variety of fraud topics to our team members. We deliver information on the internet sites, and we even have recognition programs designed to reward situations where our team members have protected customers. So I can't say it enough, but education and awareness is probably our best fraud prevention strategy.
FIELD: Well Bob, that is an area that I wanted to follow up with you. As you know the FDIC recently sent out an alert about online fraud that is particularly preying upon small to mid-size businesses. You know, the businesses are opening up emails that have got malware and the next thing they know they've got money being siphoned out of their internet banking accounts. What can you do to reach out to these small to mid-size businesses to make them aware of this threat?
NEITZ: Again, I think it gets back to having constant communication with not only our customers, but with our team members. So with our websites, we are trying to provide as much information as possible to our customers, which include small businesses and mid to large businesses, so that they can be better prepared and better educated to manage fraud risk. You know, again, we spend a lot of time talking to our customers and trying to communicate with our customers about the idea of being very aware in your situation, whether it be receiving emails or doing virus scans on a regular basis, and having the appropriate protection on your PC's. So I think, generally speaking, we try to communicate to our team members as often as possible through as many means as possible. Then I also think in my last statement around meeting with or educating our team members is also very important aspect. Our team members are often times the front line to our customers and can be very educational not only for their personal well-being but also to our customers.
FIELD: Now, Bob, when you look out over the entire Wells Fargo constituency, give me a sense of what individual groups can be doing to prevent fraud. When I mention individual groups, I'm thinking of managers, employees, and even the customers?
NEITZ: Sure. You know I've really touched on a lot of this already, but from my perspective, managers really set the tone of the culture. They outline the organization's appetite for fraud risk, and through their day to day actions and management the leaders of our organization have a significant impact on how well we prevent and manage fraud risk. Our employees again are our front line defense against fraud, and their willingness to follow procedures and policies go a long way to protecting our customer. And as I mentioned before, our customers view security as a shared responsibility, and therefore we need to provide them with the tools and knowledge to partner with them for stronger security. Wells Fargo and Wachovia have long histories of helping their customers when they find themselves in a difficult position of recovering from identity theft. But besides responding to a customer's effected, Wells Fargo or Wachovia accounts, we also refer customers to identity theft attack counsel, or assistance counsel, excuse me, ITAC. Now Wells Fargo and Wachovia are founding members of ITAC, which provides recovery assistance to victims of identity fraud. Now ITAC's website for more information is IdentityTheftAssistance.org.
FIELD: Now Bob you described just a daunting fraud landscape. What do you find to be your biggest fraud prevention challenges now?
NEITZ: Wow, so there many of them, but I would say the availability of information and resources to the bad guy community is the biggest challenge that faces the financial services industry. This information is used to facilitate fraud and identity theft, but the fraudsters are able to harvest and share their knowledge rapidly, which means that the industry must be prepared to respond just as rapidly. You know, often the information being shared has been directly obtained from the customer through social engineering and some of the things that we talked about before. An example again of the social engineering is phishing, right, which is usually like a two-part scam involving an email and a spoof website. Now fraudsters, also known as phishers, send emails to a wide audience that appears to come from a reputable company and in an attempt to convince the recipient to disclose personal or account information. And kind of what we talked about before with the mid to small businesses and the FDIC alert is that these customers need to have education and awareness, and we as an organization need to provide that education and awareness tools to our customers to help them prevent and manage fraud risk.
FIELD: Bob, just a follow-up on that, what are effective materials that you can provide customers and businesses in terms of awareness.
NEITZ: So again, there are on our websites, and again I'll mention they are Wells Fargo Fraud Information Center and Wachovia Security Plus Customer Center. We have a list of tips that we provide to all of our customers and to the public at large about what they can do to protect themselves. Again, there are things like not downloading programs or attachments, and there are also a whole bunch of resources on those websites that will help point customers to where they can obtain more information to be better educated about the system.
FIELD: Bob, you've been in this business for a good period of time now. What would you call your greatest successes in fraud prevention?
NEITZ: Well, I would have to say at this point I really think that our risk management culture from the top level management to our front line bankers is our biggest success. You know, protecting customers and helping to succeed financially is a responsibility of every team member at Wells Fargo. This is not just a message, but a way we do business. We obviously have team members whose job it is to manage fraud risk, and they're passionate about that. However, it is all the other team members where fraud management is not their focus, the tellers, the relationship managers, and others who make the difference. Their desire to do what's best for the customer leads to reduce risk of fraud and identity theft. So I really have to say that I think the culture of Wells Fargo has made the biggest difference and the greatest success in managing fraud risk.
FIELD: Now we speak to an awful lot of financial institutions that are smaller than Wells Fargo, certainly, and they are looking to bolster their fraud prevention efforts. If you could boil it down to a piece of advice to these organizations that are looking to do a better job, what would you tell them?
NEITZ: I believe that having a comprehensive strategy, including all the appropriate preventive controls, the detective controls, and effective customer resolution, along with a risk management culture across the enterprise is the best strategy to deploy. And when we talk about preventive controls, the focus on educating customers is really the single greatest thing we can do to prevent fraud. So how we help our customers to proactively protect themselves from fraud and identity theft is essential. In addition to these comprehensive controls and procedures to protect our customers and funds and information, we advise that everyone take an active role in protecting their own personal information. As much as we work for banks, we are all customers as well, and so everybody taking an active role in protecting their own personal information is a great step forward.
FIELD: So you really have to model the behavior, not just speak to it.
FIELD: Bob, I appreciate your time and your insight today.
NEITZ: Okay, thanks for the opportunity to talk about the topic that I am so passionate about.
FIELD: We've been talking with Bob Neitz with Wells Fargo. For Information Security Media Group, I'm Tom Field. Thank you very much.