MADISON—The risks of e-commerce depend on the type of e-commerce your organization is doing, according to national e-commerce experts. Bankers met here in June to hear a national audio conference on the risks of e-commerce and a follow-up discussion by Wisconsin e-commerce experts at a meeting of the local group of RMA Wisconsin.

Nicholas Carter, vice president and director of personal credit policy/group risk management for Toronto-Dominion Bank in Toronto, reported that the institution has experienced an increase in risk from its online services. "We’re getting more fraudulent customers than good customers, and we’re not getting the volume on the credit side," he said.

"The … concern a few years back was that anyone anywhere could open a bank. We thought we’d be facing competition from the Bank of Figi and that Internet banking would have cost advantages and so could advertise more heavily," Carter observed. "But people have discovered that it’s more expensive than they thought and more open to fraud. "The customer pumps information at you [quickly]," he noted. "And getting to know your customer quickly demands additional techniques and more credit risk management."

Joan Mohammed, vice president of risk management at Security First Network Bank in Atlanta, GA., (the world’s first Internet bank) reported a somewhat different experience. Security First does mortgage lending through a subsidiary in Chicago. While fraud is not a significant problem, costs are sometimes higher than in traditional banking. "Internet customers are similar to direct mail customers, but your approval rate goes down," she said. Mohammed noted that some "undesirables" apply for mortgages. "If your approval rates go down, your costs go up," she said. "You also spend a lot of money to draw customers to web sites."

Bricks and Clicks

Security First, a subsidiary of the Royal Bank of Canada, has two branches in Canada and is considering a third in London. It follows a "bricks and clicks" philosophy, Mohammed reported. It has both brick-and-mortar and Internet-based branches.

Application fraud can include instances of individuals using stolen Social Security numbers or phone numbers that don’t match addresses, Conrad advised. A credit bureau, third party data service, and customer risk tools can provide useful information. "Also look at the Social Security number, phone number, address, driver’s license number, and date of birth," he recommended. "Take all this information and put it together and then set your tolerance for an applicant coming through the door." For example, a bank may decide to provide service even if one or two items don’t match but withhold service if more items don’t match or if certain critical items don’t match.

Financial institutions can further prevent fraud by building a negative file of fraudulent accounts, since there’s a high volume of repeat offenders. "Look where some phone numbers may have shown up 30 times in applications in the last few days, or where multiple applications are coming from a single pc," Conrad suggested. Another possible proactive step might be to set a threshold — such as $15,000/day or another figure — on the amounts deposited and withdrawn against in a single day, Conrad proposed. Mohammed suggested the most common Internet banking fraud is application fraud or identification takeover. To combat these threats, First Security takes a four-pronged approach:

1. Screen applicants.

2. Use computer tools to track behavior, such as unusual activity on the deposit side.

3. Build training and awareness. "This is not something that can be done by a single person or a team, but must be done by everyone," Mohammed said. At First Security, training is a part of employee orientation.

4. Use "information measures," to tie together all information about customers and their accounts.

Following up the national panel, a Wisconsin panel answered questions from state bankers. Debra Lins, president of Community Business Bank in Sauk City, posed the first question: "How does a high-touch business merge with technology?"

Tom Farin, head of Farin and Associates and its subsidiary, CyFI Services in Madison, responded: "One way is by rethinking its philosophy [and] looking for new technology that merges with high-touch," he said. If I start a loan application on the Internet and then stop and walk into a branch office, your loan officer needs to be able to pick it up right where [I left off]."

Farin pointed out that, unlike the national panelists, most community banks find that fulfillment takes place in their lobby. "You know your customers," he said, implying that there is a lower risk of fraud. "The Internet extends your ability to know your customers."

Fraud is not the primary issue for Wisconsin bank customers, observed John Stathas, chief operating officer of Virtual Properties in Madison. "The customer concern is for privacy and having their information passed to others," he said.

Linda Steil of FISERV advised: "First determine what you want to do with an internet site." Decide whether to market across the country or primarily to existing customers. "If the Internet is just a service and a delivery channel . . . primarily to your customers, the fraud risk drops dramatically," she said. "First, you need to identify your goals and develop a plan."

The three Wisconsin panelists also predicted Internet banking developments in the next 12 to 18 months.

"If you want to use the Internet to expand, you’ll have to look at bill presentment to commercial customers, which can be costly," Steil said. Some demands for new technology, products and services can be met through partnerships. In fact, Steil said, "the key is your partnerships."

Farin added, "You will need to offer full-service—including insurance and brokerage services—and community banks can do this through partnerships." He also predicted more volume on bank web sites. "People may visit twice a week, more often if you offer brokerage services." Building traffic will make Internet banking more worthwhile.

Along with the increased volume will come increased competition, Farin believes. It will be ever more important for banks to differentiate themselves from their competitors. "If you’re an ag bank, or a business bank, your site ought to scream that when a customer logs on," he said. Farin also admitted he once had a banking client with a site that actually "mooed at you" when you logged on.

Stathas reinforced that the way to meet the increased competition is by emphasizing the uniqueness of the institution. "Don’t just cut rates to compete," he advised. Let customers know how your bank is different from other banks. "Tell your customers you’ll be there when there is a problem."

In addition, Stathas expects continuing technical advances. "We’ll see digital signatures," he said. "We’ll be able technically to do much more, and the site will be able to respond faster." But the technical advances will bring an ever greater need for security measures. "We also need to be aware of the potential for fraud from within the organization," he said.

Sage Advice

When asked for additional advice relating to Internet banking, the Wisconsin panelists offered a multitude of good ideas. Among them:

• Keep your web site simple. A simple site will enable customers to get around in it quickly, Stathas suggested. "Keep customers on your site." If customers move to another site, (for instance, to get Blue Book values), set it up so the move is "sticky" and they must return to your site, he advised.

• Keep the web site fresh, suggested Steil. "Keep changing it. And customers need everything in a real-time environment." In other words, don’t tell them you will e-mail them a response at the end of the day.

• "Tell people what they’re going to get and why you’re different from Waterhouse," Stathas said.

• Use the Internet to build business accounts, recommended Farin. "Offer e-scout (purchasing), give business customers the tools to build their own web site, provide them the ability to review their account balances or check their merchant credit card accounts," he said.