Last week, IBM announced its entrance to the fraud arena with IBM Counter Fraud Management. In a way, IBM isn't new to the booming fraud space. Relatively mature acquisitions such as SPSS have long had fraud-specific configurations and frameworks. And Global Business Services (GBS) has been delivering fraud-mitigation deployments by combining a variety of fraud-related analytics tools such as reporting and case management. What's new is a fraud-specific SKU and product name—that's always the giveaway that IBM's throwing a lot of new resources behind a product—along with an aggressive product scaling and pricing strategy.
After an initial struggle with credibility, likely addressable with GBS marquee customer references, IBM will be a formidable vendor in the fraud space. More than its peers, IBM has a track record for integrating and adding value to its acquisitions. For example, in the time it took IBM to create new customer-facing capabilities that combined the features of Cognos and SPSS, its rivals were still struggling merely to combine product lists of similar acquisitions. In fact, one can expect IBM's successes in analytics to be the template for fraud. IBM brings significant fraud-related capabilities to the table, including Trusteer, i2, Q1 Labs, and OpenPages. Expect these acquired capabilities to be combined with one another, as well as with organically created capabilities, into a suite that centralizes fraud-related automation tasks that are poorly automated at present and owned by different bank departments.
In fact, it's the suite effect that will have the most appeal for corporate buyers. Knowing that Distributed Denial of Service (DDoS) attacks can be closely related to other fraud, such as call center scams, fraud departments are likely to respond favorably to IBM's approach, which incorporates a variety of systems and six types of analytics, all capable of tight integration and accompanied by a one-stop-shopping cost benefit that will enhance the business case and appeal to the CFO. But therein lies a significant challenge. In essence, IBM is saying, "it takes a network of capabilities to stop a network of fraudsters." But banks' individual departments dedicated to preventing financial crimes aren't always terrific team players. Specifically, anti-money laundering and fraud folks have vastly different backgrounds, timelines, and goals by which they are measured. So it remains to be seen how a unified product set will be configured to accomplish the goals of such related, but meaningfully different, teams.
Capabilities in IBM Counter Fraud Management will include behavioral analytics, predictive analytics, network analytics, and content analytics. Complementary capabilities will be business rules management, case management, customer experience management, and reporting. These technologies are the result of IBM's acquisitions of SPSS, Guardium, Openpages, i2, Q1 Labs, Tealeaf, and Trusteer.
Knowing that companies in general and financial institutions in particular are hard-pressed to dedicate resources to fraud mitigation, IBM is pursuing an aggressively volume-based pricing strategy. Although many deployments are expected to be on-premises, costs will be based largely on the volume of data examined for fraud. This will be an effective way to make fraud mitigation as accessible to a bank with US$15 billion in assets as it is to one with US$150 billion.
In response to IBM's move into the fraud space, here's what I think bankers should do:
- Be open to the network approach: Fraud incidents are often multipronged. DDoS attacks have often proven to be a feint to soften and distract a bank while fraudsters attempt social phishing for personal identification data at the call center. Although skepticism can be the reaction when vendors claim that a challenge demands a suite of products rather than a point solution, such skepticism should be kept guarded. The more fragmented a bank's fraud-mitigation capabilities are, the weaker its defenses will be.
- Consider lengthening your short list: Though IBM's SKU and product name are new to fraud, the deployment of its component parts as an ensemble is not. Looking to make a name for itself and already having delivered capabilities through GBS, IBM is worthy of short-list consideration.
- Don't underestimate the fraud threat: This morning, I rearranged my to-do list after learning that a DDoS attack took a Web-based survey I'm fielding offline. Fraudsters find vulnerabilities the way rain finds a ceiling leak. The banks that harden and patch their infrastructures will be the least vulnerable.