Every year banks are hit with fraud attempts valuing in a projected $48 billion annually in lost profit from data breaches, organized criminals, and phishers. Just last year, American Banker reported that credit card fraud was up 200% from 2018, according to research released by cyber threat intelligence company, Intsights.
What does this tell us as consumers? Identity theft and malicious transactions are at an all-time high. As an industry, the finance sector is scrambling to buckle down on scammers and illicit activity by strengthening the challenges associated with introducing the next technology. While initiatives like Bank of America’s Zelle are promising, the loopholes found in real-time payments have caused one business to manually shut down their process to halt the sudden avalanche of fraud attempts.
“With everything we do, we think about fraud,” tells Scott Bellomo to American Banker, Senior Vice President and Payments Manager at PNC Bank, “and we know the fraudsters out there love to target new payment types.”
One of the ways banks are combating the cybersecurity breaches and fraud attempts is through dual approval. Sometimes known as dual authorization or the “maker-checker system”, dual approval is a process that is misunderstood by many. In this article, we discuss the definition of dual approval, how it works, the benefits of implementing dual approval, and a brief conclusion.
What is dual approval anyway?
While there are several security protocols in place for online banking, one that is vastly underreported is the concept of dual approval. Sometimes banks call this process dual authorization, but the premise remains the same: You need two parties to approve a financial transaction between parties. Barclays puts it into a better context by saying that it “lets two people from the same business complete a third-party payment electronically.” Essentially, the first person is responsible for creating the request (the Maker), while the second person checks and approves the activity (the Checker).
Why is dual approval important? For banks, dual approval adds an extra layer of protection against these illicit banking activities. Not only is having a second person available to authorize the transaction creating an additional wall of trust, but an additional pair of eyes is always helpful. At some point, humans are going to make mistakes. This is especially true if a financial institution is still running on paper-based, manual processes. Dual approval can help reduce unnecessary process variation in the overarching business process management of your bank.
How does dual approval work?
Often, banks will offer this two-step authorization at no additional charge to customers. Once dual approval is enabled, activities or requests won’t run until a second party approves the request. Typically in a cloud-based intelligent business process management software (iBPMS), this request is transferred to a pre-approved list of authorized users called “Approvers”, who then hold the power to approve or deny the request.
For example, User A creates a transfer request between two accounts. User B, the “Approver”, logs into online banking and then goes to the Transfer Center. The transfer created by User A would register as “Pending Add Approval”. User B can then select that transfer request, and then either approve or reject the transfer request depending on that bank’s policies.
That is one example of a use case from California Bank & Trust. In reality, there are many other use cases for dual approval, including the following: stop payments, ACH direct deposits, ACH tax payments, internal transfers, wire payments, entitlements, and transfers to another consumer account.
Here is an example of dual approving using OCR technology Amazon Textract within a loan application process in ProcessMaker:
How to Analyze Documents in a Loan Application from ProcessMaker on Vimeo.
What are the benefits of dual approval?
Every bank has a unique set of controls for approval and denial. On that note, dua approval is seen by many as an industry best practice. Implementing dual approval at your bank creates the opportunity to strengthen your current online banking offerings. Below, we’ve listed a few ways that dual approval can help your bank today:
1. Payment scams. Sometimes fraudsters can bypass the digital checks and balances of transaction protocols. A second user in dual approval helps double-check the transaction before authorizing.
2. Internal fraud. Unfortunately, embezzling and illicit financial activity does happen within a bank’s own workforce. Dual approval helps fight white-collar crime by serving as a deterrent to temptation, along with creating transparency in core business processes to catch the early stages of illegal activity.
3. Manual error. Having an extra set of eyes is critical, especially when dealing with sensitive information and compliance. A second user helps spot any errors in processing that were made or missed by the “maker.”
4. Hacked data. Phishers and hackers can get ahold of sensitive customer data on the Internet. Having dual approval can prevent the criminal from completing the transaction by cross-checking verifying customer data and known information, such as if a transaction is happening outside of the country or state the customer normally conducts business.
While not an exhaustive list, these cover the major benefits of adding dual approval to your online banking controls.
Fraud attempts are exploding each quarter as banks are adopting new technology to update their offerings. Improving the customer experience is important, yes, but so is risk management, fraud, cybersecurity, and compliance. To remain competitive against an increasingly volatile market, banks should seek to strengthen their current controls and security measures and consider new protocols like dual approval at the same time.
Dual approval, when implemented correctly, can help halt illicit financial activity in its tracks in a wider anti-money laundering system. Even as the push for an all-digital banking movement continues, dual approval provides a strong argument against that movement. Retaining the human element within core business banking processes not only increases the security of the institution but serves as a catalyst to the heightened functionality of the bank. This, in turn, will eventually generate a positive ROI for customer experience, credibility, and compliance.
Is your bank struggling to meet compliance, fighting against financial crime with no end in sight, or dropping the ball with manual errors? Get your front, middle, and back offices under control with a quality cloud-based iBPMS like ProcessMaker. Your bank will soon reap the rewards of intelligent automation.
Schedule a demo today
ProcessMaker specializes in improving the business processes of some of the world’s largest banks. Hundreds of commercial customers, including many Fortune 100 companies, rely on ProcessMaker to digitally transform their core business processes enabling faster decision making, improved compliance, and better performance. Schedule your free demo today to realize the potential of ProcessMaker.