Trust – noun. firm belief in the reliability, truth, or ability of someone or something
Safety – noun. the condition of being protected from or unlikely to cause danger, risk, or injury
Together, these two words – trust and safety – describe the change in attitude and mindset that we have been seeing over the last few years in many online businesses when it comes to online fraud prevention. My observation is that the trend is far more apparent in digital commerce businesses than it is in digital banking, although I’d argue that that needs to change and will come back to that point later.
A cynic might say that many online fraud prevention teams are simply re-branding themselves as trust and safety teams. I think there that is far more to it than that, though. Historically, most fraud teams were focused on preventing direct fraud losses (eg. how do we stop someone using a stolen credit card to make a purchase?). I remember around 2007-2008ish when I was working for a fraud detection vendor, the narrative started to evolve beyond just thinking about direct fraud losses and also trying to focus on minimising rejecting customers. A few years later the focus was on reducing manual reviews, albeit from the perspective of minimising costs for the business rather than minimising inconvenience to customers. And then in the last few years, things really accelerated. Fraud managers were now being asked to limit friction in the customer journey, they were being asked to prevent customers abusing ratings systems, they were being made aware of customers being tricked into interacting with copycat sites imitating their brand……and the concept of trust and safety evolved.
There is no industry definition, but I see a trust and safety team as being responsible for two key things:
- Building trust in customers – establishing customer identity, understanding intentions, assessing behaviour and actions.
- Engendering customer trust in the organization – conducting themselves in such a way so that customers trust the brand and want to do business with it.
- Creating a safe environment in which to interact – ensuring that both parties are safe from harm when accounts are being set up and accessed, when payments are being made, when reviews are being posted, when customer content is being used.
A critical aspect to this is that fraud leaders need to start thinking in new ways. Here are some use cases that wouldn’t fall under a traditional loss-focused fraud team, but should very much be within the purview of a forward-looking trust and safety team:
- Bad actors are setting up fake websites that imitate your brand, and are also putting apps on various app stores that mimic your brand. Why is this of interest to the trust and safety team? Well, a good customer might be tricked into trying to log into these fake sites or apps, thus giving the bad actors their credentials. Those bad actors will then come to your genuine site and attempt account takeover, so there the result is possible fraud loss. And crucially, those good customers will lose trust in your brand as they thought there were interacting with you.
- Those same pesky bad actors set up social media accounts that pretend to be your customer support teams. Why is this of interest to the trust and safety team? As in the above example, good customers might be tricked into revealing credentials or personal data, with the same negative impacts.
- When posting reviews or comments on your site, some users promote links to other sites offering ‘special deals’. Why is this of interest to the trust and safety team? Well, what if good customers click on those links and get infected with malware? Will they judge your brand harshly for offering up the environment that allowed this to happen?
- On a marketplace site, a seller sets up lots of fake user accounts and leaves positive reviews and ratings for their services. Why is this of interest to the trust and safety team? This clearly erodes trust in the integrity of your reviews and ratings system. Customers may end up going elsewhere to a platform that they can trust.
The eagle-eyed amongst you will have noticed that those first two examples don’t even take place on your infrastructure – that’s a real change in mindset for a fraud manager as they make the leap to trust and safety roles. Their focus needs to shift to wherever the customer meets the brand (think of it as “the B2C perimeter”) – whether that’s on your infrastructure (your website, your app, your contact centre) or not (copycat domains, social media, marketplace sites selling counterfeits etc).
Another aspect of trust and safety teams seems to be their close engagement with the CX teams. How can they ensure that their fraud detection processes aren’t adding unnecessary friction into the customer journey? Furthermore, how can the customer journey be dynamically tailored based on trust and risk assessments? Some examples:
- Only offering one-click checkout to customers in whom you have a high degree of trust.
- Only applying 2FA at login if trust levels are below thresholds.
- Forcing customers who have been identified as having abused returns policies in the past to agree to T&Cs that only permit in-person returns in your physical stores.
So it’s interesting times indeed. I observe very different levels of organizational maturity in my client conversations. Digital commerce businesses certainly seem further ahead in the evolution from fraud team to trust and safety team – I suspect this is driven by the anxiety of knowing that customers can easily buy from somewhere. Digital banking teams seem to be lagging behind, no doubt driven by the (increasingly misplaced) view that customers can’t/won’t/don’t easily change their banks – some of them may end up learning the hard way.
For further reading on the topic of trust and safety, I’d suggest looking at the resources provided by a vendor called Sift, they’ve done a solid job of building their messaging and value proposition around the trust and safety theme. My colleague Jonathan Care has recently also written a great research note on this topic, and I made an entry in a recent Gartner security trends report on this topic of trust and safety.