• United States



by Tomer Barel, Global Chief Risk Officer, PayPal

Trust in the new world: The evolving role of the Chief Risk Officer

Aug 05, 20154 mins

Credit: Thinkstock

There have been some major changes related to risk management in the last few years that have made many people take notice. Businesses and consumers alike are faced with new threats.

Take fraud as an example. According to LexisNexis, fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion just one year earlier. Additionally, between 500 million and 1 billion identities were stolen globally last year due to data breaches. Data breaches have remained an ongoing concern for many.

[ ALSO ON CSO: Will CSOs become CROs in the future? ]

It seems that these attacks are due to “bad guys” becoming more frequent and sophisticated. It also shows the importance of having a strong Chief Risk Officer at a company. But, the way we view Chief Risk Officers is evolving based on this changing landscape. For those of us in the industry, we need to shift our mindset and start thinking of ourselves as Chief Trust Officers. With this shift, we can focus on how to increase trust with our customers and key constituents.

Here are four key ways we can help to restore trust in this new world:

1. CROs Should Take First Line of Defense Responsibilities

In many organizations CROs play a pure oversight “second line of defense” role, but that might not be what is best anymore. Security and risk should be first priority for many companies, and in these companies risk organizations should be taking a first line of defense role, owning key business metrics such as loss rates, in addition to the oversight role.

2. Be Innovative, but stay human

A lot of risk management is about saying no, but true innovation happens when we can say yes. Trust isn’t just about keeping bad guys out and threats away. We have to maintain high levels of protection without interfering with actual customer experiences. For PayPal it’s our risk team’s job to enable the good guys to pay anywhere and across any device. To do that, one has to leverage to the full extent the data the organization collects to manage risk effectively. “Big data” platforms and significant investments in data sciences capabilities are an important part of it. But they must be complemented by human insights. Using a combination of technology and deep understanding of human behavior will help companies to quickly and accurately assess risk and thrive.

3. Futureproof your risk organization

As early as five years ago, even before mobile phones became the device of choice for our customers, PayPal started preparing to manage risk on mobile devices. And in this process, we recognized there were some inherent security advantages to mobile devices. A personal connection to a person’s mobile device coupled with unique information such as location data actually allowed account verification more effectively. As a result, our mobile loss rate is lower than online. It’s important for CROs to spot trends, prepare to face them – and take advantage of what will come in the future.

4. Don’t try to do it alone

There isn’t a silver bullet when it comes to security and threats, and companies can’t just build a big wall to stop people from getting in. With new threats being created every day, trust must be built between companies, customers and governments – especially in a global organization. Managing risk properly takes a group effort. PayPal was a founding member of DMARC and of the FIDO Alliance and also recently participated in the White House’s Cybersecurity Summit. We believe there needs to be a future where a password is no longer needed – but it will take industry collaboration and a focus on building trust to get there. Ultimately, building these relationships and industry solutions will benefit us all.