After a risk assessment study, a bank with global operations decided to continue doing business in
certain regions of the world where identity theft is rampant. The information security manager
should encourage the business to:

A.
increase its customer awareness efforts in those regions.

B.
implement monitoring techniques to detect and react to potential fraud.

C.
outsource credit card processing to a third party.

D.
make the customer liable for losses if they fail to follow the bank’s advice.

Explanation:

While customer awareness will help mitigate the risks, this is insufficient on its own to control fraud
risk. Implementing monitoring techniques which will detect and deal with potential fraud cases is
the most effective way to deal with this risk. If the bank outsources its processing, the bank still
retains liability. While making the customer liable for losses is a possible approach, nevertheless,
the bank needs to be seen to be proactive in managing its risks.