Professional development

What does a director of fraud and identity do?

July 10, 2019 by Daniel Dimov


One can find many articles about the responsibilities of system administrators, computer crime investigators, incident responders, disaster recovery managers, directors of security, application penetration testers and other information security specialists. However, there is little information about the responsibilities of directors of fraud and identity.

The purpose of this article is to outline the major tasks of directors of fraud and identity. The tasks can be grouped in four categories: collecting and processing customer feedback; following global trends in the fraud and identity field; working with other departments of the organization to ensure that the services provided by the organization are safe and reliable; and communicating with senior managers and executives with regard to fraud and identity-related issues. 

In this article, we’ll examine each of these four categories in detail.

Collecting and processing customer feedback

Every year, more than one million consumers become victims of fraud and more than 250,000 become victims of identity theft. Each victim has their own story to tell. If the feedback collected by victims of fraud and identity theft is recorded, analyzed and visualized correctly, it will provide the organization concerned with a clear guidance on how to make their products and services safer. 

Without implementing customer feedback, organizations will likely lose many customers. It is worth mentioning that the lack of visible security is the main reason for which customers abandon business transactions.

Following global trends in the fraud and identity field

About 75% of businesses are interested in getting more advanced authentication processes and security measures that put no additional burden on their customers. To identify such processes and measures, directors of fraud and security need to be well aware of the global trends in the field. This can be done by finding a large number of reliable sources of information about new developments and following those sources on a regular basis.

Directors of fraud and identity also need to regularly monitor the legislative developments in their field. Laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) may include legal requirements that fall within the scope of the fraud and identity departments. For example, the GDPR requires organizations to process personal data “in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.” 

Thus, if an organization targets EU residents, the fraud and identity-related measures adopted by that organization need to be “appropriate” within the meaning of the GDPR. To establish the appropriateness of such measures, directors of fraud and security need to look at the guidelines published by the EU institutions as well as the relevant case law.

Working with other departments of the organization

Directors of fraud and identity need to work with the product, marketing and support departments of their organizations to ensure that their products are safe, their customers are well aware of the safety of the products and support officers are well prepared to provide customers with guidance on how to implement fraud and identity-related measures. 

Such intra-organizational communication may include, for example, workshops, seminars and online conferences. In most cases, the flow of this communication will be horizontal (i.e., a type of communication that usually takes place between persons of the same level of hierarchy in an organization). Organizations that ensure smooth horizontal communication create a friendly working environment, remove departmental barriers and ensure the effective cooperation between different organizational departments. 

Communicating with senior managers and executives

Some of the fraud and identity-related measures that an organization needs to adopt may need the approval of the senior management. Hence, directors of fraud and identity may need to communicate directly with the highest-level managers of their organizations. Such communications may take the form of periodical meetings and written reports.


This article examined the four main categories of tasks performed by directors of fraud and identity. To perform the abovementioned tasks, directors of fraud and identity need to have a plethora of skills. 

The skills required for collecting and processing customer feedback include listening skills as well as the ability to collect, process and analyze large volumes of customer data. Strong research skills are required to follow adequately the global trends in the fraud and identity field. To work successfully with other departments of the organization, directors of fraud of security need to have highly-developed horizontal communication skills. Good upward communication skills are necessary when the senior management of the organization needs to be involved in fraud and identity-related matters.

For more information about the position of “Director of Fraud & Identity,” please see our episode of the CyberWork podcast , in which Director of Fraud & Identity Kimberly Sutherland (of Lexis-Nexis Risk Solutions) tells host Chris Sienko about the parameters of her job.


  1. Koontz, H., “Essentials of Management,” Tata McGraw-Hill Education, 2010
  2. Verma, S., “Business Communication: Essential Strategies for 21st Century Managers, 2nd Edition,” Vikas Publishing House, 2014
  3. Dealing with Fraud and Identity Theft, Credit Card Insider
  5. The 2018 Global Fraud and Identity Report, Experian
Posted: July 10, 2019
Daniel Dimov
View Profile

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (, a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.