All posts by Guest Contributor

By: Andrew Gulledge I hate this question. There are several reasons why the concept of an “average fraud rate” is elusive at best, and meaningless or misleading at worst. Natural fraud rate versus strategy fraud rate The natural fraud rate is the number of fraudulent attempts divided by overall attempts in a given period. Many companies don’t know their natural fraud rate, simply because in order to measure it accurately, you need to let every single customer pass authentication regardless of fraud risk. And most folks aren’t willing to take that kind of fraud exposure for the sake of empirical purity. What most people do see, however, is their strategy fraud rate—that is, the fraud rate of approved customers after using some fraud prevention strategy. Obviously, if your fraud model offers any fraud detection at all, then your strategy fraud rate will be somewhat lower than your natural fraud rate. And since there are as many fraud prevention strategies as the day is long, the concept of an “average fraud rate” breaks down somewhat. How do you count frauds? You can count frauds in terms of dollar loss or raw units. A dollar-based approach might be more appropriate when estimating the ROI of your overall authentication strategy. A unit-based approach might be more appropriate when considering the impact on victimized consumers, and the subsequent impact on your brand. If using the unit-based approach, you can count frauds in terms of raw transactions or unique consumers. If one fraudster is able to get through your risk management strategy by coming through the system five times, then the consumer-based fraud rate might be more appropriate. In this example a transaction-based fraud rate would overrepresent this fraudster by a factor of five. Any fraud models based on solely transactional fraud tags would thus be biased towards the fraudsters that game the system through repeat usage. Clearly, however, different folks count frauds differently. Therefore, the concept of an “average fraud rate” breaks down further, simply based on what makes up the numerator and the denominator. Different industries. Different populations. Different uses. Our authentication tools are used by companies from various industries. Would you expect the fraud rate of a utility company to be comparable to that of a money transfer business?  What about online lending versus DDA account opening? Furthermore, different companies use different fraud prevention strategies with different risk buckets within their own portfolios. One company might put every customer at account opening through a knowledge based authentication session, while another might only bother asking the riskier customers a set of out of wallet questions. Some companies use authentication tools in the middle of the customer lifecycle, while others employ fraud detection strategies at account opening only. All of these permutations further complicate the notion of an “average fraud rate.” Different decisioning strategies Companies use an array of basic strategies governing their overall approach to fraud prevention. Some people hard decline while others refer to a manual review queue.  Some people use a behind-the-scenes fraud risk score; others use knowledge based authentication questions; plenty of people use both. Some people use decision overrides that will auto-fail a transaction when certain conditions are met. Some people use question weighting, use limits, and session timeout thresholds. Some people use all of the out of wallet questions; others use only a handful. There is a near infinite possibility of configuration settings even for the same authentication tools from the same vendors, which further muddies the waters in regards to an “average fraud rate.” My next post will beat this thing to death a bit more.

By: Margarita Lim It’s the holiday season and a festive time of year. Colorful Christmas lights and decorations, holiday songs, all of these things contribute to the celebratory atmosphere which causes many people to let their guards down. Unfortunately, fraudsters and other criminals take advantage of the prevailing goodwill and can help make one of the busiest shopping times of the year, a miserable one for their victims. It’s not a surprise that articles and news stories are released advising shoppers on how to continue enjoying their holiday season by not being victims of identity theft or other known fraud activities. Consumers can get tips from the Federal Trade Commission and other websites to prevent or minimize exposure to identity theft but I think key ones include: • If using credit cards for purchases, write ‘Check Photo ID’ on the back of your credit card. • Be very protective about disclosing personal information, especially Social Security Numbers. Did you know that it only takes one piece of personal information about you for a thief to steal your identity? • If shopping online, only make purchases from recognizable online retailers and websites. Many fraudsters will create fake websites that offer goods for sale in order to collect personal and credit information that can then be used to make fraudulent purchases. If consumers need to be careful this holiday season, businesses should also be vigilant. Fraudsters cause businesses like banks, retailers and credit card companies to lose millions of dollars that ultimately get passed on to their customers. Companies need to make sure they have tools in place to minimize these fraud losses. I’ve mentioned this in a previous post but Experian supports Identity Theft Prevention Programs by offering highly accurate consumer identity verification services. Our consumer authentication and fraud prevention product, Precise ID, and our knowledge based authentication product, Knowledge IQ, are highly respected in the marketplace for their reliability, quality and accuracy. Implementing either of these products would go a long way in preventing fraud this holiday season.

By: Margarita Lim Recently, the Social Security Administration (SSA) announced that it will change how Social Security numbers (SSN) will be issued, with a move toward a random method of assigning SSNs. Social Security numbers are historically 9 digits in length, and are comprised of a three-digit number that represents a geographic area, a two-digit number referred to as a Group number and a four digit serial number.You can go to http://www.ssa.gov/employer/randomization.html to learn more about this procedural change, but in summary, the random assignment of SSNs will affect: • The geographic significance of the first three digits of the SSN because it will no longer uniquely represent specific states • The correlation of the Group number (the fourth and fifth digits of the SSN) to an issuance date range. What does this mean? It means that if you’re a business or agency that uses any type of authentication product in order to minimize fraud losses, one of the components used to verify a consumer’s identity – Social Security number, will no longer be validated with respect to state and date.   However, one of the main advantages of utilizing a risk-based approach to authentication is the reduction in over-reliance on one identity element validation result.  Validation of SSN issuance date and state, while useful in determining certain levels of risk, is but one of many attributes and conditions utilized in detailed results, robust analytics, and risk-based decisioning.  It can also be argued that the randomization of SSN issuance, while somewhat impacting the intelligence we can glean from a specific number, may also prove to be beneficial to consumer protection and the overall confidence in the SSN issuance process.

By: Kari Michel As consumers and businesses continue to experience financial hardship, the likelihood of continued bankruptcy filings is fairly strong. Data from the Administrative Office of the U.S. Courts show there were 1,222,589 filings through September, versus 1,100,035 in the first nine months of 2009. According to American Bankruptcy Institute executive director Samuel J. Gerdano, "As the economy looks to climb out of the recent recession, businesses and consumers continue to file for bankruptcy to regain their financial footing. With unemployment hovering near 10% and access to credit remaining tight, total filings in 2010 will likely exceed 1.6 million." Given the bankruptcy trends, what can lenders do to protect themselves from acquiring consumers that are at risk for filing for bankruptcy? Bankruptcy scores are available, such as Bankruptcy PLUS, and are developed to accurately identify characteristics specific to a consumer filing for bankruptcy. Bankruptcy scores are typically used in conjunction with risk scores to set effective acquisition strategies. _________________ Source:  http://www.collectionscreditrisk.com/news/bankruptcy-filings-up-3003998-1.html  

By: Staci Baker As we approach the end of the year, and the beginning of holiday spending, consumers are looking at their budgets to determine what level of spending they can do this holiday season, or if they will need additional credit for those much wanted gifts. With that in mind, it is a great time for lenders to evaluate their portfolios to determine which consumers are the best credit risks. According to the National Retail Federation, consumer spending will be up 2.1% for the 2010 holiday season. Although still at pre-recession levels, consumer confidence is starting to re-bound.  But, with an increase in consumer confidence, how will lenders meet the demand for credit, and determine the credit worthiness of potential applicants? Since the beginning of the recession there has been a demand for tools that will assist lenders in managing credit risk. One such tool is the tri-bureau VantageScore, a scoring model that is highly accurate, offers greater predictiveness, and is able to score more people. Scoring models allow lenders to predict the likelihood a consumer will default on a loan. Determining who is a qualified candidate through scoring models is only part of the equation. Each lender needs to determine what level of risk to take, and what is the cost of the credit per applicant. By assessing credit risk, having a good plan in place and knowing who the target customer is, lenders will be more prepared for the holiday season. ___________________ National Retail Federation, http://www.nrf.com/modules.php?name=News&op=viewlive&sp_id=1016

By: Wendy Greenawalt Large financial institutions have acknowledged for some time that taking a more consumer-centric versus product-centric approach can be a successful strategy for an organization. However, implementing such a strategy can be difficult, because inherently organizations want to promote a specific product for one reason or another. With the current economic unrest, organizations are looking for ways to improve customer loyalty with their most profitable and lowest risk customers. They are also looking for ways to improve offers to consumers to provide segment of one decisioning, while satisfying organizational goals. Customer management, and specifically cross-sell or up-sell strategies, are a great example of where organizations can implement what I call “segment of one decisioning”.  In essence, this refers to identifying the best possible decision or outcome for a specific consumer when given multiple offers, scenarios and objectives. Marketers strive to identify the best strategies to maximize decision-making, while minimizing costs. For many, this takes the form of models and complex strategy trees or spreadsheets to identify the ideal offering for a segment of consumers. While this approach is effective, algorithm-based decisioning processes exist that can help organizations identify the optimal decisioning strategies, while considering all possible options at a consumers level. By leveraging an optimization tool, organizations can expand the decision process by considering all variables and all alternatives to find the most cost effective, most-likely-to-be-successful strategies. By optimizing decisions, marketers can determine the ideal offer, while quantifying the ROI and adhering to budgetary or other campaign constraints. Many organizations are once again focusing on account growth and building strategies to implement in the near future. With the limited pool of qualified candidates and increased competition, it is more important than ever that each consumer offer be the best to increase response rates, achieve portfolio growth goals and build a profitable portfolio.

By: Kennis Wong In the last entry, I mentioned that consumers’ participation in protecting their own identity information is an important aspect of an identity theft prevention program to minimize fraud loss.  Large financial institutions are starting to take charge in educating their customers, but others are having a hard time investing in such initiatives. I do understand that it is difficult to establish a direct linkage of revenue and positive return on investment for this type of activities. Business may view customer education of identity protection as a public service but not a necessity. After all, if my customer loses his identity information, it doesn’t necessarily mean that identity fraud will happen to my very own organization. But educating customers about identity protection and fraud trends can be a marketing tool and can increase customer loyalty, in additions to actual fraud prevention. Although consumers may not be aware of all the precautions they can take to protect their identity, undoubtedly identity theft is a hot topic in the media today. If there are two banks providing about the same service, but one of them goes an extra mile to provide me education on preventing identity theft, I would go with that bank. Also, as a financial institution, if my customers understand identity protection more, they would understand why I am putting some procedure in place and would be glad to comply with them. For example, they would be more patient when spending another minute in answering knowledge-based authentication questions, so that for their own protection, the bank can assure they are the true identity owners. Consumers can also actively monitor their credit report, whether through the bank or through other third party vendors. When consumers receive fraud alert from activities that could be a result of identity theft, they can actively contact the financial institutions about the situation. The sooner the identity fraud is discovered, the better off for both the consumers and the businesses.

By: Kari Michel How are your generic or custom models performing? As a result of the volatile economy, consumer behavior has changed significantly over the last several years and may have impacted the predictiveness of your models. Credit models need to monitored regularly and updated periodically in order to remain predictive. Let’s take a look at VantageScore, it was recently redeveloped using consumer behavioral data reflecting the volatile economic environment of the last few years. The development sample was compiled using two performance timeframes: 2006 – 2008, and 2007 – 2009, with each contributing 50% of the development sample. This is a unique approach and is unlike traditional score development methodology, which typically uses a single, two year time window. Developing models with data over an extended window reduces algorithm sensitivity to highly volatile behavior in a single timeframe. Additionally, the model is more stable as the development is built on a broader range of consumer behaviors. The validation results show VantageScore 2.0 outperforms VantageScore 1.0 by 3% for new accounts and 2% for existing accounts overall. To illustrate the differences that were seen in consumer behavior, the following chart and table show the consumer characteristics that contribute to a consumer’s score and compare the characteristic contributions of VantageScore 2.0 vs VantageScore 1.0. Payment History Utilization Balances Length of Credit Recent Credit Available Credit Vantage Score 2.0 28% 23% 9% 8% 30% 1% Vantage Score 1.0 32% 23% 15% 13% 10% 7% As we expect ‘payment history’ is a large portion driving the score, 28% for VantageScore 2.0 and 32% for VantageScore 1.0. What is interesting to see is the ‘recent credit’ contribution has increased significantly to 30% from 10%. There also is a shift with lower emphases on balances, 9% versus 15% as well as ‘length of credit’, 8% versus 13%. As you can see, consumer behavior changes over time and it is imperative to monitor and validate your scorecards in order to assess if they are producing the results you expect. If they are not, you may need to redevelop or switch to a newer version of a generic model.

By: Kennis Wong As a fraud management professional, naturally I am surrounded by fraud prevention topics and other professionals in the field all the time.  Financial, ecommerce, retail, telecommunication, government and other organizations are used to talking about performance, scoring models, ROI, false-positives, operational efficiency, customer satisfaction trade-off, loss provisioning, decisioning strategy or any other sophisticated measures when it comes to fraud management.  But when I bring up the topic of fraud outside of this circle, I am always surprised to see how little educated the general public is about an issue that is so critical to their financial health. I met a woman in an event several weeks ago. After learning about my occupation, she told me her story about someone from XYZ credit card company calling her and asking for her Social Security number, date of birth and other personal identifying information. Only days after she gave out the information that she realized things didn’t seem right. She called the credit card company and got her credit card re-issued. But at the time I talked to her, she still didn’t know enough to realize that the fraudster could now use her identity to start any new financial relationship under her name. As long as consumers are ignorant about protecting their identity information, businesses’ identity theft prevention program will not be complete and identity fraud will occur as a result of this weak link. To address this vulnerability and minimize fraud, consumers need to be educated.

-- by, Andrew Gulledge One of the quickest and easiest ways to reduce fraud in your portfolio is to incorporate question weighting into your out of wallet question strategy. To continue the use of knowledge based authentication without question weighting is to assign a point value of 100 points to each question. This is somewhat arbitrary (and a bit sloppy) when we know that certain questions consistently perform better than others. So if a fraudster gets 3 easier questions right, and 1 harder question wrong they will have an easier time passing your authentication process without question weighting. If, on the other hand, you adopt question weighting as part of your overall risk based authentication approach, that same fraudster would score much worse on the same KBA session. The 1 question that they got wrong would have cost them a lot of points, and the 3 easier questions they got right wouldn’t have given them as many points. Question weighting based on known fraud trends is more punitive for the fraudsters. Let’s say the easier questions were worth 50 points each, and the harder question was worth 150 points. Without question weighting, the fraudster would have scored 75% (300 out of 400 points). With question weighting, the fraudster would have scored 50% (150 out of 300 points correct). Your decisioning strategy might well have failed him with a score of 50, but passed him with a score of 75. Question weighting will often kick the fraudsters into the fail regions of your decisioning strategy, which is exactly what risk based authentication is all about. Consult with your fraud account management representative to see if you are making the most out of your KBA experience with the intelligent use of question weighting. It is a no-brainer way to improve your overall fraud prevention, even if you keep your overall pass rate the same. Question weighting is an easy way to squeeze more value of your knowledge based authentication tool.  

-- by, Andrew GulledgeThe intelligent use of question weighting in KBA should be a no-brainer for anyone using out of wallet questions. Here’s the deal: some authentication questions consistently give fraudsters a harder time than other questions. Why not capitalize on that knowledge?Question weighting is where each question type has a certain number of points associated with it. So a question that fraudsters have an easier time with might be worth only 50 points, while a question that fraudsters often struggle with might be worth 150 points. So the KBA score ends up being the total points correct divided by the total possible points. The point is to make the entire KBA session more punitive for the bad guys.Fraud analytics are absolutely essential to the use of intelligent question weighting. While fraud prevention vendors should have recommended question weights as part of their fraud best practices, if you can provide us with as many examples as possible of known fraud that went through the out of wallet questions, we can refine the best practice question weighting model to work better for your specific population.Even if we keep your pass rate the same, we can lower your fraud rate. On the other hand, we can up your pass rate while keeping the fraud rate consistent.  So whether your aim it to reduce your false positive rate (i.e., pass more of the good consumers) or to reduce your fraud rate (i.e., fail more of the fraudsters), or some combination of the two, question weighting will help you get there.

By: Staci Baker As the economy has been hit by the hardest recession since the Great Depression, many people wonder how and when it will recover.  And, once we start to see recovery, will consumer credit return to what it once was? In a recent Experian-Oliver Wyman Market Intelligence Report quarterly webinar, 70% of the respondents in a survey said they believe consumer debt will return to pre-2008 levels.  Clearly, many believe that consumer spending and borrowing will return, despite the fact that consumer credit card borrowing recently declined for the 24th straight month*. Assuming that this optimism is valid, what can credit card lenders do to evaluate the risk levels of potential customers as they attempt to grow their portfolios? For lenders, determining who needs credit, as well as whom to lend to in this economic environment, can be quite challenging.  However, there are many tools available to assist lenders in assessing credit risk and growing their portfolio. Many lenders look at a consumer’s credit score, such as the tri-bureau VantageScore, to evaluate their credit worthiness. By utilizing an individual’s VantageScore, a lender is able to determine potential customer risk levels. Another way to evaluate a consumer’s credit worthiness is to evaluate a population using credit attributes.  Based on the attributes a lender is looking for in their portfolio, they can see improvement in evaluating risk prediction in their portfolio using pre-determined attributes, especially those specifically designed for the credit card industry. There are also models that can help lenders predict when a consumer is likely to be in the market for a new loan or account. Experian’s In the Market Models provide lenders with product-specific segmentation tools that can be combined with risk scores to enhance the efficiency and effectiveness of their offers. To identify the optimal cross-sell and line management decisions based on an individual customer’s risk score and potential value, a lender can also utilize optimization tools.  Optimization, combined with a viable risk management strategy, can assist a lender to achieve a healthy portfolio growth in a highly constrained environment. Although lenders will need to determine the best method to meet their objectives, these are just a few of the many tools available that will assist them in correctly growing their lending portfolios. ____________________ * http://www.usatoday.com/money/economy/2010-10-07-consumer-credit_N.htm

By: Margarita Lim You may be surprised to learn that identity theft isn’t just a crime committed by an individual or individuals. There are identity theft rings that are organized and operated like corporations. A recent Justice Department press release described such an operation in New Jersey that involved 53 individuals who took part in a known fraud activity called Bust Out Fraud. Basically, the fraud ring purchased valid social security cards and then sold the social security cards to customers who then obtained driver’s licenses and other proof of identity-type cards. The fraud ring then built up the credit scores of these customers by adding them to existing credit card accounts. Once the customers with the fraudulent identities achieved good credit scores, then they opened their own fraudulent bank accounts, credit cards, lines of credit, etc.  The credit cards were used to make fraudulent purchases or rack up charges with vendors in co-hoots with the fraud ring and the fraudulent bank accounts were used to pay off the charge accounts or the charges went unpaid. Fraud trends like these cost banks, credit card companies and many others millions of dollars – costs that ultimately get passed on to you and me, the consumers. Fortunately, Experian has Fraud Products that can help companies minimize fraud losses from Bust Out Fraud as well as other types of fraud. Our BustOut Score helps decrease bust out losses by predicting and detecting bust out frauds one to three months in advance of the event happening. In addition, we have Fraud Shield Indicators or fraud alerts available on credit reports that flag when there is a recent or new authorized user added to an established credit account. Experian supports Identity Theft Prevention Programs by offering highly accurate consumer identity verification services. We’re not reliant solely on credit bureau data and are able to use multi-sourced data to confirm different components of a consumer’s identity – name, address, date of birth, etc. Our consumer authentication and fraud prevention product, Precise ID, and our knowledge based authentication product, Knowledge IQ, are highly respected in the marketplace for their reliability, quality and accuracy.  

By: Margarita Lim Consumer data has increasingly become commoditized over the years. There’s a lot of it and it’s arguably more easily obtainable. Social Security number and date of birth information was once considered confidential information. Today, those data elements in addition to traditional consumer data such as name, address and phone number are more publicly available (either legitimately or illegitimately). The advent and popularity of social network Internet sites have also made considerable information about a person’s life – both professional and personal, available for anyone’s viewing pleasure. So the question is…how much is too much information? If you’re a consumer who is particular about privacy, then you’ll have a lower threshold. On the other hand, if you’re a business trying to minimize fraud losses, then you’re at the other end of the spectrum - you can never have enough information to help prevent fraud – especially when you’re trying to keep up with fraud trends. Data is a key element in fraud prevention. Experian has access to many data assets and has a reputation for providing high quality fraud products in the marketplace. The data we use in our fraud products comes from multiple sources and sets us apart from our competitors because corroborated data is more reliable than data from a single source.  Having access to multiple data sources is especially beneficial in our Knowledge Based Authentication product where the different sources provide data that is critical to generating out of wallet questions. Since companies rely on our fraud products to comply with the government’s Red Flag Rules and support Identity Theft Prevention Programs, it is extremely important that we have as much data as possible in our arsenal to thwart fraudsters’ activities and prevent consumers from being victimized by criminals. Keep in mind that these programs are only as good as the data used to confirm a person’s identity. Although information can be a double-edged sword, I don’t think one can have too much information especially when the goal is to minimize fraud.  

By: Kenneth Pruett I really thought I was going to be on easy street after receiving two emails in less than a week. The first email was telling me about some long lost relative in the UK who passed away over 10 years ago. His riches, which were over $20million dollars, would be forfeited to the government if an heir to the fortune did not claim the money. I was impressed how they figured out that I was the long lost “heir” to this millionaire just by looking at my email address. They also identified me specifically by calling me by name, “Dear Sir”.  The other email was a bit more intriguing. It involved a suitcase full of money. This was sent to me by a woman, who was in an abusive relationship but somehow had a chest full of money in America. For a certain % of the money, she was willing to pay me for my efforts to help her gain access to the suitcase and its contents. I am still surprised at just how many people fall victim to these types of email scams. They have been going on for quite some time, commonly known as the Nigerian 419 scam. I have noticed that the emails have changed a bit and seem to have become more convincing. The scammers also seem to be a bit more patient and work harder to gain the victims confidence in the legitimacy of the transaction. Individuals who give their information to these scammers will soon find out what a big mistake they have made. The goal of these groups is to gain access to a consumer’s money. They also will attempt to gather personal and banking information. Some victims of these scams may end up having their identity stolen. If they do attempt to use the identity information, they will typically make multiple attempts in a short period of time to establish credit. One way to help fight this type of organized fraud ring activity is to use velocity checks to track data elements. For example, a bank may want to know if a Social Security number has been used more than once within a certain period of time. Fraud analytic studies have also found that tracking data elements across multiple customers can also be very predictive in preventing fraud tied to identity theft rings. Elements often tracked are things like addresses, Social Security numbers and phone numbers. If these scammers attempt to take over consumers current bank accounts, they may attempt to change the address and possibly the phone number on the account. This is to prevent the true consumer from getting a phone call or mail relating to their account changes. Before making these changes, many entities often send out letters or make calls to the prior information before officially making these changes in their systems.  One other way to protect against account take over is to run the address and/or phone number against database of known frauds. A National Fraud Database can be helpful in identifying addresses that have been used in previous fraud activity. The Nigerian 419 scams will continue to be a problem. The need for money is just too great for some people to resist. For Banks, Card issuers, and Credit Unions, it is wise to put tools in place to help fight identity theft. This scam only represents a sample of the various fraudulent groups out there who make their living by ripping off these types of businesses. As I often say to my customers… I have done about everything in the fraud space, except commit it, which is the most profitable area. Good luck in your efforts to help us fight this ongoing problem.