All posts by Keir Breitenfeld

Implement identity management and account management procedures that are effective and don't affect user experience

Federal agencies are most directly impacted by new NIST standards but is a shift in identity proofing for consumers, businesses and public sector agencies.

Podcast to discuss the emergence of synthetic identity fraud, its true financial impact and how organizations can begin to fight back.

The future of identity proofing in the public sector is more than just verifying individual identities. Read to learn about modernizing identity proofing

Synthetic id fraud in a post breach world

Synthetic ID fraud is a growing problem driven by an online and mobile-driven market, along with an increase in data breaches and dark web sharing.

FinCEN and email-compromise fraud sheds additional light on the threats of Email Account Compromise and Business Email Compromise.

Panel discussion on Reinventing Identity for the Digital Age at Electronic Signature & Records Association (ESRA) conference

Under the updated requirements for Customer Due Diligence, financial institutions must expand programs.

We all know that first party fraud is a problem, but learning how to manage through first party fraud is key to overcoming it

I recently facilitated a Webinar looking at myths and truths in the market regarding the EMV shift and what it means for both merchants and issuers.

What will the EMV shift really mean for consumers and businesses here in the U.S.? Businesses and consumers across the U.S. are still adjusting to their new EMV credit cards. The new credit cards are outfitted with computer chips in addition to the magnetic strips to help prevent point-of-sale (POS) fraud. The new system, called EMV (which stands for Europay, MasterCard and Visa), requires signatures for all transactions. EMV is a global standard for credit cards. In the wake of the rising flood of large-scale data breaches at major retailers – and higher rates of counterfeit credit card fraud – chip-and-signature, as it is also called, is designed to better authenticate credit card transactions. Chip-and-signature itself is not new. It has been protecting consumers and businesses in Europe for several years and now the U.S. is finally catching up. But what will the EMV system really mean for consumers and businesses here in the U.S.? There is the potential for businesses that sell both offline and online, to see an increase in fraud that takes place online called Card Not Present (CNP) fraud. Will credit card fraud ever really be wiped out? Can we all stop worrying that large-scale point-of-sale breaches will happen again? Will the EMV shift affect holiday shopping and should retailers be concerned? Join us as we explore these questions and more on an upcoming Webinar, Chipping Away at EMV Myths. Our panel of experts includes: David Britton, Vice President, Industry Solutions, Experian Julie Conroy, Research Director, Aite Group Mike Klumpp, Director of Fraud Prevention, Citibank Moderated by: Keir Breitenfeld, Vice President, Product Management, Experian

Fraud management is an ongoing issue for businesses, especially when it comes to identifying likely fraudulent customers and delivering excellent customer service

Recently, I sat down to answer three questions for “The Year of Payments - 2015: One Quarter in” for PYMNTS.com on the topic of mobile payments in regards to: How Q1 2015 is different than Q1 2014 What’s the most significant development so far this year? If “Payments 2015” were a brand and had a tagline, what would it be and why? A significant factor in shaping the next frontier in fraud management is the continued rapid growth in online and mobile payments as the preferred methods of doing business for many consumers. With more than a third of customers interacting with a single business in five or more channels and more than 85 percent of consumers using online or mobile to conduct business, the need for omnichannel fraud prevention becomes a requirement. These trends make mobile-device intelligence as important to the authentication process as traditional personally identifiable information. As a result, the need to integrate device intelligence into the authentication process to associate a consumer to a known device is critical. Companies already are beginning to incorporate device intelligence into their authentication strategies. The ability to verify a customer through his or her device is a huge benefit to the overall customer experience and not only makes it easier for the customer to do business with you, but also adds an additional layer of validation. The challenge with any new emerging business or new technology is maintaining a frictionless customer experience foremost because fraudsters are always the early adopters. Make sure to read our perspective paper to see why emerging channels call for advanced fraud identification techniques and what myself and other industry leaders had to say on the topic of mobile payments:

More than ever before, there may now be credence in the view that the majority of consumers’ personally identifiable information (PII), user names and passwords, and even some authentication tokens have been, or are, at risk of compromise.  Between sophisticated hacking schemes and regularly reported and sometimes unreported data breaches, those charged with implementing and maintaining identity authentication and management systems must assume this to be true.  In doing so, the need for layered authentication becomes readily apparent.  Layered authentication can mean many things to many people, but I would offer it up as diversifying authentication and risk assessment techniques and processes across multiple elements and attributes throughout the customer lifecycle.  These elements and attributes corresponding techniques can include: traditional PII validation and verification identity transaction link analysis and risk attribute derivation credit and non-credit data and risk attributes identity risk scores knowledge-based authentication question performance device intelligence and risk assessment credentials biometrics and should be layered proportionally by inherent risk per application, addressable population, transaction history and types, current transaction, and access channel for example.  Industry guidance such as the FFIEC Guidance of Authentication in an Internet Banking Environment is a solid foundational direction that calls out the need for institutions to move beyond simple device identification — such as IP address checks, static cookies and challenge questions derived from customer enrollment information — to more complex device intelligence and more complex out-of-wallet identity verification procedures.  I would suggest that while this is a great start, it is by no means comprehensive.  Institutions across all markets, both private and public sectors, should be exploring all available services and technologies in an effort to reduce reliance on one or only a few methods of authentication and identity management.  Particularly, again, assuming that the one method an institution may rely on could be greatly weakened or without value if subject to mass compromise. Make sure to read our Comply whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.   Learn more about how your business can authenticate consumers confidently.