It’s impossible to capture all of the insights and learnings of 36 breakout sessions and several keynote addresses in one post, but let’s summarize a few of the highlights from the first day of Vision 2016. 1. Who better to speak about the state of our country, specifically some of the threats we are facing than Leon Panetta, former Secretary of Defense and Director of the CIA. While we are at a critical crossroads in the United States, there is room for optimism and his hope that we can be an America in Renaissance. 2. Alex Lintner, Experian President of Consumer Information Services, conveyed how the consumer world has evolved, in large part due to technology: 67 percent of consumers made purchases across multiple channels in the last six months. More than 88M U.S. consumers use their smartphone to do some form of banking. 68 percent of Millennials believe within five years the way we access money will be totally different. 3. Peter Renton of Lend Academy spoke on the future of Online Marketplace Lending, revealing: Banks are recognizing that this industry provides them with a great opportunity and many are partnering with Online Marketplace Lenders to enter the space. Millennials are not the largest consumers in this space today, but they will be in the future. Sustained growth will be key for this industry. The largest platforms have everything they need in place to endure – even through an economic downturn.In other words, Online Marketplace Lenders are here to stay. 4. Tom King, Experian’s Chief Information Security Officer, addressed the crowds on how the world of information security is growing increasingly complex. There are 1.9 million records compromised every day, and sadly that number is expected to rise. What can businesses do? “We need to make it easier to make the bad guys go somewhere else,” says King. 5. Look at how the housing market has changed from just a few years ago: Inventory continues to be extraordinarily lean. Why? New home building continues to run at recession levels. And, 8.5 percent of homeowners are still underwater on their mortgage, preventing them from placing it on the market. In the world of single-family home originations, 2016 projections show that there will be more purchases, less refinancing and less volume. We may see further growth in HELOC’s. With a dwindling number of mortgages benefiting from refinancing, and with rising interest rates, a HELOC may potentially be the cheapest and easiest way to tap equity. 6. As organizations balance business needs with increasing fraud threats, the important thing to remember is that the customer experience will trump everything else. Top fraud threats in 2015 included: Card Not Present (CNP) First Party Fraud/Synthetic ID Application Fraud Mobile Payment/Deposit Fraud Cross-Channel FraudSo what do the experts believe is essential to fraud prevention in the future? Big Data with smart analytics. 7. The need for Identity Relationship Management can be seen by the dichotomy of “99 percent of companies think having a clear picture of their customers is important for their business; yet only 24 percent actually think they achieve this ideal.” Connecting identities throughout the customer lifecycle is critical to bridging this gap. 8. New technologies continue to bring new challenges to fraud prevention. We’ve seen that post-EMV fraud is moving “upstream” as fraudsters: Apply for new credit cards using stolen ID’s. Provision stolen cards into mobile wallet. Gain access to accounts to make purchases.Then, fraudsters are open to use these new cards everywhere. 9. Several speakers addressed the ever-changing regulatory environment. The Telephone Consumer Protection Act (TCPA) litigation is up 30 percent since the last year. Regulators are increasingly taking notice of Online Marketplace Lenders. It’s critical to consider regulatory requirements when building risk models and implementing business policies. 10. Hispanics and Millennials are a force to be reckoned with, so pay attention: Millennials will be 81 million strong by 2036, and Hispanics are projected to be 133 million strong by 2050. Significant factors for home purchase likelihood for both groups include VantageScore, age, student debt, credit card debt, auto loans, income, marital status and housing prices. More great insights from Vision coming your way tomorrow!
Four Experian employees reflect on financial lessons and challenges learned during their time served in the military. Pedro Martinez, based at Camp Lejeune in North Carolina, was earning a monthly salary of just $680 as a Private First Class for the Marine Corps. in 1988. Winter was nearing, and since he was living off base, he needed a heater. “I was able to purchase one with ‘easy credit’ for $15 per month, for 18 months,” said Martinez, now living in Costa Rica. “I ended up paying a lot more than driving to Kmart and getting one there if I had the money. But for the purchase I was able to make at the time, I had to finance it, and I remember the interest rate was almost 40 percent.” Fast forward decades later, and Martinez recalls those same “easy credits” and payday loans surround local bases. Advance paycheck services offering rates of 30 percent and beyond for brief, 15-day cycles abound. While military base consumer advisors can encourage personnel to steer clear, more formal protections have been lacking. Until now. “The Military Lending Act is definitely a great measure to assure a fair consumer treatment, regulate high-interest rates, and safeguard families from going bankrupt,” said Martinez. No one can tell the stories of military life better than those who have lived it. They understand the training, sacrifices, day-to-day grind as well as the experiences of managing life on base and far from home. Financial education is lacking among all consumer groups in the country, and it is easy for a few credit mishaps to take individuals to a place where they soon find themselves struggling to get out of debt and obtain affordable credit. “I witnessed countless friends in the military finance furniture, receive cash advances and take out loans on their cars, which ultimately hurt them financially,” said Marshall Abercrombie, who served five years as a Navy Corpsman with the Marines. “Unfortunately, there are more title loans, cash advance and furniture leasing companies found within military towns compared to legitimate financial institutions. So, when you combine word-of-mouth, inexperience and easy access you end up with necessary legislature like the Military Lending Act.” Abercrombie, who currently resides in the southeast, claims his first “solo” experience with a financial institution saved him from falling down a bad path. “I can remember gripping my diploma thinking ‘now what am I going to do with all this money I’m about to start making?’” said Abercrombie. “Fortunate for me I was immediately greeted by a very eager representative of Armed Forces Bank. Despite being only 19 years old, looking back it’s apparent how much opportunity someone like me represented to a bank given I now had a government job that required I set up auto-deposit for future paychecks.” Especially for those military members sent overseas, opportunities and challenges can be unique. Michael Kilander, now a Southern California resident, was deployed overseas in Germany in the early 90s with his wife and ran into trouble with a large U.S. bank. “We had a credit card that we fell a month behind in paying,” says Kilander. “We had the money each time but did not receive the statement/ bill until a week after the due date. The military mail system took a great deal of time, particularly if you lived off base in the local Germany economy, as we did. We asked if the bank could mail the bill a little earlier, but they refused and were uninterested in the challenges of the APO system. Consequently we had to keep track of the amount spend on the card and estimate the likely charges and pay before we received the bill. We switched cards a few months later.” Raymond Reed, who enlisted with the Navy out of high school, was luckily advised by his parents to join a military credit union. “I did not realize I needed credit, and assumed credit was only offered to those with savings,” said Reed. “During my Navy tour, I joined a military credit union and since I did not have standard expenses, other than car insurance, which was covered by my paychecks. At the end of my tour, I saved and paid cash for my motorcycle, as I was accustomed to since I had a nice savings established.” The stories of stresses and opportunities surrounding military and credit are diverse and widespread, but the positive news is updated regulations will add increased protections. Learn more about the Servicemembers Civil Relief Act and now enhanced Military Lending Act to understand the varying protections, as well as discover how financial institutions can comply and best support military credit consumers and their families.
Television had its Twilight Zone, the Emmy-winning anthology series featuring tales rich in fantasy, morality and irony. Today\'s economy has its own Twilight Zone. It lies between the legitimate economy with its weekly paychecks, W2 forms and 401(K) plans, and the underground economy with its unreported, all-cash transactions. Call them \"The Unbanked.\" Call them \"The Credit Invisibles.\" Whatever label you choose, these men and women -- who number in the millions - want access to credit, but can’t be easily accessed with traditional credit models, and they lack a smooth on-ramp to grow in the credit universe. How a Worker Becomes \"Credit Invisible\" America\'s \"credit invisibles\" tend to be minimum- or low-wage workers. They exist in virtually every industry, although they tend to be concentrated in agriculture, food service, construction and manufacturing. Some work full-time for a single employer, while others work part-time or on a gig-by-gig basis. The FDIC estimates some 10 million Americans currently fit the definition of unbanked, while an additional 28.4 million are underbanked. Instead of traditional banks, this population tends to use the services of private check-cashing services and payday lenders for their financial services, which is not always advantageous for the consumer with these services’ sizeable expenses and transaction fees. The Payroll Card Alternative Recognizing the perils inherent in the current system, a number of companies have developed solutions to help those individuals who cannot and will not establish traditional checking and savings accounts. SOLE® Financial, a financial services company headquartered in Portland, Ore, offers the SOLE Visa® Payroll Card, allowing employees to enjoy the benefits associated with direct deposit checking accounts without the costs and restrictions traditional banks often impose. \"From a payroll standpoint, paycards function just like bank accounts,” explained Taylor Ellsworth, content marketing manager for SOLE Financial. “The transfer happens on the exact same timeline as the paychecks that employers deposit to traditional bank accounts.” Additionally, any bill from a vendor that accepts electronic payments - either online or with a card number over the phone - can accept payments from the SOLE paycard. \"For bills like rent, which sometimes can only be paid with a check or money order, cardholders can log in and use the bill pay option for $1 per bill to have a check issued to their landlord -- or any other recipient -- from their account,” said Ellsworth. Helping Credit Invisibles Build Personal Credit Files Another way companies are helping credit invisibles become visible is by considering non-retail payments, such as payments to utility companies, as part of a personal payment history. Traditionally payments to gas, electric, telephone, cable and other household service providers are generally not being reported unless the consumer is severely delinquent and thus on-time payment history is not included in credit scores. Experian recently investigated how including payments to energy utilities could affect men and women with \"thin-file\" credit portfolios. The subprime and nonprime consumers in the study received the greatest positive score impact, with 95 percent of subprime consumers and 75 percent of nonprime consumers experiencing a positive score change. A resounding 82 percent of subprime consumers in the study received a positive score impact of 11 points or more. The average VantageScore 3.0 score change for all participants was an increase of 28 points. Experian concluded, \"positive energy-utility reporting presents an opportunity for energy companies to play a key role in helping their consumers build credit history. The ability for many of these consumers to become credit-scoreable, build a more robust credit file and potentially migrate to a better risk segment simply by paying their energy bills on time each month is powerful and represents an opportunity for positive change that should be not overlooked.\" Conclusion With income inequality growing, there is an increasing pressure to find ways to improve the prospects of the tens of millions of Americans who live on the farthest edges of the American economy. New technologies and ways of looking at credit can offer the unbanked and the under-banked ways to improve their economic situation and move closer to the mainstream. By bringing these millions into the light, those who issue and evaluate credit will create millions of new customers who can, in turn, add new energy to the American economy.
This article first appeared in Baseline Magazine Since it is possible for cyber-criminals to create a synthetic person, businesses must be able to differentiate between synthetic and true-party identities. Children often make up imaginary friends and have a way of making them come to life. They may come over to play, go on vacation with you and have sleepover parties. As a parent, you know they don’t really exist, but you play along anyway. Think of synthetic identities like imaginary friends. Unfortunately, some criminals create imaginary identities for nefarious reasons, so the innocence associated with imaginary friends is quickly lost. Fraudsters combine and manipulate real consumer data with fictitious demographic information to create a “new” or “synthetic” individual. Once the synthetic person is “born,” fraudsters create a financial life and social history that mirrors true-party behaviors. The similarities in financial activities make it difficult to detect good from bad and real from synthetic. There really is no difference in the world of automated transaction processing between you and a synthetic identity. Often the synthetic “person” is viewed as a thin or shallow file consumer— perhaps a millennial. I have a hard time remembering all of my own passwords, so how do organized “synthetic schemes” keep all the information usable and together across hundreds of accounts? Our data scientists have found that information is often shared from identity to identity and account to account. For instance, perhaps synthetic criminals are using the same or similar passwords or email addresses across products and accounts in your portfolio. Or, perhaps physical address and phone records have cross-functional similarities. The algorithms and sciences are much more complex, but this simplifies how we are able to link data, analytics, strategies and scores. Identifying the Business Impact of Synthetic-Identity Fraud Most industry professionals look at synthetic-identity fraud as a relatively new fraud threat. The real risk runs much deeper in an organization than just operational expense and fraud loss dollars. Does your fraud strategy include looking at all types of risk, compliance reporting, and how processes affect the customer experience? To identify the overall impact synthetic identities can have on your institution, you should start asking: Are you truly complying with \"Know Your Customer\" (KYC) regulations when a synthetic account exists in your active portfolio? Does your written \"Customer Identification Program\" (CIP) include or exclude synthetic identities? Should you be reporting this suspicious activity to the compliance officer (or department) and submitting a suspicious activity report (SAR)? Should you charge off synthetic accounts as credit or fraud losses? Which department should be the owner of suspected synthetic accounts: Credit Risk, Collections or Fraud? Do you have run any anti-money laundering (AML) risk when participating in money movements and transfers? Depending on your answers to the above questions, you may be incurring potential risks in the policies and procedures of synthetic identity treatment, operational readiness and training practices. Since it is possible to create a synthetic person, businesses must be able to differentiate between synthetic and true-party identities, just as parents need to differentiate between their child\'s real and imaginary friends.
Device emulators — wolves in sheep’s clothing Despite all the fraud prevention systems and resources in the public and private sectors, online fraud continues to grow at an alarming rate, offering a low-risk, high-reward proposition for fraudsters. Unfortunately, the Web houses a number of easily accessible tools that criminals can use to perpetrate fraud and avoid detection. The device emulator is one of these tools. Simply put, a device emulator is one device that pretends to be another. What began as innovative technology to enable easy site testing for Web developers quickly evolved into a universally available tool that attackers can exploit to wreak havoc across all industry verticals. While it’s not new technology, there has been a significant increase in its use by criminals to deceive simple device identification and automated risk-management solutions to carry out fraudulent activities. Suspected device emulation (or spoofing) traffic historically has been difficult to identify because fraud solutions rely heavily on reputation databases or negative lists. Detecting and defeating these criminals in sheep’s clothing is possible, however. Leveraging Experian’s collective fraud intelligence and data modeling expertise, our fraud research team has isolated several device attributes that can identify the presence of an emulator being used to submit multiple transactions. Thanks to these latest FraudNet rule sets, financial institutions, ecommerce merchants, airlines, insurers and government entities alike now can uncloak and protect against many of these cybercriminals. Unfortunately, device emulators are just one of many tools available to criminals on the Dark Web. Join me at Vision 2016, where U.S. Secret Service and I will share more tales from the Dark Web. We will explore the scale of the global cybercrime problem, walk through the anatomy of a typical hack, explain how hackers exploit browser plug-ins, and describe how enhanced device intelligence and visibility across all channels can stop fraudsters in their tracks. Listen to Mike Gross as he shares a short overview of his Vision 2016 breakout session in this short video. Don’t miss this innovative Vision 2016 session! See you there.
April is Financial Literacy Month, a special window of time dedicated to educating Americans about money management. But as stats and studies reveal, it might be wise to spend every month shining some attention on financial education, an area so many struggle to understand. Obviously no one wants to talk money day in and day out. It can be complicated, make us feel bad and serve as a source of stress. But as the saying goes, information is power. Over the years, Experian has worked to understand the country’s state of credit. Which states sport higher scores? Which states struggle? How do people pay down their debts? And what are the triggers for when accounts trail into collections? In the consumer space especially, we’ve surveyed individuals about how they feel about their own credit as it pertains to a number of different variables and life stages. Home Buying: 34% of future home buyers say their credit might hurt their ability to purchase a home 45% of future home buyers delayed a purchase to improve their credit to get better interest rates Holiday Shopping: 10% of consumers and 18% of millennials say holiday shopping has negatively affected their credit score Newlywed Life: 60% believe it is important for their future spouse to have a good credit score 39% say their spouse’s credit score or their credit score has been a source of stress in their marriage 35% of newlyweds believe they are “very knowledgeable” regarding credit scores and reports And let’s not forget Millennials: 71% of millennials believe they are knowledgeable when it comes to credit, yet: millennials overestimate their credit score by 29 points 32% do not know their credit score 61% check their credit report less than every 3 months 57% feel like the odds are stacked against them when it comes to finances and 59% feel like they are “going it alone” when it comes to finances The message is clear. Finances are simply a part of life, but can obviously serve as a source of stress. Establishing and growing credit often starts at a young age, and runs through every major life event. Historically, high school is where the bulk of financial literacy programs have targeted their efforts. But even older adults, who have arguably learned something about personal finances by managing their own, could stand a refresher on topics ranging from refinancing to retirement to reverse mortgages. Over the next month, Experian will touch on several timely financial education topics, including highlighting the top credit questions asked, the future of financial education in the social media space, investing in retirement, ways to teach your kids about money, and how to find a legit credit counselor. But Experian explores financial education topics weekly too, committed to providing consistent resources to both businesses and consumers via weekly tweet chats, blog posts and live discussions on periscope. There is always an opportunity to learn more about finances. Throughout the year, different issues pop up, and milestone moments mean we need to brush up on the latest ways to spend and save. It’s nice so many financial institutions make a special point to highlight financial education in April, but hopefully consumers and lenders alike continue to dedicate time to this important topic every month. Managing money is a lifelong task, so tips and insights are always welcome. Right? Check out the wealth of resources and pass it on. For a complete picture of consumer credit trends from Experian\'s database of over 230 million consumers, purchase the Experian Market Intelligence Brief.
Identity management traditionally has been made up of creating rigid verification processes that are applied to any access scenario. But the market is evolving and requiring an enhanced Identity Relationship Management strategy and framework. Simply knowing who a person is at one point in time is not enough. The need exists to identify risks associated with the entire identity profile, including devices, and the context in which consumers interact with businesses, as well as to manage those risks throughout the consumer journey. The reasoning for this evolution in identity management is threefold: size and scope, flexible credentialing and adaptable verification. First, deploying a heavy identity and credentialing process across all access scenarios is unnecessarily costly for an organization. While stringent verification is necessary to protect highly sensitive information, it may not be cost-effective to protect less-valuable data with the same means. A user shouldn’t have to go through an extensive and, in some cases, invasive form of identity verification just to access basic information. Second, high-friction verification processes can impede users from accessing services. Consumers do not want to consistently answer multiple, intrusive questions in order to access basic information. Similarly, asking for personal information that already may have been compromised elsewhere limits the effectiveness of the process and the perceived strength in the protection. Finally, an inflexible verification process for all users will detract from a successful customer relationship. It is imperative to evolve your security interactions as confidence and routines are built. Otherwise, you risk severing trust and making your organization appear detached from consumer needs and preferences. This can be used across all types of organizations — from government agencies and online retailers to financial institutions. Identity Relationship Management has three unique functions delivered across the Customer Life Cycle: Identity proofing Authentication Identity management Join me at Vision 2016 for a deeper analysis of Identity Relationship Management and how clients can benefit from these new capabilities to manage risk throughout the Customer Life Cycle. I look forward to seeing you there!
It’s the “Battle of the Sexes” credit edition. Who sports higher scores, less debt and more on-time payments? According to Experian’s latest analysis, women take the credit title. Thank you very much. The report analyzed multiple categories including credit scores, average debt, number of open credit cards, utilization ratios, mortgage amounts and mortgage delinquencies of men and women in the United States. Results revealed: Women’s average credit score of 675 compared to men’s score of 670 Women have 3.7 percent less average debt than men Women have 23.5 percent more open credit cards Women and men have the same revolving utilization ratio of 29.9 percent Women’s average mortgage loan amount is 7.9 percent less than men’s Women have a lower incidence of late mortgage payments by 8.1 percent “There were several gaps between men and women in this study, including the five-point credit score lead that the women hold,” said Michele Raneri, Experian’s Vice President of Analytics and New Business Development. “Even with more credit cards, women have fewer overall debts and are managing to pay those debts on time.” The report also takes a look at the vehicle preferences of men and women and how those choices play into their overall credit and financial health. Below are the top-line results: Women were more likely to purchase a more functional, utilitarian vehicle, while men tended to lean toward sports cars and trucks The top three vehicle segments men purchased in 2015 were mid-size pickup trucks, large pickup trucks and standard specialty cars. In fact, they were 1.37 times more likely to purchase a mid-sized pickup truck than the general population The top three vehicle segments for women were small crossover-utility vehicles, mid-size sports-utility vehicles and compact crossover-utility vehicles. Women were 1.40 times more likely to purchase the small crossover-utility vehicle than the general population Experian conducted a similar study, comparing men and women on various credit attributes in 2013. At that time, women also scored higher than men in the credit score category - holding steady with a 675 VantageScore compared to the men’s 674 VantageScore, but the gap has widened, with the men’s score further lowering to 670. While men’s scores have dropped since 2013, the overall financial health for both sexes is strong. Most notably, the mortgage 60-plus delinquency rate has dropped significantly. In the 2013 pull, men were tracking at 5.7 percent and women were 5.3 percent. Today, those numbers have dropped to .86 percent for men and .79 percent for women. What a difference a few years has made in regards to the recovering housing market. Time will tell if the country’s state of credit will continue to trend higher, as indicated in the 2015 annual report, or if the buzz of potential recession and an election year will reverse the positive trend. As for now, the women once again claim bragging rights as it pertains to credit. Analysis methodology The analysis is based on a statistically relevant, sampling of depersonalized data of Experian’s consumer credit database from December 2015. Gender information was obtained from Experian Marketing Services.
Proven identity and device authentication to minimize identity tax return fraud Identity fraud places an enormous burden on its victims and presents a challenge to businesses, organizations and government agencies, including the IRS and all state revenue authorities. Tax return fraud occurs when an attacker uses a consumer’s stolen Social Security number and other personal information to file a tax return, often claiming a significant refund. The IRS is challenged by innovative fraudsters continually trying to outsmart its current risk strategies around prevention, detection, recovery and victim assistance. And with the ever-increasing number of identity data compromised and tax return fraud victims, it’s necessary to question whether tax preparation companies are doing all they can to keep personally identifiable information (PII) secure and screen for fraud before forms are submitted. “ID theft isn’t just credit card fraud,” said Rod Griffin, Director of Public Education for Experian. A recent Experian online survey indicated that nearly 76 percent of consumers are familiar with ID theft and tax fraud — up significantly from the past two years. And 28 percent of those surveyed have been a victim or know a victim of tax fraud. To protect all parties’ interests, tax preparation agencies are challenged by today’s savvy fraudsters who have reaped the benefits of recent breaches. In order to protect consumers, organizations need to apply comprehensive, data-driven intelligence to help thwart identity fraud and the use of stolen identity data via fraudulent returns. The key to securing transactions, reducing friction and providing a consistently satisfying customer experience, online and offline, is authenticating consumers in a clear and frictionless environment. As a result, it’s necessary to have reliable customer intelligence based on both high-quality contextual identity and device attributes alongside other authentication performance data. Comprehensive customer intelligence means having a holistic, bound-together view of devices and identities that equips companies and agencies with the tools to balance cost and risk without increasing transactional friction. Businesses and agencies must not rely on a singular point of customer intelligence gathering and decisioning, but must move to more complex device identification and out-of-wallet verification procedures. Effective solutions typically involve a layered approach with several of the following: Identity transaction link analysis and risk attribute derivation Device intelligence and risk assessment Credit and noncredit data and risk attributes Multifactor authentication, using one-time passcodes via SMS messaging Identity risk scores Dynamic knowledge-based authentication questions Traditional PII validation and verification Biometrics and remote document verification Out-of-band alerts, communications and confirmations Contextual account, transaction and channel purview Additionally, government agencies must adhere to recognized standards, such as those prescribed by the National Institute of Standards and Technology to establish compliance. The persistent threat of tax fraud highlights the urgent need for businesses and agencies to continue educating consumers and more importantly, to improve the strategic effectiveness of their current solutions processes. Learn more about Experian Fraud and Identity Solutions, including government-specific treatments, and how the most effective fraud prevention and identity authentication strategy leverages multiple detection capabilities to highlight attackers while enabling a seamless, positive experience for legitimate consumers.
2015 data shows where billing and shipping e-commerce fraud attacks occur in the United States Experian e-commerce fraud attacks and rankings now available Does knowing where fraud takes place matter? With more than 13 million fraud victims in 2015,[1] assessing where fraud occurs is an important layer of verification when performing real-time risk assessments for e-commerce. Experian® analyzed millions of e-commerce transactions from 2015 data to identify fraud-attack rates across the United States for both shipping and billing locations. View the Experian map to see 2015 e-commerce attack rates for all states and download the top 100 ZIP CodeTMrankings. “Fraud follows the path of least resistance. With more shipping and billing options available to create a better customer experience, criminals attempt to exploit any added convenience,” said Adam Fingersh, Experian general manager and senior vice president of Fraud & Identity Solutions. “E-commerce fraud is not confined to larger cities since fraudsters can ship items anywhere. With the switch to chip enabled credit card transactions, and possible growth of card-not-present fraud, our fraud solutions help online businesses monitor their riskiest locations to prevent losses both in dollars and reputation in the near term.” For ease of interpretation, billing states are associated with fraud victims (the address of the purchaser) and shipping states are associated with fraudsters (the address where purchased goods are sent). According to the 2015 e-commerce attack rate data: Florida is the overall riskiest state for billing fraud, followed by Delaware; Washington, D.C.; Oregon and California. Delaware is the overall riskiest state for shipping fraud, followed by Oregon, Florida, California and Nevada. Eudora, Kan., has the overall riskiest billing ZIP Code (66025). The next two riskiest ZIPTM codes are located in Miami, Fla. (33178) and Boston, Mass. (02210). South El Monte, Calif., has the overall riskiest shipping ZIP Code (91733). The next four riskiest shipping ZIP codes are all located in Miami. Overall, five of the top 10 riskiest shipping ZIP codes are located in Miami. Defiance, Ohio, has the least risky shipping ZIP Code (43512). The majority of U.S. states are at or below the average attack rate threshold for both shipping and billing fraud, with only seven states — Florida, Oregon, Delaware, California, New York, Georgia and Nevada — and Puerto Rico ranking higher than average. This indicates that attackers are targeting consumers equally in the higher-risk states while leveraging addresses from both higher- and lower-risk states to ship and receive fraudulent merchandise. Many of the higher-risk states are located near a large port-of-entry city, including Miami; Portland, Ore.; and Washington, D.C., perhaps allowing criminals to move stolen goods more effectively. All three cities are ranked among the riskiest cities for both measures of fraud attacks. Neighboring proximity to higher-risk states does not appear to correlate to any additional risk — Pennsylvania and Rhode Island are ranked as two of the lower-risk states for both shipping and billing fraud. Other lower-risk states include Wyoming, South Dakota and West Virginia. Experian analyzed millions of e-commerce transactions to calculate the e-commerce attack rates using “bad transactions” in relation to the total number of transactions for the 2015 calendar year. View the Experian map to see 2015 e-commerce attack rates for all states and download the top 100 ZIP Code rankings. [1]According to the February 2016 Javelin study 2016 Identity Fraud: Fraud Hits an Inflection Point.
Loyalty fraud and the customer experience Criminals continue to amaze me. Not surprise me, but amaze me with their ingenuity. I previously wrote about fraudsters’ primary targets being those where they easily can convert credentials to cash. Since then, a large U.S. retailer’s rewards program was attacked – bilking money from the business and causing consumers confusion and extra work. This attack was a new spin on loyalty fraud. It is yet another example of the impact of not “thinking like a fraudster” when developing a program and process, which a fraudster can exploit. As it embarks on new projects, every organization should consider how it can be exploited by criminals. Too often, the focus is on the customer experience (CX) alone, and many organizations will tolerate fraud losses to improve the CX. In fact, some organization build fraud losses into their budgets and price products accordingly — effectively passing the cost of fraud onto the consumers. Let’s look into how this type of loyalty fraud works. The criminal obtains your login credentials (either through breach, malware, phishing, brute force, etc.) and uses the existing customer profile to purchase goods using the payment method on file for the account. In this type of attack, the motivation isn’t to receive physical goods; instead, it’s to accumulate rewards points — which can then be used or sold. The points (or any other form of digital currency) are instant — on demand, if you will — and much easier to fence. Once the points are credited to the account, the criminal cashes them out either by selling them online to unsuspecting buyers or by walking into a store, purchasing goods and walking right out after paying with the digital currency. A quick check of some underground forums validates the theory that fraudsters are selling retailer points online for a reduced rate — up to 70 percent off. Please don’t be tempted to buy these! The money you spend will no doubt end up doing harm, one way or another. Now, back to the customer experience. Does having lax controls really represent a good customer experience? Is building fraud losses into the cost of your products fair to your customers? The people whose accounts have been hacked most likely are some of your best customers. They now have to deal with returning merchandise they didn’t purchase, making calls to rectify the situation, having their personally identifiable information further compromised and having to pay for the loss. All in all, not a great customer experience. All businesses have a fiduciary responsibility to protect customer data with which they have been entrusted — even if the consumer is a victim of malware, phishing or password reuse. What are you doing to protect your customers? Simple authentication technologies, while nice for the CX, easily can fail if the criminal has access to the login credentials. And fraud is not a single event. There are patterns and surveillance activities that can help to detect fraud at every phase of your loyalty program — from new account opening to account logins and updates to transactions that involve the purchase of goods or the movement of currency. As fraudsters continue to evolve and look for the least-protected targets, loyalty programs have come to the forefront of the battleground. Take the time to understand your vulnerability and how you can be attacked. Then take the necessary steps to protect your most profitable customers — your loyalty program members. If you want to learn more, join us MRC Vegas 16 for our session “Loyalty Fraud; It’s Brand Protection, Not Just Loss Prevention” and hear our industry experts discuss loyalty fraud, why it’s lucrative, and what organizations can do to protect their brand from this grey-area type of fraud.
What is blockchain? Blockchain is beginning to get a lot of attention, so I thought it might be time to figure out what it is and what it means. Basically, a blockchain is a permissionless, distributed database that maintains a growing list of records (transactions) in a linear, chronological (and time-stamped) ledger. At a high level, this is how it works. Each computer connected to the network gets a copy of the entire blockchain and performs the task of validating and relaying transactions for the whole chain. The batches of valid transactions added to the record are called “blocks.” A block is the “current” part of a blockchain that records some or all of the recent transactions and once completed goes into the blockchain as a permanent database. Each time a block gets completed, a new block is created, with every block containing a hash of the previous block. There are countless numbers of blocks in the blockchain. To use a conventional banking analogy, the blocks would be a full history of every banking transaction for every person, and the blockchain would be a complete banking history. The entire blockchain is sent to everyone who has access, and every user validates the information in the block. It’s like if Tom, Bob and Harry were standing on the street corner and saw a cyclist hit by a car. Individually, all three men will be asked if the cyclist was struck by the car, and all three will respond “yes.” The cyclist being hit by the car becomes part of the blockchain, and that fact cannot be altered. Blockchain generally is used in the context of bitcoin, where similar uses of the structure are called altchains. Why should I care or, at the very least, pay attention to this movement? Because the idea of it is inching toward the tipping point of mainstream. I recently read an article that identified some blockchain trends that could shape the industry in coming months. The ones I found most interesting were: Blockchain apps will be released Interest in use cases outside payments will pick up Consortia will prove to be important Venture capital money will flow to blockchain start-ups While it’s true that much of the hype around blockchain is coming from people with a vested interest, it is beginning to generate more generalized market buzz as its proponents emphasize how it can reduce risk, improve efficiency and ultimately provide better customer service. Let’s face it, the ability to maintain secure, fast and accurate calculations could revolutionize the banking and investment industries, as well as ecommerce. In fact, 11 major banks recently completed a private blockchain test, exchanging multiple tokens among offices in North America, Europe and Asia over five days. (You can read The Wall Street Journal article here.) As more transactions and data are stored in blockchain or altchain, greater possibilities open up. It’s these possibilities that have several tech companies, like IBM, as well as financial institutions creating what has become known as an open ledger initiative to use the blockchain model in the development of new technologies that will enable a wider array of services. There is no doubt that the concept is intriguing — so much so that even the SEC has approved a plan to issue stock via blockchain. (You can read the Wired article here.) The potential is enough to make many folks giddy. The idea that risk could become a thing of the past because of the blockchain’s immutable historical record — wow. It’s good to be aware and keep an eye on the open ledger initiative, but let’s not forget history, which has taught us that (in the wise words of Craig Newmark), “Crooks are early adopters.” Since blockchain’s original and primary usage has been with bitcoin, I don’t think it is unfair to say that there will be some perceptions to overcome — like the association of bitcoin to activities on the Dark Web such as money laundering, drug-related transactions and funding illegal activities. Until we start to see the application across mainstream use cases, we won’t know how secure blockchain is or how open business and consumers will be to embracing it. In the meantime, remind me again, how long has it taken to get to a point of practical application and more widespread use of biometrics? To learn more, click here to read the original article.
Ensure you’re protecting consumer data privacy Data Privacy Day is a good reminder for consumers to take steps to protect their privacy online — and an ideal time for organizations to ensure that they are remaining vigilant in their fight against fraud. According to a new study from Experian Consumer Services, 93 percent of survey respondents feel identity theft is a growing problem, while 91 percent believe that people should be more concerned about the issue. Online activities that generate the most concern include making an online purchase (73 percent), using public Wi-Fi (69 percent) and accessing online accounts (69 percent). Consumers are vigilant while online Most respondents are concerned they will fall victim to identity theft in the future (71 percent), resulting in a generally proactive approach to protecting personal information. In fact, almost 50 percent of respondents say they are taking more precautions compared with last year. Ninety-one percent take steps to secure physical information, such as shredding documents, while also securing digital information (using passwords and antivirus software). Many consumers also make sure to check their credit report (33 percent) and bank account statements (76 percent) at least once per month. There’s still room for consumers to be safer Though many consumers are practicing good security habits, some aren’t: More than 50 percent do not check to see if a Website is secure Fifty percent do not have all their Web-enabled devices password-protected because it is a hassle to enter a password (30 percent) or they do not feel it is necessary (25 percent) Fifty-five percent do not close the Web browser when they are finished using an online account Additionally, 15 percent keep a written record of passwords and PINs in their purse or wallet or on a mobile device or computer Businesses need to be responsible when it comes data privacy Customer-facing businesses must continue efforts to educate consumers about their role in breach and fraud prevention. They also need to be responsible and apply comprehensive, data-driven intelligence that helps thwart both breaches and the malicious use of breached information and protect all parties’ interests. Nearly 70 percent of those polled in a 2015 Experian–Ponemon Institute study said that the increased visibility and media reporting of breaches, including payment-related incidents, have caused their organizations to step up data security efforts. Experian Fraud & ID is uniquely positioned to provide true customer intelligence by combining identity authentication with device assessment and monitoring from a single integrated provider. This combination provides the only true holistic view of the customer and allows organizations to both know and recognize customers and to provide them with the best possible experience. By associating the identities and the devices used to access services, the true identity can be seen across the customer journey. This unique and integrated view of identity and device delivers proven superior performance in authentication, fraud risk segmentation and decisioning. For more insights into how businesses are responding to breach activities, download our recent white paper, Data confidence realized: Leveraging customer intelligence in the age of mass data compromise. For more findings from the study, view the results here.
Looking at true fraud rate I’ve talked with many companies over the years about their fraud problems. Most have a genuine desire to operate under the fraud prevention model and eliminate all possible fraud from their systems. The impact on profit is often the primary motivation for implementing solutions, but in reality most companies employ a fraud management schema, offsetting the cost of fraud with the cost of managing it. There are numerous write-ups and studies on the true cost of fraud. What most people don’t realize is that, for each item lost to fraud, a business operating on 10 percent net profit margins will need to sell 10 times the amount of product in order to recover the expense associated with the loss. These hard costs don’t include the soft dollar costs, such as increased call center expenses to handle customer calls. Recently, some organizations have started to add reputational risk into their cost-of-fraud equation. With the proliferation of social media, a few unhappy customers who have been victims of fraud easily can impact an organization’s reputation. This is an emerging fuzzy cost that eventually can be tied back to lost revenue or a drop in share price. Most companies say with pride that their acceptable fraud rate is zero. But when it comes time to choose a partner in fraud detection, it almost always comes down to return on investment. How much fraud can be stopped — and at what price? More informed organizations take all operational expenses and metrics into consideration, but many look at vendor price as the only cost. It’s at this point that they start to increase their acceptable fraud rate. In other words, if — hypothetically — Vendor A can stop only 80 percent of the fraud compared with Vendor B, but Vendor A costs less than 80 percent of what Vendor B costs, they’ll choose Vendor A. All of a sudden, their acceptable fraud rate is no longer zero. This method of decision making is like saying we’ll turn off the security cameras for 20 percent of the day because we can save money on electricity. On the surface, I understand. You have to be accountable to the shareholders. You have to spend and invest responsibly. Everyone is under pressure to perform financially. How many executives, however, take the time to see where those lost dollars end up? If they knew where the money went, would they change their view? We must be vigilant and keep our acceptable fraud rate at zero.
Payments and the Internet of things has been colliding for a while now – and it surfaced again recently with Mastercard announcing that it is working with an array of partners including Capital One to launch payments in connected devices. The thinking here seems to be that payments is a function in the Marlow’s pyramid of needs for any new consumer device. I am conflicted on this point – not that I don’t believe the Internet of Things isn’t important, but that we may be overthinking in how payments is important to be shoved inside everything that has a radio baked in. And not everything will have a radio in the future, and the role of a smartphone as the center of the connected device commerce universe isn’t going away. It is important to keep perspective here – as this announcement is less about coat sleeves hiding NFC chips with tokenized credit cards – rather it’s the commerce enablement of devices that we may carry on our person so that they can be armed for payment. Though I may disagree on whether a coat sleeve or jewelry are essential end-points in commerce, a platform of capabilities to challenge, authenticate and verify, and ultimately trust and provision a tokenized representation of something, whether its a card or a fragment of a consumer\'s identity, to a device that itself represents a collection of radios and sensors is very exciting. It is exciting because as device counts and assortments grow, they each have their own residual identity as a combination of things and behaviors that are either deterministic or probabilistic. The biggest shift we will see is that the collective device identities can be a far better and complete representation of customer identity that the latter will be replaced by the former. Name-centric identities will give away to algorithmically arrived ones. As Dan Geer puts it, no longer will I need to announce that I am Cherian, but my collection of devices will indeed do so on my behalf, perhaps in consultation with each other. More over, none of these devices need to replicate my identity in order to be trusted and tethered, either. Coming back to Payments, today my Fitbit’s claim to make a successful payment is validated way before the transaction, when I authorized provisioning by authenticating through a bank app or wallet. What would be interesting is when the reverse becomes true – when these class of devices that I own can together or separately vouch for my identity. We may forget usernames and passwords, fingerprints may prove to be irrevocable and rigid, but we will always be surrounded by a fog of devices that each carry a cryptographically unique and verifiable signature. And it will be up to the smartphone, its ecosystem and the devices that operate in its periphery to individually negotiate and establish trust among each of them. So this is why I believe the MasterCard effort in tokenizing devices is important when you view it in conjunction with the recent launch of SwiftID from CapitalOne. Payments getting shoved in to everyday things like wearables, disguises the more important effort of becoming a beachhead in establishing trust between devices, by using tokenization as the method of delivery. As you may have gathered by now, I am less excited of pushing cards in to devices (least of all – cars!) and more about how a trusted framework to carve out a tamper proof and secure cache within an untrusted device, along with the process to securely provision a token or a signed hash representing something of value, can serve as the foundation for future device – and by extension – user identity. On a side note, here’s a bit about pushing cards in to cars, and mistaking them for connected cars. To me there are only two connected car classes today. One is Tesla where each car on the road is part of the whole, each learning separately and together as they examine, encounter and learn the world around them to maneuver safely. The other is a button in an app that I hit to have a car magically appear in front of me. Other than Tesla and Uber, there are no other commercial instances of a connected car that appeals (Google has no cars you can buy, yet).
