Leveraging customer intelligence in the age of mass data compromise Hardly a week goes by without the media reporting a large-scale hack of sensitive personal or account information. Increasingly, the public seems resigned to believe that such compromises are the new normal, producing a kind of breach fatigue that may be lowering the expectations consumers have for identity and online security. Still, businesses must be vigilant and continue to apply comprehensive, data-driven intelligence that helps to thwart both breaches and the malicious use of breached information and to protect all parties’ interests. We recently released a new white paper, Data confidence realized: Leveraging customer intelligence in the age of mass data compromise, to help businesses understand how data and technology are needed to strengthen fraud risk strategies through comprehensive customer intelligence. At its core, reliable customer intelligence is based on high-quality contextual identity and device attributes and other authentication performance data. Customer intelligence provides a holistic, bound-together view of devices and identities that equips companies and agencies with the tools to balance cost and risk without increasing transactional friction and affecting the customer experience. In the age of mass data compromise, however, obtaining dependable information continues to challenge many companies, usually because consumer-provided identities aren’t always unique enough to produce fully confident decisioning. For more information, and to get a better sense of what steps you need to take now, download the full white paper.
Experian data shows consumers are more confident managing their credit since the recession. The Q3 2015 Experian Market Intelligence Brief was released today featuring data that highlights consumer credit card debt has now reached its highest level since Q4 2009. Credit card debt levels reached $650 billion in Q3 2015, the highest it has been since Q4 2009 when it was $667 billion. Credit card delinquency rates on outstanding balances 60 or more days past due have decreased 71 percent during the same time period. Combining those indicators with the national unemployment rate dropping 50 percent during the same span illustrates a positive economic outlook on credit card trends among lenders and consumers. “Overall credit card limits have increased 102 percent since Q4 2009 with $82 billion originated in Q3 2015,” said Kelly Kent, vice president of Experian Decision Analytics. “The increase in limits from lenders and the steady climb in credit card debt combined with exceptional delinquency rates signals greater confidence among consumers as they are showing more assurance in managing their credit since the recession. We expect to see credit card debt increase in Q4 based on historical seasonal trends driven by the holiday shopping season especially with the early positive holiday sales as a sign.” The Q3 2015 Experian Market Intelligence Brief report is now available.
It’s official. Millennials have surpassed Baby Boomers in population size, according to the US Census. And while they are quick to adopt the “selfie” and all things social, they have been slow to embrace the world of credit. Sure, there’s been increased regulation over the past decade, and coming into adulthood in the midst of the Great Recession hasn’t helped. But don’t count Millennials out of the credit game just yet. A deeper, more segmented view of this digital-dependent generation shows a very diverse population with plenty of opportunity for lenders. Plus, their sheer size in numbers and $200 billion in annual buying power demand financial institutions evolve to accommodate this massive market. As Gen Y comes of age, there is growing evidence they are open to building and growing their personal credit history. But if financial institutions wish to capture the attention and business of this demographic, they must adapt, leveraging deeper segmentation insights with more effective prospecting strategies to reach them. Experian\'s data reveals key trends in terms of how this generation is utilizing credit, tips and tools to find the most credit-ready individuals, and strategies to grow the thin-file Millennials as they come of age. “Given the significance millennials play in financial services and the credit marketplace, it is crucial to understand this influential consumer segment and how they use credit as a tool,” said Michele Raneri, vice president of analytics and business development. “While this generation may not look like they are on the right track financially, it’s important to keep in mind that credit scores are built on credit experiences, and while this generation has been slower to use credit, they have plenty of opportunities to build a positive credit history.” To learn more about Millennials and credit, visit Experian.com/millennials.
Customer Experience during the holiday shopping season During the holidays, consumers transact at a much greater rate than any other time of the year. Many risk-management departments respond by loosening the reins on their decision engines to improve the customer experience — and to ensure that this spike does not trigger a response that would impede a holiday shopper’s desire to grab one more stocking stuffer or a gift for a last-minute guest. As a result, it also is the busy season for fraudsters, and they use this act of goodwill toward your customers to improve their criminal enterprise. Ultimately, you are tasked with providing a great customer experience to your real customers while eliminating any synthetic ones. Recent data breaches resulted in large quantities of personally identifiable information that thieves can use to create synthetic identities being published on the Dark Web. As this data is related to real consumers, it can be difficult for your identity-authentication solution to determine that these identities have been compromised or fabricated, enabling fraudsters to open accounts with your organization. Experian’s Identity Element Network™ can help you determine when synthetic identities are at work within your business. It evaluates nearly 300 data-element combinations to determine if certain elements appear in cyberspace frequently or are being used in combination with data not consistent with your customer’s identity. This proven resource helps you manage fraud across the Customer Life Cycle and hinder the damage that identity thieves cause. Identity Element Network examines a vast attribute repository that grows by more than 2 million transactions each day, revealing up-to-date fraud threats associated with inconsistent or high-risk use of personal identity elements. Our goal is to provide the comfort of knowing that you are transacting with your real customers. Don’t get left in the cold this holiday season — fraudsters are looking for opportunities to take advantage of you and your customers. Contact your Experian account executive to learn how Identity Element Network can help make sure you are not letting fraudsters exploit the customer experience intended for your real customers. Learn more about the delicate balance between customer and criminal by viewing our fraud e-book.
Electronic signatures and their emerging presence in our Internet-connected world I had the opportunity to represent Experian at the eSignRecords 2015 conference in New York City last week. The concept of electronic signature, while not new, certainly has an emerging presence in the Internet-connected world — as evidenced by the various attendee companies that were represented, everything from home mortgages to automobiles. Much of the discussion focused on the legal aspects of accepting an electronic signature in lieu of an in-person physical signature. The implications of accepting this virtual stamp of approval were discussed, as well as the various cases that already have been tried in court. Of course, the outcome of those cases shapes the future of how to properly integrate this new form of authorization into existing business processes. Attendees discussed the basic concept of simply accepting a signature on an electronic pad as opposed to one written on a piece of paper. That act alone has many legal challenges even though it provides the luxury of in-person authentication through a face-to-face meeting. The complexities and risk increase exponentially when these services are extended over the Internet. The ability to sign documents virtually opens up a whole new world of business opportunities, and the concept certainly caters to the consumer’s need for convenience. However, the anonymity of the Internet presents the everyday challenge of balancing consumer expectations of greater ease of use with necessary fraud prevention measures. Ultimately, it always comes back to understanding who is actually signing that document. All of this highlights the need for robust authentication and security measures. As more and more legal documents and contracts are passed around virtually, the opportunity to properly screen and verify who has access to the documents gets more critical. Many organizations still rely on the tried-and-true method of knowledge-based authentication (KBA), while many others have called for its end. KBA continues to soldier on as an effective way to ensure that people on the other end of the wire are who they say they are by asking questions that — presumably — only they know the answers to. In most cases, KBA is viewed as a “check the box” step in the process to satisfy the lawyers. In certain cases, that’s all you need to do to ensure compliance with legal policy or regulatory requirements. It starts to get tricky is when there’s more on the line than just “check the box” actions. When the liability of first- or third-party fraud, becomes greater than simple compliance, it’s time to implement tighter security, while at the same time limiting the amount of friction caused by the process. Many in attendance discussed the need for layers of authentication based on the type of documents that are being processed and handled. This speaks directly to the point that one size does not fit all. As the industry matures and acceptance of e-signatures increases, so too does the need for more robust, flexible options in authentication. Another topic — that was quite frankly foreign to everyone we talked to — was the need for security around the concept of account takeover. When discussing this type of fraud, most attendees did not even consider this to be a hole in their strategy. Consider this fictional scenario. I’m responsible for mergers and acquisitions for my publicly traded company. I often share confidential information via electronic means, leveraging one of the many electronic signature solutions on the market. I become a victim of a phishing attack and unknowingly provide my login credentials to the fraudster. The fraudster now has access to every electronic document that I have shared with various organizations — most of which have been targets for mergers and acquisitions. Fraudsters are creative. They exploit new technologies — not because they’re trendsetters, but because oftentimes these new technologies fail to consider how fraudsters can benefit from the system. If you are considering adopting e-signature as a formal process, please consider implementing: Flexible levels of authentication based on the risk and liability of the documents that are being presented and what they are protecting FraudNet for Account Takeover, which enhances security around access to these critical documents to protect against data breaches Not only the needs and experiences of your own business, but customer needs as well to enable to the best possible customer interactions If you haven’t considered implementing e-signature technology into your business process, you should — but be sure to have your fraud team present when considering the implementation.
Hello from the other side ... While Adele scores big on the Billboard Hot 100 by crooning of coming to terms with a lover from the past, a new Experian “State of Credit” reveals we are officially on the “other side” of the recession – at least if you’re looking at the nation’s credit scores. While the bottom of the Great Recession was reached in the second quarter of 2009, steady job growth was not seen until 2011, and even since, some economists claim it has been a \"Tortoise Recovery.” But key findings from Experian’s 6th annual study, ranking top and bottom cities across the nation in regards to credit, suggests the U.S. is strong. “If I were to give a grade to the overall picture of credit in the United States, I would give it an A minus,” said Michele Raneri, Experian’s vice president of analytics and new business development. “I’m optimistic about the state of credit as we are seeing more loans being extended, late payments are decreasing and consumers are continuing to gain more confidence in originating loans. There definitely is growth and momentum — we’re back to prerecession levels in nearly every category, which means lenders are in a prime position to capitalize on this market and foster business growth.” Which states topped the credit charts? As in previous years, Minnesota continues to shine with three of its cities — Mankato, Rochester and Minneapolis — leading with credit scores of 706, 705 and 704, respectively. Greenwood, Miss. and Albany, Ga. ranked the lowest with scores of 612 and 622. While still at the bottom of the list with a score of 612, Greenwood, Miss., residents did improve their score by three points, more than any other city in the bottom 10. Overall, the report reveals the national credit score increased by three points over the last year (and by five points since 2013) and the 10 cities with the highest credit scores in the nation increased their scores by an average of 1.8 points. Additionally, bankcards, retail cards and mortgage lending showed significant growth, making this year’s study an indicator of the nation’s confidence in the credit market. Just in time for the election year, this year’s study includes insight into how residents of these top and bottom metropolitan statistical areas (MSAs) identify politically. The study found that half of the highest-scoring cities have residents whose views skew more middle of the road, while residents of lower-scoring cities are more likely to lean conservative. The full lists of the top 10 and bottom 10 cities are featured (scores are rounded to the nearest whole number). Detailed study highlights include the following changes over the last year: The national VantageScore® credit score is up by three points, from 666 to 669. Bankcard lending continues to increase, with new bankcards up 7.7 percent. The average number of bankcards per consumer is up 2.8 percent to 2.24 cards. Retail card lending also is on the rise, with a 10.8 percent increase in new originations. The average number of retail cards per consumer is up 0.3 percent to 1.55 cards from last year and up by 7 percent since 2013. Instances of late payments (includes bankcard and retail) decreased by 4.4 percent over the last year and by 17.3 percent since the height of the recession in 2010. Average debt2 is up 2.1 percent to $29,093 per consumer. Mortgage originations increased by 42.5 percent. For a more complete look at the above cities as well as the other MSAs studied, visit http://www.livecreditsmart.com to view a fully interactive map and infographic. Purchase The Experian Market Intelligence Brief, a quarterly report that includes more than 70 charts and data trends on loan originations, outstanding loans and delinquency performance metrics spanning three years.
Profile of an online fraudster I recently read a study about the profile of a cybercriminal. While I appreciate the study itself, one thing it lacks perspective on is an understanding of how identity data is being used to perpetrate fraud in the online channel. One may jump to conclusions about what is a good indicator for catching fraudsters. These very broad-brush observations may result in an overwhelming number of false positives without digging in deeper. Purchase value A single approach for understanding the correlation between purchase value and fraud does not work to best protect all businesses. Back in 2005, we saw that orders under $5 were great indicators of subsequent large-ticket fraud. For merchants that sell large-ticket items, such as electronics, those same rules may not be effective. To simply believe that the low dollar amount is the extent of the crime and not just a precursor to the real, bigger crime indicates a lack of understanding of how fraudsters work to manipulate a system. For some merchants, where fraudsters know they can go to do card testing against their business, low-dollar-amount rules may apply. However, for other businesses a different set of rules must be put into place. Time of day We have been tracking fraud time of day as a rule since 2004, but the critical point is a clear definition of which time of day. For the merchant, 3 a.m. is very different than 3 a.m. for a fraudster who is in Asia or Eastern Europe, where 3 a.m. merchant time is actually the middle of the online fraudster’s day. FraudNet is designed to identify the time from the user’s device and runs its rules from the user’s time. We find that every individual business will have a very specific threat profile. Businesses need to build their individual fraud strategy around their overall attack rate taking into account the strength of the defense and the ability to be flexible to accommodate the nuances for individual consumers. A general approach to fraud mitigation inevitably results in a system that begins to chase broad averages, which leads to excessive false positives and mediocre detection. That’s what drives us to do the job better. The proof of every fraud solution should lie in its ability to catch the most fraud without negatively impacting good customers.
What the EMV Shift means for you I recently facilitated a Webinar looking at myths and truths in the market regarding the EMV liability shift and what it means for both merchants and issuers. I found it to be a very beneficial discussion and wanted to take some time to share some highlights from our panel with all of you. Of course, if you prefer to hear it firsthand, you can download the archive recording here. Myth #1: Oct. 1 will change everything Similar to the hype we heard prior to Y2K, Oct. 1, 2015, came and went without too much fanfare. The date was only the first step in our long and gradual path to EMV adoption. This complex, fragmented U.S. migration includes: More than 1 billion payment cards More than 12 million POS terminals Four credit card networks Eighteen debit networks More than 12,000 financial institutions Unlike the shift in the United Kingdom, the U.S. migration does not have government backing and support. This causes additional fragmentation and complexity that we, as the payments industry, are forced to navigate ourselves. Aite Group predicts that by the end of 2015, 70 percent of U.S. credit cards will have EMV capabilities and 40 percent of debit cards will be upgraded. So while Oct. 1 may not have changed everything, it was the start of a long and gradual migration. Myth #2: Subscription revenues will plummet due to reissuances According to Aite, EMV reissuance is less impactful to merchant revenues than database breaches, since many EMV cards are being reissued with the same pan. The impact of EMV on reoccurring transactions is exaggerated in the market, especially when you look at the Update Issuer provided by the transaction networks. There still will be an impact on merchants, coming right at the start of the holiday shopping season. The need for consumer education will fall primarily on merchants, given longer lines at checkout and unfamiliar processes for consumers. Merchants should be prepared for charge-back amounts on their statements, which they aren’t used to seeing. Lastly, with a disparate credit and debit user experience, training is needed not just for consumers, but also for frontline cashiers. We do expect to see some merchants decide to wait until after the first of the year to avoid impacting the customer experience during the critical holiday shopping season, preferring to absorb the fraud in the interest of maximizing consumer throughout. Myth #3: Card fraud will decline dramatically We can look to countries that already have migrated to see that card fraud will not, as a whole, decline dramatically. While EMV is very effective at bringing down counterfeit card fraud, organized crime rings will not sit idly by while their $3 billion business disappears. With the Canadian shift, we saw a decrease in counterfeit card loss but a substantial increase in Card Not Present (CNP) fraud. In Canada and Australia, we also saw a dramatic, threefold increase in fraudulent applications. When criminals can no longer get counterfeit cards, they use synthetic and stolen identities to gain access to new, legitimate cards. In the United States, we should plan for increased account-takeover attacks, i.e., criminals using compromised credentials for fraudulent CNP purchases. For merchants that don’t require CVV2, compromised data from recent breaches can be used easily in an online environment. According to Aite, issuers already are reporting an increase in CNP fraud. Fraudsters did not wait until the Oct. 1 shift to adjust their practices. Myth #4: All liability moves to the issuer EMV won’t help online merchants at all. Fraud will shift to the CNP channel, and merchants will be completely responsible for the fraud that occurs there. We put together a matrix to illustrate where actual liability shifts and where it does not. Payments liability matrix Note: Because of the cost and complexity of replacing POS machines, gas stations are not liable until October 2017. For more information, or if you’d like to hear the full discussion, click here to view the archive recording, which includes a great panel question-and-answer session.
While walking through a toy store in search of the perfect gift for a nephew, I noticed the board game Risk, which touts itself as “The Game of Global Domination.” For those who are unaware, the game usually is won by players who focus on four key themes: Strategy — Before you begin the game, you need a strategy to attack new territories while defending your own Attack — While you have the option to sit back and defend your territory, it’s better to attack a weakened opponent Fortify — When you are finished attacking, it’s often best to fortify your position Alliances — While not an official part of the game, creating partnerships is necessary in order to win These themes also are relevant to the world of real-life fraud risk prevention. The difference is that the stakes are real and much higher. Let’s look at how these themes play out in real-life fraud risk prevention: Strategy — Like in the game, you need a strategy for fraud risk detection and prevention. That strategy must be flexible and adaptable since fraudsters (your enemies) also continuously adapt to changing environments, usually at a much quicker, less bureaucratic pace. For example, your competitors (other countries) may improve their defenses, so fraudsters will mount a more focused attack on you. Fraudsters also may build alliances to attack you from different vectors or channels, resulting in a more sophisticated, comprehensive strike. Attack — As the game begins, all players have access to all competitors (countries). This means that fraudsters might have the upper hand in a certain area of the business. You can sit back and try to defend the territory you already “own,” where fraudsters have no traction, but it’s best to be aggressive and attack fraudsters by expanding your coverage across all channels. For example, you might have plenty of controls in place to manage your Web orders (occupied territory), but your call center operations (opponents’ territory) aren’t protected, i.e., the fraudsters “own” this space. You need to attack that channel to drive fraudsters out. Fortify — In the game, you can fortify your position after a successful move — that is, move more troops to your newly conquered territories. In real life, you always have the option to fortify your position, and you should constantly look for ways to improve your controls. You can’t afford to maintain on your current position, because fraudsters constantly are looking for weaknesses. Alliances — In business, we often are hesitant to share information with our competitors. Fraudsters use this to their advantage. Just as fraudsters act in a coordinated fashion, so must we. Use all available resources and partners to shore up your defenses Leverage the power of consortium data Learn new methods from traditional competitors Always team up with internal and external partners to defend your territory If you apply these themes, you will be positioned for global domination in the fight against fraud risk. You can read more about fraud-prevention strategies in our recent ebook, Protecting the Customer Experience. As a side note, I’m always ready for a game of Risk, so contact me if you’re interested. But be forewarned — I’m competitive.
What will the EMV shift really mean for consumers and businesses here in the U.S.? Businesses and consumers across the U.S. are still adjusting to their new EMV credit cards. The new credit cards are outfitted with computer chips in addition to the magnetic strips to help prevent point-of-sale (POS) fraud. The new system, called EMV (which stands for Europay, MasterCard and Visa), requires signatures for all transactions. EMV is a global standard for credit cards. In the wake of the rising flood of large-scale data breaches at major retailers – and higher rates of counterfeit credit card fraud – chip-and-signature, as it is also called, is designed to better authenticate credit card transactions. Chip-and-signature itself is not new. It has been protecting consumers and businesses in Europe for several years and now the U.S. is finally catching up. But what will the EMV system really mean for consumers and businesses here in the U.S.? There is the potential for businesses that sell both offline and online, to see an increase in fraud that takes place online called Card Not Present (CNP) fraud. Will credit card fraud ever really be wiped out? Can we all stop worrying that large-scale point-of-sale breaches will happen again? Will the EMV shift affect holiday shopping and should retailers be concerned? Join us as we explore these questions and more on an upcoming Webinar, Chipping Away at EMV Myths. Our panel of experts includes: David Britton, Vice President, Industry Solutions, Experian Julie Conroy, Research Director, Aite Group Mike Klumpp, Director of Fraud Prevention, Citibank Moderated by: Keir Breitenfeld, Vice President, Product Management, Experian
Understanding and managing first party fraud Background/Definitions Wherever merchants, lenders, service providers, government agencies or other organizations offer goods, services or anything of value to the public, they incur risk. These risks include: Credit risk — Loosely defined, credit risk arises when an individual receives goods/services in exchange for a promise of future repayment. If the individual’s circumstances change in a way that prevents him or her from paying as agreed, the provider may not receive full payment and will incur a loss. Fraud risk — Fraud risk arises when the recipient uses deception to obtain goods/services. The type of deception can involve a wide range of tactics. Many involve receiving the goods/services while attributing the responsibility for repayment to someone else. The biggest difference between credit risk and fraud risk is intent. Credit risk usually involves customers who received the goods/services with intent to repay but simply lack the resources to meet their obligation. Fraud risk starts with the intent to receive the goods/services without the intent to repay. Between credit risk and fraud risk lies a hybrid type of risk we refer to as first-party fraud risk. We call this a hybrid form of risk because it includes elements of both credit and fraud risk. Specifically, first party fraud involves an individual who makes a promise of future repayment in exchange for goods/services without the intent to repay. Challenges of first party fraud First party fraud is particularly troublesome for both administrative and operational reasons. It is important for organizations to separate these two sets of challenges and address them independently. The most common administrative challenge is to align first-party fraud within the organization. This can be harder than it sounds. Depending on the type of organization, fraud and credit risk may be subject to different accounting rules, limitations that govern the data used to address risk, different rules for rejecting a customer or a transaction, and a host of other differences. A critical first step for any organization confronting first-party fraud is to understand the options that govern fraud management versus credit risk management within the business. Once the administrative options are understood, an organization can turn its attention to the operational challenges of first-party fraud. There are two common choices for the operational handling of first-party fraud, and both can be problematic. First party fraud is included with credit risk. Credit risk management tends to emphasize a binary decision where a recipient is either qualified or not qualified to receive the goods/services. This type of decision overlooks the recipient’s intent. Some recipients of goods/services will be qualified with the intent to pay. Qualified individuals with bad intentions will be attracted to the offers extended by these providers. Losses will accelerate, and to make matters worse it will be difficult to later isolate, analyze and manage the first party fraud cases if the only decision criteria captured pertained to credit risk decisions. The end result is high credit losses compounded by the additional first party fraud that is indistinguishable from credit risk. First party fraud is included with other fraud types. Just as it’s not advisable to include first party fraud with credit risk, it’s also not a good idea to include it with other types of fraud. Other types of fraud typically are analyzed, detected and investigated based on the identification of a fraud victim. Finding a person whose identity or credentials were misused is central to managing these other types of fraud. The types of investigation used to detect other fraud types simply don’t work for first-party fraud. First party fraudsters always will provide complete and accurate information, and, upon contact, they’ll confirm that the transaction/purchase is legitimate. The result for the organization will be a distorted view of their fraud losses and misconceptions about the effectiveness of their investigative process. Evaluating the operational challenges within the context of the administrative challenges will help organizations better plan to handle first party fraud. Recommendations Best practices for data and analytics suggest that more granular data and details are better. The same holds true with respect to managing first party fraud. First party fraud is best handled (operationally) by a dedicated team that can be laser-focused on this particular issue and the development of best practices to address it. This approach allows organizations to develop their own (administrative) framework with clear rules to govern the management of the risk and its prevention. This approach also brings more transparency to reporting and management functions. Most important, it helps insulate good customers from the impact of the fraud review process. First-party fraudsters are most successful when they are able to blend in with good customers and perpetrate long-running scams undetected. Separating this risk from existing credit risk and fraud processes is critical. Organizations have to understand that even when credit risk is low, there’s an element of intent that can mean the difference between good customers and severe losses. Read here for more around managing first party fraud risk.
Commerce: A conversation between merchants and consumers Last week I joined Sherri Haymond of MasterCard and Bharathi Ramavarjula of Facebook on a panel moderated by Paul Moreton, for a CapitalOne summit on Payments. When asked what was more important for the future of commerce – Sherri spoke of how security and trust is key, and I talked about how messaging has intersected with payments, (and in Wechat’s case) now intersecting with lending – with Bharathi eloquently summing it up as – “Facebook sees Commerce as a conversation”. If Commerce is a conversation between a merchant and a consumer (however loosely defined those terms have now come to be), then it has become contorted and clustered around payments and point of sale. Till not too long ago, there also existed a high barrier for entry to become a merchant, to accept payments, to promote and sell online, and to find cheap capital for growth. All these things are different now – and unsurprisingly, little of this progress can be attributed to banks or other current payment stakeholders. For example: I didn’t know I could be a merchant till Square showed me how easy it is to accept credit cards, and setup a small business. I didn’t know that I could become a driver in my spare time – till Uber showed me how easy it is to become one. I didn’t know that I could become a landlord till AirBnB showed me how easy it is to find people to rent it to. I know I am oversimplifying. These three and others like them chose to use technology and smartphones to exponentially scale the size of existing two-sided markets as well as create new ones. When another billion people on the planet stand to be connected over the next five years – entirely via cheap smartphones – it is hard to view commerce as a zero sum opportunity. Being wired for commerce may come to mean something entirely different for those billion, and messaging apps and social networks will replace point of sale for discovery, acquisition and engagement. This is why I believe changes in payments today are largely incremental and localized to the developed world. The platform driven efforts – such as tokenization – do go beyond any specific modality (card, mobile, connected things) to further the notion and benefit of trust entirely within the network. But that is as far as it goes. Issuers and networks may have little role to play in discovery, consumer loyalty and now more so than ever – identity. Case in point: Through Relay, Stripe enables a retailer to push a button and start selling through new channels while taking comfort in that his pricing and inventory will remain real-time. Through Messenger and Shopping – Facebook will encapsulate product discovery, guide the intent to purchase, host the informed pre-purchase debate and even payment – flattening it and never letting it out of sight. It is no accident that each of the four horsemen of the Internet has heavily invested in voice assistants – (Apple/Siri, Google/Now, Facebook/M, Amazon/Echo, Microsoft/Cortana) – especially as we confront old habits in interaction design that are failing on mobile, to continue to shorten the distance between intent and action through things like 3D Touch, the Amazon Dash button, and intelligent agents. Everything that is interesting in commerce: product discovery, search, interface and interaction design are all being done – with the sole exception of Amazon – by an entity that is neither a retailer nor a bank. Conversational commerce does not end with payments being swallowed up by messaging apps. It is a pre-requisite, but hardly not even a way point in that journey. Originally posted on: Droplabs.co
Imagine the following scenario: an attacker acquires consumers’ login credentials through a data breach. They use these credentials to test account access and observe account activity to understand the ebbs and flows of normal cash movement – peering into private financial records – verifying the optimal time to strike for the most financial gain. Surveillance and fraud staging are the seemingly benign and often-transparent account activities that fraudsters undertake after an account has been compromised but before that compromise has been detected or money is moved. Activities include viewing balances, changing settings to more effectively cover tracks, and setting up account linkages to stage eventual fraudulent transfers. The unfortunate thing is that the actual theft is often the final event in a series of several fraudulent surveillance and staging activities that were not detected in time. It is the activity that occurs before theft that can severely undermine consumer trust and can devastate a brand’s reputation. Read more about surveillance, staging and the fraud lifecycle in this complimentary whitepaper.
Apple eschewed banks for a retailer focus onstage at their Worldwide Developers Conference (WWDC) when it spoke to payments. I sense this is an intentional shift – now that stateside, you have support from all four networks and all the major issuers – Apple understands that it needs to shift the focus on signing up more merchants, and everything we heard drove home that note. That includes Square’s support for NFC, as well as the announcements around Kohls, JCPenney and BJ’s. MasterCard\'s Digital Enablement Service (MDES) - opposite Visa’s Token Service - is the tokenization service that has enabled these partnerships specifically through MasterCard’s partners such as Synchrony – (former GE Capital) which brought on JCPenney, Alliance Data which brought on BJ’s, and CapitalOne which enabled Kohls. Within payments common sense questions such as: “Why isn’t NFC just another radio that transmits payment info?” or “Why aren’t retailer friendly payment choices using NFC?” have been met with contemptuous stares. As I have written umpteen times (here), payments has been a source of misalignment between merchants and banks. Thus – conversations that hinged on NFC have been a non-starter, for a merchant that views it as more than a radio – and instead, as a trojan horse for Visa/MA bearing higher costs. When Android opened up access to NFC through Host Card Emulation (HCE) and networks supported it through tokenization, merchants had a legitimate pathway to getting Private label cards on NFC. So far, very few indeed have done that (Tim Hortons is the best example). But between the top two department store chains (Macy’s and Kohls) – we have a thawing of said position, to begin to view technologies pragmatically and without morbid fear. It must be said that Google is clearly chasing Apple on the retailer front, and Apple is doing all that it can, to dig a wider moat by emphasizing privacy and transparency in its cause. It is proving to be quite effective, and Google will have to “apologize beforehand” prior to any merchant agreement – especially now that retailers have control over which wallets they want to work with – and how. This control inherits from the structures set alongside the Visa and MasterCard tokenization agreements – and retailers with co-brand/private label cards can lean on them through their bank partners. Thus, Google has to focus on two fronts – first to incentivize merchants to partner so that they bring their cards to Android Pay, while trying to navigate through the turbulence Apple has left in its wake, untangling the “customer privacy” knot. For merchants, at the end of the day, the questions that remain are about operating costs, and control. Does participation in MDES and VEDP tokenization services through bank partners, infer a higher cost for play – for private label cards? I doubt if Apple’s 15bps “skim off the top” revenue play translates to Private Label, especially when Apple’s fee is tied to “Fraud Protection” and Fraud in Private Label is non-existent due to its closed loop nature. Still – there could be an acquisitions cost, or Apple may plan a long game. Further, when you look at token issuance and lifecycle management costs, they aren’t trivial when you take in to context the size of portfolio for some of these merchants. That said, Kohls participation affords some clarity to all. Second, Merchants want to bring payments inside apps – just like they are able to do so through in-app payments in mobile, or on online. Forcing consumers through a Wallet app – is counter to that intent, and undesirable in the long scheme. Loyalty as a construct is tangled up in payments today – and merchants who have achieved a clean separation (very few) or can afford to avoid it (those with large Private label portfolios that are really ‘loyalty programs w/ payments tacked on’) – benefit for now. But soon, they will need to fold in the payment interaction in to their app, or Apple must streamline the clunky swap. The auto-prompt of rewards cards in Wallet is a good step, but that feels more like jerry rigging vs the correct approach. Wallet still feels very v1.5 from a merchant integration point of view. Wallet not Passbook. Finally, Apple branding Passbook to Wallet is a subtle and yet important step. A “bank wallet” or a “Credit Union wallet” is a misnomer. No one bank can hope to build a wallet – because my payment choices aren’t confined to a single bank. And even where banks have promoted “open wallets” and incentivized peers to participate – response has been crickets at best. On the flip side, an ecosystem player that touches more than a device, a handful of experiential services in entertainment and commerce, a million and a half apps – all with an underpinning of identity, can call itself a true wallet – because they are solving for the complete definition of that term vs pieces of what constitutes it. Thus – Google & Apple. So the re-branding while being inevitable, finds a firm footing in payments, looks toward loyalty and what lies beyond. Solving for those challenges has less to do with getting there first, but putting the right pieces in play. And Apple’s emphasis (or posturing – depending on who you listen to) on privacy has its roots in what Apple wants to become, and access, and store on our behalf. Being the custodian of a bank issued identity is one thing. Being a responsible custodian for consumer’s digital health, behavior and identity trifecta has never been entirely attempted. It requires pushing on all fronts, and a careful articulation of Apple’s purpose to the public must be preceded by the conviction found in such emphasis/posturing. Make sure to read our perspective paper to see why emerging channels call for advanced fraud identification techniques
The age of social media and data regulations Last week I presented at the 27th Annual Card Forum and Expo and the conference highlighted several issues of progress from new payment solutions. Lots of discussion was regarding Apple Pay and the merchant and consumer perspectives on adoption were widely reviewed. Of course, the implications are of the increasing variety of payment alternatives available to consumers that must be considered by merchants and lenders \"The nature of the predictive data has changed – it used to be an institutions internal data and your CRA’s. Now – it is everywhere.\" The same technology, delivery platforms and the consumer adoption issues also speak to the increasing use of new sources of consumer behavior data available to businesses. One of the high profile consequences is the proliferation of new data sources available and the business user responsibility for effective and Regulatory compliant management of that data. My session explored the issues around data governance in the age of social media to understand the regulatory background, the trends of consumer usage and the possible insights able to be gleaned from these disparate data sources. With these opportunities comes the attention of regulatory bodies and the disciplined documentation, monitoring and use of these new data sources is necessary to derive the value from the data. All of these issues feed into the need to insure that businesses have established an effective Data Governance ecosystem serving many goals but delivering significant business value. Please view my presentation below and to receive help with data governance visit Experian’s global consulting practice site to help your business. Data Governance in the age of Social Media from Experian Decision Analytics
