Financial Services
By: Kari Michel How are your generic or custom models performing? As a result of the volatile economy, consumer behavior has changed significantly over the last several years and may have impacted the predictiveness of your models. Credit models need to monitored regularly and updated periodically in order to remain predictive. Let’s take a look at VantageScore, it was recently redeveloped using consumer behavioral data reflecting the volatile economic environment of the last few years. The development sample was compiled using two performance timeframes: 2006 – 2008, and 2007 – 2009, with each contributing 50% of the development sample. This is a unique approach and is unlike traditional score development methodology, which typically uses a single, two year time window. Developing models with data over an extended window reduces algorithm sensitivity to highly volatile behavior in a single timeframe. Additionally, the model is more stable as the development is built on a broader range of consumer behaviors. The validation results show VantageScore 2.0 outperforms VantageScore 1.0 by 3% for new accounts and 2% for existing accounts overall. To illustrate the differences that were seen in consumer behavior, the following chart and table show the consumer characteristics that contribute to a consumer’s score and compare the characteristic contributions of VantageScore 2.0 vs VantageScore 1.0. Payment History Utilization Balances Length of Credit Recent Credit Available Credit Vantage Score 2.0 28% 23% 9% 8% 30% 1% Vantage Score 1.0 32% 23% 15% 13% 10% 7% As we expect ‘payment history’ is a large portion driving the score, 28% for VantageScore 2.0 and 32% for VantageScore 1.0. What is interesting to see is the ‘recent credit’ contribution has increased significantly to 30% from 10%. There also is a shift with lower emphases on balances, 9% versus 15% as well as ‘length of credit’, 8% versus 13%. As you can see, consumer behavior changes over time and it is imperative to monitor and validate your scorecards in order to assess if they are producing the results you expect. If they are not, you may need to redevelop or switch to a newer version of a generic model.
By: Kennis Wong As a fraud management professional, naturally I am surrounded by fraud prevention topics and other professionals in the field all the time. Financial, ecommerce, retail, telecommunication, government and other organizations are used to talking about performance, scoring models, ROI, false-positives, operational efficiency, customer satisfaction trade-off, loss provisioning, decisioning strategy or any other sophisticated measures when it comes to fraud management. But when I bring up the topic of fraud outside of this circle, I am always surprised to see how little educated the general public is about an issue that is so critical to their financial health. I met a woman in an event several weeks ago. After learning about my occupation, she told me her story about someone from XYZ credit card company calling her and asking for her Social Security number, date of birth and other personal identifying information. Only days after she gave out the information that she realized things didn’t seem right. She called the credit card company and got her credit card re-issued. But at the time I talked to her, she still didn’t know enough to realize that the fraudster could now use her identity to start any new financial relationship under her name. As long as consumers are ignorant about protecting their identity information, businesses’ identity theft prevention program will not be complete and identity fraud will occur as a result of this weak link. To address this vulnerability and minimize fraud, consumers need to be educated.
-- by, Andrew GulledgeOne of the quickest and easiest ways to reduce fraud in your portfolio is to incorporate question weighting into your out of wallet question strategy. To continue the use of knowledge based authentication without question weighting is to assign a point value of 100 points to each question. This is somewhat arbitrary (and a bit sloppy) when we know that certain questions consistently perform better than others.So if a fraudster gets 3 easier questions right, and 1 harder question wrong they will have an easier time passing your authentication process without question weighting. If, on the other hand, you adopt question weighting as part of your overall risk based authentication approach, that same fraudster would score much worse on the same KBA session. The 1 question that they got wrong would have cost them a lot of points, and the 3 easier questions they got right wouldn’t have given them as many points. Question weighting based on known fraud trends is more punitive for the fraudsters.Let’s say the easier questions were worth 50 points each, and the harder question was worth 150 points. Without question weighting, the fraudster would have scored 75% (300 out of 400 points). With question weighting, the fraudster would have scored 50% (150 out of 300 points correct). Your decisioning strategy might well have failed him with a score of 50, but passed him with a score of 75. Question weighting will often kick the fraudsters into the fail regions of your decisioning strategy, which is exactly what risk based authentication is all about.Consult with your fraud account management representative to see if you are making the most out of your KBA experience with the intelligent use of question weighting. It is a no-brainer way to improve your overall fraud prevention, even if you keep your overall pass rate the same.Question weighting is an easy way to squeeze more value of your knowledge based authentication tool.
-- by, Andrew GulledgeThe intelligent use of question weighting in KBA should be a no-brainer for anyone using out of wallet questions. Here’s the deal: some authentication questions consistently give fraudsters a harder time than other questions. Why not capitalize on that knowledge?Question weighting is where each question type has a certain number of points associated with it. So a question that fraudsters have an easier time with might be worth only 50 points, while a question that fraudsters often struggle with might be worth 150 points. So the KBA score ends up being the total points correct divided by the total possible points. The point is to make the entire KBA session more punitive for the bad guys.Fraud analytics are absolutely essential to the use of intelligent question weighting. While fraud prevention vendors should have recommended question weights as part of their fraud best practices, if you can provide us with as many examples as possible of known fraud that went through the out of wallet questions, we can refine the best practice question weighting model to work better for your specific population.Even if we keep your pass rate the same, we can lower your fraud rate. On the other hand, we can up your pass rate while keeping the fraud rate consistent. So whether your aim it to reduce your false positive rate (i.e., pass more of the good consumers) or to reduce your fraud rate (i.e., fail more of the fraudsters), or some combination of the two, question weighting will help you get there.
By: Staci Baker As the economy has been hit by the hardest recession since the Great Depression, many people wonder how and when it will recover. And, once we start to see recovery, will consumer credit return to what it once was? In a recent Experian-Oliver Wyman Market Intelligence Report quarterly webinar, 70% of the respondents in a survey said they believe consumer debt will return to pre-2008 levels. Clearly, many believe that consumer spending and borrowing will return, despite the fact that consumer credit card borrowing recently declined for the 24th straight month*. Assuming that this optimism is valid, what can credit card lenders do to evaluate the risk levels of potential customers as they attempt to grow their portfolios? For lenders, determining who needs credit, as well as whom to lend to in this economic environment, can be quite challenging. However, there are many tools available to assist lenders in assessing credit risk and growing their portfolio. Many lenders look at a consumer’s credit score, such as the tri-bureau VantageScore, to evaluate their credit worthiness. By utilizing an individual’s VantageScore, a lender is able to determine potential customer risk levels. Another way to evaluate a consumer’s credit worthiness is to evaluate a population using credit attributes. Based on the attributes a lender is looking for in their portfolio, they can see improvement in evaluating risk prediction in their portfolio using pre-determined attributes, especially those specifically designed for the credit card industry. There are also models that can help lenders predict when a consumer is likely to be in the market for a new loan or account. Experian’s In the Market Models provide lenders with product-specific segmentation tools that can be combined with risk scores to enhance the efficiency and effectiveness of their offers. To identify the optimal cross-sell and line management decisions based on an individual customer’s risk score and potential value, a lender can also utilize optimization tools. Optimization, combined with a viable risk management strategy, can assist a lender to achieve a healthy portfolio growth in a highly constrained environment. Although lenders will need to determine the best method to meet their objectives, these are just a few of the many tools available that will assist them in correctly growing their lending portfolios. ____________________ * http://www.usatoday.com/money/economy/2010-10-07-consumer-credit_N.htm
By: Margarita Lim You may be surprised to learn that identity theft isn’t just a crime committed by an individual or individuals. There are identity theft rings that are organized and operated like corporations. A recent Justice Department press release described such an operation in New Jersey that involved 53 individuals who took part in a known fraud activity called Bust Out Fraud. Basically, the fraud ring purchased valid social security cards and then sold the social security cards to customers who then obtained driver’s licenses and other proof of identity-type cards. The fraud ring then built up the credit scores of these customers by adding them to existing credit card accounts. Once the customers with the fraudulent identities achieved good credit scores, then they opened their own fraudulent bank accounts, credit cards, lines of credit, etc. The credit cards were used to make fraudulent purchases or rack up charges with vendors in co-hoots with the fraud ring and the fraudulent bank accounts were used to pay off the charge accounts or the charges went unpaid. Fraud trends like these cost banks, credit card companies and many others millions of dollars – costs that ultimately get passed on to you and me, the consumers. Fortunately, Experian has Fraud Products that can help companies minimize fraud losses from Bust Out Fraud as well as other types of fraud. Our BustOut Score helps decrease bust out losses by predicting and detecting bust out frauds one to three months in advance of the event happening. In addition, we have Fraud Shield Indicators or fraud alerts available on credit reports that flag when there is a recent or new authorized user added to an established credit account. Experian supports Identity Theft Prevention Programs by offering highly accurate consumer identity verification services. We’re not reliant solely on credit bureau data and are able to use multi-sourced data to confirm different components of a consumer’s identity – name, address, date of birth, etc. Our consumer authentication and fraud prevention product, Precise ID, and our knowledge based authentication product, Knowledge IQ, are highly respected in the marketplace for their reliability, quality and accuracy.
With the issue of delayed bank foreclosures at the top of the evening news, I wanted to provide a different perspective on the issue and highlight what I think are some very important, yet often underestimated risks hidden within this issue. For many homeowners, the process of becoming delinquent and eventually going into default is actually a cash-flow positive experience. The process offers these borrowers temporary “free rent,” whereby a major previous monthly commitment is no longer a monthly obligation, freeing up cash for other purposes, including paying other bills. For those consumers who are managing cash flow issues each month, the lack of a mortgage commitment immediately allows them to meet other commitments more easily - making payments on credit cards and car loans that may have previously also become delinquent. From the perspective of a credit card or auto lender, the extended foreclosure process is a short-term positive – it allows a borrower who had previously struggled to remain current to now pay on time and in the short-run, contributes to portfolio health. Although these lenders will experience an improvement in delinquency rates, the reality is that the credit risk is simply dormant. At some point, the consumer’s mortgage will go into foreclosure, and which point the consumer will again be under pressure to continue meeting their obligations. The hidden and significant risk management issue is the misinterpretation of improved delinquency rates. Halting foreclosures means that an accumulating number of consumers are going to enter into this delayed stage of ‘free rent’, without any immediate prospect of having to make a rent or mortgage payment in the near future. In fact, according to Bank of America, “the average foreclosed borrower has not made a payment in 18 months”. This extended period of foreclosure delay will naturally result in a larger number of consumers being able to meet their non-mortgage obligations – but only while their free-rent status exists. A lender who has an interest in the “free rent” consumer is actually sitting on a time-bomb. When foreclosures stop or slow to a rate that is less than consumers entering it, that group will continue to grow in size - until foreclosures start again – at which point thousands of consumers will be processed and will have to start managing rent/housing payments again. Almost immediately, thousands of consumers who have had no problems meeting their obligations will have to start making decisions about which to pay and which not to pay. So, this buildup of rent-free mortgage holders presents a serious risk management issue to non-mortgage lenders that must be addressed. Lenders who have a relationship with a consumer who is delinquent on their mortgage may be easily fooled into thinking that they are not exposed to the same credit risk as mortgage lenders, but I think that these lenders will quickly find that consumers who have lived rent-free for over a year will have a very difficult time managing this transition, and if not diligent, credit card issuers and automotive lenders may find themselves in trouble. _____________________ http://cnews.canoe.ca/CNEWS/World/2010/10/08/15629836.html
By: Wendy Greenawalt In a recent poll conducted by Experian, 82 percent of the respondents indicated they were undecided or currently assessing options for complying with the Risk-Based Pricing Rule. If your organization is also considering which compliance option is right based on your unique circumstances, I would encourage you to act soon, as the deadline is quickly approaching. Some organizations have decided that they will be utilizing the Credit Score Disclosure Notice as their preferred compliance option, as it is supplied to all consumers and requires minimal procedural changes and maintenance. While at first glance this option may seem to be the most streamlined approach, it does come with its own considerations. The Disclosure Notice form letter is straightforward and includes minimal inputs such as the consumers credit score, score source, range of the score and a corresponding score distribution. The downside is that the Disclosure Notice must be provided individually to all consumers, even those that reside at the same address, and must be given in a format in which the consumer can keep/reference. This means there will be an inherently higher cost to mail or electronically provide the form to each applicant and obtain the required eSign confirmation (where applicable). The score distributions must be updated on a regular basis and lenders must be prepared to answer consumer questions related to scores and how they are derived. Conversely, the Risk Based Pricing Notice, which is the primary compliance option outlined in the rule, is provided to a specific segment of consumers and can be provided verbally, electronically or in writing. A model form is supplied in the ruling and requires a lender to provide the credit reporting agency used to obtain the consumers credit data and contact information for the agency. Some lenders feel the notice has awkward language; however I tend to think most consumers have a basic understanding of their credit and the language in the form will not provide a negative consumer experience. The language tells the consumer “the terms offered to you may be less favorable than the terms offered to consumers who have better credit histories”. The disadvantage of this notice is that a lender must determine which consumers must receive the notice, and this policy must be updated periodically. Fortunately, the ruling states that a lender must only review the policy every two years. For most lenders this will not be a problem as they perform more frequent reviews and validations of their portfolios and determining which consumers receive a notice can be performed at the same time with minimal resources. Lenders should carefully consider their compliance obligations in relation to the ruling and determine which notice is best for their organization given resource, maintenance and cost requirements. The January 1, 2011 deadline is looming and there is no indication that the effective date will be extended. I suspect the regulatory requirements will continue to evolve over the next few years with the creation of the Consumer Financial Protection Agency, which has the authority to set and enforce rules under 12 federal laws and the implications will continue to put a strain on lending institutions.
By: Margarita Lim Consumer data has increasingly become commoditized over the years. There’s a lot of it and it’s arguably more easily obtainable. Social Security number and date of birth information was once considered confidential information. Today, those data elements in addition to traditional consumer data such as name, address and phone number are more publicly available (either legitimately or illegitimately). The advent and popularity of social network Internet sites have also made considerable information about a person’s life – both professional and personal, available for anyone’s viewing pleasure. So the question is…how much is too much information? If you’re a consumer who is particular about privacy, then you’ll have a lower threshold. On the other hand, if you’re a business trying to minimize fraud losses, then you’re at the other end of the spectrum - you can never have enough information to help prevent fraud – especially when you’re trying to keep up with fraud trends. Data is a key element in fraud prevention. Experian has access to many data assets and has a reputation for providing high quality fraud products in the marketplace. The data we use in our fraud products comes from multiple sources and sets us apart from our competitors because corroborated data is more reliable than data from a single source. Having access to multiple data sources is especially beneficial in our Knowledge Based Authentication product where the different sources provide data that is critical to generating out of wallet questions. Since companies rely on our fraud products to comply with the government’s Red Flag Rules and support Identity Theft Prevention Programs, it is extremely important that we have as much data as possible in our arsenal to thwart fraudsters’ activities and prevent consumers from being victimized by criminals. Keep in mind that these programs are only as good as the data used to confirm a person’s identity. Although information can be a double-edged sword, I don’t think one can have too much information especially when the goal is to minimize fraud.
By: Kenneth Pruett I really thought I was going to be on easy street after receiving two emails in less than a week. The first email was telling me about some long lost relative in the UK who passed away over 10 years ago. His riches, which were over $20million dollars, would be forfeited to the government if an heir to the fortune did not claim the money. I was impressed how they figured out that I was the long lost “heir” to this millionaire just by looking at my email address. They also identified me specifically by calling me by name, “Dear Sir”. The other email was a bit more intriguing. It involved a suitcase full of money. This was sent to me by a woman, who was in an abusive relationship but somehow had a chest full of money in America. For a certain % of the money, she was willing to pay me for my efforts to help her gain access to the suitcase and its contents. I am still surprised at just how many people fall victim to these types of email scams. They have been going on for quite some time, commonly known as the Nigerian 419 scam. I have noticed that the emails have changed a bit and seem to have become more convincing. The scammers also seem to be a bit more patient and work harder to gain the victims confidence in the legitimacy of the transaction. Individuals who give their information to these scammers will soon find out what a big mistake they have made. The goal of these groups is to gain access to a consumer’s money. They also will attempt to gather personal and banking information. Some victims of these scams may end up having their identity stolen. If they do attempt to use the identity information, they will typically make multiple attempts in a short period of time to establish credit. One way to help fight this type of organized fraud ring activity is to use velocity checks to track data elements. For example, a bank may want to know if a Social Security number has been used more than once within a certain period of time. Fraud analytic studies have also found that tracking data elements across multiple customers can also be very predictive in preventing fraud tied to identity theft rings. Elements often tracked are things like addresses, Social Security numbers and phone numbers. If these scammers attempt to take over consumers current bank accounts, they may attempt to change the address and possibly the phone number on the account. This is to prevent the true consumer from getting a phone call or mail relating to their account changes. Before making these changes, many entities often send out letters or make calls to the prior information before officially making these changes in their systems. One other way to protect against account take over is to run the address and/or phone number against database of known frauds. A National Fraud Database can be helpful in identifying addresses that have been used in previous fraud activity. The Nigerian 419 scams will continue to be a problem. The need for money is just too great for some people to resist. For Banks, Card issuers, and Credit Unions, it is wise to put tools in place to help fight identity theft. This scam only represents a sample of the various fraudulent groups out there who make their living by ripping off these types of businesses. As I often say to my customers… I have done about everything in the fraud space, except commit it, which is the most profitable area. Good luck in your efforts to help us fight this ongoing problem.
In my last entry I mentioned how we’re working with more and more clients that are ramping up their fraud and compliance processes to ensure Red Flag compliance. But it’s not just the FACT Act Identity Theft Program requirements that are garnering all the attention. As every financial institution is painfully aware, numerous compliance requirements exist around the USA PATRIOT Act and Know Your Customer, Anti-Money Laundering, e-Signature and more. Legislation for banks, lenders, and other financial services organizations are only likely to increase with President Obama’s appointment of Elizabeth Warren to the new Bureau of Consumer Financial Protection. Typically FI’s must perform due diligence across more than one of these requirements, all the while balancing the competing pressures of revenue growth, customer experience, fraud referral rates, and risk management. Here’s a case where we were able to offer a solution to one client’s complex needs. Recently, we were approached by a bank’s sales channel that needed to automate their Customer Information Program (CIP). The bank’s risk and compliance department had provided guidelines based on their interpretation of due diligence appropriate for CIP and now the Sales group had to find a tool that could facilitate these guidelines and decision appropriately. The challenge was doing so without a costly custom solution, not sacrificing their current customer service SLA’s, and being able to define the criteria in the CIP decisioning rather than a stock interpretation. The solution was to invest in a customer authentication product that offered flexible, adaptable “off the shelf” decisioning along with knowledge based authentication, aka out of wallet questions. The fact that the logic was hosted reduced costly and time consuming software and hardware implementations while at the same time allowing easy modification should their CIP criteria change or pass and review rates need to be tweaked. The net result? Consistent customer treatment and objective application of the CIP guidelines, more cross selling confidence, and the ability to refer only those applicants with fraud alerts or who did not meet the name, address, SSN, and DOB check for further authentication.
By: Wendy Greenawalt US interest rates are at historically low levels, and while many Americans are taking advantage of the low interest rates and refinancing their mortgages, a great deal more are struggling to find jobs, and unable to take advantage of the rate- friendly lending environment. This market however, continues to be complex as lenders try to competitively price products while balancing dynamic consumer risk levels, multiple product options and minimize the cost of acquisition. Due to this, lenders need to implement advanced risk-based pricing strategies that will balance the uncertain risk profiles of consumers while closely monitoring long-term profitability as re-pricing may not be an option given recent regulatory guidelines. Risk-based pricing has been a hot topic recently with the Credit Card Act and Risk-Based Pricing Rule regulation and pending deadline. For lenders who have not performed a new applicant scorecard validation or detailed portfolio analysis in the last few years now is the time to review pricing strategies and portfolio mix. This analysis will aid in maintaining an acceptable risk level as the portfolio evolves with new consumers and risk tiers while ensuring short and long-term profitability and on-going regulatory compliance. At its core, risk-based pricing is a methodology that is used to determine the what interest rate should be charged to a consumer based on the inherent risk and profitability present within a defined pricing tier. By utilizing risk-based pricing, organizations can ensure the overall portfolio is profitable while providing competitive rates to each unique portfolio segment. Consistent review and strategy modification is crucial to success in today’s lending environment. Competition for the lowest risk consumers will continue to increase as qualified candidate pools shrink given the slow economic recovery. By reviewing your portfolio on a regular basis and monitoring portfolio pricing strategies closely an organization can achieve portfolio growth and revenue objectives while monitoring population stability, portfolio performance and future losses.
By: Staci Baker On September 12, 2010, the new Basel III rules were passed in Basel, Switzerland. These new rules aim to increase the liquidity of banks over the next decade, thereby mitigating the risk of bank failures and mergers that transpired during the recent financial crisis. Currently, banks must maintain capital reserves of 4% on their balance sheet to account for enterprise risk. Starting January 1, 2013, banks will be required to progressively increase their capital reserves, known as tier 1 capital, to 4.5%. By the end of 2019, this reserve will need to be 6%. Banks will also be required to keep an emergency reserve, or “conservation buffer,” of 2.5%. What does this mean for banks? And, what are some tools that banks can use in assessing credit risk? By increasing capital reserves, banks will be more stable in times of economic hardship. The conservation buffer is meant to help absorb losses during times of economic stress, which means banks will be in a better position to maintain economic progress in the most challenging economic circumstances. The capital reserve designated by the Group of Governors and Heads of Supervision is the minimum requirement each bank will be held to. Each bank will need to assess their current risk levels, and run stress tests to ensure they are in a good financial position, and are able to sustain strong financial health during a failing economy. Stress tests should be run for different time intervals, which will allow lenders to assess future losses and to plan capital satisfactoriness accordingly. This type of credit risk analysis is possible through applications such as Moody’s CreditCycle Plus, powered by Experian, that allow for stress testing, and profit and loss forecasting. These applications will measure future performance of consumer credit portfolios under various economic scenarios, measured against industry benchmarks. ______________ Bank for International Settlements, 9/12/10, http://bis.org/press/p100912.htm
Another consumer protection article in the news recently highlighted some fraud best practices for social networking sites. Click here to read the article. When I say fraud best practices, I mean best practices to minimize fraud and identity theft risk…not best practices for fraudsters. Although I wonder if by advising consumers about new fraud trends and methods, some fraudsters are picking up new tips and tricks? Anyway, many of the suggestions in the article are common sense items that have been making the rounds for some time now: don’t post vacation plans, things that might provide clues to your passwords or secret questions, etc. What I found surprising was that this list of “6 Things You Should Never Reveal on Facebook” still included birth date and place and home address. Are people overly trusting or just simply unaware of the risk of providing personal identifying information out in cyber space, unsecured? The US government has gone to a lot of trouble to protect consumers from identity theft through its issuance of the Red Flags rule and Red Flags guidelines for financial institutions of all types. I work with many clients that are going to large efforts to meet these important goals for fraud and compliance. Not just because the legislation requires it but because they know it is in the best interest of fostering long term and trust-based relationships with their customers. But just as much responsibility lies on us as consumers to protect ourselves. Each individual or family should have their own little identity theft prevention program that includes: guidelines for sharing information on social networking sites, shredding of paper documents with personal data, safe storage of passwords (i.e. not written down by your computer!), and up to date virus and malware protection on their computer.
Anyone keeping tabs on the legal scene would think data breaches are something new, given all of the legislation hitting the floor of Congress, when in reality they have been happening since businesses began saving data. The truth is the average consumer didn’t really think about it until they started to hear about data breaches and fraud trends when California blazed a trail with what is considered to be the “grandma” of data breach laws back in 2002. The California law (CA SB 1386) required entities to report data breaches if a California resident was a record in the breach that included personally identifiable information and met the state’s criteria for breach. One might say that law started it all: data breach reporting, the ability for watchdog tracking, and media coverage – before CA SB 1386 we only saw the tip of the iceberg. There are currently four bills worth watching in Congress right now that could have some significant impact to data breach notification requirements: Senate Bill 139, sponsored by California Sen. Diane Feinstein. The Data Breach Notification Act would cover any agency or business that uses or stores personal identifiable information and make it mandatory that if a breach occurred, the victims would be informed Senate Bill 3579, the Carper-Bennett legislation, entitled the Data Security Act of 2010 applies to financial institutions, retailers and government agencies, and would require these entities to safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud. This bill is aimed to protect consumers and businesses from identity theft and account fraud. Senate Bill 3742, entitled The Data Security and Breach Notification Act of 2010, sponsored by Senators Mark Pryor and Jay Rockefeller would cross industries and requires special requirements for data brokers. It was referred this month to the Committee on Commerce, Science and Technology, which Rockefeller chairs. Senate Bill 1490, entitled the Personal Data Privacy and Security Act, designates as fraud unauthorized access of personally identifiable information and allows the act to lead to racketeering charges. Sponsored by Senate Judiciary Committee Chairman, Patrick Leahy, it would also prohibit concealment of security breaches involved in fraud and prohibit the dismissal of a Chapter 7 bankruptcy case if the debtor is an identity-theft victim. Many organizations already provide for data breach and the security of personally identifiable information as part of an Identity Theft Prevention Program or Red Flags Rule compliance. I’m happy to say that many rely on Experian tools (https://www.experian.com/data-breach/data-breach-resources.html) for data breach or Enterprise Risk Management solutions. However, any of these bills could change the game for many businesses not already regulated by the Gramm-Leach-Bliley Act (GLB), the Fair Credit Reporting Act (FCRA) or Fair and Accurate Credit Transactions Act (FACTA). In fact, two of the bills would essentially subject data brokers to the same kinds of legislation that financial institutions have under FCRA. The reasoning behind it is that fraud trends continue to show risk levels are the same to the consumer, regardless of where the information is stored. The financial industry and credit bureau data have been regulated for years so, in a sense, I think it’s just “more of the same” unless you happen to be in an industry not regulated as stringently. Still… it’s worth keeping those “tabs” and RSS feeds alive.
Learn More Image
