Financial Services
By: Kristan Keelan What do you think of when you hear the word “fraud”? Someone stealing your personal identity? Perhaps the recent news story of the five individuals indicted for gaining more than $4 million from 95,000 stolen credit card numbers? It’s unlikely that small business fraud was at the top of your mind. Yet, just like consumers, businesses face a broad- range of first- and third-party fraud behaviors, varying significantly in frequency, severity and complexity. Business-related fraud trends call for new fraud best practices to minimize fraud. First let’s look at first-party fraud. A first-party, or victimless, fraud profile is characterized by having some form of material misrepresentation (for example, misstating revenue figures on the application) by the business owner without that owner’s intent or immediate capacity to pay the loan item. Historically, during periods of economic downturn or misfortune, this type of fraud is more common. This intuitively makes sense — individuals under extreme financial pressure are more likely to resort to desperate measures, such as misstating financial information on an application to obtain credit. Third-party commercial fraud occurs when a third party steals the identification details of a known business or business owner in order to open credit in the business victim’s name. With creditors becoming more stringent with credit-granting policies on new accounts, we’re seeing seasoned fraudsters shift their focus on taking over existing business or business owner identities. Overall, fraudsters seem to be migrating from consumer to commercial fraud. I think one of the most common reasons for this is that commercial fraud doesn’t receive the same amount of attention as consumer fraud. Thus, it’s become easier for fraudsters to slip under the radar by perpetrating their crimes through the commercial channel. Also, keep in mind that businesses are often not seen as victims in the same way that consumers are. For example, victimized businesses aren’t afforded the protections that consumers receive under identity theft laws, such as access to credit information. These factors, coupled with the fact that business-to-business fraud is approximately three-to-ten times more “profitable” per occurrence than consumer fraud, play a role in leading fraudsters increasingly toward commercial fraud.
In a recent article, www.CNNMoney.com reported that Federal Reserve Chairman, Ben Bernanke, said that the pace of recovery in 2010 would be moderate and added that the unemployment rate would come down quite slowly, due to headwinds on ongoing credit problems and the effort by families to reduce household debt.’ While some media outlets promote an optimistic economic viewpoint, clearly there are signs that significant challenges lie ahead for lenders. As Bernanke forecasts, many issues that have plagued credit markets will sustain themselves in the coming years. Therefore lenders need to be equipped to monitor these continued credit problems if they wish to survive this protracted time of distress. While banks and financial institutions are implementing increasingly sophisticated and thorough processes to monitor fluctuations in credit trends, they have little intelligence to compare their credit performance to that of their peers. Lenders frequently cite that they are concerned about their lack of awareness or intelligence regarding the credit performance and status of their peers. Marketing intelligence solutions are important for management of risk, loan portfolio monitoring and related decisioning strategies. Currently, many vendors offer data on industry-wide trends, but few vendors provide the information needed to allow a lender to understand its position relative to a well-defined group of firms that it considers its peers. As a result, too many lenders are performing benchmarking using data sources that are biased, incomplete, inaccurate, or that lack the detail necessary to derive meaningful conclusions. If you were going to measure yourself personally against a group to understand your comparative performance, why would you perform that comparison against people who had little or nothing in common with you? Does an elite runner measure himself against a weekend warrior to gauge his performance? No; he segments the runners by gender, age, and performance class to understand exactly how he stacks up. Today’s lending environment is not forgiving enough for lenders to make broad industry comparisons if they want to ensure long-term success. Lenders cannot presume they are leading the pack, when, in fact, the race is closer than ever.
The term “risk-based authentication” means many things to many institutions. Some use the term to review to their processes; others, to their various service providers. I’d like to establish the working definition of risk-based authentication for this discussion calling it: “Holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time.” Now, that “holistic assessment” thing is certainly where the rubber meets the road, right? One can arguably approach risk-based authentication from two directions. First, a risk assessment can be based upon the type of products or services potentially being accessed and/or utilized (example: line of credit) by a customer. Second, a risk assessment can be based upon the authentication profile of the customer (example: ability to verify identifying information). I would argue that both approaches have merit, and that a best practice is to merge both into a process that looks at each customer and transaction as unique and therefore worthy of distinctively defined treatment. In this posting, and in speaking as a provider of consumer and commercial authentication products and services, I want to first define four key elements of a well-balanced risk based authentication tool: data, detailed and granular results, analytics, and decisioning. 1. Data: Broad-reaching and accurately reported data assets that span multiple sources providing far reaching and comprehensive opportunities to positively verify consumer identities and identity elements. 2. Detailed and granular results: Authentication summary and detailed-level outcomes that portray the amount of verification achieved across identity elements (such as name, address, Social Security number, date of birth, and phone) deliver a breadth of information and allow positive reconciliation of high-risk fraud and/or compliance conditions. Specific results can be used in manual or automated decisioning policies as well as scoring models, 3. Analytics: Scoring models designed to consistently reflect overall confidence in consumer authentication as well as fraud-risk associated with identity theft, synthetic identities, and first party fraud. This allows institutions to establish consistent and objective score-driven policies to authenticate consumers and reconcile high-risk conditions. Use of scores also reduces false positive ratios associated with single or grouped binary rules. Additionally, scores provide internal and external examiners with a measurable tool for incorporation into both written and operational fraud and compliance programs, 4. Decisioning: Flexibly defined data and operationally-driven decisioning strategies that can be applied to the gathering, authentication, and level of acceptance or denial of consumer identity information. This affords institutions an opportunity to employ consistent policies for detecting high-risk conditions, reconcile those terms that can be changed, and ultimately determine the response to consumer authentication results – whether it be acceptance, denial of business or somewhere in between (e.g., further authentication treatments). In my next posting, I’ll talk more specifically about the value propositions of risk-based authentication, and identify some best practices to keep in mind.
By: Kari Michel In August, consumer bankruptcy filings were up by 24 percent over the past year and are expected to increase to 1.4 million this year. “Consumers continue to turn to bankruptcy as a shield from the sustained financial pressures of today’s economy,” said American Bankruptcy Institute’s Executive Director Samuel J. Gerdano. What are lenders doing to protect themselves from bankruptcy losses? In my last blog, I talked about the differences and advantage of using both risk and bankruptcy scores. Many lenders are mitigating and managing bankruptcy losses by including bankruptcy scores into their standard account management programs. Here are some ways lenders are using bankruptcy scores: • Incorporating them into existing internal segmentation schemes for enhanced separation and treatment assessment of high risk accounts; • Developing improved strategies to act on high-bankruptcy-risk accounts • In order to manage at-risk consumers proactively and • Assessing low-risk customers for up-sell opportunities. Implementation of a bankruptcy score is recommended given the economic conditions and expected rise in consumer bankruptcy. When conducting model validations/assessments, we recommend that you use the model that best rank orders bankruptcy or pushes more bankruptcies into the lowest scoring ranges. In validating our Experian/Visa BankruptcyPredict score, results showed BankruptcyPredict was able to identify 18 to 30 percent more bankruptcy compared to other bankruptcy models. It also identified 12 to 33 percent more bankruptcy compared to risk scores in the lowest five percent of the score range. This supports the need to have distinct bankruptcy scores in addition to risk scores.
By: Kennis Wong As I said in my last post, when consumers and the media talk about fraud and fraud risk, they are usually referring to third-party frauds. When financial institutions or other organizations talk about fraud and fraud best practices, they usually refer to both first- and third-party frauds. The lesser-known fraud cousin, first-party fraud, does not involve stolen identities. As a result, first-party fraud is sometimes called victimless fraud. However, being victimless can’t be further from the truth. The true victims of these frauds are the financial institutions that lose millions of dollars to people who intentionally defraud the system. First-party frauds happen when someone uses his/her own identity or a fictitious identity to apply for credit without the intention to fulfill their payment obligation. As you can imagine, fraud detection of this type is very difficult. Since fraudsters are mostly who they say they are, you can’t check the inconsistencies of identities in their applications. The third-party fraud models and authentication tools will have no effect on first-party frauds. Moreover, the line between first-party fraud and regular credit risk is very fuzzy. According to Wikipedia, credit risk is the risk of loss due to a debtor\'s non-payment of a loan or other line of credit. Doesn’t the definition sound similar to first-party fraud? In practice, the distinction is even blurrier. That’s why many financial institutions are putting first-party frauds in the risk bucket. But there is one subtle difference: that is the intent of the debtor. Are the applicants planning not to pay when they apply or use the credit? If not, that’s first-party fraud. To effectively detect frauds of this type, fraud models need to look into the intention of the applicants.
Analysis opportunity for vintage analysis Vintage analysis, specifically vintage pools, present numerous useful opportunities for any firm seeking to further understand the risks within specific portfolios. While most lenders have relatively strong reporting and metrics at hand for their own loan portfolio monitoring...these to understand the specific performance characteristics of their own portfolios -- the ability to observe trends and benchmark against similar industry characteristics can enhance their insights significantly. Assuming that a lender possesses the vintage data and vintage analysis capability necessary to perform benchmarking on its portfolio, the next step is defining the specific metrics upon which any comparisons will be made. As mentioned in a previous posting, three aspects of vintage performance are often used to define these points of comparison: Vintage delinquency including charge-off curves, which allows for an understanding of the repayment trends within each pool. Specifically, standard delinquency measures (such as 30+ Days Past Due (DPD), 60+ DPD, 90+ DPD, and charge-off rates) provide measures of early and late stage delinquencies in each pool. Payoff trends, which reflect the pace at which pools are being repaid. While planning for losses through delinquency benchmarking is a critical aspect of this process, so, too, is the ability to understand pre-repayment tendencies and trends. Pre-payment can significantly impact cash-flow modeling and can add insight to interest income estimates and loan duration calculations. As part of the Experian-Oliver Wyman Market Intelligence Reports, these metrics are delivered each quarter, and provide a consistent, static pool base upon which vintage benchmarks can be conducted. Clearly, this is a rather simplified perspective on what can be a very detailed analysis exercise. A properly conducted vintage analysis needs to consider aspects such as: lender portfolio mix at origination; lender portfolio footprint at origination; lender payoff trends and differences from benchmarked industry data in order to properly balance the benchmarked data against the lender portfolio.
By: Kennis Wong When consumers and the media talk about fraud and fraud risk, nine out of ten times they are referring to third-party frauds. When financial institutions or other organizations talk about fraud, fraud best practices, or their efforts to minimize fraud, they usually refer to both first- and third-party frauds. The difference between the two fraud types is huge. Third-party frauds happen when someone impersonates the genuine identity owner to apply for credit or use existing credit. When it’s discovered, the victim, or the genuine identity owner, may have some financial loss -- and a whole lot of trouble fixing the mess. Third-party frauds get most of the spotlight in newspaper reporting primarily because of large-scale identity data losses. These data losses may not result in frauds per se, but the perception is that these consumers are now more susceptible to third-party frauds. Financial institutions are getting increasingly sophisticated in using fraud models to detect third-party frauds at acquisition. In a nutshell, these fraud models are detecting frauds by looking at the likelihood of applicants being who they say they are. Institutions bounce the applicants’ identity information off of internal and external data sources such as: credit; known fraud; application; IP; device; employment; business relationship; DDA; demographic; auto; property; and public record. The risk-based approach takes into account the intricate similarities and discrepancies of each piece of data element. In my next blog entry, I’ll discuss first-party fraud.
By: Ken Pruett I find it interesting that the media still focuses all of their attention on identity theft when it comes to credit-related fraud. Don’t get me wrong. This is still a serious problem and is certainly not going away any time soon. But, there are other types of financial fraud that are costing all of us money, indirectly, in the long run. I thought it would be worth mentioning some of these today. Although third party fraud, (which involves someone victimizing a consumer), gets most of the attention, first party fraud (perpetrated by the actual consumer) can be even more costly. “Never pay” and “bust out” are two fraud scenarios that seem to be on the rise and warrant attention when developing a fraud prevention program. Never Pay A growing fraud problem that occurs during the acquisition stage of the customer life cycle is “never pay”. This is also classified as first payment default fraud. Another term we often hear to describe this type of perpetrator is “straight roller”. This type of fraudster is best described as someone who signs up for a product or service -- and never makes a payment. This fraud problem occurs when a consumer makes an application for a loan or credit card. The consumer provides true identification information but changes one or two elements (such as the address or social security number). He does this so that he can claim later that he did not apply for the credit. When he’s granted credit, he often makes purchases close to the limit provided on the account. (Why get the 32 inch flat screen TV when the 60 inch is on the next store shelf -- when you know you are not going to pay for it anyway?) These fraudsters never make any payments at all on these accounts. The accounts usually end up in collections. Because standard credit risk scores look at long term credit, they often are not effective in predicting this type of fraud. The best approach is to use a fraud model specifically targeted for this issue. Bust Out Fraud Of all the fraud scenarios, bust out fraud is one of the most talked about topics when we meet with credit card companies. This type of fraud occurs during the account management phase of the customer lifecycle. It is characterized by a person obtaining credit, typically a loan or credit card, and maintaining a good credit history with the account holder for a reasonable period of time. Just prior to the bust out point, the fraudster will pay off the majority of the balance, often by using a bad check. She will then run the card up close to the limit again -- and then disappear. Losses for this type of fraud are higher than average credit card losses. Losses between 150 to 200 percent of the credit limit are typical. We’ve seen this pattern at numerous credit card institutions across many of their accounts. This is a very difficult type of fraud to prevent. At the time of application, the customer typically looks good from a credit and fraud standpoint. Many companies have some account management tools in place to help prevent this type of fraud, but their systems only have a view into the one account tied to the customer. A best practice for preventing this type of fraud is to use tools that look at all the accounts tied to the consumer -- along with other metrics such as recent inquiries. When taking all of these factors into consideration, one can better predict this growing fraud type.
By: Heather Grover In my previous blog, I covered top of mind issues that our clients are challenged with related to their risk based authentication efforts and fraud account management. My goal in this blog is to share many of the specific fraud trends we have seen in recent months, as well as those that you – our clients and the industry as a whole – are experiencing. Management of risk and strategies to minimize fraud is on your mind. 1. Migration of fraud from Internet to call centers - and back again. Channel specific fraud is nothing new. Criminals prefer non-face-to-face channels because they can preserve anonymity, while increasing their number of attempts. The Internet has been long considered a risky channel, because many organizations have built defenses around transaction velocity checks, IP address matching and other tools. Once fraudsters were unable to pass through this channel, the call center became the new target, and path of least resistance. Not surprisingly, once the industry began to address the call center, fraud began to migrate, yet again. Increasingly we hear that the interception and compromise of online credentials due to keystroke loggers and other malware is on the rise. 2. Small business fraud on the rise. As the industry has built defenses in their consumer business, fraudsters have again migrated -- this time to commercial products. Historically, small business has not been a target for fraud, which is changing. We see and hear that, while similar to consumer fraud in many ways, small business fraud is often more difficult to detect many times due to “shell businesses” that are established. 3. Synthetic ID becoming less of an issue. As lenders tighten their criteria, not only are they turning down those less likely to pay, but their higher standards are likely affecting Synthetic ID fraud, which many times creates identities with similar characteristics that mirror “thin file” consumers. 4. Family fraud continues. We have seen consumers using the identities of members of their family in an attempt to gain and draw down credit. These occurrences are nothing new, but sadly this continues in the current economic environment. Desperate parents use their children’s identities to apply for new credit, or other family may use an elderly person’s dormant accounts with a goal of finding a short term lifeline in a bad credit situation. 5. Fraud increasing from specific geographic regions. Some areas are notorious for perpetrating fraud – not too long ago it was Nigeria and Russia. We have seen and are hearing that the new hot spots are Vietnam and other Eastern Europe countries that neighbor Russia. 6. Falsely claiming fraud. There has been an increase of consumers who claim fraud to avoid an account going into delinquency. Given the poor state of many consumers credit status, this pattern is not unexpected. The challenge many clients face is the limited ability to detect this occurrence. As a result, many clients are seeing an increase in fraud rates. This misclassification is masking what should be bad debt.
-- by Heather Grover I’m often asked in various industry forums to give talks about, or opinions on, the latest fraud trends and fraud best practices. Let’s face it – fraudsters are students of their craft and continue to study the latest defenses and adapt to controls that may be in place. You may be surprised, then, to learn that our clients’ top-of-mind issues are not only how to fight the latest fraud trends, but how they can do so while maximizing use of automation, managing operational costs, and preserving customer experience -- all while meeting compliance requirements. Many times, clients view these goals as being unique goals that do not affect one another. Not only can these be accomplished simultaneously, but, in my opinion, they can be considered causal. Let me explain. By looking at fraud detection as its own goal, automation is not considered as a potential way to improve this metric. By applying analytics, or basic fraud risk scores, clients can easily incorporate many different potential risk factors into a single calculation without combing through various data elements and reports. This calculation or score can predict multiple fraud types and risks with less effort, than could a human manually, and subjectively reviewing specific results. Through an analytic score, good customers can be positively verified in an automated fashion; while only those with the most risky attributes can be routed for manual review. This allows expensive human resources and expertise to be used for only the most risky consumers. Compliance requirements can also mandate specific procedures, resulting in arduous manual review processes. Many requirements (Patriot Act, Red Flag, eSignature) mandate verification of identity through match results. Automated decisioning based on these results (or analytic score) can automate this process – in turn, reducing operational expense. While the above may seem to be an oversimplification or simple approach, I encourage you to consider how well you are addressing financial risk management. How are you managing automation, operational costs, and compliance – while addressing fraud?
By: Kari Michel Bankruptcies continue to rise and are expected to exceed 1.4 million by the end of this year, according to American Bankruptcy Institute Executive Director, Samuel J. Gerdano. Although, the overall bankruptcy rates for a lender’s portfolio is small (about 1 percent), bankruptcies result in high dollar losses for lenders. Bankruptcy losses as a percentage of total dollar losses are estimated to range from 45 percent for bankcard portfolios to 82 percent for credit unions. Additionally, collection activity is restricted because of legislation around bankruptcy. As a result, many lenders are using a bankruptcy score in conjunction with their new applicant risk score to make better acquisition decisions. This concept is a dual score strategy. It is key in management of risk, to minimize fraud, and in managing the cost of credit. Traditional risk scores are designed to predict risk (typically predicting 90 days past due or greater). Although bankruptcies are included within this category, the actual count is relatively small. For this reason the ability to distinguish characteristics typical of a “bankruptcy” are more difficult. In addition, often times a consumer who filed bankruptcy was in “good standings” and not necessarily reflective of a typical risky consumer. By separating out bankrupt consumers, you can more accurately identify characteristics specific to bankruptcy. As mentioned previously, this is important because they account for a significant portion of the losses. Bankruptcy scores provide added value when used with a risk score. A matrix approach is used to evaluate both scores to determine effective cutoff strategies. Evaluating applicants with both a risk score and a bankruptcy score can identify more potentially profitable applicants and more high- risk accounts.
By: Wendy Greenawalt In my last blog post I discussed the value of leveraging optimization within your collections strategy. Next, I would like to discuss in detail the use of optimizing decisions within the account management of an existing portfolio. Account Management decisions vary from determining which consumers to target with cross-sell or up-sell campaigns to line management decisions where an organization is considering line increases or decreases. Using optimization in your collections work stream is key. Let’s first look at lines of credit and decisions related to credit line management. Uncollectible debt, delinquencies and charge-offs continue to rise across all line of credit products. In response, credit card and home equity lenders have begun aggressively reducing outstanding lines of credit. One analyst predicts that the credit card industry will reduce credit limits by $2 trillion by 2010. If materialized, that would represent a 45 percent reduction in credit currently available to consumers. This estimate illustrates the immediate reaction many lenders have taken to minimize loss exposure. However, lenders should also consider the long-term impacts to customer retention, brand-loyalty and portfolio profitability before making any account management decision. Optimization is a fundamental tool that can help lenders easily identify accounts that are high risk versus those that are profit drivers. In addition, optimization provides precise action that should be taken at the individual consumer level. For example, optimization (and optimizing decisions) can provide recommendations for: • when to contact a consumer; • how to contact a consumer; and • to what level a credit line could be reduced or increased... …while considering organizational/business objectives such as: • profits/revenue/bad debt; • retention of desirable consumers; and • product limitations (volume/regional). In my next few blogs I will discuss each of these variables in detail and the complexities that optimization can consider.
By: Kari Michel This blog completes my discussion on monitoring new account decisions with a final focus: scorecard monitoring and performance. It is imperative to validate acquisitions scorecards regularly to measure how well a model is able to distinguish good accounts from bad accounts. With a sufficient number of aged accounts, performance charts can be used to: • Validate the predictive power of a credit scoring model; • Determine if the model effectively ranks risk; and • Identify the delinquency rate of recently booked accounts at various intervals above and below the primary cutoff score. To summarize, successful lenders maximize their scoring investment by incorporating a number of best practices into their account acquisitions processes: 1. They keep a close watch on their scores, policies, and strategies to improve portfolio strength. 2. They create monthly reports to look at population stability, decision management, scoring models and scorecard performance. 3. They update their strategies to meet their organization’s profitability goals through sound acquisition strategies, scorecard monitoring and scorecard management.
By: Wendy Greenawalt The combined impact of rising unemployment, increasing consumer debt burdens and decreasing home values have caused lenders to shift resources away from prospecting and acquisitions to collection and recovery activities. As delinquencies and charge-off rates continue to increase, the likelihood of collecting on delinquent accounts decreases -- because outstanding debts mount for consumers and their ability to pay declines. Integrating optimized decisions into a collection strategy enables a lenders to assign appropriate collection treatments by assessing the level of risk associated with a consumer while considering a customer’s responsiveness to particular treatment options. Specifically, collections optimization uses mathematical algorithms to maximize organizational goals while applying constraints such as budget and call center capacity -- providing explicit treatment strategies at the consumer level -- while producing the highest probability of collecting outstanding dollars. Optimization can be integrated into a real-time call center environment by targeting the right consumers for outbound calls and assigning resources to consumers most likely to pay. It can also be integrated into traditional lettering campaigns to determine the number and frequency of letters, and the tone of each correspondence. The options for account treatment are virtually limitless and, unlike other techniques, optimization will determine the most profitable strategy while meeting operational and business constraints without simplification of the problem. By incorporating optimization into a collection strategy that includes a predictive model or score and advanced segmentation, an organization can maximize collected dollars, minimize the costs of collection efforts, improve collections efficiency, and determine which accounts to sell off – all while maximizing organizational profits.
By: Kari Michel This blog is a continuation of my previous discussion about monitoring your new account acquisition decisions with a focus on decision management. Decision management reports provide the insight to make more targeted decisions that are sound and profitable. These reports are used to identify: which lending decisions are consistent with scorecard recommendations; the effectiveness of overrides; and/or whether cutoffs should be adjusted. Decision management reports include: • Accept versus decline score distributions • Override rates • Override reason report • Override by loan officer • Decision by loan officer Successful lending organizations review this type of information regularly to make better lending policy decisions. Proactive monitoring provides feedback on existing strategies and helps evaluate if you are making the most effective use of your score(s). It helps to identify areas of opportunity to improve portfolio profitability. In my next blog, I will discuss the last set of monitoring reports, scorecard performance.
Learn More Image
