Fintech

Fraud – it’s a word that comes up in conversations across every industry. While there’s a general awareness that fraud is on the rise and is constantly evolving, for many the full impact of fraud is misunderstood and underestimated. At the heart of this challenge is the tendency to lump different types of fraud together into one big problem, and then look for a single solution that addresses it. It’s as if we’re trying to figure out how to un-bake a terrible cake instead of thinking about the ingredients and the process needed to put them together in the first place. This is the first of a series of articles in which we’ll look at some of the key ingredients that create different types of fraud, including first party, third party, synthetic identity, and account takeover.  We’ll talk about why they’re unique and why we need to approach each one differently. At the end of the series, we’ll get a result that’s easier to digest. I had second thoughts about the cake metaphor, but in truth it really works. Creating a good fraud management process is a lot like baking. We need to know the ingredients and some tried-and-true methods to get the best result. With that foundation in place, we can look for ways to improve the outcome every time. Let’s start with a look at the best known type of fraud, third party. What is third-party fraud? Third-party fraud – generally known as identity theft – occurs when a malicious actor uses another person’s identifying information to open new accounts without the knowledge of the individual whose information is being used. This type of fraud is unique from first party or synthetic identity fraud because it involves an identifiable victim that’s willing to collaborate in the investigation and resolution, for the simple reason that they don’t want to be responsible for the obligation made under their name. Third-party fraud is often the only type of activity that’s classified as fraud by financial institutions. The presence of an identifiable victim creates a high level of certainty that fraud has indeed occurred. That certainty enables financial institutions to properly categorize the losses. Since there is a victim associated with it, third party fraud tends to have a shorter lifespan than other types. When victims become aware of what’s happening, they generally take steps to protect themselves and intervene where they know their identity has been potentially misused. As a result, the timeline for third-party fraud is shorter, with fraudsters acting quickly to maximize the funds they’re able to amass before busting out. How does third-party fraud impact me? As the digital transformation continues, more and more personally identifiable information (PII) is available on the dark web due to data breaches and phishing scams. Given that half of consumers anticipate increasing their online spending in the coming year, we anticipate that the amount of PII readily available to criminals will only continue to grow. All of this will lead to identity theft and increase the risk of third-party fraud. Third-party fraud has been on businesses\' radar throughout 2020, with account takeover and account opening fraud representing high opportunities for risk. While we don’t yet know the full financial impact of COVID-19, it’s clear that it has created both opportunity—increased online presence and interaction—and need—in the form of financial distress for businesses and consumers—when it comes to third-party fraud. Solving the third-party fraud problem We’ve examined one part of the fraud problem, and it is a complex one. With Experian as your partner, solving for it isn’t. Continuing my cake metaphor, by following the right steps and including the right ingredients, businesses can detect and prevent fraud. Preventing third-party fraud involves two distinct steps. Analytics: Driven by extensive data that captures the ways in which people present their identity—plus artificial intelligence and machine learning—good analytics can detect inconsistencies, and patterns of usage that are out of character for the person, or similar to past instances of known fraud. Verification: The advantage of dealing with third-party fraud is the availability of a victim that will confirm when fraud is happening. The verification step refers to the process of making contact with the identity owner to obtain that confirmation. It does require some thought and discipline to make sure that the contact information used leads to the identity owner—and not to the fraudster. Over the coming weeks, I’ll be exploring first-party fraud, synthetic identity fraud, and account takeover fraud and how a layered fraud management strategy can help keep your business and customers safe from all types. Let us know if you’d like to learn more about how Experian is using our identity expertise, data, and analytics to detect and prevent fraud. Contact us

Published: November 16, 2020 by Chris Ryan

Enterprise Security Magazine recently named Experian a Top 10 Fraud and Breach Protection Solutions Provider for 2020.   Accelerating trends in the digital economy--stemming from stay-at-home orders and rapid increases in e-commerce and government funding--have created an attractive environment for fraudsters. At the same time, there’s been an uptick in the amount of personally identifiable information (PII) available on the dark web. This combination makes innovative fraud and breach solutions more crucial than ever.   Enterprise Security Magazine met with Kathleen Peters, Experian’s Chief Innovation Officer, and Michael Bruemmer, Vice President of Global Data Breach and Consumer Protection, to discuss COVID-19 digital trends, the need for robust fraud protection, and how Experian’s end-to-end breach protection services help businesses protect consumers from fraud.   According to the magazine, “With Experian’s best in class analytics, clients can rapidly respond to ever-changing environments by utilizing offerings such as CrossCore® and Sure ProfileTM to identify and prevent fraud.”   In addition to our commitment to develop new products to combat the rising threat of fraud, Experian is focused on helping businesses minimize the consequences of a data breach. The magazine noted that, “To serve as a one-stop-shop for data breach protection, Experian offers a wide range of auxiliary services such as incident management, data breach notification, identity protection, and call center support.”   We are continuously working to create and integrate innovative and robust solutions to prevent and manage different types of data breaches and fraud. Read the full article Contact us

Published: November 13, 2020 by Alison Kray

The shift created by the COVID-19 pandemic is still being realized. One thing that we know for sure is that North American consumers’ expectations continue to rise, with a focus on online security and their digital experience.   In mid-September of this year, Experian surveyed 3,000 consumers and 900 businesses worldwide—with 300 consumers and 90 businesses in the U.S.—to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of consumers surveyed continue to expect more security steps when online, including more visible security measures in place on websites and more knowledge about how their data is being protected and stored. However, those same consumers aren’t willing to wait more than 60 seconds to complete an online transaction making it more important than ever to align your security and experience strategies.   While U.S. consumers are optimistic about the economy’s recovery, they are still dealing with financial challenges and their behaviors have changed. Future business plans should take into account consumers’:   High expectations of their online experience Increases in online spending Difficulty paying bills Reduction in discretionary spending   Moving forward, businesses are focusing on use of AI, online security, and digital engagement. They are emphasizing revenue generation while looking into the future of online security. Nearly 70% of businesses also plan to increase their fraud management budgets in the next 6 months.   Download the full North America Insights Report to get all of the insights into North American business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a look at how trends have changed from early in the pandemic. North America Insights Report Global Insights Report

Published: November 12, 2020 by Alison Kray

The financial services industry is not always synonymous with innovation and forward-thinking. While there are some exceptions with top-10 banks and some savvy regionals, as a whole, the sector tends to fall on the latter half of the diffusion of innovation curve, usually slotting in the late majority or laggard phase. Conversely, the opposite is true for fintechs who have been an enormously disruptive force of change in financial services over the past 10 years.   For many businesses, the pandemic has created uncertainty and an inability to conduct or generate business. However, the silver lining with COVID-19 might just be that it’s driving digital innovation across industries. Andreesen Horowitz, a venture capital firm, estimates businesses of all kinds are experiencing at least two years’ worth of digitization compressed into the last six months. And while they have been significantly impacted, for fintechs who were already pushing the envelope and challenging existing business models, COVID-19 suddenly accelerated financial services innovation into overdrive. Here are three challenges fintechs are answering in the wake of the COVID-19 health crisis. Digital Banking   The first lockdowns flipped the digital switch in financial services. Seemingly overnight, banking moved digital. In April, new mobile banking registrations increased 200%, while mobile banking traffic rose 85%. Likewise, Deloitte reported online banking activity has increased 35% since the pandemic started. Being mobile-first or digital-only has allowed many fintechs to win in offering presentment, activation, underwriting, and a contextual digital interface, all capabilities that will only become more relevant as the pandemic stretches on. At Square, direct deposit volumes grew by three times from March to April, up to $1.3 billion; Chime saw record signups. Continued social distancing will only serve to accelerate customers’ use of mobile and online platforms to manage their finances.  Contactless Payments  Similar to digital banking as a whole, the health crisis has accelerated the necessity for contactless payments. Whereas convenience and a seamless customer experience may have been drivers for payments innovation in the past, now, many customers may view it as a life or death health concern. Phones, wearables and even connected vehicles are empowering customers to participate in commerce while avoiding handling cash or coming in contact with an infected surface. Through their adoption of IOT-powered contactless payments, fintechs are accelerating this area of financial services to keep customers safe.  Financial Inclusion and Speeding Economic Relief  Any disaster disproportionally affects the underbanked and those living at the poverty line, and COVID-19 is no different. While it will undoubtedly contribute to an increase in unbanked households, the pandemic may also provide an opportunity to innovate through this problem. Financial inclusion was already a focus for many fintechs, who’ve made it their mission to bring equity by offering basic financial services in a transparent way. Unencumbered by legacy systems and business models, fintechs are well positioned to work across the financial ecosystem, from financial services, retail and government to efficiently and more quickly distribute benefits to at-risk groups and impacted businesses.   From their ability to quickly ingest new and novel data sources, to a focus on using a digital-first approach to delight customers, fintechs will continue to harness their strengths to disrupt financial services, even during the pandemic. How is your fintech driving innovation and customer experience during the health crisis?   Learn more

Published: October 28, 2020 by Jesse Hoggard

Synthetic identity fraud, otherwise known as SID fraud, is reportedly the fastest-growing type of financial crime. One reason for its rapid growth is the fact that it’s so hard to detect, and thus prevent. This allows the SIDs to embed within business portfolios, building up lines of credit to run up charges or take large loans before “busting out” or disappearing with the funds. In Experian’s recent perspective paper, Preventing synthetic identity fraud, we explore how SID differs from other types of fraud, and the unique steps required to prevent it. The paper also examines the financial risks of SID, including: $15,000 is the average charge-off balance per SID attack Up to 15% of credit card losses are due to SID 18% - the increase in global card losses every year since 2013 SID is unlike any other type of fraud and standard fraud protection isn’t sufficient. Download the paper to learn more about Experian’s new toolset in the fight against SID. Download the paper

Published: October 15, 2020 by Alison Kray

The CU Times recently reported on a nationwide synthetic identity fraud ring impacting several major credit unions and banks. Investigators for the Federal and New York governments charged 13 people and three businesses in connection to the nationwide scheme. The members of the crime ring were able to fraudulently obtain more than $1 million in loans and credit cards from 10 credit unions and nine banks. Synthetic Identity Fraud Can’t Be Ignored Fraud was on an upward trend before the pandemic and does not show signs of slowing. Opportunistic criminals have taken advantage of the shift to digital interactions, loosening of some controls in online transactions, and the desire of financial institutions to maintain their portfolios – seeking new ways to perpetrate fraud. At the onset of the COVID-19 pandemic, many financial institutions shifted their attention from existing plans for the year. In some cases they deprioritized plans to review and revise their fraud prevention strategy. Over the last several months, the focus swung to moving processes online, maintaining portfolios, easing customer friction, and dealing with IT resource constraints. While these shifts made sense due to rapidly changing conditions, they may have created a more enticing environment for fraudsters. This recent synthetic identity fraud ring was in place long before COVID-19. That said, it still highlights the need to have a prevention and detection plan in place. Financial institutions want to maintain their portfolios and their customer or member experience. However, they can’t afford to table fraud plans in the meantime. “72% of FI executives surveyed believe synthetic identity fraud to be more challenging than identity theft. This is due to the fact that it is harder to detect—either crime rings nurture accounts for months or years before busting out with six-figure losses, or they are misconstrued as credit losses, and valuable agent time is spent trying to collect from someone who doesn’t exist,” says Julie Conroy, Research Director at Aite Group. Prevention and Detection Putting the fraud strategy discussion on hold—even in the short term—could open up a financial institution to potential risk at time when cost control and portfolio maintenance are watch words. Canny fraudsters are on the lookout for financial institutions with fewer protections. Waiting to implement or update a fraud strategy could open a business up to increased fraud losses. Now is the time to review your synthetic identity fraud prevention and detection strategies, and Experian can help. Our innovative new tool in the fight against synthetic identity fraud helps financial institutions stop fraudsters at the door. Learn more  

Published: October 7, 2020 by Alison Kray

Changing consumer behaviors caused by the COVID-19 pandemic have made it difficult for businesses to make good lending decisions. Maintaining a consistent lending portfolio and differentiating good customers who are facing financial struggles from bad actors with criminal intent is getting more difficult, highlighting the need for effective decisioning tools. As part of our ongoing Q&A perspective series, Jim Bander, Experian’s Market Lead, Analytics and Optimization, discusses the importance of automated decisions in today’s uncertain lending environment. Check out what he had to say: Q: What trends and challenges have emerged in the decisioning space since March? JB: In the age of COVID-19, many businesses are facing several challenges simultaneously. First, customers have moved online, and there is a critical need to provide a seamless digital-first experience. Second, there are operational challenges as employees have moved to work from home; IT departments in particular have to place increase priority on agility, security, and cost-control. Note that all of these priorities are well-served by a cloud-first approach to decisioning. Third, the pandemic has led to changes in customer behavior and credit reporting practices. Q: Are automated decisioning tools still effective, given the changes in consumer behaviors and spending? JB: Many businesses are finding automated decisioning tools more important than ever. For example, there are up-sell and cross-sell opportunities when an at-home bank employee speaks with a customer over the phone that simply were not happening in the branch environment. Automated prequalification and instant credit decisions empower these employees to meet consumer needs. Some financial institutions are ready to attract new customers but they have tight marketing budgets. They can make the most of their budget by combining predictive models with automated prescreen decisioning to provide the right customers with the right offers. And, of course, decisioning is a key part of a debt management strategy. As consumers show signs of distress and become delinquent on some of their accounts, lenders need data-driven decisioning systems to treat those customers fairly and effectively. Q: How does automated decisioning differentiate customers who may have missed a payment due to COVID-19 from those with a history of missed payments? JB: Using a variety of credit attributes in an automated decision is the key to understanding a consumer’s financial situation. We have been helping businesses understand that during a downturn, it is important for a decisioning system to look at a consumer through several different lenses to identify financially stressed consumers with early-warning indicators, respond quickly to change, predict future customer behavior, and deliver the best treatment at the right time based on customer specific situations or behaviors.  In addition to traditional credit attributes that reflect a consumer’s credit behavior at a single point in time, trended attributes can highlight changes in a consumer’s behavior. Furthermore, Experian was the first lender to release new attributes specifically created to address new challenges that have arisen since the onset of COVID. These attributes help lenders gain a broader view of each consumer in the current environment to better support them. For example, lenders can use decisioning to proactively identify consumers who may need assistance. Q: What should financial institutions do next? JB: Financial institutions have rarely faced so much uncertainty, but they are generally rising to the occasion. Some had already adopted the CECL accounting standard, and all financial institutions were planning for it. That regulation has encouraged them to set aside loss reserves so they will be in better financial shape during and after the COVID-19 Recession than they were during the Great Recession. The best lenders are making smart investments now—in cloud technology, automated decisioning, and even Ethical and Explainable Artificial Intelligence—that will allow them to survive the COVID Recession and to be even more competitive during an eventual recovery. Financial institutions should also look for tools like Experian’s In the Market Model and Trended 3D Attributes to maximize efficiency and decisioning tactics – helping good customers remain that way while protecting the bottom line. In the Market Models Trended 3D Attributes  About our Expert: [avatar user=\"jim.bander\" /] Jim Bander, PhD, Market Lead, Analytics and Optimization, Experian Decision Analytics Jim joined Experian in April 2018 and is responsible for solutions and value propositions applying analytics for financial institutions and other Experian business-to-business clients throughout North America. He has over 20 years of analytics, software, engineering and risk management experience across a variety of industries and disciplines. Jim has applied decision science to many industries, including banking, transportation and the public sector.

Published: September 15, 2020 by Alison Kray

In 2015, U.S. card issuers raced to start issuing EMV (Europay, Mastercard, and Visa) payment cards to take advantage of the new fraud prevention technology. Counterfeit credit card fraud rose by nearly 40% from 2014 to 2016, (Aite Group, 2017) fueled by bad actors trying to maximize their return on compromised payment card data. Today, we anticipate a similar tsunami of fraud ahead of the Social Security Administration (SSA) rollout of electronic Consent Based Social Security Number Verification (eCBSV). Synthetic identities, defined as fictitious identities existing only on paper, have been a continual challenge for financial institutions. These identities slip past traditional account opening identity checks and can sit silently in portfolios performing exceptionally well, maximizing credit exposure over time. As synthetic identities mature, they may be used to farm new synthetics through authorized user additions, increasing the overall exposure and potential for financial gain. This cycle continues until the bad actor decides to cash out, often aggressively using entire credit lines and overdrawing deposit accounts, before disappearing without a trace. The ongoing challenges faced by financial institutions have been recognized and the SSA has created an electronic Consent Based Social Security Number Verification process to protect vulnerable populations. This process allows financial institutions to verify that the Social Security number (SSN) being used by an applicant or customer matches the name. This emerging capability to verify SSN issuance will drastically improve the ability to detect synthetic identities. In response, it is expected that bad actors who have spent months, if not years, creating and maturing synthetic identities will look to monetize these efforts in the upcoming months, before eCBSV is more widely adopted. Compounding the anticipated synthetic identity fraud spike resulting from eCBSV, financial institutions’ consumer-friendly responses to COVID-19 may prove to be a lucrative incentive for bad actors to cash out on their existing synthetic identities. A combination of expanded allowances for exceeding credit limits, more generous overdraft policies, loosened payment strategies, and relaxed collection efforts provide the opportunity for more financial gain. Deteriorating performance may be disguised by the anticipation of increased credit risk, allowing these accounts to remain undetected on their path to bust out. While responding to consumers’ requests for assistance and implementing new, consumer-friendly policies and practices to aid in impacts from COVID-19, financial institutions should not overlook opportunities to layer in fraud risk detection and mitigation efforts. Practicing synthetic identity detection and risk mitigation begins in account opening. But it doesn’t stop there. A strong synthetic identity protection plan continues throughout the account life cycle. Portfolio management efforts that include synthetic identity risk evaluation at key control points are critical for detecting accounts that are on the verge of going bad. Financial institutions can protect themselves by incorporating a balance of detection efforts with appropriate risk actions and authentication measures. Understanding their portfolio is a critical first step, allowing them to find patterns of identity evolution, usage, and connections to other consumers that can indicate potential risk of fraud. Once risk tiers are established within the portfolio, existing controls can help catch bad accounts and minimize the resulting losses. For example, including scores designed to determine the risk of synthetic identity, and bust out scores, can identify seemingly good customers who are beginning to display risky tendencies or attempting to farm new synthetic identities. While we continue to see financial institutions focus on customer experience, especially in times of uncertainty, it is paramount that these efforts are not undermined by bad actors looking to exploit assistance programs. Layering in contextual risk assessments throughout the lifecycle of financial accounts will allow organizations to continue to provide excellent service to good customers while reducing the increasing risk of synthetic identity fraud loss. Prevent SID

Published: August 19, 2020 by Stacey Wishowsky

Achieving collection results within the subprime population was challenging enough before the current COVID-19 pandemic and will likely become more difficult now that the protections of the Coronavirus Aid, Relief, and Economic Security (CARES) Act have expired. To improve results within the subprime space, lenders need to have a well-established pre-delinquent contact optimization approach. While debt collection often elicits mixed feelings in consumers, it’s important to remember that lenders share the same goal of settling owed debts as quickly as possible, or better yet, avoiding collections altogether. The subprime lending population requires a distinct and nuanced approach. Often, this group includes consumers that are either new to credit as well as consumers that have fallen delinquent in the past suggesting more credit education, communication and support would be beneficial. Communication with subprime consumers should take place before their account is in arrears and be viewed as a “friendly reminder” rather than collection communication. This approach has several benefits, including: The communication is perceived as non-threatening, as it’s a simple notice of an upcoming payment. Subprime consumers often appreciate the reminder, as they have likely had difficulty qualifying for financing in the past and want to improve their credit score. It allows for confirmation of a consumer’s contact information (mainly their mobile number), so lenders can collect faster while reducing expenses and mitigating risk. When executed correctly, it would facilitate the resolution of any issues associated with the delivery of product or billing by offering a communication touchpoint. Additionally, touchpoints offer an opportunity to educate consumers on the importance of maintaining their credit. Customer segmentation is critical, as the way lenders approach the subprime population may not be perceived as positively with other borrowers. To enhance targeting efforts, lenders should leverage both internal and external attributes. Internal payment patterns can provide a more comprehensive view of how a customer manages their account. External bureau scores, like VantageScore®, and attribute sets that provide valuable insights into credit usage patterns, can significantly improve targeting. Additionally, the execution of the strategy in a test vs. control design, with progression to successive champion vs. challenger designs is critical to success and improved performance. Execution of the strategy should also be tested using various communication channels, including digital. From an efficiency standpoint, text and phone calls leveraging pre-recorded messages work well. If a consumer wishes to participate in settling their debt, they should be presented with self-service options. Another alternative is to leverage live operators, who can help with an uptick in collection activity. Testing different tranches of accounts based on segmentation criteria with the type of channel leveraged can significantly improve results, lower costs and increase customer retention. Learn About Trended Attributes Learn About Premier Attributes

Published: August 17, 2020 by Erik Svensen

The COVID-19 pandemic created a global shift in the volume of online activity and experiences over the past several months. Not only are consumers increasing their usage of mobile and digital channels to bank, shop, work and socialize — and anticipating more of the same in the coming months — they’re closely watching how businesses respond to their needs.   Between late June and early July of this year, Experian surveyed 3,000 consumers and 900 businesses to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of businesses surveyed believe their operational processes have mostly or completely recovered since COVID-19 began. However, many consumers fear that a second wave of COVID-19 will further deplete their already strained finances. They are looking to businesses for reassurance as they shift their behaviors by:   Reducing discretionary spending Building up emergency savings Tapping into financial reserves Increasing online spending   Moving forward, businesses are focusing on short-term investments in security, managing credit risk with artificial intelligence, and increasing online customer engagement.   Download the full report to get all of the insights into global business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a deeper dive into US-specific findings. Download the report

Published: August 6, 2020 by Alison Kray

In today’s uncertain economic environment, the question of how to reduce portfolio volatility while still meeting consumers’ needs is on every lender’s mind.  With more than 100 million consumers already restricted by traditional scoring methods used today, lenders need to look beyond traditional credit information to make more informed decisions. By leveraging alternative credit data, you can continue to support your borrowers and expand your lending universe. In our most recent podcast, Experian’s Shawn Rife, Director of Risk Scoring and Alpa Lally, Vice President of Data Business, discuss how to enhance your portfolio analysis after an economic downturn, respond to the changing lending marketplace and drive greater access to credit for financially distressed consumers. Topics discussed, include: Making strategic, data-driven decisions across the credit lifecycle Better managing and responding to portfolio risk Predicting consumer behavior in times of extreme uncertainty Listen in on the discussion to learn more. Experian · Effective Lending in the Age of COVID-19

Published: August 3, 2020 by Laura Burrows

Experian’s Chris Ryan and Bobbie Paul recently re-joined David Mattei from Aite to discuss how emerging fraud trends and changes in consumer behavior will have long-term impacts on businesses. Chris, Bobbie, and David have combined experience of more than 60 years in the world of fraud prevention. In this discussion, they bring that experience to bear as they review how businesses should revise their long-term fraud strategy in response to COVID-19 and the subsequent economic shifts, including: The requirements to authenticate a digital customer Businesses’ technology challenges Differentiating between first party and third party fraud The importance of businesses’ technology investment How to build a roadmap for the next 90 days and beyond Experian · Make Your Fraud Plan Recession-Ready: Your 90 Day and Beyond Plan

Published: July 9, 2020 by Alison Kray

Pre COVID-19, operations functions for retailers and financial institutions had not typically consisted of a remote (stay at home) workforce. Some organizations were better prepared than others, but there is a firm belief that retail and banking have changed for good as a result of the pandemic and resulting economic and workforce shifts. Market trends and implications When stay at home orders were issued, non-essential brick and mortar businesses closed unexpectedly. What were retailers to do with no traffic coming through the doors at their physical locations? The impact on big-box retailers like Best Buy, Dick’s Sporting goods, Sears, JCPenney, Nike, Starbucks, Macy’s, Neiman Marcus, Nordstrom, Kohl’s to name a few, has been unprecedented; some have had to shut their doors for good. Over the past several months global retail has seen e-commerce sales grow over 81% compared to the same period last year, according to Card Not Present. Some sectors have seen triple-digit growth year over year. Most online retailers have been ill-prepared to handle this increase in transactional volume in such a short amount of time, which has resulted in rapid fraud loss increases. A recent white paper from Aite Group reported that prior to COVID-19, a large financial institution forecasted an 8% decrease in fraud for 2020, but has since revised the projection to increase 10-15%. What does this all mean?  Bad actors are taking advantage of the pandemic to exploit the online retail channel. The increased remote channel usage—online, mobile, and contact centers in particular—continues to be an area where retailers are exposed. Account takeover, through phishing and relaxed call center controls, is rising as well. Increases in phishing attacks are leading to compromised and stolen identities and synthetic identity fraud. Account takeover (ATO) fraud has increased 347% since 2019 according to PYMNTS.com. A recent survey found more than a quarter of merchants (27%) admit that they don’t have measures to prevent ATO. 24% of merchants can’t identify an ATO during a purchase. 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them. When criminals use these compromised accounts to make fraudulent purchases, the merchant loses revenue and the value of the goods. They can also suffer from damage to brand reputation and a loss of customer confidence. A lack of account security can have lasting effects as 65% of customers surveyed say they would likely stop buying from a merchant if their account was compromised, according to that same Card Not Present study. So how can retailers start to identify bad actors with malicious intent? This will be a constant struggle for retailers. Rather than a one size fits all solution, retailers must move toward a strategy that is nimble and dynamic and can address multiple areas of exposure. A fraudster could easily slip by one verification method—for instance with a stolen credential—only to be foiled by a secondary authentication tactic like device identity. A layered fraud strategy continues to be the industry best practice, where both passive and active authentication methods are leveraged to frustrate fraudsters without applying undue friction to “good” consumers. The layered solution should also utilize device risk, identity verification and fraud analytics, with tailoring to each businesses’ needs, risk tolerance, and customer profiles. Learn more about how to build a layered fraud strategy today. Learn more

Published: July 8, 2020 by Marc Mosman

Every few months we hear in the news about a fraud ring that has been busted here in the U.S. or in another part of the world. In May, I read about a fraud ring based in Georgia and Louisiana that bought 13,000 stolen identities of children who were on the Louisiana Medicaid program and billed the government for services not rendered. This group defrauded the Medicaid program of more than $500,000.   This is just one of many stories that we hear about fraud rings, and given the rapidly changing economic environment, now is the time for businesses to think about how to protect against fraud rings. There are a number of challenges that organizations may have when it comes to sharing trends and collaborations, understanding the ways to tie fraud rings together, creating treatments for identifying fraud rings and ways to store and catalogue fraud ring experiences so they can be easily recognized.   The trouble with identifying fraud rings   It’s important to understand the challenges that organizations have because they see the fraud rings through their own internal lens. Here are a few of the top things businesses should work on:   Think like a fraudster. This will help businesses become more creative in their approach to fraud prevention. Facilitate internal collaboration. Share with in-organization partners. Sometimes this can be difficult due to organizational structure. Promote external collaboration. Intel-sharing groups are a great way for businesses to network within their industries and learn about the fraud that others are seeing. An organization that I’ve worked with in the past is the National Cyber Forensic and Training Alliance (NCFTA).   Putting the pieces together   How do businesses identify a fraud ring? There are three steps to get started. The first is reviewing and understanding the data. Fraudsters are lazy and want to replicate the process over and over again, and because of this there is always some piece of information that is repeated. It could be a name, an email address, device fingerprint, or similar.   The second step is tying the fraud ring together. This is done by creating rules to help identify the trends. Having rules in place to identify fraud rings allows businesses to easily pull stats together for their leadership.   Lastly, applying an acronym or name to the particular fraud ring and adding comments to the cases associated with a particular ring will help with post-investigation analysis.   Learning from the past   Before I became a consultant, I remember identifying a fraud ring that was submitting events with the same language pack and where the device fingerprint was staying consistent. Those events were being referred out for review and marked with the same note. At a post-mortem review, I was able to talk to the fraud ring we had seen, and it was easy to pull all events associated with this fraud ring because my team had marked the events with the same comments.   Another fraud ring example happened a few years ago. A client called me and said that they were under a fraud attack and this fraud ring was rotating the email handle. I reviewed the data and came up with a rule to catch this activity. Fraud rings will use email handle rotation to help them keep track of accounts that are opened or what emails they used in the past. By coupling the email handle rotation with an email verification service like Emailage, this insight could be very telling. I would assume that when fraud rings use email handle rotation these emails are new and have just been created.   These are just a few of the many fraud rings that I’ve encountered over the course of my career and I’m sure there will be a lot more in the years to come. The best advice I can give to anyone that reads this post is to understand the data that you are reviewing, look for anomalies within the data, ask questions and test your theories by running queries on the data that you’re reviewing. I would love to hear about the different fraud rings that you’ve encountered over your career.   Stay safe.   Contact us

Published: July 1, 2020 by Jeramie Driessen

Experian’s own Chris Ryan and Bobbie Paul recently joined David Mattei from Aite to discuss the latest research and insights into emerging fraud schemes and how businesses can combat them in light of COVID-19 and the resulting economic changes. Between them, Chris, Bobbie, and David have more than 60 years of experience in the world of fraud prevention. Listen in as they discuss how businesses can shape their fraud prevention plan in the short term, including: The impacts of the health crisis and physical distancing The rise of e-commerce and consumer digital engagement Changes in criminal activity Fraud attack vectors 2020 fraud loss projections Critical next steps for the 30-60 day time frame Experian · Make Your Fraud Plan Recession-Ready: 2020 Fraud Trends

Published: June 29, 2020 by Alison Kray