Public Sector
Public Sector
One of the most difficult parts of combating fraud is the ability to distinguish between the variety of fraud types. To properly manage your fraud efforts, you need to be able to differentiate between first party fraud and third party fraud so you can determine the best treatment. After all, if you’re treating first party fraud as though it’s third party fraud, the customer you’re contacting for verification will give whatever information they need to in order to continue their criminal actions. So how do you verify each type of fraud without adding additional overhead or increasing the friction experienced by your customers? Combating Fraud During an Economic Downturn Particularly in times of economic uncertainty, the ability to detect and identify individual fraud types allows you to work to prevent them in the future. Through proper identification, you can also apply the correct treatments to maximize the effectiveness of your fraud response teams, since the treatment for first and third party fraud is different. During the economic upswing, first party fraud was a secondary concern. Businesses were easing friction to help continue growth. Now, the same customers that businesses thought would drive growth are hurting and unable to help offset the losses caused by bad actors. Now is the time to revisit existing fraud prevention and mitigation strategies to ensure that fraud is properly identified, and the correct treatments are applied. Introducing Precise ID® Model Suite Experian’s Precise ID Model Suite combines identity analytics with advanced fraud risk models to: Protect the entire customer journey again fraud – across account opening, login, maintenance and transactions Distinguish first-party, third-party, and synthetic identity fraud to determine the best next action Enable agility during changing market conditions Maintain regulatory compliance (including: KYC, CIP, GLBA, FCRA, FFIEC, PATRIOT Act, FACTA, and more) Improve overall fraud management strategies and reduce losses Precise ID Model Suite allows you to detect and distinguish types of fraud with a single call – enabling your business to maximize efficiency and eliminate redundancy across your fraud prevention teams. By accurately recognizing risk, and in particular, recognizing that first party fraud is in fact a type of fraud distinct from credit risk, you’re able to protect your portfolio and your customers. Learn more
This is the next article in our series about how to handle the economic downturn – this time focusing on how to prevent fraud in the new economic environment. We tapped two new experts—Chris Ryan, Market Lead, Fraud and Identity and Tischa Agnessi, Go-to-Market Lead, Decisioning Software—to share their thoughts on how to keep fraud out of your portfolio while continuing to lend. Q: What new fraud trends do you expect during the economic downturn? CR: Perhaps unsurprisingly, we tend to see high volumes of fraud during economic downturn periods. First, we anticipate an uptick in third-party fraud, specifically account takeover or ATO. It’ll be driven by the need for first-time users to be forced online. In particular, the less tech-savvy crowd is vulnerable to phishing attacks, social engineering schemes, using out-of-date software, or landing on a spoofed page. Resources to investigate these types of fraud are already strained as more and more requests come through the top of the funnel to approve new accounts. In fact, according to Javelin Strategy & Research’s 2020 Identity Fraud Study, account takeover fraud and scams will increase at a time when consumers are feeling financial stress from the global health and economic crisis. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships. We also expect that first party fraud (including synthetic identity fraud) will trend upwards as a result of the deliberate abuse of credit extensions and additional financing options offered by financial services companies. Forced to rely on credit for everyday expenses, some legitimate borrowers may take out loans without any intention of repaying them – which will impact businesses’ bottom lines. Additionally, some individuals may opportunistically look to escape personal credit issues that arise during an economic downturn. The line between behaviors of stressed consumers and fraudsters will blur, making it more difficult to tell who is a criminal and who is an otherwise good consumer that is dealing with financial pressure. Businesses should anticipate an increase in synthetic identity fraud from opportunistic fraudsters looking to take advantage initial financing offers and the cushions offered to consumers as part of the stimulus package. These criminals will use the economic upset as a way to disguise the fact that they’re building up funds before busting out. Q: With payment stress on the rise for consumers, how can lenders manage credit risk and prevent fraud? TA: Businesses wrestle daily with problems created by the coronavirus pandemic and are proactively reaching out to consumers and other businesses with fresh ideas on initial credit relief, and federal credit aid. These efforts are just a start – now is the time to put your recession readiness plan and digital transformation strategies into place and find solutions that will help your organization and your customers beyond immediate needs. The faceless consumer is no longer a fraction of the volume of how organizations interact with their customers, it is now part of the new normal. Businesses need to seek out top-of-line fraud and identity solutions help protect themselves as they are forced to manage higher digital traffic volumes and address the tough questions around: How to identify and authenticate faceless consumers and their devices How to best prevent an overwhelming number of fraud tactics, including first party fraud, account takeover, synthetic identity, bust out, and more. As time passes and the economic crisis evolves, we will all adapt to yet another new normal. Organizations should be data-driven in their approach to this rapidly changing credit crisis and leverage modern technology to identify financially stressed consumers with early-warning indicators, predict future customer behavior, and respond quickly to change as they deliver the best treatment at the right time based on customer-specific activities. Whether it’s preparing portfolio risk assessment, reviewing debt management, collections, and recovery processes, or ramping up your fraud and identity verification services, Experian can help your organization prepare for another new normal. Experian is continuing to monitor the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help financial institutions differentiate legitimate consumers from fraudsters and protect their business and customers. Learn more About Our Experts [avatar user=\"ChrisRyan\" /] Chris Ryan, Market Lead, Fraud and Identity Chris has over 20 years of experience in fraud prevention and uses this knowledge to identify the most critical fraud issues facing individuals and businesses in North America, and he guides Experian’s application of technology to mitigate fraud risk. [avatar user=\"tischa.agnessi\" /] Tischa Agnessi, Go-to-Market Lead, Decisioning Software Tischa joined Experian in June of 2018 and is responsible for the go to market strategy for North America’s decisioning software solutions. Her responsibilities include delivering compelling propositions that are unique and aligned to markets, market problems, and buyer and user personas. She is also responsible for use cases that span the PowerCurve® software suite as well as application platforms, such as Decisioning as a ServiceSM and Experian®One.
The response to the coronavirus (COVID-19) health crisis requires a brand-new mindset from businesses across the country. As part of our recently launched Q&A perspective series, Jim Bander, Market Lead of Analytics and Optimization and Kathleen Peters, Senior Vice President of Fraud and Identity, provided insight into how businesses can work to mitigate fraud and portfolio risk. Q: How can financial institutions mitigate fraud risk while monitoring portfolios? JB: The most important shift in portfolio monitoring is the view of the customer, because it’s very different during times of crisis than it is during expansionary periods. Financial institutions need to take a holistic view of their customers and use additional credit dimensions to understand consumers’ reactions to stress. While many businesses were preparing for a recession, the economic downturn caused by the coronavirus has already surpassed the stress-testing that most businesses performed. To help mitigate the increased risk, businesses need to understand how their stress testing was performed in the past and run new stress tests to understand how financially sound their institution is. KP: Most businesses—and particularly financial institutions—have suspended or relaxed many of their usual risk mitigation tools and strategies, in an effort to help support customers during this time of uncertainty. Many financial institutions are offering debt and late fee forgiveness, credit extensions, and more to help consumers bridge the financial gaps caused by the economic downturn. Unfortunately, the same actions that help consumers can hamstring fraud prevention efforts because they impact the usual risk indicators. To weather this storm, financial institutions need to pivot from standard risk mitigation strategies to more targeted fraud and identity strategies. Q: How can financial institutions’ exposure to risk be managed? JB: Financial institutions are trying to extend as much credit as is reasonably possible—per government guidelines—but when the first stage of this crisis passes, they need to be prepared to deal with the consequences. Specifically, which borrowers will actually repay their loans. Financial institutions should monitor consumer health and use proactive outreach to offer assistance while keeping a finger on the pulse of their customers’ financial health. For the foreseeable future, the focus will be on extending credit, not collecting on debt, but now is the time to start preparing for the economic aftermath. Consumer health monitoring is key, and it must include a strategy to differentiate credit abusers and other fraudsters from overall good consumers who are just financially stressed. KP: As financial institutions work to get all of their customers set up with online and mobile banking and account access, there’s an influx of new requests that all require consumer authentication, device identification, and sometimes even underwriting. All of this puts pressure on already strained resources which means increased fraud risk. To manage this risk, businesses need to balance customer experience—particularly minimizing friction—with vigilance against fraudsters and reputational risk. It will require a robust and flexible fraud strategy that utilizes automated tools as much as possible to free up personnel to follow up on the riskiest users and transactions. Experian is closely monitoring the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help financial institutions manage their portfolios and protect against losses. Learn more About Our Experts: [avatar user=\"jim.bander\" /] Jim Bander, Market Lead, Analytics and Optimization, Experian Decision Analytics, North America Jim joined Experian in April 2018 and is responsible for solutions and value propositions applying analytics for financial institutions and other Experian business-to-business clients throughout North America. He has over 20 years of analytics, software, engineering and risk management experience across a variety of industries and disciplines. Jim has applied decision science to many industries, including banking, transportation and the public sector. [avatar user=\"kathleen.peters\" /] Kathleen Peters, Vice President, Fraud and Identity, Experian Decision Analytics, North America Kathleen joined Experian in 2013 to lead business development and international sales for the recently acquired 41st Parameter business in San Jose, Calif. She went on to lead product management for Experian’s fraud and identity group within the global Decision Analytics organization, launching Experian’s CrossCore® platform in 2016, a groundbreaking and award-winning new offering for the fraud and identity market. The last two years, Kathleen has been named a “Top 100 Influencer in Identity” by One World Identity (OWI), an exclusive list that annually recognizes influencers and leaders from across the globe, showcasing a who’s who of people to know in the identity space.
For the last several years, as the global economy flourished, the opportunities created by removing friction and driving growth guided business strategies governing identity and fraud. The amount of profitable business available in a low-friction environment simply outweighed the fraud that could be mitigated with more stringent verification methods. Now that we’re facing a global crisis, it’s time to reconsider the approach that drove the economic boom that defined that last decade. Recognizing how economic changes impact fraud At the highest level, we separate fraud into two types; third party fraud and first party fraud. In simple terms, third party fraud involves the misuse of a real customer’s identity or unauthorized access to a real customer’s accounts or assets. First party fraud involves the use of an identity that the fraudster controls—whether it’s their own identity, a manipulated version of their own identity, or a synthetic identity that they have created. The important difference in this case is that the methods of finding and stopping third party fraud remain constant even in the event of an economic downturn – establish contact with the owner of the identity and verify whether the events are legitimate. Fraud tactics will evolve, and volumes increase as perpetrators also face pressure to generate income, but at the end of the day, a real person is being impersonated, and a victim exists that will confirm when fraud is taking place. Changes in first party fraud during an economic downturn are dramatically different and much more problematic. The baseline level of first party fraud using synthetic, manipulated and the perpetrator’s own identity continue, but they are augmented by real people facing desperate circumstances and existing “good” customers who over-extend while awaiting a turn-around. The problem is that there is no “victim” to confirm fraud is occurring, and the line between fraud (which implies intent) and credit default (which does not) becomes very difficult to navigate. With limited resources and pressures of their own, at some point lenders must try to distinguish deliberate theft from good customers facing bad circumstances and manage cases accordingly. The new strategy When times are good, it’s easier to build up a solid book of business with good customers. Employment rates are high, incomes are stable, and the risks are manageable. Now, we’re experiencing rapidly changing conditions, entire industries are disrupted, unemployment claims have skyrocketed and customers will need assistance and support from their lenders to help them weather the storm. This is a reciprocal relationship – it behooves those same lenders to help their customers get through to the other side. Lenders will look to limit losses and strengthen relationships. At the same time, they’ll need to reassess their existing fraud and identity strategies (among others) as every interaction with a customer takes on new meaning. Unexpected losses We’ve all been bracing for a recession for a while. But no one expected it to show up quite like it did. Consumers who have been model customers are suddenly faced with a complete shift in their daily life. A job that seemed secure may be less so, investments are less lucrative in the short term, and small business owners are feeling the pressure of a change in day-to-day commerce. All of this can lead to unexpected losses from formerly low-risk customers. As this occurs, it becomes more critical than ever to identify and help good customers facing grim circumstances and find different ways to handle those that have malicious intent. Shifting priorities When the economy was strong, many businesses were able to accept higher losses because those losses were offset by immense growth. Unfortunately, the current crisis means that some of those policies could have unforeseen consequences. For instance – the loss of the ability to differentiate between a good customer who has fallen on hard times and someone who’s been a bad actor from the start. Additionally, businesses need to revise their risk management strategies to align with shifting customer needs. The demand for emergency loans and will likely rise, while loans for new purchases like cars and homes will fall as consumers look to keep their finances secure. As the need to assist customers in distress rises and internal resources are stressed, it’s critical that companies have the right tools in place to triage and help customers who are truly in need. The good news The tools businesses like yours need to screen first party fraud already exist. In fact, you may already have the necessary framework in place thanks to an existing partnership, and a relatively simple process could prepare your business to properly screen both new and existing customers at every touchpoint. This global crisis is nowhere near over, but with the right tools, your business can protect itself and your customers from increased fraud risks and losses of all sorts – first party, stolen identities, or synthetic identities, and come out on the other side even stronger. Contact Experian for a review of your current fraud strategy to help ensure you’re prepared to face upcoming challenges. Contact us
Security. Convenience. Personalization. Finding the balance between these three priorities is key to creating a safe and low-friction customer experience. We surveyed more than 6,500 consumers and 650 businesses worldwide about these priorities for our 2020 Global Identity and Fraud Report: Most business are focusing on personalization, specifically in relation to upselling and cross-selling. This is frustrating customers who are looking for increases in both security and convenience. It’s possible to have all three. Read Full Report
Experian has been named one of the 10 participants, and only credit bureau, in the initial rollout of the SSA's new eCBSV service.
Earlier this year, the Consumer Financial Protection Bureau (CFPB) issued a Notice of Proposed Rulemaking (NPRM) to implement the Fair Debt Collection Practices Act (FDCPA). The proposal, which will go into deliberation in September and won\'t be finalized until after that date at the earliest, would provide consumers with clear-cut protections against disturbance by debt collectors and straightforward options to address or dispute debts. Additionally, the NPRM would set strict limits on the number of calls debt collectors may place to reach consumers weekly, as well as clarify how collectors may communicate lawfully using technologies developed after the FDCPA’s passage in 1977. So, what does this mean for collectors? The compliance conundrum is ever present, especially in the debt collection industry. Debt collectors are expected to continuously adapt to changing regulations, forcing them to spend time, energy and resources on maintaining compliance. As the most recent onslaught of developments and proposed new rules have been pushed out to the financial community, compliance professionals are once again working to implement changes. According to the Federal Register, here are some key ways the new regulation would affect debt collection: Limited to seven calls: Debt collectors would be limited to attempting to reach out to consumers by phone about a specific debt no more than seven times per week. Ability to unsubscribe: Consumers who do not wish to be contacted via newer technologies, including voicemails, emails and text messages must be given the option to opt-out of future communications. Use of newer technologies: Newer communication technologies, such as emails and text messages, may be used in debt collection, with certain limitations to protect consumer privacy. Required disclosures: Debt collectors will be obligated to send consumers a disclosure with certain information about the debt and related consumer protections. Limited contact: Consumers will be able to limit ways debt collectors contact them, for example at a specific telephone number, while they are at work or during certain hours. Now that you know the details, how can you prepare? At Experian, we understand the importance of an effective collections strategy. Our debt collection solutions automate and moderate dialogues and negotiations between consumers and collectors, making it easier for collection agencies to reach consumers while staying compliant. Powerful locating solution: Locate past-due consumers more accurately, efficiently and effectively. TrueTraceSM adds value to each contact by increasing your right-party contact rate. Exclusive contact information: Mitigate your compliance risk with a seamless and unparalleled solution. With Phone Number IDTM, you can identify who a phone is registered to, the phone type, carrier and the activation date. If you aren’t ready for the new CFPB regulation, what are you waiting for? Learn more Note: Click here for an update on the CFPB\'s proposal.
Have you seen the latest Telephone Consumer Protection Act (TCPA) class action lawsuit? TCPA litigations in the communications, energy and media industries are dominating the headlines, with companies paying up to millions of dollars in damages. Consumer disputes have increased more than 500 percent in the past five years, and regulations continue to tighten. Now more than ever, it’s crucial to build effective and cost-efficient contact strategies. But how? First, know your facts. Second, let us help. What is the TCPA? As you’re aware, TCPA aims to safeguard consumer privacy by regulating telephone solicitations and the use of prerecorded messages, auto-dialed calls, text messages and unsolicited faxes. The rule has been amended and more tightly defined over time. Why is TCPA compliance important? Businesses found guilty of violating TCPA regulations face steep penalties – fines range from $500 to $1500 per individual infraction! Companies have been delivered hefty penalties upwards of hundreds of thousands, and in some cases, millions of dollars. Many have questions and are seeking to understand how they might adjust their policies and call practices. How can you protect yourself? To help avoid risk for compliance violations, it’s integral to assess call strategies and put best practices in place to increase right-party contact rates. Strategies to gain compliance and mitigate risk include: Focus on right and wrong-party contact to improve customer service: Monitoring and verifying consumer contact information can seem like a tedious task, but with the right combination of data, including skip tracing data from consumer credit data, alternative and other exclusive data sources, past-due consumers can be located faster. Scrub often for updated or verified information: Phone numbers can continuously change, and they’re only one piece of a consumer’s contact information. Verifying contact information for TCPA compliance with a partner you can trust can help make data quality routine. Determine when and how often you dial cell phones: Or, given new considerations proposed by the CFPB, consider looking at collections via your consumers’ preferred communication channel – online vs. over the phone. Provide consumers user-friendly mechanisms to opt-out of receiving communications At Experian, our TCPA solutions can help you monitor and verify consumer contact information, locate past-due consumers, improve your right-party contact rates and automate your collections process. Get started
Whenever someone checks in for a flight, airport security needs to establish their identity. Prior to boarding the plane, passengers are required to show a government-issued ID. Agents check IDs for validity and compare the ID picture to the face of the person standing in front of them. This identity proofing is about making sure that would-be flyers really are who they claim to be. But what about online identity proofing? That’s much more challenging. Online banks certainly want to make sure they know a person’s identity before giving them access to their account. But for other online services, it’s fine to remain anonymous. The amount of risk involved in the engagement directly ties to the amount of verification and assurance needed for the individual. Government agencies care very much about identity. They won’t — and shouldn’t — issue a tax refund, provide a driver’s license or allow someone to sign up for Social Security benefits before they’re certain that the claimant’s identity is verified. Since we increasingly expect the same online user experience from government service providers as from online banks, hotel websites and retailers, this poses a challenge. How do government agencies establish a sufficient level of assurance for an online identity without sending their customers to a government office for face-to-face identity verification? To answer this challenge, the National Institute of Standards and Technology (NIST) has developed Digital Identity Guidelines. In its latest publication, SP 800-63-3, NIST helps government agencies implement their digital services while still mitigating the identity risks that come with online service provision. The ability to safely sign up, transact and interact with a government agency online has many benefits. Applying for something like unemployment insurance online is faster, cheaper and more convenient than using paper and waiting in line at a government field office. And for government agencies themselves, providing online services means that they can improve customer satisfaction levels while reducing their costs and subsequent bureaucracy. CrossCore®, was recently recognized by the independent Kantara Initiative for its conformance with NIST’s Digital Identity Guidelines for Identity Assurance (IAL2). Our document verification solution combines authoritative sources, machine learning and facial recognition technology to identify people accurately using photo-based government identification like a driver’s license or passport. The best part? Users can verify their identity in about 60 seconds, at whatever location they prefer, using their personal smartphone.
Customer Identification Program (CIP) solution through CrossCore® Every day, I work closely with clients to reduce the negative side effects of fraud prevention. I hear the need for lower false-positive rates; maximum fraud detection in populations; and simple, streamlined verification processes. Lately, more conversations have turned toward ID verification needs for Customer Information Program (CIP) administration. As it turns out, barriers to growth, high customer friction and high costs dominate the CIP landscape. While the marketplace struggles to manage the impact of fraud prevention, CIP routinely disrupts more than 10 percent of new customer acquisitions. Internally at Experian, we talk about this as the biggest ID problem our customers aren’t solving. Think about this: The fight for business in the CIP space quickly turned to price, and price was defined by unit cost. But what’s the real cost? One of the dominant CIP solutions uses a series of hyperlinks to connect identity data. Every click is a new charge. Their website invites users to dig into the data — manually. Users keep digging, and they keep paying. And the challenges don’t stop there. Consider the data sources used for these solutions. The winners of the price fight built CIP solutions around credit bureau header data. What does that do for growth? If the identity wasn’t sufficiently verified when a credit report was pulled, does it make sense to go back to the same data source? Keep digging. Cha-ching, cha-ching. Right about now, you might be feeling like there’s some sleight of hand going on. The true cost of CIP administration is much more than a single unit price. It’s many units, manual effort, recycled data and frustrated customers — and it impacts far more clients than fraud prevention. CIP needs have moved far beyond the demand for a low-cost solution. We’re thrilled to be leading the move toward more robust data and decision capabilities to CIP through CrossCore®. With its open architecture and flexible decision structure, our CrossCore platform enables access to a diverse and robust set of data sources to meet these needs. CrossCore unites Experian data, client data and a growing list of available partner data to deliver an intelligent and cost-conscious approach to managing fraud and identity challenges. The next step will unify CIP administration, fraud analytics and a range of verification treatment options together on the CrossCore platform as well. Spoiler alert. We’ve already taken that step.
Managing your customer accounts at the identity level is ambitious and necessary, but possible Identity-related fraud exposure and losses continue to grow. The underlying schemes have elevated in complexity. Because it’s more difficult to perpetrate “card present” fraud in the post–chip-and-signature rollout here in the United States, bad guys are more motivated and getting better at identity theft and synthetic identity attacks. Their organized nefarious response takes the form of alternate attack vectors and methodologies — which means you need to stamp out any detected exposure point in your fraud prevention strategies as soon as it’s detected. Experian’s recently published 2018 Global Fraud and Identity Report suggests two-thirds, or 7 out of every ten, consumers want to see visible security protocols when they transact. But an ever-growing percentage of them, fueled in no small part by those tech-savvy millennials, expect to be recognized with little or no friction. In fact, 42 percent of the surveyed consumers who stated they would do more transactions online if there weren’t so many security hurdles to overcome were — you guessed it — millennials. So how do you implement identity and account management procedures that are effective and, in some cases, even obvious while being passive enough to not add friction to the user experience? In other words, from the consumer’s perspective, “Let me know you know me and are protecting me but not making it too difficult for me when I want to access or manage my account.” Let’s get one thing out of the way first. This isn’t a one-time project or effort. It is, however, a commitment to the continued informing of your account management strategies with updated identity intelligence. You need to make better decisions on when to let a low-risk account transaction (monetary or nonmonetary) pass and when to double down a bit and step up authentication or risk assessment checks. I’d suggest this is most easily accomplished through a single, real-time access point to myriad services that should, at the very least, include: Identity verification and reverification checks for ongoing reaffirmation of your customer identity data quality and accuracy. Know Your Customer program requirements, anyone? Targeted identity risk scores and underlying attributes designed to isolate identity theft, first-party fraud and synthetic identity. Fraud risk comes in many flavors. So must your analytics. Device intelligence and risk assessment. A customer identity is no longer just their name, address, Social Security number and date of birth. It’s their phone number, email address and the various devices they use to access your services as well. Knowing how that combination of elements presents itself over time is critical. Layered passive or more active authentication options such as document verification, biometrics, behavioral metrics, knowledge-based verification and alternative data sources. Ongoing identity monitoring and proactive alerting and segmentation of customers whose identity risk has shifted to the point of required treatment. Orchestration, workflow and decisioning capabilities that allow your team to make sense of the many innovative options available in customer recognition and risk assessment — without a “throw the kitchen sink at this problem” approach that will undoubtedly be way too costly in dollars spent and good customers annoyed. Fraud attacks are dynamic. Your customers’ perceptions and expectations will continue to evolve. The markets you address and the services you provide will vary in risk and reward. An innovative marketplace of identity management services can overwhelm. Make sure your strategic identity management partner has good answers to all of this and enables you to future-proof your investments.
June 2018 will mark the one-year anniversary of the National Institute of Standards and Technology (NIST) release of Special Publication 800-63-3, Digital Identity Guidelines. While federal agencies are the most directly impacted, this guidance signals a seismic shift in identity proofing across the entire ecosystem of consumers, private sector businesses and public sector agencies. It’s the clearest claim I’ve seen to date that traditional, and rather basic, personally identifiable information (PII) verification should no longer be trusted for remote user interaction. For those of us in the fraud and identity space, this isn’t a new revelation, but one we as an industry have been dealing with for years. As the data breach floodgates continue to be pushed further open, PII is a commodity for the fraudsters, evident in PII prices on the dark web, which are often lower than your favorite latte. Identity-related schemes have increased due to fraud attacks shifting away from card compromise (due to the U.S. rollout of chip-and-signature cards), double-digit growth in online and mobile consumer channels, and high-profile fraud events within both the public and private sector. It’s no shock that NIST has taken a sledgehammer to previous guidance around identity proofing and replaced it with an aggressive and rather challenging set of requirements seemingly founded in the assumption that all PII (names, addresses, dates of birth, Social Security numbers, etc.) is either compromised or easily can be compromised in the future. So where does this leave us? I applaud the pragmatic approach to the new NIST standards and consider it a signal to all of us in the identity marketplace. It’s aggressive and aspirational in raising the bar in identity proofing and management. I welcome the challenge in serving our public sector clients, as we have done for nearly a decade. Our innovative approach to layered levels of identity verification, validation, risk assessment and monitoring adhere to the recommendations of the new NIST standards. I do, however, recommend that any institution applying these standards to their own processes and applications ensure they place equal focus on comparable alternatives for those addressable populations and users who are likely to either opt out of, or fail, initial verification steps stringently aligned with the new requirements. While too early to accurately forecast, it’s relatively safe to assume that the percentage of the population “falling out of the process” may easily be counted in the double digits. It’s only through advanced analytics and technology reliant on a significant breadth and depth of identity data and observations that we can provide trust and confidence across such a diverse population in age, demographics, expectations and access.
I recently sat down with Kathleen Peters, SVP and Head of Fraud and Identity, to discuss the state of fraud and identity, the pace of change in the space and her recent inclusion in the Top 100 influencers in Identity by One World Identity. ----------- Traci: Congratulations on being included on the Top 100 influencers list. What a nice honor. Kathleen: Yes, thank you. It is a nice honor and inspiring to be included among some great innovators in the industry. The list includes entrepreneurs to leaders of large organizations like us. It’s a nice mix across all facets of identity. T: Tell me about your role. How long have you been at Experian? K: I lead the team that defines the product strategy for our global fraud and ID portfolio. I’ve been with Experian just over four years, joining soon after we acquired 41st Parameter®. T: What was your first job? K: My first job out of college was with Motorola in Chicago. I was an electrical engineer, working on advanced cellphone technology. T: They were not able to keep up with the market? K: The entire industry was caught by the introduction of the iPhone. All the major cellphone companies were impacted — Nokia, Ericsson, Siemens and others. Talk about disrupting an industry. T: Yeah. These are great examples of how the disrupters have taken out the initial companies. Certainly, Motorola, Nokia, those companies. Even RIM Blackberry, which redefined the digital or cellular space, has all but disappeared. K: Yes, exactly. It was interesting to watch RIM Blackberry when they disrupted Motorola’s pager business. Motorola had a very robust pager line. Even then they had a two-way pager with a keyboard. They just missed the idea of mobile email completely. It’s really, really fascinating to look back now. T: Changing the subject a little, what motivates you to get out of bed in the morning? K: One of my favorite questions. I’m a very purpose-driven person. One of the things I really like about my role and one of the reasons I came to Experian in the first place is that I could see this huge potential within the company to combine offline and online identity information and transaction information to better recognize people and stop fraud. T: What do you see as the biggest threat to organizations today? K: I would have to say the pace of change. As we were just talking about, major industries can be disrupted seemingly overnight. We’re in the midst of a real digital transformation in how we live, how we work, how we share information and even how we share money. The threat to companies is twofold. One is the “friendly fire” threat, like the pace of change, disrupters to the market, new ways of doing things and keeping pace with that innovation. The second threat is that with digitization comes new types of security and fraud risks. Today, organizations need to be ever-vigilant about their security. T: How do you stay ahead of that pace of change? K: Well, my husband and I have lived in Silicon Valley since 1997. Technology and innovation are all around us. We read about it and we hear about it in the news. We engage with our neighbors and other people who we meet socially and within our networks. You can’t help but be immersed in it all the time. It certainly influences the way we go about our lives and how we think and act and engage as a family. We’re all technically curious. We have two kids, and our neighborhood high school, Homestead High, is the same high school Steve Jobs went to. It’s fun that way. T: Definitely. What are some of the most effective ways for businesses to combat the threat of fraud? K: I firmly believe that nowadays it all needs to start with identity. What we’ve found — and confirmed through research in our recent Global Fraud Report, plus conversations I’ve had with clients and analysts — is that if you can better recognize someone, you’ll go a long way to prevent fraud. And it does more than prevent fraud; it provides a better experience for the people you’re engaged with. Because once you recognize an individual, that initiates a trusted relationship between the two of you. Once people feel they’re in a trusted relationship, whether it’s a social relationship or a financial transaction, whatever the relationship is — once you feel trusted, you feel safe, you feel protected. And you’re more likely to want to engage again in the future. I believe the best thing organizations can do is take a multilayered approach to authenticating and identifying people upfront. There are so many ways to do this digitally without disrupting the consumer, and this is the best opportunity for businesses. If we collectively get that right, we’ll stop fraud. T: What are some of the things Experian is focusing on to help businesses stop fraud? K: We’ve focused on our CrossCore® platform. CrossCore is a common access and decisioning capability platform that allows the combining and layering of many different approaches — some active, some passive — to identify a customer in a transaction. You can incorporate things like biometrics and behavioral attributes. You can incorporate digital information about the device you’re engaging with. You can layer in online and offline identity information, like that from our Precise ID® product. CrossCore also enables you to layer in other digital attributes and alternative data such as email address, phone number and the validity of that phone number. CrossCore provides a great opportunity for us to showcase innovation, whether that comes from a third-party partner or even from our own Experian DataLabs. T: How significant do you see machine learning moving forward? K: Machine learning, it has all kinds of names, right? I think of machine learning, artificial intelligence, data robotics, parallel computing — all these things are related to what we used to call big data processing, but that’s not really the trendy term anymore. The point is that there is so much data today. There’s a wealth of data from all different sources, and as a society we’re producing it in exponential volumes. Having more and more and more data is not useful if you can’t derive insights from it. That’s why machine learning, augmented with human intervention or direction, is the best way forward, because there’s so much data out there available in the world now. No matter what problem we’re trying to solve, there’s a wealth of data we can amass, but we need to make sense of it. And the way to make sense of massive amounts of data in a reasonable amount of time is by using some sort of artificial intelligence, or machine learning. We’re going to see it in all kinds of applications. We already are today. So, while I think of machine learning as a generic term, I do think it’s going to be with us for a while to quickly compute and derive meaningful insights from the massive amounts of data all around us. T: Thanks, okay. Last question, and I hope a little fun. How would you describe yourself in one word? K: Curious. T: Ah, that’s a good choice. K: I am always curious. That’s why I love living where I live. It’s why I like working in technology. I’ve always wondered how things work, how we might improve on them, what’s under the hood. Why people make the decisions they do. How does someone come up with this? I’m always curious. T: Well, thank you for the time, and congrats again on being included in the Top 100 influencers in Identity.
The U.S. Senate Banking Committee passed a financial regulatory relief bill (S. 2155) in December 2017 aimed at reducing regulatory burdens on community banks, credit unions and smaller regional banks. Committee Chairman Senator Mike Crapo (R-ID), sponsored the bill, which has strong bipartisan support, with 23 cosponsors (11 Republicans and 12 Democrats and an independent). The package is likely to be considered by the full Senate in early 2018. The legislation includes two provisions related to consumer credit reporting. Both were adopted, in part, in reaction to the Equifax data breach. As the bill moves through the legislative process during 2018, it will be important for all participants in the consumer credit ecosystem to be aware of the potential changes in law. One provision deals with fraud alerts and credit freezes for consumers and the other deals with how medical debt is processed for veterans who seek medical treatment outside the VA system. Credit Freezes The bill amends the Fair Credit Reporting Act to provide consumers with the ability to freeze/unfreeze credit files maintained by nationwide credit reporting agencies at no cost, and would extend the time period for initial fraud alerts from 90 days to one year. The credit freeze provisions would also establish a process for parents and guardians to place a freeze on the file of a minor at no cost. The bill would require the nationwide credit reporting agencies to create webpages with information on credit freezes, fraud alerts, active duty alerts and pre-screen opt-outs and these pages would be linked to the FTC’s existing website, www.IdentityTheft.gov. The credit freeze and minor freeze provisions would preempt State laws and create a national standard. Protections for Veterans The bill also incorporates a provision that would prohibit credit bureaus from including debt for health-care related services that the veteran received through the Department of Veterans Affairs’ Choice Program. The provision would cover debt that the veteran incurred in the previous year, as well as any delinquent debt that was fully paid or settled. The legislation would require a consumer reporting agency to delete medical debt if it receives information from either the veteran or the VA that the debt was incurred through the Veteran’s Choice Program. What’s next The bill now awaits consideration before the full Senate. Senate Majority Leader Mitch McConnell has said that the bill is a “candidate for early consideration” in 2018, but the exact timing of floor debate has yet to be scheduled. Once the package passes the Senate, it will need to be reconciled with the regulatory relief package that was passed by the House last spring.
The sheer range of dynamic and emerging fraud tactics can impede agencies from achieving security. These threats must be met with a variety of identity proofing and management tactics. Without monitoring, performance assessments and tuning, a singular and static identity proofing strategy can be exposed by evolving schemes and the use of high-quality compromised identity data. Traditional verification and validation parameters alone are simply too obtuse and can be circumvented easily by those with criminal intent. Static rules based on overly simplistic verification and validation checks can be outsmarted by intelligent fraudsters. Conversely, those same static rules must also have built-in mechanisms to accommodate true-name users who initially may not meet that criteria for identity proofing. Vast and diverse user populations, more arduous — and arguably more difficult to achieve — digital identity guidelines put forth by the National Institute of Standards and Technology, and operational constraints all pose significant challenges for government. But there are ways for government to modernize identity proofing successfully. Modern fraud and identity strategies There are many emerging trends and best practices for modern fraud and identity strategies, including: Applying right-sized fraud and identity proofing solutions. To reduce user friction or service disruption and manage fraud risk appropriately, agencies need to apply fraud mitigation strategies. Such strategies reflect the cost, measured risk and level of confidence, as well as compliance needed, for each interaction. This is called right-sizing the fraud solution. For example, agencies can cater a fraud solution that ensures a seamless experience when a citizen is calling a service center, versus an online interaction, versus a face-to-face one. Maintaining a universal view of the user. Achieved by employing a diverse breadth and depth of data assets and applied analytics, this tactic is the core of modern fraud mitigation and identity management. Knowing the individual user extends beyond a traditional 360-degree view. It means having knowledge of a person’s offline and online behavior, not only with your agency, but also with other agencies with which that user has a relationship. Expanding user view through a blended ecosystem. Increasingly, agencies are participating in a blended ecosystem — working with vendors, peer agencies and partners. There exists a collaborative culture in identity and fraud management that doesn’t exist in more competitive commercial environments. Fraudsters easily share information with one another, so those combatting it need to share information as well. Achieving agility and scale using service-based models. More agencies are adopting service-based models that provide greater agility and response to dynamic fraud threats, diverse population changes, and evolving compliance requirements or guidance. Service-based identity proofing provides government agencies the benefit of regularly updated data assets, analytics and expertise in strategy design. These assets are designed to respond to fraud or identity intelligence observed across various markets and industries, often protecting proactively rather than reactively. Future-proofing fraud solution choices. Technical and operational resources are always in relatively short supply compared to demand. Agencies need the ability to “code once” in order to expand and evolve their fraud strategies with ease. Future-proofing solutions must also be combined with an ever-changing set of identity proofing requirements and best practices, powered by a robust and innovative marketplace of service providers. The future of identity proofing in the public sector is more than just verifying individual identities. New standards in digital identity proofing are a responsive result of mass data compromise and failures in legacy techniques. Achieving compliant and confident identity assurance requires a layered approach, flexibly designed and orchestrated to accommodate diverse identity assertions, evidence, and contextual invocation of technologies and data assets. Government must now use risk-based approaches and mitigation strategies to identity threats quickly and determine the type of fraud before damage is done. Download our recent report in which we discuss the primary challenges of identity proofing in the public sector and what modernization of identity proofing looks like.
Learn More Image
