Digital Technology
According to a recent Ponemon Institute study, 44 percent of consumers who were notified about a data breach believed the breached company was hiding something. When data breaches occur, it is extremely important to be there for customers and to address their concerns. When companies hide a data breach, impacted consumers begin to suspect the breach is actually much worse than the company claims, and trust in the organization begins to wane. Find out more by downloading the data breach case study of lessons learned from the field.
Consumers want to hear about data breaches - Eighty five percent of respondents in a recent study say learning about the loss of their data is pertinent to them. However, when they do, 72 percent indicated that they are dissatisfied with the notification letters they receive. Companies need to take note of these findings because more than one-third of consumers who receive a notification letter contemplate ending their relationship with the company. Providing affected individuals with a membership in an identity protection product is extremely important since 58 percent of consumers consider identity protection to be favorable compensation after a breach. Learn five pitfalls to avoid in your notification letters and how Experian Data Breach Resolution can help. Source: Download the complete 2012 consumer study on data breach notification.
2011 was the 12th consecutive year that identity theft topped the list of FTC consumer complaints. Florida had the highest rate of complaints, followed by Georgia and California. Rank State Complaints per 100,000 population 1 Florida 179 2 Georgia 120 3 California 104 Learn how to detect and manage fraud activity while meeting regulatory requirements. Source: Consumer info.com infographic and FTC\'s Consumer Sentinel Network Data Book for January-December 2011.
The Consumer Financial Protection Bureau (CFPB) now has the ability to write and enforce 18 consumer protection laws that guide financial products and services. The new regulator has signaled the following issues as priorities: Clarity on how credit scores affect lender decisions: Beginning July 21, 2011, lenders were required to disclose the credit score that they used in all risk-based pricing notices and adverse action notices Shorter and simpler consumer disclosure forms: One of the first priorities is to make the terms and conditions associated with purchasing a mortgage or applying for a credit card shorter and clearer Enforcing the Fair Debt Collection Practices Act: The CFPB will enforce the Fair Debt Collection Practices Act and review current debt collector practices Learn more about the CFPB
This is last question in our five-part series on the FFIEC guidance on what it means to Internet banking, what you need to know and how to prepare for the January 2012 deadline. Q: How are organizations responding? Experian estimates that less than half of the institutions impacted by this guidance are prepared for the examinations. Many of the fraud tools in the marketplace, particularly those that are used to authenticate individuals were deployed as point-solutions. Few support the need for a feedback loop to identify vulnerabilities, or the ability to employ a risk-based, “layered” approach that the guidance is seeking. _____________ This is the last of our five-part series but we\'re happy to answer more questions as we know you need to know how to prepare for the January 2012 deadline.
This is fourth question in our five-part series on the FFIEC guidance and what it means Internet banking. Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. If you missed parts 1-3, there\'s no time to waste, check them out here: Go to question one: What does “multi-factor” authentication actually mean? Go to question two: Who does this guidance affect? And does it affect each type of credit grantor/ lender differently? Go to question three: What does “layered security” actually mean? Today\'s Q&A: What will the regulation do to help mitigate fraud risk in the near-term, and long-term? The FFIEC’s guidance will encourage financial institutions to re-examine their processes. The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system by exposing vulnerabilities in the way we exchange goods, services and currencies. It is important that members of the financial services community understand their role in protecting our economy from fraud. Fraud is not the result of a static set of tactics employed by criminals. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. Considering the impact that technology is having on commerce, it is more important than ever to review the processes that we once thought made our businesses “safe.” The architecture and flexibility of fraud prevention “capabilities” is a weapon unto itself. The guidance provides a perspective on why it is important to be able to understand the risk and to respond accordingly. At the end of the day, the guidance is less about a need to take a specific action---and more about the “capability” to recognize when those actions are needed, and how they should be structured so that high-risk actions are met with strong and sophisticated defenses. _____________ Look for part five, the final in our series tomorrow.
This is third question in our five-part series on the FFIEC guidance and what it means Internet banking. If you missed the firstand second question, you can still view - our answer isn\'t going anywhere. Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. Question: Who does this guidance affect? And does it affect each type of credit grantor/ lender differently? The guidance pertains to all financial institutions in the US that fall under the FFIEC’s influence. While the guidance specifically mentions authenticating in an on-line environment, it’s clear that the overall approach advocated by the FFIEC applies to authentication in any environment. As fraud professionals know, strengthening the defenses in the on-line environment will drive the same fraud tactics to other channels. The best way to apply this guidance is to understand its intent and apply it across call centers and in-person interactions as well. _____________ Look for part four of our five-part series tomorrow. If you have a related question that needs an answer, submit in the comments field below and we\'ll answer those questions too. Chances are if you are questioning something, others are too - so let\'s cover it here! Or, if you would prefer to speak with one of our Fraud Business Consultants directly, complete a contact form and we\'ll follow up promptly.
This is second question in our five-part series on the FFIEC guidance and what it means Internet banking. If you missed the first question, don\'t worry, you can still go back. Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. Question: What does “multi-factor” authentication actually mean? “Multi- Factor” authentication refers to the combination of different security requirements that would be unlikely to be compromised at the same time. A simple example of multi-factor authentication is the use of a debit card at an ATM machine. The plastic debit card is an item that you must physically possess to withdraw cash, but the transaction also requires the PIN number to complete the transaction. The card is one factor, the PIN is a second. The two combine to deliver a multi-factor authentication. Even if the customer loses their card, it (theoretically) can’t be used to withdraw cash from the ATM machine without the PIN. _____________ Look for part three of our five-part series tomorrow.
This first question in our five-part series on the FFIEC guidance and what it means Internet banking. Check back each day this week for more Q&A on what you need to know and how to prepare for the January 2012 deadline. Question: What does “layered security” actually mean? “Layered” security refers to the arrangement of fraud tools in a sequential fashion. A layered approach starts with the most simple, benign and unobtrusive methods of authentication and progresses toward more stringent controls as the activity unfolds and the risk increases. Consider a customer who logs onto an on-line banking session to execute a wire transfer of funds to another account. The layers of security applied to this activity might resemble: 1. Layer One- Account log-in. Security = valid ID and Password must be provided 2. Layer Two- Wire transfer request. Security= IP verification/confirmation that this PC has been used to access this account previously. 3. Layer Three- Destination Account provided that has not been used to receive wire transfer funds in the past. Security= Knowledge Based Authentication Layered security provides an organization with the ability to handle simple customer requests with minimal security, and to strengthen security as risks dictate. A layered approach enables the vast majority of low risk transactions to be completed without unnecessary interference while the high-risk transactions are sufficiently verified. _____________ Look for part two of our five-part series tomorrow.
Cell phone use on the rise A Wikipedia list of cell phone usage by country showed that as of December 2009, the U.S. had nearly 286 million cell phones in use. In parallel, a recent National Center for Health Statistics study found that one in every seven homes surveyed received all or almost all their calls on cell phones, even though they had a landline. Study results further indicated, one in four homes in the U.S. relied solely on cell phones. This statistic highlights these households had no land line at all during the last half of 2009. Since this time, the number of households that fall within this category have increased 1.8 percent. Implications for communications companies The increasing use of cell phones, coupled with the decreasing use of landlines, raises some very important concerns for communications companies: The physical address on file may not be accurate, since consumers can keep the same number as they jump providers. The increased use of pre-paid cell phones shines a new light on the growing issue that contact numbers are not a consistent means of reaching the consumer. These two issues make locating cell phone-only customers for purposes of cross-selling and/or collections an enormous challenge. It would certainly make everyone’s job easier if cell phone providers were willing to share their customer data with a directory assistance provider. The problem is, doing so, exposes them to attacks from their competition and since provider churn rate concerns are at an all-time high, can you really blame them? Identifying potentially risky customers, among cell phone-only consumers, becomes more difficult. Perfectly good customers may no longer use a landline. From a marketing point of view, calling cell phones for a sales pitch is not allowed, how then do you reach your prospects? What concerns you? Certainly, this list is by no means complete. The concerns above warrant further discussion in future blog posts. I want to know what concerns you most when it comes to the rise in cell phone-only consumers. This feedback will allow me to gear future posts to better address your concerns.
By: Staci Baker According to Wikipedia, mobile banking is defined as, “a term used for performing balance checks, account transactions, payments, credit applications, etc. via a mobile device such as a mobile phone or Personal Digital Assistant (PDA).” However, as several large lenders and phone carriers test mobile banking and mobile payments, there is still much to be deciphered. Will it help businesses compete? Is it safe for a consumer? Should a bank offer a mobile solution; and if so, what precautions will they need to take to ensure their customer’s information, i.e. fraud, consumer identity? Peter Garuccio, spokesman for the American Bankers Association in Washington D.C., noted that “various experts predict that some 20 million people may be banking via cell phone this year, and that number is projected to skyrocket to 50 million by 2013.” And, according to a mobile payment study by Juniper Research ,“Combined market for all types of mobile payments is expected to reach more than $630B globally by 2014.” For the purpose of this blog, I will focus on the mobile banking solution, and questions to consider before entering into the mobile banking arena. Mobile banking today is akin to online banking a few years ago. It’s new, getting a lot of press, late adopters want more information, while the early adopters are already participating and it appears to be on the verge of taking over more conventional banking and payments. Before entering into the world of mobile solutions, there are a few things to consider: How will new regulations, such as the Durbin Amendment to the Frank-Dodd Act (a new Interchange fee proposal), affect implementation and usage? The current average interchange fee is between $1 and $1.30, the new cap at $.12 will reduce the charges by up to 90%.While the interchange fee proposal will not be finalized until after February, it is not known how the new “swipe fee” legislation will affect mobile solutions. If the new amendment directly affects debit cards only, mobile solutions can become a new revenue stream for many lenders. As more information becomes available regarding the Durbin Amendment, I will relay additional details and implications. What fraud prevention solutions do you have in place? Fraud is an issue in all industries; therefore utilizing fraud best practices specific to your market, or identifying fraud trends is essential in keeping retailers, consumers and your company safe. As consumers replace the need for a wallet with a phone, identity theft can become an issue. This is especially true of phones with minimal security, or if their phone gets into the hands of a hacker. Therefore companies can initiate an identity theft prevention program to raise awareness in consumers and retailers. As well as implement new internal processes and requirements. As we delve further into an IT-led economy, businesses will continually need to adjust how they do business in order to meet consumer demand, as well as finding new revenue streams. I am curious, how many businesses have already begun to implement a mobile solution, and what issues or results have you already seen? If you have not already implemented a mobile solution, is this in your planning for the upcoming year?
Learn More Image
