Digital Technology
Fraud and cybersecurity are two of the biggest risks challenging organizations and the economy today. Fraud has become its own industry, to the tune of $500 billion in estimated losses annually. To strengthen your fraud risk strategies, you need: A multilayered authentication and risk-based approach to prevent fraud. A comprehensive approach to identity with true customer intelligence. To avoid silos and recognize the value of combining your solutions into one platform. The rapid growth of fraud-related activity only reinforces the need for aggressive fraud prevention strategies and the adoption of new technology to prepare for the latest emerging cybersecurity threats. Want to know more?
You know what I love getting in the mail? Holiday cards, magazines, the occasional picturesque catalog. What I don’t open? Credit card offers, invitations to apply for loans and other financial advertisements. Sorry lenders, but these generally go straight into my shredder. Your well-intentioned efforts were a waste in postage, printing and fulfillment costs, and I’m guessing my mail consumption habits are likely shared by millions of other Americans. I’m a cusper, straddling the X and Millennial generations, and it’s no secret people like me have grown accustomed to living on our mobile devices, shopping online and managing our financial lives digitally. While many retailers have wised up to the trends and shifted marketing dollars heavily into the digital space, the financial services industry has been slow to follow. I’m hoping 2017 will be the year they adapt, because solutions are emerging to help lenders deliver firm offers of credit via email, display, retargeting and even social media platforms. There are multiple reasons to make the shift to digital credit marketing. It’s trackable. The beauty of digital marketing is that it can be tracked much more efficiently over direct mail efforts. You can see if offer emails are opened, if banners are clicked, if forms are completed and how quickly all of this takes place. In short, there are more touchpoints to measure and track, and more insights made available to help with marketing and offer optimization. It’s efficient. A solid digital campaign means you now have more flexibility. And once those assets start to deploy and you begin tracking the results, you can additionally optimize on the fly. Subject line not getting the open rate you want? Test a new one. Banners not getting clicked? Change the creative. A portion of your target audience not responding? Capture that feedback sooner rather than later, and strategize again. With direct mail, the lag time is long. With digital, the intelligence gathering begins immediately. It’s what many consumers want. They are spending 25% of their time on mobile devices. Research has found they check their phones and average 46 times per day. They are bouncing from screen to screen, engaging on desktops, tablets, smartphones, wearables and smart TVs. If you want to capture the eyeballs and mindshare of consumers, financial marketers must embrace the delivery of digital offers. Consumer behaviors have evolved, so must lenders. Sure, there is still a place for direct mail efforts, but it would be wasteful to not embrace the world of digital credit marketing and find the right balance between offline and online. It’s a digital world. It’s time financial institutions join the masses and communicate accordingly.
Happy holidays! It’s the holiday season and a festive time of year. Colorful lights, comfort food and holiday songs – all of these things contribute to the celebratory atmosphere which causes many people to let their guards down and many businesses to focus more on service than on risk. Unfortunately, fraudsters and other criminals can make one of the busiest shopping times of the year, a miserable one for their victims. The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign-up for a credit monitoring service to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. The good news is, in addition to the credit bureau, many banks and auto clubs now offer this as a service to their customers. For organizations, the focus should be on two fronts: data protection and fraud prevention. Not just to prevent financial theft, but to preserve trust — trust between organizations and consumers, as well as widespread consumer trust. Organizations must strive to evolve data protection controls and fraud prevention skills to minimize the damage caused by stolen identity data. There are dozens of tools in the industry for identifying that a consumer is who they say they are – and these products are an important part of any anti-fraud strategy. These options may tell you that the combination of elements is the consumer, but do you know that it is the REAL consumer presenting them? The smart solution is to use a broad data set for not only identity verification, but also to check linkage and velocity of use. For example: Is the name linking to other addresses being presented in the past week? Is the phone number showing up to other addresses and names over the past 30 days? Has the SSN matched to other names over the past 90 days? Since yesterday the address matches to four phone numbers and two names – is this a problem? And it must be done in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate criminals. Click here to learn more about Experian’s products and services that can help. As we go walking in the winter wonderland, remember, the holiday season is a time for cheer… and vigilance!
2017 data breach landscape Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast report with five key predictions What will the 2017 data breach landscape look like? While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution released its fourth annual Data Breach Industry Forecast white paper. The industry predictions in the report are rooted in Experian\'s history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry. \"Preparing for a data breach has become much more complex over the last few years,\" said Michael Bruemmer, vice president at Experian Data Breach Resolution. \"Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans. Our report sheds a light on a few areas that could be troublesome in 2017 and beyond.\" \"Experian\'s annual Data Breach Forecast has proven to be great insight for cyber and risk management professionals, particularly in the healthcare sector as the industry adopts emerging technology at a record pace, creating an ever wider cyber-attack surface, adds Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA). \"The consequences of a medical data breach are wide-ranging, with devastating effects across the board - from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital.\" \"The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. \"The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations\' incident response plans should certainly be updated to account for these new laws set to go in effect in 2017.\" Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added \"Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks.\" Download Whitepaper: Fourth Annual 2017 Data Breach Industry Forecast Learn more about the five industry predictions, and issues such as ransomware and international breach notice laws in our the complimentary white paper. Click here to learn more about our fraud products, find additional data breach resources, including webinars, white papers and videos.
Reinventing Identity for the Digital Age Electronic Signature & Records Association (ESRA) conference I recently had the opportunity to speak at the Electronic Signature & Records Association (ESRA) conference in Washington D.C. I was part of a fantastic panel delving into the topic, ‘Reinventing Identity for the Digital Age.’ While certainly hard to do in just an hour, we gave it a go and the dialogue was engaging, healthy in debate, and a conversation that will continue on for years to come. The entirety of the discussion could be summarized as: An attempt to directionally define a digital identity today The future of ownership and potential monetization of trusted identities And the management of identities as they reside behind credentials or the foundations of block chain Again, big questions deserving of big answers. What I will suggest, however, is a definition of a digital identity to debate, embrace, or even deride. Digital identities, at a minimum, should now be considered as a triad of 1) verified personally identifiable information, 2) the collective set of devices through which that identity transacts, and 3) the transactional (monetary or non-monetary) history of that identity. Understanding all three components of an identity can allow institutions to engage with their customers with a more holistic view that will enable the establishment of omni-channel communications and accounts, trusted access credentials, and customer vs. account-level risk assessment and decisioning. In tandem with advances in credentialing and transactional authorization such as biometrics, block chain, and e-signatures, focus should also remain on what we at Experian consider the three pillars of identity relationship management: Identity proofing (verification that the person is who they claim to be at a specific point in time) Authentication (ongoing verification of a person’s identity) Identity management (ongoing monitoring of a person’s identity) As stronger credentialing facilitates more trust and open functionality in non-face-to-face transactions, more risk is inherently added to those credentials. Therefore, it becomes vital that a single snapshot approach to traditionally transaction-based authentication is replaced with a notion of identity relationship management that drives more contextual authentication. The context thus expands to triangulate previous identity proofing results, current transactional characteristics (risk and reward), and any updated risk attributes associated with the identity that can be gleaned. The bottom line is that identity risk changes over time. Some identities become more trustworthy … some become less so. Better credentials and more secure transactional rails improve our experiences as consumers and better protect our personal information. They cannot, however, replace the need to know what’s going on with the real person who owns those credentials or transacts on those rails. Consumers will continue to become more owners of their digital identity as they grant access to it across multiple applications. Institutions are already engaged in strategies to monetize trusted and shareable identities across markets. Realizing the dynamic nature of identity risk, and implementing methods to measure that risk over time, will better enable those two initiatives. Click here to read more about Identity Relationship Management.
As we approach the one-year anniversary of the EMV liability shift, we have seen an increase in e-commerce fraud — to the tune of 15% higher than last year. Additional insights from Experian’s biannual analysis on e-commerce fraud include: 44% of e-commerce billing fraud came from Florida, California and New York* 52% of e-commerce shipping fraud came from Florida, New York and California* Miami, Fla., is the most dangerous city in the United States for e-commerce merchants* As fraudsters continue to perpetrate card-not-present fraud, ensure you are prepared. You’ll be thankful if fraudsters come calling. >> E-commerce Attack Rates
Historically, the introduction of EMV chip technology has resulted in a significant drop in card-present fraud, but a spike in card-not-present (CNP) fraud. CNP fraud accounts for 60% to 70% of all card fraud in many countries and is increasing. Merchants and card issuers in the United States likely will see a rise in CNP fraud as EMV migration occurs — although it may be more gradual as issuers and merchants upgrade to chip-based cards. As fraud continues to evolve, so too should your fraud-prevention strategies. Make a commitment to stay abreast of the latest fraud trends and implement sophisticated, cross-channel fraud-prevention strategies. >>Protecting Growth Ambitions Against Rising Fraud Threats
Experian conducted a joint-survey that uncovered insights into the topic of conversational commerce and voice assistants. The survey audience constituted nearly 1300 smartphone users of smart voice assistant tools. The survey asked about most requested tasks and general consumer satisfaction with the voice-recognition capabilities of Amazon's Alexa relative to other smart voice assistants such as Siri and Google.
Did you know that identities can shift (for better or worse) in just 30 days? To succeed in today’s multichannel, mobile environment, businesses must have a broader, more dynamic identity management strategy that includes: Identity proofing: Point-in-time verification (e.g., account opening) Authentication: Ongoing verification (e.g., account login) Identity management: Continual monitoring throughout the Customer Life Cycle Minimize your identity fraud risk, increase customer engagement and provide a satisfying customer experience by shifting to a strategy focused on identity relationship management. >>The three pillars of identity relationship management
Fraudsters invited into bank branches The days of sending an invitation in the mail have for the most part gone by the wayside. Aside from special invitations for weddings and milestone anniversaries, electronic and email invitations have become the norm. However, one major party planner has refused to change practices — banks inviting fraudsters into their banking centers. As a fraud consultant I have the privilege of meeting many banking professionals, and I hear the same issues and struggles over and over again. It’s clear that the rapid increase of fraudulent account-opening applications are top of mind to many. What the executives making policy don’t realize is they’re facing fraud because they’re literally inviting the fraudsters into their branches. Think I’m exaggerating? Let me explain. I often encounter bank policymakers who explain their practice of directing a suspicious person into a banking center. Yes, many banks still direct applicants who cannot be properly verified over the phone or online into their banking center to show proof of identity. Directing or inviting criminals into your bank instead of trying to keep them out is an outdated, high-risk practice — what good can possibly come of it? The argument I typically hear from non-fraud banking professionals: “The bad guys know that if they come into the bank we will have them on film.” Other arguments include that the bad guys are not typically bold enough to actually come into the banking center or that their physical security guards monitor high-traffic banking centers. But often that is where bank policies and employee training ends. Based on my years of experience dealing with banks of all sizes, from the top three global card issuers to small regional banks, let me poke a few holes in the theory that it is a good deterrent to invite perpetrators into your banking center. Let’s role-play how my conversation goes: Me: “When an underwriter with limited fraud training making the decision to direct a suspicious applicant into a banking center, what is the policy criteria to do so?” Bank policymaker: (typical response) “What do you mean?” Me: “What high-risk authentication was used by the underwriter to make the decision to extend an invitation to a high-risk applicant to come into the banking center? If the applicant failed your high-risk authentication questions and you were not able to properly identify them, what authentication tools do the branch managers have that the underwriters do not?” Bank: “Nothing, but they can usually tell when someone is nervous or seems suspicious.” Me: “Then what training do they receive to identify suspicious behaviors?” (You guessed it …) Bank: “None.” (I then switch to the importance of customer experience.) Me: “How do you notify the banking center in advance that the suspicious applicant was invited to come in to provide additional verification?” Bank: “We do not have a policy to notify the banking center in advance.” Me: “What is considered acceptable documentation? And are banking center employees trained on how to review utility statements, state ID cards, drivers’ licenses or other accepted media?“ Bank: “We do not have a list of acceptable documentation that can be used for verification; it is up to the discretion of the banking center representative.” Me: “How do you ensure the physical safety of your employees and customers when you knowingly invite fraudsters and criminals into your banking center? How do you turn down or ask the suspicious person to leave because they do not have sufficient documentation to move forward with the original application for credit? If a suspicious person provides your employee with a possible stolen identification card, is that employee expected to keep it and notify police or return it to the applicant? Are employees expected to make a photocopy of the documentation provided?” The response that I usually receive is, “I am not really sure.” I hope by now you are seeing the risk of these types of outdated practices on suspicious credit applications. The fact is that technology has allowed criminals to make fairly convincing identification at a very low cost. If employees in banking centers are not equipped, properly trained, and well-documented procedures do not exist in your fraud program — perhaps it’s time to reconsider the practice or seek the advice of industry experts. I have spent two decades trying to keep bad guys out of banks, but I can’t help but wonder — why do some still send open invitations to criminals to come visit their bank? If you are not yet ready to stop this type of bad behavior, at the very least you must develop comprehensive end-to-end policies to properly handle such events. This fraud prevention tactic to invite perpetrators into banks was adopted long before the age of real-time decisions, robust fraud scores, big data, decision analytics, knowledge-based authentication, one-time passcodes, mobile banking and biometrics. The world we bank in has changed dramatically in the past five years; customers expect more and tolerate less. If a seamless customer experience and reducing account-opening and first-party fraud are part of your strategic plan, then it is time to consider Experian fraud solutions and consulting.
Experian’s annual global fraud report reveals trends that can help organizations mitigate fraud and improve the customer experience: Apply the right-sized fraud solutions to reduce unnecessary customer disruption Ensure you have a universal consumer view Select fraud solutions that are future-proof As fraudsters evolve, losses are climbing and the status quo is no longer effective. Organizations should be as forward-looking in fighting fraud as they are in business operations and marketing. >> Global Business Trends: Protecting Growth Ambitions Against Rising Fraud Threats
In an attempt to stay ahead of fraud, systems have become more complex, more expensive and even more difficult to manage, leading to more friction for customers. How extensive is this impact? 30% of online customers are interrupted to catch one fraudulent attempt One in 10 new applicants may be an imposter using breached data $40 billion of legitimate customer sales are declined annually Businesses must continue their efforts to protect all parties’ interests if they are to thrive in this new world of rapid technological growth. >> Infographic: Global fraud trends
We are excited to announce that Experian Fraud and Identity Solutions is presenting at FinovateFall 2016! Finovate conferences showcase cutting-edge banking and financial technology in a unique demo-only format. Held twice a year, the conferences bring together the leaders from top financial institutions, fintech companies, investors from around the globe, and fintech media to share and promote the most innovative financial technology solutions. \"Experian’s Fraud and Identity Solutions is a leader in customer-centric identity and fraud solutions, providing fraud management solutions to some of the world’s largest brands in financial services, insurance, and retail,\" said Adam Fingersh, general manager and senior vice president of Fraud and Identity Solutions in North America. \"We will introduce our Fraud and Identity Solutions and promote our newly released CrossCore platform. CrossCore puts more control in the hands of fraud teams to adapt and deploy strategies that keep up with the pace of fraud while reducing burdens on IT and data science teams.\" Fingersh and John Sarreal, senior director of Fraud and Identity product management at Experian, are presenting the 7-minute demo focusing on the key CrossCore capabilities, and how CrossCore manages fraud and identity services through its flexible API; open, plug-and-play platform; and powerful workflow and strategy design capabilities. In Forrester’s 2016 “Vendor Landscape: Mobile Fraud Management”, Experian Fraud and Identity Solutions was cited as having the most capabilities and one of the highest estimated revenues in total fraud management in the market, between $200 million and $250 million. Join us for the event on September 8-9 in New York. Experian also has an exclusive 20% off discount code (Experian20FF16) to get even more savings! For more information on the event or to view videos of previous demos, please visit finovate.com.
Many fraud and compliance teams are struggling to keep pace with new business dynamics. Here are several of the many mobile device trends affecting business today: 35% year-over-year growth in mobile commerce from 2014-2015 Value of mobile payment transactions is forecasted to reach more than $27 billion in 2016 45% of smartphone owners use a mobile device to make a purchase every month This rapid growth only reinforces the need for aggressive fraud prevention strategies and the adoption of new technologies to prepare for the latest emerging cybersecurity threats. >> Forrester\'s 2016 Vendor Landscape: Mobile Fraud Management Solutions Report
Is the speed of fraud threatening your business? Like many other fraud and compliance teams, your teams may be struggling to keep up with new business dynamics. The following trends are changing the way consumers do business with you: 35 percent year-over-year growth in mobile commerce More than $27 billion forecasted value of mobile payment transactions in 2016 45 percent of smartphone owners using a mobile device to make a purchase every month More than 1 billion mobile phone owners will use their devices for banking purposes by the end of 2015 In an attempt to stay ahead of fraud, systems have become more complex, more expensive and even more difficult to manage, leading to more friction for your customers. How extensive is this impact? 30 percent of online customers are interrupted to catch one fraudulent attempt One in 10 new applicants may be an imposter using breached data $40 billion of legitimate customer sales are declined annually because of tight rules, processes, etc. This rapid growth only reinforces the need for aggressive fraud prevention strategies and adoption of new technologies to prepare for the latest emerging cybersecurity threats. Businesses must continue their efforts to protect all parties’ interests. Fraudsters have what they need to be flexible and quick. So why shouldn’t businesses? Introducing CrossCore™, the first smart plug-and-play platform for fraud and identity services. CrossCore uses a single access point to integrate technology from different providers to address different dangers. When all your fraud and identity solutions work together through a single application program interface, you reduce friction and false positives — meaning more growth for your business. View our recent infographic on global fraud trends
Learn More Image
