Fraud & Identity Management
Recently, I wrote about how Experian is assisting NASWA (National Association of State Workforce Agencies) with identity verification to help mitigate the spike in fraudulent unemployment insurance claims. Because of this I was not all that surprised when I found a letter in my mailbox from the Texas Workforce Commission with a fraudulent claim using my identity, inspiring me to follow up on this topic with a focus on fraud prevention best practices. Identity theft is on the rise According to Experian data analysis and a recent study on unemployment insurance fraud, at least 25% of new claims are a result of identity theft. This is 50 times higher than what we have traditionally seen in the highest ID theft fraud use case, new credit card applications, which generally amounts to less than 0.5% of new applications. Increasing digitization of the last few years—culminating in the huge leap forward in 2020—has resulted in a massive amount of information available online. Of that information, a reported 1.03 billion records were exposed between 2016 and 2020. There are currently approximately 330 million Americans, so on average more than three records per person have been exposed, creating an environment ripe for identity theft. In fact, a complete identity consisting of name, address, date of birth, and Social Security number (SSN) can be purchased for as little as $8. This stolen data is then often leveraged by both criminal rings who are able to perpetrate fraud on a large scale and smaller scale opportunists – like the ones in Riverside, CA leveraging access to identities of prison inmates. Fraud prevention through layered identity controls In the 20 years that I have been combatting ID theft both in the private and public sectors, I’ve learned that the most effective identity proofing goes beyond traditional identity resolution, validation, and verification. To be successful, you must take advantage of all available data and incorporate it into a layered and risk-based approach that utilizes device details, user behavior, biometrics, and more. Below, I outline three key layers to design an effective process for ID proofing new unemployment insurance claims. Layer 1: Resolve and Validate Identities Traditional identity data consists of the same basic information—name, address, date of birth, telephone number, and SSN—which is now readily available to fraudsters. These have been the foundation for ID proofing in the past and are still critical to resolving the identity in question. The key is to also include additional identity elements like email address and phone number to gain a more holistic view of the applicant. Layer 2: Assess Fraud Risk Determining an identity belongs to a real-life subject is not sufficient to mitigate the risk of ID theft associated with a new unemployment insurance claim. You must go beyond identity validation to assess the risk associated with their claim. Risk assessment risk falls into two categories – identity and digital risk. Identity Risk When assessing a claim, it’s important to check the identity for: Velocity: How often have you (or other states) seen the information being presented with this application? Has the information been associated with multiple identities? Recency of change: How long has the identity been associated with the contact information (phone, email, address, etc.)? Red flags: Has the subject been a recent victim of ID theft, or are they reported as deceased? Synthetic Identity: Are there signs that the identity itself is fictitious or manipulated and does not belong to a real-life person? Digital Risk Similar to the identity risk layer above, the device itself and how the subject interacts with the device are significantly important in identifying the likelihood a new claim is fraudulent. Device risk can be assessed by utilizing geolocation and checking for inconsistent settings or high-risk browsers, while behavioral risk might check for mouse movement, typing speed, or screen pressure. Layer 3: Verify Highest Risk Subjects The final stage in this process is to require additional verification for the highest risk claims, which helps to balance the experience of your valid subjects while minimizing the impact of fraud. Additional steps might include: Document verification: Scanning a government-issued ID (driver’s license, passport, or similar), which includes assessing for document security features and biometric comparison to the applicant. One-time passcode (OTP): It is key to deploy this sparingly only to phone numbers that have been associated with the subject for a significant time frame and incorporate checks to determine if it is at high risk (e.g., recently ported or forwarded). Knowledge-based verification (KBV): Leveraging non-public information from a variety of sources. By adding additional, context-based identity elements, it becomes possible to improve the three main objectives of most agencies’ identity proofing process – get good constituents through the first time, protect the agency and citizens from fraud, and deliver a smooth and secure customer experience in online channels. While there’s no quick fix to prevent unemployment insurance fraud, a layered identity strategy can help prevent it. Finding a partner that has a single, holistic solution empowers agencies to defend against unemployment insurance fraud while minimizing friction for the end-user, and preparing for future fraud schemes. To learn more about how you can protect your constituents and your agency from unemployment insurance fraud request a call today... Contact us
In today’s digital-first environment, fraud threats are growing in sophistication and scope. It’s critical for credit unions to not only understand the specific threats presented by life online, but to also be prepared with a solid fraud detection and prevention plan. Below, we’ve outlined a few fraud trends that credit unions should be aware of and prepared to address. 2021 Trends to Watch: Digitization and the Movement to Life Online Trend #1: Digital Acceleration As we look ahead to the rest of 2021 and beyond, we expect to see adoption of digital strategies nearing the top of credit unions’ list of priorities. Members’ expectations for their digital experience have permanently shifted, and many credit unions now have members using online channels who traditionally wouldn’t have. This has led to a change in the types of fraud we see as online activities increased in volume. Trend #2: First-Party Fraud is On the Rise First party fraud is on the rise – 43% of financial executives say that mule activity is up 10% or more compared to attack rates prior to the pandemic, according to Trace Fooshee, Senior Analyst for Aite Group, and we expect to see this number grow. The ability for credit unions to identify and segregate the “good guys” from “bad guys” is getting more difficult to discern and this detail is more important than ever as credit unions work to create frictionless digital experiences by using digital tools and strategies. Trend #3: Continual Uptick in Synthetic Identity Fraud We expect synthetic identity fraud (SID) to continue to rise in 2021 as cybercriminals become more sophisticated in the digital space and as members continue with their new digital habits. Additionally, fraudsters can use SIDs to bring significant damage and loss to credit unions through fraudulent checks, debit cards, person-to-person and automated clearing house (ACH) transactions. More and more, fraudsters are seen opening accounts and remaining very patient – using an account to build and nurture a trusted relationship with the credit union and then remain dormant for two years before ensuing in any sort of abuse. Once the fraudster feels confident that they can bypass authentication processes or avoid a new product vetting, oftentimes, they will take that opportunity to get easy access to all solutions credit unions have available and will abuse them all at once. There are no signs of fraud slowing, so credit unions will need to stay vigilant in their fraud protection and prevention plans. We’ve outlined a few tips for credit unions to help protect member data while reducing risk. The Fight Against Fraud: Four Key Tips Tip #1: Manage Each Fraud Type Appropriately Preventing and detecting fraud requires a multi-level solution. This can involve new methods for authenticating current and prospective members, as well as incorporating synthetic identity services and identity proofing throughout the member lifecycle. For example, credit unions should consider taking extra verification steps during the account opening process as a preventative measure to minimize SID infiltration and associated fraud losses. As credit unions continue down the path of digitization, it’s also important to add in digital signals and behavior-based verification, such as information about the device a consumer is logging in from to heighten defenses against bad actors. Tip #2: Be Resourceful In the wake of the COVID-19 pandemic, many have asked, “How should credit unions approach fraud prevention tactics when in-person contact is limited or unavailable?” In some cases, you might need to be willing to say no to requests or get creative and find other options. Sometimes, it takes leveraging current resources and using what’s readily available to allow for a binary decision tree. For example, if you’re suspicious of a dormant account that you think could be synthetic, call them, and ask yourself these questions: Did they answer? Was the phone still active? Send the account holder an email – did you get a reply? Is this a new member? Is this a new channel for the member? Could they have logged on to do this instead of calling the call center? Tip #3: Empower Members Through Education Members like to know that their credit unions are taking the necessary steps and applying the right measures to keep their data secure. While members might not want every detail, they do want to know that the security measures are there. Require the use of strong passwords, step-up authentication, and empower members with alerts, notifications, and card controls. Additionally, protect members by providing resources like trainings, webinars, and best practices articles, where they can learn about current cyber trends and how to protect their data. Tip #4: Trust Data Many credit unions rely on an employee’s decision to decide when to take action and what action to take. The challenge with this approach comes when the credit union needs to reduce friction for members or tighten controls to prevent fraud, because it’s extremely hard to know exactly what drove prior actions. A better alternative is to rely on scores and specific data. Tweaks to the scores or data points that drive actions allow credit unions to achieve the desired member experience and risk tolerance – just be sure to leverage internal experts help figure out those policies. By determining what conditions drive actions before the actions are taken (instead of doing it one case at a time) the decisions remain transparent and actionable. Looking for more insights around how to best position your credit union to mitigate and prevent fraud? Watch our webinar featuring experts from around the industry and key credit unions in this Fraud Insight Form hosted by CUES. Watch now Contact us var expChannel = \"Blog\"; var expBUPartner = \"eCom\"; var expBUSegment = \"Insights-Blog\"; var expProductGrp = \"\";
The surge in digital demand over the past year reinforced the deep connection between recognition, fraud prevention and the online customer experience. As businesses transformed their operations to accommodate the rapidly growing volume of digital transactions, consumer expectations for easy, secure interactions increased at an even faster pace. That meant less tolerance for the interruptions caused by security and risk controls. We surveyed more than 9,000 consumers and 2,700 businesses worldwide about this connection for our 2021 Global Identity and Fraud Report. This year’s report dives into: Business priorities for the year ahead Why the digital customer experience remains siloed Consumer preferences that impact the digital customer journey Pandemic-era digital activities that have changed consumer expectations As we move forward into the rest of 2021 it’s crucial that businesses continue to focus on fraud prevention. In order to implement an effective fraud strategy that also makes it easier for customers to engage, businesses need to move away from a one-size-fits-all approach and focus on applying the right level of protection to each and every transaction. Download the report Review your fraud strategy
The sharp uptick in fraud that coincided with the digital evolution made it clear that banks, credit unions, and fintechs need to invest in a strategy that utilizes identity layers to keep their customers and their finances safe. The steady rise in fraud over the last several years spiked—payment fraud rose 70% last year and is expected to increase by 95% in 2021—making it more challenging than ever to address the fraud threat while meeting increasing customer expectations. The rising fraud threat 2020 saw a rapid influx of customers using digital channels and the amount of data flowing into financial systems. There’s been a seismic shift, and we’re not going back. According to a recent study, 80% of consumers now prefer to manage their finances digitally, leaving the door open for fraudsters to take advantage of digital newbies. The increase in online activity corresponded with criminal activity. The rates of synthetic identity, account opening, and account takeover fraud have risen as fraudsters’ tactics have evolved. 80% of fraud losses now come from synthetic identities In 2020 the rate of new account credit card fraud attempts rose 48% Account takeover accounted for 54% of all fraud attacks in 2020 Fraudsters will continue to take advantage of current conditions, moving from stimulus-related fraud back to more traditional forms of financial theft, and financial institutions must adapt in turn with robust identity layers. Resolving the identity threat In our recent white paper, developed in partnership with One World Identity, we explore how businesses can address the fraud threat. It requires a multilayered identity proofing strategy for both onboarding and ongoing authentication. By doing this, financial institutions can gain a holistic view of consumers and their associated risks, decreasing friction while enabling robust fraud protection. To learn more, download our “Improving Fraud by Increasing Identity Layers” white paper. Download white paper
For the last several months, Experian has participated as the only credit bureau in the pilot of the electronic Consent Based Social Security Number (SSN) Verification (eCBSV) service. As we move forward to general rollout and expanded availability later this year, it’s time to review the benefits of eCBSV and how it helps businesses prevent synthetic identity fraud. Service and program overview The eCBSV service combats synthetic identity fraud by comparing data provided electronically by approved financial institutions against the Social Security Administration’s (SSA) database in real time. This service helps financial institutions verify SSNs more efficiently and enables improved experiences for identifying legitimate or possibly synthetic identities applying for your products. The verification process begins with consent from the SSN holder – and with eCBSV this consent is provided electronically rather than via a wet signature. Then, the SSN is checked against the SSA database to validate the SSN, name, and date of birth combination are or are not a match. The verification will also indicate if the SSN is listed as deceased with the SSA. Together, these factors can help flag whether or not an identity is synthetic. By managing this process electronically, it is faster, more secure, and more efficient than before, offering an improved experience for consumers and the financial institutions that service them. Layering solutions While eCBSV is an excellent step forward in the fight against the rising threat of synthetic identity fraud, a layered fraud mitigation strategy is still necessary. It’s only by layering solutions that financial institutions can accurately identify different types of fraud and provide them with the correct treatment, which is especially important when it comes to rooting out fraud when it’s already embedded in a portfolio. To learn more about how Experian is helping to combat synthetic identity fraud and how eCBSV can benefit your financial institution, request a call. Request a call
The ongoing COVID-19 pandemic has facilitated an increase in information collection among consumers and organizations, creating a prosperous climate for cybercriminals. As businesses and customers adjust to the “new normal,” hackers are honing in on their targets and finding new, more sophisticated ways to access their sensitive data. As part of our recently launched Q&A perspective series, Michael Bruemmer, Experian’s Vice President of Data Breach Resolution and Consumer Protection, provided insight on emerging fraud schemes related to the COVID-19 vaccines and how increased use of digital home technologies could lead to an upsurge in identity theft and ransomware attacks. Check out what he had to say: Q: How did Experian determine the top data breach trends for 2021? MB: As part of our initiative to help organizations prevent data breaches and protect their information, we release an annual Data Breach Forecast. Prior to the launch of the report, we analyze market and consumer trends. We then come up with a list of potential predictions based off the current climate and opportunities for data breaches that may arise in the coming year. Closer to publication, we pick the top five ‘trends’ and craft our supporting rationale. Q: When it comes to data, what is the most immediate threat to organizations today? MB: Most data breaches that we service have a root cause in employee errors – and working remotely intensifies this issue. Often, it’s through negligence; clicking on a phishing link, reusing a common password for multiple accounts, not using two-factor authentication, etc. Organizations must continue to educate their employees to be more aware of the dangers of an internal breach and the steps they can take to prevent it. Q: How should an organization begin to put together a comprehensive threat and response review? MB: Organizations that excel in cybersecurity often are backed by executives that make comprehensive threats and response reviews a top corporate priority. When the rest of the organization sees higher-ups emphasizing the importance of fraud prevention, it’s easier to invest time and money in threat assessments and data breach preparedness. Q: What fraud schemes should consumers be looking out for? MB: The two top fraud schemes that consumers should be wary of are scams related to the COVID-19 vaccine rollout and home devices being held for ransom. Fraudsters have been leveraging social media to spread harmful false rumors and misinformation about the vaccines, their effectiveness and the distribution process. These mistruths can bring harm to supply chains and delay government response efforts. And while ransomware attacks aren’t new, they are getting smarter and easier with people working, going to school and hosting gatherings entirely on their connected devices. With control over home devices, doors, windows, and security systems, cybercriminals have the potential to hold an entire house hostage in exchange for money or information. For more insight on how to safeguard your organization and consumers from emerging fraud threats, watch our Experian Symposium Series event on-demand and download our 2021 Data Breach Industry Forecast. Watch now Access forecast About Our Expert: Michael Bruemmer, Experian VP of Data Breach Resolution and Consumer Protection, North America Michael manages Experian’s dedicated Data Breach Resolution and Consumer Protection group, which aims to help businesses better prepare for a data breach and mitigate associated consumer risks following breach incidents. With over 25 years in the industry, he has guided organizations of all sizes and sectors through pre-breach response planning and delivery.
Preventing fraud losses requires an understanding of each individual fraud type—including third-party, first-party, synthetic identity, and account takeover fraud—and how they differ from one another. It’s only with a multi-layered fraud strategy that businesses can adequately detect and treat each type of fraud while maintaining the customer experience. When’s the last time you reviewed your existing fraud strategy? Download infographic Review your fraud strategy
Since 2002, lenders have been aware of the importance of Know Your Customer (KYC) and the associated Customer Identification Program (CIP) requirements. As COVID-19 has changed procedures and priorities for businesses and consumers across the board, it’s more important than ever for institutions to ensure their CIP process includes ongoing monitoring of identity risk. What is CIP? Standard KYC programs include a Customer Identification Program to verify and validate identities along with due diligence to assess the risks associated with each identity. CIP defines the process by which a business collects data to establish a reasonable belief that the identity is valid, and that the individual is eligible to participate in our financial system. While this process works in conjunction with other fraud mitigation tactics, they serve different purposes. A good CIP program emphasizes the customer experience, regulatory compliance, cost control, and smart growth. Fraud mitigation focuses on ensuring that an eligible identity is being presented by its true owner, rather than as part of a scheme to acquire goods and services with intent to default on repayment obligations. Businesses who focus on solely on fraud mitigation rather than complying with KYC and CIP regulations run the risk of potential harm to business reputation, and of course, financial penalties. Fenergo found that as of the end of 2019, global penalties for AML and KYC non-compliance totaled $36 billion. CIP vs. Fraud Mitigation Many financial institutions equate a CIP program with efforts to mitigate fraud. It’s understandable, as both processes include emphasis on the accuracy of an identity as it’s presented by a consumer. It is assumed that only the true owner of the identity would possess the detailed information necessary to meet CIP requirements and therefore would not likely be committing fraud. There was a time—prior to large scale thefts of stored information, personal details shared through social media and other behavior changes that made personal information very public—when this would have been true. Unfortunately, those days have passed and even an amateur criminal with limited experience and resources could find current, accurate identity information for sale online, information good enough to pass the CIP test and be considered a legitimate consumer. The real challenge is that when they go through CIP, many real consumers may inadvertently provide true information that doesn’t meet the verification standard. This is a result of consumer lifestyle changes outpacing the sources of data used to verify the information they’ve provided. It makes sense; in most years roughly 13% of American adults change their address. New homes, job changes and changes in marital status impact a large number of people every day. Adding to the confusion—it’s life’s changes that prompt people to borrow and purchase. The result is that many of the people that are more likely to fail CIP verification are the very people trying to legitimately access financial services. The result is that CIP verification often isn’t a challenge for those intending to commit fraud, but it can be for genuine consumers. The challenges of CIP In a recent internal study, Experian reviewed the ability to pass a standard CIP strategy that assessed the accuracy of the name, current address, date of birth and Social Security number provided by a large sample of consumers. We then compared legitimate consumers to those later confirmed to have been identity thieves impersonating a victim. Consistently, the identity thieves were at least as proficient at passing CIP as their true-consumer counterparts. In a second step, we applied a fraud score that looked for identity theft by assessing the past uses of the identities, their consistency, velocity and many other characteristics unrelated to the accuracy of the data. The difference between CIP verification and a fraud risk assessment was striking. Across the entire range of fraud risk, the percentage of records that passed CIP verification remained the same. That said, CIP still plays a very important role in risk mitigation. In fact, CIP and fraud prevention are inextricable in financial services. Just as a CIP verified identity can still be fraud, a record that may appear to be low fraud risk may not pass CIP. Since both processes have existed side by side for nearly two decades, each presumes that the other is in place and both are necessary to detect and prevent fraud. Striking a balance CIP verification and fraud mitigation strategies are both necessary and important to protecting assets and the broader financial system from fraud. It’s important to leverage a layered approach where both eligibility and risk are assessed, and next steps for verification include resolution of identity discrepancies alongside verification that ensures an identity is not being misused for fraud. Experian can help you confidently verify customer identities, understand and anticipate customer activities, and implement ongoing monitoring. If you’d like to set up a review of your current strategy or learn more about how we can help you with CIP and fraud mitigation to strengthen your ability to know your customer compliantly, let us know. Contact us
According to Experian’s latest Global Insights Report, 38% of consumers expect to increase their online activity in the next 12 months. The report also found that consumers continue to have high expectations for their online experience, and businesses are re-imagining the customer journey to reflect that need. This January, Experian surveyed 3,000 consumers and 900 businesses to explore the changes in consumer behavior and business strategy pre- and post-COVID-19. As consumers have embraced life online, they’ve continued to emphasize their feelings regarding the importance of protecting their information. More than half of consumers still consider security to be the most important factor in their digital experience – the same experience they have such high expectations of. Business are acting in turn, with more than half investing in fraud detection methods or software to reduce friction in the customer experience. Digital transformation is also highlighting the need to: Manage regulatory compliance Integrate security measures Ensure access to AI models Attract and manage customers Integrate automation solutions Download the report to get all the latest insights into consumer desires and business behaviors, and keep visiting the Insights blog for a deeper dive into US-specific findings. Download report
Over the last several weeks, I’ve shared articles about the problems surrounding third-party, first-party and synthetic identity fraud. To wrap up this series, I’d like to talk about account takeover fraud and how digital transformation has impacted it over the last year. What is account takeover fraud? Account takeover fraud is a form of identity theft that involves unauthorized access to a user’s online accounts to enable financial crimes. Criminals can obtain information in a number of ways, including the dark web, spyware and malware, and phishing to allow them to make unauthorized transactions with the user’s account. Fraudsters have made efforts to also gain control of mobile or email accounts so they can intercept one-time passwords or password change instructions to retain control of the account. Once fraudsters have control of one account, they can use it to access other personal information to breach additional accounts and graduate to full-scale identity theft. How does account takeover fraud impact me? Account takeover fraud is damaging to businesses and consumers. It leads to losses and well as resources invested to confirm fraud. The potential losses from account takeover fraud have spiked over the last year, in large part due to the opportunities created by the rapid increase of digital interactions and the influx of users interacting with merchants and financial institutions online for the first time. Aite research shows that 64% of financial institutions are seeing higher rates of ATO fraud attacks now than prior to the pandemic. – Trace Fooshee, Senior Analyst, Aite Group1 Account takeover can also be difficult to detect. Unlike credit card fraud where the true owner might quickly notice suspicious charges, an account takeover attack can go undetected for long periods of time. That’s because the criminal can change login and contact information, ensuring that the real accountholder doesn’t realize they’ve been compromised immediately. Solving the account takeover fraud problem A good account takeover fraud prevention strategy requires two things: frictionless customer experience and robust risk management. It’s clear that customers expect seamless interactions with merchants and lenders. At the same time, businesses need to be able to spot risky or suspicious behavior before a bad transaction occurs. That’s where a layered fraud management solution comes into play. With the right tools—including risk-based identity and device authentication and targeted step-up authentication—businesses can provide a good customer experience and only pull in staff for deeper investigations where necessary. With this strategy in place, businesses can easily recognize good customers and provide a more personalized experience, while at the same time combatting fraud – boosting growth and minimizing losses in the long run. I hope this series has helped provide insights into the different types of fraud and why each of them requires different treatment. To learn more about the risks of account takeover and how a layered fraud management strategy can help protect your business and your customers, feel free to contact us. 1Key Trends Driving Fraud Transformation in 2021 and Beyond, Aite Group, December 2020
Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity. Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility. Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out. More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don\'t appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue. How does synthetic identity fraud impact me? As mentioned, when synthetic identities bust out, businesses are stuck footing the bill. Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1 Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies. Solving the synthetic identity fraud problem Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle. During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities. Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience. With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses. To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud. Contact us Download whitepaper 1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020
2020 is finally over – been there, done that. And while it seems safe to say most everyone is all too eager to kick off a new calendar year, the reality is we’re still reeling – and will continue to reel – through the economic impacts of the COVID-19 global pandemic. As we inch closer to the one year marker of when many businesses were sent home – across all industries, including those tech-inclined and those less so – the understatement of the year is that the world has since changed as have consumer communication preferences, how businesses and customers interact, tweaked definitions of privacy, and new (heightened) expectations of evolving a positive customer experience with minimal friction and maximum security. While last year’s predictions of entering a new set of Roaring 20’s may not have panned out the way we had initially imagined, many of the trends thought to evolve over the last 365 days did. As we all look toward a post-pandemic world, here are six top trends to keep tabs on throughout 2021. 1. Data Data as a commodity and as a business differentiating factor has reached an all-time high. It’s doing more across the entire customer lifecycle and can elevate businesses to best prep for growth, especially as consumers begin to look for more financial products (whether looking for financial assistance as the CARES Act accommodation period ends, or to take advantage of the booming mortgage industry, etc.). Data can also give more insights into consumers than ever before. Far beyond just credit scores and financial data, today’s data sets can reveal consumers’ lifestyle preferences, their preferred communication channels, their rental histories, and so much more. With alternative credit data and non-traditional data (including consumer-permissioned data), businesses can get a holistic picture of their customers’ payment behaviors. That streaming media service monthly payment may seem minimal, but now could increase your credit score through Experian Boost. Experian is still making big strides in all efforts to use data for good. As of December 31, 2020, Experian Boost has “boosted” Americans’ credit scores nearly 47 million points. Additionally, throughout 2020, Experian worked with financial institutions and credit furnishers to continue to put consumers first and serve as the consumer’s bureau. Coming up in 2021? Using data for differentiation, which can ultimately drive business growth. From instant prescreens to identifying your best customers (and offering them cross-sell and upsell opportunities to increase retention and customer loyalty) to helping customers that may be on the brink of financial distress and connecting them with management solutions to help them get back on their feet, data can help businesses – and their customers – get there. 2. Fraud and Friction (And the Reduction of Both) With the pandemic, fraud saw increases across the board. Here are just some quick stats: 200% increase in first-time online banking usage immediately following shelter-in-place orders (Aite Group, “Workplace Distancing: Adapting Fraud and AML Operations to COVID-19,” April 2020) 652% year-over-year increase in records found on the dark web (Experian CyberAgent technology) 50% increase in human farming – real people being hired for purposes of fraud – month-over-month in March 2020 (Arkose Labs) And, unsurprisingly, consumer and business sentiments toward fraud are also evolving with these increasing trends. For example, according to Experian’s North America Trends Report, half of consumers continue to site security as the most important factor of their online experience. Additionally, there’s been an increase in the percentage of businesses who have recently increased or are planning to increase fraud budget from 76% in 2019 to 89% as of Sept. 2020. More complex phishing schemes and increased fraudster activity is due in part to numerous industries having to shift to online processes and business transactions overnight. Adoption for mobile wallets has jumped 11% since July 2020, according to the 2020 Global Insights Report. Systems and technology that were not ready or not armed with the necessary infrastructure left critical access points open that could be exploited by fraudsters. Fraud exists across the customer lifecycle, at every access point. And while fraud is complex, with Experian as your partner, solving it isn’t. Innovative technology enables businesses to prevent fraud by identifying credible customers and applying the correct treatment to the riskiest consumer and business accounts. We can help you develop a layered risk management strategy so you can focus resources on growing and protecting your customer relationships. 3. A New Administration – Changing of the Guards on the Regulatory Front With the new year enters the inauguration of a new president and administration. Though there is still much to be determined, certain areas are drawing a lot of attention with this changing of the guards. The highlights? The CFPB. Priorities and leadership could change. With COVID-19 top of mind, it is likely there will be aggressive agendas put forth to help protect the millions of consumers who have suffered economic distress and harm as a result of the pandemic. Data Portability. With an increased consumer appetite to port their data, questions and concerns around data security – and how to verify for a third party asking for the data – are also on the rise. There are a number of issues facing financial institutions around data portability, one of the largest being defining the line between consumer account information and proprietary data. All things privacy – state vs. national bills. The debate continues on how to move forward (whether privacy legislation will be handled by the states or at the national level), but for now it seems there is more progress at the state level. California was the first state to push through state-level privacy legislation in the form of the California Consumer Privacy Act of 2018. Twenty-four states are considering legislation that would require consent before collecting or disclosing personal information with third parties. 4. Analytics + Digitalization – Smarter, Better, Faster COVID-19 accelerated digital transformation for many. Some companies were ready, having already started making the headway in years prior, while others struggled – and some continue to struggle. The pandemic – and its corresponding recovery – is reason now, more than ever, to get some of your digital transformation priorities checked off of your list. Your customers demand it and your business needs it. Tackling analytics and digitalization not only brings your business up to speed, but improves your decisioning, enhances your offerings, and enables better platforms and data usage. In addition to digitalization, artificial intelligence for credit decisioning and personalized banking can also be expected to be a top trend, especially AI that is ethical and explainable, as will the increasing adoption and implementation of cloud computing. As consumer experience continues to reign supreme, any and all technology to enhance and improve that experience – think chatbots and virtual assistants – will also likely increase in presence. 5. Verification & Identity Identity has been a trending topic over the last few years, brought on by increasingly digital lifestyles and the intersection of personalization, frictionless transactions and adequate security. Identity verification and verification of other information such as income, employment and the like are increasingly needed in a today’s pandemic and tomorrow’s post-pandemic world. Leveraged across the lifecycle and during critical customer interactions, the need is especially heightened for insights, data accuracy, and diversification of data sets – to name a few. And while it was already established that identity verification is not just for marketing services, there are now even greater needs for financial institutions to be able to confidently know that their customers are who they say they are. Some areas to keep your eye on in 2021? Identity, income, assets and employment. 6. Redefining the Modern Mortgage As has been a common trend, spurred by the disruption caused by COVID-19, the mortgage industry is one of the many to have a magnifying glass brought to its areas for improvement. Some of those areas include operational efficiency, digital adoption and transparency. In line with the better and faster needs that lenders are continually trying to pace with, the need for speed is hitting mortgage originations, with an ideal situation outlined as closing in 30 days or less. Creating operational efficiencies through faster, fresher data can be the key for lenders to more accurately assess a borrower’s ability to pay upfront. Additionally, now, as most mortgage lenders are breaking previous origination records by a landslide (thanks pandemic), there’s new focus on other performance indicators. With such impetus, the modern mortgage is constantly evolving, incorporating customer-centric facets including a seamless digital process, providing meaningful customer experiences and leveraging the latest and greatest technology to better future-proof the industry through scalable technology, while aiming to reduce costs. For all your needs in 2021 and beyond, Experian has you covered. Learn More
Previously, we discussed the risks of account takeover and how a Defense in Depth strategy can protect your business. Before implementation it’s important to understand the financial benefits of the strategy. There are a few key steps to assessing and quantifying the value of Defense in Depth. Transaction risk assessment: This requires taking inventory of all possible transactions. Session-level risk analysis: With the transactions categorized by risk level, the next step is to review session history based on the highest risk activity within the session. Quantify the cost of a challenge: There are multiple costs associated with challenging a user using step-up authentication. Consider both direct and indirect costs – failure rate, contact center operational cost, and attrition rate following failed challenges (consider lifetime value of account) Quantify the expected challenge rate: This can be done by comparing the Defense in Depth approach to a traditional approach. Below is a calculator that will help determine the cost of the reduced challenges associated with a Defense in Depth strategy versus a traditional strategy. initIframe(\'5f039d2e4c508b1b0aafa4bd\'); In addition to the quantitative benefits, it is important to consider some of the qualitative benefits of this approach: Challenging at moments that matter: Customers appreciate and expect protection in online banking, especially when moving money externally or updating contact information. This is a great way to achieve both convenience and security. Improved fraud management: By staging the risk decision at the transaction level, the business can balance the type of challenge with the transaction risk. There are incremental cost considerations to include in the business case as well. For instance, there is an increase in transaction calls for a risk assessment at the medium/high risk transactions – about 10% in the example above. Generally, the increased transaction cost is more than offset by the reduction in cost of challenges alone. A Defense in Depth strategy can help businesses manage fraud risk and prevent account takeover in online banking without sacrificing user experience. If you are interested in assistance with building your business case and understanding the strategies to implement a successful Defense in Depth strategy, contact us today. Contact us 1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020
Preventing account takeover (ATO) fraud is paramount in today’s increasingly digital world. In this two-part series, we’ll explore the benefits and considerations of a Defense in Depth strategy for stopping ATO. The challenges with preventing account takeover Historically, managing fraud and identity risk in online banking has been a trade-off between customer experience and the effectiveness of fraud controls. The basic control structure relies on a lock on the front door of online banking front door—login—as the primary authentication control to defend against ATO. Within this structure, there are two choices. The first is tightening the lock, which equals a higher rate of step-up authentication challenges and lower fraud losses. The second is loosening the lock, which results in a lower challenge rate and higher fraud loses. Businesses can layer in more controls to reduce the false positives, but that only allows marginal efficiency increases and usually represents a significant expense in both time and budget to add in new controls. Now is the perfect time for businesses reassess their online banking authentication strategy for a multitude of reasons: ATO is on the rise: According to Javelin Strategy & Research, ATO increased 72% in 2019.1 Users’ identities and credentials are at more risk than ever before: Spear phishing and data breaches are now a fact of life leading to reduced effectiveness of traditional authentication controls. Online banking enrollments are on the rise: According to BioCatch, in the months following initial shelter-in-place orders across the country, banks have seen a massive spike in first time online banking access. Users expect security in online banking: Half of consumers continue to cite security as the most important factor in their online experience. Businesses who reassess the control structure for their online banking will increase the effectiveness of their tools and reduce the number of customers challenged at the same time – giving them Defense in Depth. What is Defense in Depth? Defense in Depth refers to a strategy in which a series of defense mechanisms are layered in order to protect data and information. The basic assumptions underlying the value of a Defense in Depth strategy are: Different types of transactions within online banking have different levels of inherent risk (e.g., external money movement is considerably higher risk compared to viewing recent credit card transactions) At login, the overall transaction risk associated with the session risk is unknown The risk associated with online banking is concentrated in relatively small populations – the vast majority of digital transactions are low risk This is the Pareto principle at play – i.e., about 80% of online banking risk is concentrated within about 20% of sessions. Experian research shows that risk is even more concentrated – closer to >90% of the risk is concentrated in <10% of transactions. This is relatively intuitive, as the most common activities within online banking consist of users checking their balance or reviewing recent transactions. It is much less common for customers to engage in higher risk transaction. The challenge is that businesses cannot know the session risk at the time of challenge, thus their efficiency is destined to be sub-optimal. The benefits of Defense in Depth A Defense in Depth strategy can really change the economics of an online banking security program. Adopting a strategy that continuously assesses the overall session risk as a user navigates through their session allows more efficient risk decisions at moments that matter most to the user. With that increased efficiency, businesses are better set up to prevent fraud without frustrating legitimate users. Defense in Depth allows businesses to intelligently layer security protocols to protect against vulnerability – helping to prevent theft and reputational losses and minimize end-user frustration. In addition to these benefits, a continuous risk-based approach can have lower overall operational costs than a traditional security approach. The second part of this series will explore the cost considerations associated with the Defense in Depth strategy explored above. In the meantime, feel free to reach out to discuss options. Contact us 1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020
It’s clear that the digital transformation we experienced this year is here to stay. While there are many positives associated with this transformation – innovation, new ways to work, and greater online connectedness – it’s important that we review the risks associated with these trends as well. In late 2019 and throughout 2020, Experian surveyed consumers and businesses. We asked about online habits, expectations for information security and plans for future spending. Unsurprisingly, about half of consumers think they’ll continue to spend more online in the coming year. Those same consumers now have a higher expectation for their online experience than before the onset of COVID-19. Hand-in-hand with the online activity trends come increased risks associated with identity theft and fraud as criminals find new chances to steal information. In response to both of these trends, businesses and consumers want a balance between security and convenience. Our latest trends report dives into the new opportunities 2020 has created for fraud, and the opportunities to prevent identity theft or manipulation and the associated losses while building stronger relationships. Download the full North America Trends Report for a look into North American trends over the last year and to learn how fraud prevention and positive customer relationships are actually two sides of the same coin. North America Trends Report
Learn More Image
