Fraud & Identity Management
Part four in our series on Insights from Vision 2016 fraud and identity track It was a true honor to present alongside Experian fraud consultant Chris Danese and Barbara Simcox of Turnkey Risk Solutions in the synthetic and first-party fraud session at Vision 2016. Chris and Barbara, two individuals who have been fighting fraud for more than 25 years, kicked off the session with their definition of first-party versus third-party fraud trends and shared an actual case study of a first-party fraud scheme. The combination of the qualitative case study overlaid with quantitative data mining and link analysis debunked many myths surrounding the identification of first-party fraud and emphasized best practices for confidently differentiating first-party, first-pay-default and synthetic fraud schemes. Following these two passionate fraud fighters was a bit intimidating, but I was excited to discuss the different attributes included in first-party fraud models and how they can be impacted by the types of data going into the specific model. There were two big “takeaways” from this session for me and many others in the room. First, it is essential to use the correct analytical tools to find and manage true first-party fraud risk successfully. Using a credit score to identify true fraud risk categorically underperforms. BustOut ScoreSM or other fraud risk scores have a much higher ability to assess true fraud risk. Second is the need to for a uniform first-party fraud bust-out definition so information can be better shared. By the end of the session, I was struck by how much diversity there is among institutions and their approach to combating fraud. From capturing losses to working cases, the approaches were as unique as the individuals in attendance This session was both educational and inspirational. I am optimistic about the future and look forward to seeing how our clients continue to fight first-party fraud.
Part 3 in our series on Insights from the Vision 2016 fraud and identity track Our Vision 2016 fraud track session titled “Deployment Made Easy — solving new fraud problems by Adapting Legacy Solutions” offered insights into the future of analytics and the mechanisms for delivering them. The session included two case studies, the first of which highlighted a recently completed project in which an Experian client struggling with rising application fraud losses had to find a way to deploy advanced analytics without any IT resources. To assist the customer, data passing through an existing customer interface was reformatted and redirected to our Precise ID® platform. Upon arrival in Precise ID, a custom-built fraud scoring model was invoked. The results were then translated back into the format used by the legacy interface so that they could be ingested by the customer’s systems. This case study illustrates the key value proposition of Experian’s new CrossCoreTM fraud and identity platform. CrossCore features a similar “translation layer” for inquiries coming into Experian’s fraud and identity tools that will allow customers to define fraud-screening workflows that call a variety of services. The IT burden for connecting the inquiry to various Experian and non-Experian services will fall on Experian — sparing the customer from the challenge of financing and prioritizing IT resources. Similarly, the output from CrossCore will provide a ready-to-consume response that integrates directly with our customers’ host systems. The audience showed keen interest in the “here and now” illustration of what CrossCore will enable. Our second case study was provided by Eric Heikkila at Amazon Web Services™ and focused on the future of analytics. For an audience accustomed to the constraints of developing advanced analytics in a rigid data-structure, Amazon’s description of a “data lake” was a fascinating picture of what’s possible. The data lake offers the simultaneous ability to accommodate existing structured customer data along with new unstructured data in an infinitely scalable data set. Equally important is the data lake’s ability to accommodate an unlimited array of data mining and analytical tools. Amazon’s message was clear and simple — the fraud industry’s trepidation around the use of big data is misplaced. The fear of making the wrong choice of data storage and analytical tools is unnecessary. To illustrate this point, Eric shared an Amazon Web Services case study that used FINRA (Financial Industry Regulatory Authority). FINRA is responsible for overseeing U.S. securities markets to ensure that rules are followed and integrity is maintained. Amid a bewildering set of ever-changing regulations and peak volumes of 35 trillion per day — yes, trillion — Amazon’s data lake supports both the scale and analytical demands of a complex industry. As the delivery and access to fraud products is made easy by CrossCore, the data and analytics will expand through the use of services like Amazon’s data lake. As the participants will agree, the future of fraud technology is closer than you think!
Part 2 in our series on Insights from the Vision 2016 fraud and identity track With the growing number of data breach incidents taking place the stolen data from those attacks is being used to carry out social engineering attacks used to commit call center fraud. A recent study stated that global call center fraud has increased more than 45% in the last three years as fraudsters use social engineering to steal data and turn profits. The same report found that criminals might make up to 5 calls to a center, pretending to be the victim, before completing a fraudulent transaction. The importance of strong call center authentication procedures is greater than ever. At the 35th annual Vision Conference, Bobbie Paul from Experian’s Global Consulting Practice, Stefan Schubert from JPMorgan Chase and I led a session about call center authentication. After introductions and a discussion about existing call center identity authentication techniques, Stefan took the podium and provided an excellent overview of how his company approaches call center authentication. He made an interesting point — despite introducing friction into his process, he was not of the opinion that knowledge-based authentication (KBA) was going away any time soon because of how deeply it is embedded into their processes and its applicability to most consumers. He also called out the importance of reviewing KBA configurations regularly to adjust which questions are being asked and the positive implication to deterring fraudsters. Bobbie followed Stefan to discuss emerging call center authentication technologies, including a new take on an old tool — document imaging. She also discussed the notion of phone printing, which does not specifically evaluate the voice on the phone, but looks at the characteristics of the call itself, including the type of phone being used and the environment from which the call is being made. One of the highlights of the session was the interaction with the audience — including a demonstration of how, with a little distraction, it was easy to walk away with an audience member’s phone, how a fraudster could access and compromise a phone and how a gummy bear could be used to defeat fingerprint biometrics. What I, and many others, took away from this is that even with newer fraud detection tools available, incorporating tried-and-true methods like KBA is still an important step into a holistic fraud detection strategy.
Industry’s first smart plug-and-play fraud platform allows companies to connect their own solutions, Experian products and third-party vendors in one place to better protect their customers from fraud threats Experian unveiled the fraud and identity industry’s first open platform designed to catch fraud faster, improve compliance and enhance the customer experience. Experian’s CrossCore™ gives companies an easier way to connect any new or existing tools and systems in one place, whether they are Experian, internal or third-party partner solutions. This “plug-and-play” capability allows companies to rapidly adapt to changing conditions and risks. “Our clients have expressed frustration over the lack of a truly holistic industry solution that delivers the level of confidence and control they need without requiring a massive multiyear project to replace everything they have,” said Steve Platt, global executive vice president, Fraud and Identity, Experian. “New fraud threats, updates to regulatory requirements and customer expectations for a hassle-free experience are making it challenging for fraud and compliance teams to keep up. CrossCore will give them the flexibility they need to balance customer protection with customer experience.” The CrossCore open platform enables organizations to manage services through a common access point that supports a layered approach to managing risks across providers. CrossCore includes powerful workflow and strategy design capabilities that allow fraud and compliance teams to create and adapt strategies based on evolving threats and business needs. This helps them to respond more quickly and reduces the burden on IT. Fraud and compliance teams must constantly respond to new fraud threats and changing regulatory requirements by implementing new tools on top of existing solutions. “A layered approach is imperative, because fraudsters can break through each layer individually, but they will face greater barriers with each additional layer imposed,” said Avivah Litan, vice president and distinguished analyst, Security and Privacy, of Gartner.[1] Over time, as layers have been added and fortified, systems have become increasingly complex, expensive to integrate and difficult to manage, often increasing customer friction. A key feature of the CrossCore fraud platform is the ease of integration with third-party partner solutions. At launch, CrossCore will support fraud and identity services provided by third-party partners, including Acxiom® (Identity Solutions), TeleSign and many others already integrated with Experian solutions, with more being added to the platform. Previously, integrating third-party solutions required tremendous time and effort, which often challenged in-house teams to execute in a timely, efficient manner. Through CrossCore, the responsibility of integrating additional tools and systems moves away from those teams to the platform itself, enabling clients to select best-in-class solutions from multiple providers without creating a strain on resources. Al Pascual, senior vice president, research director and head of fraud & security for Javelin, said, “There are so many great niche solutions to work with, and new ones come out almost every day. To really have a world-class approach, the client has to put all those little things together, because there never will be one vendor who does it all. The market challenge is about how to make it faster and easier to bring things together to enable a more dynamic and fluid approach to managing risk.” CrossCore features Common access through a flexible API connects disparate systems to improve risk controls while reducing integration cost and complexity An open approach enables clients to connect and optimize a portfolio of best-in-class solutions across Experian, third-party services and existing systems Powerful strategy design and workflow decisioning functions enable fraud and compliance teams to apply services in any combination to get the level of confidence required A modern Software as a Service (SaaS) architecture provides scalability and the ability to make strategy changes dynamically with no down time Experian, which offers fraud and identity services in more than 44 countries, developed CrossCore to address the widespread market need consistently expressed by its clients for a faster, easier way to get more out of their existing systems and add new tools to improve their customers’ experience while minimizing risk. Companies can begin accessing CrossCore immediately, with the ability to turn on Experian services through a single integration, connect their own fraud and identity capabilities with a common API and turn on new services as they are added. The initial release includes key Experian products: FraudNet for Account Opening; Hunter®, for application fraud detection; Prove-ID, for international identity verification; and Precise ID®, for U.S. identity verification, including knowledge-based authentication. (KBA). Third-party fraud and identity service providers can engage with CrossCore to connect their services. “Now, companies can implement a new approach to managing fraud and identity services — one that will give them greater control over their risk exposure and enable them to provide a safer and more enjoyable experience for their customers,” added Platt. Learn more about CrossCore at https://www.experian.com/crosscore [1]Gartner, Identity Proofing Revisited as Data Confidentiality Dies, Avivah Litan, Dec. 12, 2013; last reviewed on April 28, 2015
Last week we had the pleasure of joining more than 400 clients at the 35th annual Vision Conference — connecting business leaders to ideas and solutions. Over the next few weeks, we’ll be sharing some insights from our fraud and identity dedicated session track. I had the pleasure of presenting alongside the U.S. Secret Service, and we had a packed session to discuss the Dark Web — what it is, how it’s accessed, how criminals are exploiting it to commit fraud and the human impact of the massive global cybercrime problem. According to McAfee®, cybercrime represents a $500 billion cost to the global economy — and that’s projected to rise to $600 billion this year, outpacing any other form of crime. With the Internet economy generating between $2 trillion and $3 trillion annually, that means cybercrime is extracting roughly 15 to 20 percent of the entire value created by the Internet. This is a massive problem, and it’s not going away. Unfortunately, there are countless tools and services to commit fraud available on the Web, providing attackers with the cloak of anonymity they need to compromise accounts, mimic legitimate users and submit fraudulent transactions. Device intelligence helps unmask these activities. It is a critical component to defend against the threat, and it provides insight into every interaction throughout a typical customer journey (from account setup to login and account maintenance to transactions). Without this visibility into users’ historical behavior and typical population patterns, organizations often have limited options to target attackers and identify anomalous behaviors. This is key to a successful cybercrime detection and mitigation strategy. Another important point in the session regarded recent law enforcement and private industry successes in identifying, tracking, apprehending and prosecuting online attackers. We thankfully have made significant strides in this area, as evidenced by the work of the Secret Service and other law enforcement organizations, but the collaboration must continue — and intensify. As mentioned in a CNBC story published on the same day as our presentation, the Dark Web is an increasingly mainstream source for everything from financial crime to drug trade and human trafficking. Unfortunately, most businesses are in the dark about the growing criminal underground, but Experian can help. With proper fraud expertise and innovative tools to defend against these ever-evolving threats, organizations can uncloak the attackers and safeguard the business.
False declines are often unwarranted and occur due to lack of customer information Have you ever been shopping online, excited to get your hands on the latest tech gadget, only to be hit with the all-too-common disappointment of a credit card decline? Whom did you blame? The merchant? The issuer? The card associations? The answer is probably all of the above. False declines like the situation described above provoke an onslaught of consumer emotions ranging from shock and dismay to frustration and anger. Of course, consumers aren’t the only ones negatively impacted by false declines. Many times card issuers lose their coveted “top of wallet” position and/or retailers lose revenue when customers abandon the purchase altogether. False declines are unpleasant for everyone, yet consumers struggle with this problem every day — and fraud controls are only getting tighter. How does the industry mutually resolve this growing issue? The first step is to understand why it occurs. Most false declines happen when the merchant or issuer mistakenly declines a legitimate transaction due to perceived high risk. This misperception is usually the result of the merchant or issuer not having enough information to verify the authenticity of the cardholder confidently. For example, the consumer may be a first-time customer or the purchase may be a departure from the card holder’s normal pattern of transaction activity. Research shows that lack of a holistic view and no cross-industry transaction visibility result in approximately $40 billion of e-commerce declines annually. Think about this for a minute — $40 billion in preventable lost revenue due to lack of information. Merchants’ customer information is often limited to their first-hand information and experience with consumers. To solve this growing problem, Experian® developed TrustInsight™, a real-time engine to establish trusted online relationships over time among consumers, merchants and issuers. It works by anonymously leveraging transactional information that merchants and financial institutions already have about consumers to create a crowd-sourced TrustScore™. This score allows first-time online customers to get a VIP experience rather than a brand-damaging decline. Another common challenge for merchants is measuring the scope of the false declines problem. Proactively contacting consumers, directly capturing feedback and quickly verifying transaction details to recoup potential lost sales are best practices, but merchants are often in the dark as to how many good customers are being turned away. The solution — often involving substantial operational expense — is to hold higher-risk orders for manual review rather than outright declining them. With average industry review rates nearing 30 percent of all online orders (according to the latest CyberSource Annual Fraud Benchmark Report: A Balancing Act), this growing level of review is not sustainable. This is where industry collaboration via TrustInsight™ offers such compelling value. TrustInsight can reduce the review population significantly by leveraging consumers’ transactions across the network to establish trust between individuals and their devices to automate more approvals. Thankfully, the industry is taking note. There is a groundswell of focus on the issue of false declines and their impact on good customers. Traditional, operations-heavy approaches are no longer sufficient. A trust-based industry-consortium approach is essential to enhance visibility, recognize consumers and their devices holistically, and ensure that consumers are impacted only when a real threat is present.
Adam Fingersh, senior vice president and general manager of Experian’s fraud and identity business, shared several fraud prevention strategies that businesses and consumers can use to manage risk and increase security while using Internet-enabled products, also known as the Internet of Things (IoT).
James W. Paulsen, Chief Investment Strategist for Wells Capital Management, kicked off the second day of Experian’s Vision 2016, sharing his perspective on the state of the economy and what the future holds for consumers and businesses alike. Paulsen joked this has been “the most successful, disappointing recovery we’ve ever had.” While media and lenders project fear for a coming recession, Paulsen stated it is important to note we are in the 8th year of recovery in the U.S., the third longest in U.S. history, with all signs pointing to this recovery extending for years to come. Based on his indicators – leverage, restored household strength, housing, capital spending and better global growth – there is still capacity to grow. He places recession risk at 20 to 25 percent – and only quotes those numbers due the length of the recovery thus far. “What is the fascination with crisis policies when there is no crisis,” asks Paulsen. “I think we have a good chance of being in the longest recovery in U.S. history.” Other noteworthy topics of the day: Fraud prevention Fraud prevention continues to be a hot topic at this year’s conference. Whether it’s looking at current fraud challenges, such as call-center fraud, or looking to future-proof an organization’s fraud prevention techniques, the need for flexible and innovative strategies is clear. With fraudsters being quick, and regularly ahead of the technology fighting them, the need to easily implement new tools is fundamental for you to protect your businesses and customers. More on Regulatory The Military Lending Act has been enhanced over the past year to strengthen protections for military consumers, and lenders must be ready to meet updated regulations by fall 2016. With 1.46 million active personnel in the U.S., all lenders are working to update processes and documentation associated with how they serve this audience. Alternative Data What is it? How can it be used? And most importantly, can this data predict a consumer’s credit worthiness? Experian is an advocate for getting more entities to report different types of credit data including utility payments, mobile phone data, rental payments and cable payments. Additionally, alternative data can be sourced from prepaid data, liquid assets, full file public records, DDA data, bill payment, check cashing, education data, payroll data and subscription data. Collectively, lenders desire to assess someone’s stability, ability to pay and willingness to repay. If alternative data can answer those questions, it should be considered in order to score more of the U.S. population. Financial Health The Center for Financial Services Innovation revealed insights into the state of American’s financial health. According to a study they conducted, 57 percent of Americans are not financially healthy, which equates to about 138 million people. As they continue to place more metrics around defining financial health, the center has landed on four components: how people plan, spend, save and borrow. And if you think income is a primary factor, think again. One-third of Americans making more than $60k a year are not healthy, while one-third making less than $60k a year are healthy. --- Final Vision 2016 breakouts, as well as a keynote from entertainer Jay Leno, will be delivered on Wednesday.
It’s impossible to capture all of the insights and learnings of 36 breakout sessions and several keynote addresses in one post, but let’s summarize a few of the highlights from the first day of Vision 2016. 1. Who better to speak about the state of our country, specifically some of the threats we are facing than Leon Panetta, former Secretary of Defense and Director of the CIA. While we are at a critical crossroads in the United States, there is room for optimism and his hope that we can be an America in Renaissance. 2. Alex Lintner, Experian President of Consumer Information Services, conveyed how the consumer world has evolved, in large part due to technology: 67 percent of consumers made purchases across multiple channels in the last six months. More than 88M U.S. consumers use their smartphone to do some form of banking. 68 percent of Millennials believe within five years the way we access money will be totally different. 3. Peter Renton of Lend Academy spoke on the future of Online Marketplace Lending, revealing: Banks are recognizing that this industry provides them with a great opportunity and many are partnering with Online Marketplace Lenders to enter the space. Millennials are not the largest consumers in this space today, but they will be in the future. Sustained growth will be key for this industry. The largest platforms have everything they need in place to endure – even through an economic downturn.In other words, Online Marketplace Lenders are here to stay. 4. Tom King, Experian’s Chief Information Security Officer, addressed the crowds on how the world of information security is growing increasingly complex. There are 1.9 million records compromised every day, and sadly that number is expected to rise. What can businesses do? “We need to make it easier to make the bad guys go somewhere else,” says King. 5. Look at how the housing market has changed from just a few years ago: Inventory continues to be extraordinarily lean. Why? New home building continues to run at recession levels. And, 8.5 percent of homeowners are still underwater on their mortgage, preventing them from placing it on the market. In the world of single-family home originations, 2016 projections show that there will be more purchases, less refinancing and less volume. We may see further growth in HELOC’s. With a dwindling number of mortgages benefiting from refinancing, and with rising interest rates, a HELOC may potentially be the cheapest and easiest way to tap equity. 6. As organizations balance business needs with increasing fraud threats, the important thing to remember is that the customer experience will trump everything else. Top fraud threats in 2015 included: Card Not Present (CNP) First Party Fraud/Synthetic ID Application Fraud Mobile Payment/Deposit Fraud Cross-Channel FraudSo what do the experts believe is essential to fraud prevention in the future? Big Data with smart analytics. 7. The need for Identity Relationship Management can be seen by the dichotomy of “99 percent of companies think having a clear picture of their customers is important for their business; yet only 24 percent actually think they achieve this ideal.” Connecting identities throughout the customer lifecycle is critical to bridging this gap. 8. New technologies continue to bring new challenges to fraud prevention. We’ve seen that post-EMV fraud is moving “upstream” as fraudsters: Apply for new credit cards using stolen ID’s. Provision stolen cards into mobile wallet. Gain access to accounts to make purchases.Then, fraudsters are open to use these new cards everywhere. 9. Several speakers addressed the ever-changing regulatory environment. The Telephone Consumer Protection Act (TCPA) litigation is up 30 percent since the last year. Regulators are increasingly taking notice of Online Marketplace Lenders. It’s critical to consider regulatory requirements when building risk models and implementing business policies. 10. Hispanics and Millennials are a force to be reckoned with, so pay attention: Millennials will be 81 million strong by 2036, and Hispanics are projected to be 133 million strong by 2050. Significant factors for home purchase likelihood for both groups include VantageScore, age, student debt, credit card debt, auto loans, income, marital status and housing prices. More great insights from Vision coming your way tomorrow!
This article first appeared in Baseline Magazine Since it is possible for cyber-criminals to create a synthetic person, businesses must be able to differentiate between synthetic and true-party identities. Children often make up imaginary friends and have a way of making them come to life. They may come over to play, go on vacation with you and have sleepover parties. As a parent, you know they don’t really exist, but you play along anyway. Think of synthetic identities like imaginary friends. Unfortunately, some criminals create imaginary identities for nefarious reasons, so the innocence associated with imaginary friends is quickly lost. Fraudsters combine and manipulate real consumer data with fictitious demographic information to create a “new” or “synthetic” individual. Once the synthetic person is “born,” fraudsters create a financial life and social history that mirrors true-party behaviors. The similarities in financial activities make it difficult to detect good from bad and real from synthetic. There really is no difference in the world of automated transaction processing between you and a synthetic identity. Often the synthetic “person” is viewed as a thin or shallow file consumer— perhaps a millennial. I have a hard time remembering all of my own passwords, so how do organized “synthetic schemes” keep all the information usable and together across hundreds of accounts? Our data scientists have found that information is often shared from identity to identity and account to account. For instance, perhaps synthetic criminals are using the same or similar passwords or email addresses across products and accounts in your portfolio. Or, perhaps physical address and phone records have cross-functional similarities. The algorithms and sciences are much more complex, but this simplifies how we are able to link data, analytics, strategies and scores. Identifying the Business Impact of Synthetic-Identity Fraud Most industry professionals look at synthetic-identity fraud as a relatively new fraud threat. The real risk runs much deeper in an organization than just operational expense and fraud loss dollars. Does your fraud strategy include looking at all types of risk, compliance reporting, and how processes affect the customer experience? To identify the overall impact synthetic identities can have on your institution, you should start asking: Are you truly complying with \"Know Your Customer\" (KYC) regulations when a synthetic account exists in your active portfolio? Does your written \"Customer Identification Program\" (CIP) include or exclude synthetic identities? Should you be reporting this suspicious activity to the compliance officer (or department) and submitting a suspicious activity report (SAR)? Should you charge off synthetic accounts as credit or fraud losses? Which department should be the owner of suspected synthetic accounts: Credit Risk, Collections or Fraud? Do you have run any anti-money laundering (AML) risk when participating in money movements and transfers? Depending on your answers to the above questions, you may be incurring potential risks in the policies and procedures of synthetic identity treatment, operational readiness and training practices. Since it is possible to create a synthetic person, businesses must be able to differentiate between synthetic and true-party identities, just as parents need to differentiate between their child\'s real and imaginary friends.
A recent Experian study reveals that tax filing, document collection and refund processing are done online more often, yet only 6% of consumers file taxes on a computer with up-to-date antivirus software. 79% filed their most recent tax return online, up from 73% in 2011 18% scan and save their tax documents electronically, up from 6% in 2011 More than 75% of respondents have used EFT for tax refunds As electronic filing continues to grow, identity theft is likely to increase. While consumers should take steps to protect themselves, businesses also need to employ identity theft protection solutions to safeguard consumer information. >> Identify and prevent fraud
Device emulators — wolves in sheep’s clothing Despite all the fraud prevention systems and resources in the public and private sectors, online fraud continues to grow at an alarming rate, offering a low-risk, high-reward proposition for fraudsters. Unfortunately, the Web houses a number of easily accessible tools that criminals can use to perpetrate fraud and avoid detection. The device emulator is one of these tools. Simply put, a device emulator is one device that pretends to be another. What began as innovative technology to enable easy site testing for Web developers quickly evolved into a universally available tool that attackers can exploit to wreak havoc across all industry verticals. While it’s not new technology, there has been a significant increase in its use by criminals to deceive simple device identification and automated risk-management solutions to carry out fraudulent activities. Suspected device emulation (or spoofing) traffic historically has been difficult to identify because fraud solutions rely heavily on reputation databases or negative lists. Detecting and defeating these criminals in sheep’s clothing is possible, however. Leveraging Experian’s collective fraud intelligence and data modeling expertise, our fraud research team has isolated several device attributes that can identify the presence of an emulator being used to submit multiple transactions. Thanks to these latest FraudNet rule sets, financial institutions, ecommerce merchants, airlines, insurers and government entities alike now can uncloak and protect against many of these cybercriminals. Unfortunately, device emulators are just one of many tools available to criminals on the Dark Web. Join me at Vision 2016, where U.S. Secret Service and I will share more tales from the Dark Web. We will explore the scale of the global cybercrime problem, walk through the anatomy of a typical hack, explain how hackers exploit browser plug-ins, and describe how enhanced device intelligence and visibility across all channels can stop fraudsters in their tracks. Listen to Mike Gross as he shares a short overview of his Vision 2016 breakout session in this short video. Don’t miss this innovative Vision 2016 session! See you there.
Identity management traditionally has been made up of creating rigid verification processes that are applied to any access scenario. But the market is evolving and requiring an enhanced Identity Relationship Management strategy and framework. Simply knowing who a person is at one point in time is not enough. The need exists to identify risks associated with the entire identity profile, including devices, and the context in which consumers interact with businesses, as well as to manage those risks throughout the consumer journey. The reasoning for this evolution in identity management is threefold: size and scope, flexible credentialing and adaptable verification. First, deploying a heavy identity and credentialing process across all access scenarios is unnecessarily costly for an organization. While stringent verification is necessary to protect highly sensitive information, it may not be cost-effective to protect less-valuable data with the same means. A user shouldn’t have to go through an extensive and, in some cases, invasive form of identity verification just to access basic information. Second, high-friction verification processes can impede users from accessing services. Consumers do not want to consistently answer multiple, intrusive questions in order to access basic information. Similarly, asking for personal information that already may have been compromised elsewhere limits the effectiveness of the process and the perceived strength in the protection. Finally, an inflexible verification process for all users will detract from a successful customer relationship. It is imperative to evolve your security interactions as confidence and routines are built. Otherwise, you risk severing trust and making your organization appear detached from consumer needs and preferences. This can be used across all types of organizations — from government agencies and online retailers to financial institutions. Identity Relationship Management has three unique functions delivered across the Customer Life Cycle: Identity proofing Authentication Identity management Join me at Vision 2016 for a deeper analysis of Identity Relationship Management and how clients can benefit from these new capabilities to manage risk throughout the Customer Life Cycle. I look forward to seeing you there!
Top states for billing and shipping e-commerce fraud With more than 13 million fraud victims in 2015, assessing where fraud occurs is an important layer of verification for e-commerce. Experian® analyzed millions of e-commerce transactions from 2015 to identify fraud attack rates across the United States. With the switch to chip-enabled credit card transactions and possible growth of card-not-present fraud, online businesses should utilize advanced fraud solutions to monitor their riskiest locations and prevent losses. >> View the Experian map to see 2015 e-commerce attack rates for all states
Proven identity and device authentication to minimize identity tax return fraud Identity fraud places an enormous burden on its victims and presents a challenge to businesses, organizations and government agencies, including the IRS and all state revenue authorities. Tax return fraud occurs when an attacker uses a consumer’s stolen Social Security number and other personal information to file a tax return, often claiming a significant refund. The IRS is challenged by innovative fraudsters continually trying to outsmart its current risk strategies around prevention, detection, recovery and victim assistance. And with the ever-increasing number of identity data compromised and tax return fraud victims, it’s necessary to question whether tax preparation companies are doing all they can to keep personally identifiable information (PII) secure and screen for fraud before forms are submitted. “ID theft isn’t just credit card fraud,” said Rod Griffin, Director of Public Education for Experian. A recent Experian online survey indicated that nearly 76 percent of consumers are familiar with ID theft and tax fraud — up significantly from the past two years. And 28 percent of those surveyed have been a victim or know a victim of tax fraud. To protect all parties’ interests, tax preparation agencies are challenged by today’s savvy fraudsters who have reaped the benefits of recent breaches. In order to protect consumers, organizations need to apply comprehensive, data-driven intelligence to help thwart identity fraud and the use of stolen identity data via fraudulent returns. The key to securing transactions, reducing friction and providing a consistently satisfying customer experience, online and offline, is authenticating consumers in a clear and frictionless environment. As a result, it’s necessary to have reliable customer intelligence based on both high-quality contextual identity and device attributes alongside other authentication performance data. Comprehensive customer intelligence means having a holistic, bound-together view of devices and identities that equips companies and agencies with the tools to balance cost and risk without increasing transactional friction. Businesses and agencies must not rely on a singular point of customer intelligence gathering and decisioning, but must move to more complex device identification and out-of-wallet verification procedures. Effective solutions typically involve a layered approach with several of the following: Identity transaction link analysis and risk attribute derivation Device intelligence and risk assessment Credit and noncredit data and risk attributes Multifactor authentication, using one-time passcodes via SMS messaging Identity risk scores Dynamic knowledge-based authentication questions Traditional PII validation and verification Biometrics and remote document verification Out-of-band alerts, communications and confirmations Contextual account, transaction and channel purview Additionally, government agencies must adhere to recognized standards, such as those prescribed by the National Institute of Standards and Technology to establish compliance. The persistent threat of tax fraud highlights the urgent need for businesses and agencies to continue educating consumers and more importantly, to improve the strategic effectiveness of their current solutions processes. Learn more about Experian Fraud and Identity Solutions, including government-specific treatments, and how the most effective fraud prevention and identity authentication strategy leverages multiple detection capabilities to highlight attackers while enabling a seamless, positive experience for legitimate consumers.
Learn More Image
