Fraud & Identity Management
While walking through a toy store in search of the perfect gift for a nephew, I noticed the board game Risk, which touts itself as “The Game of Global Domination.” For those who are unaware, the game usually is won by players who focus on four key themes: Strategy — Before you begin the game, you need a strategy to attack new territories while defending your own Attack — While you have the option to sit back and defend your territory, it’s better to attack a weakened opponent Fortify — When you are finished attacking, it’s often best to fortify your position Alliances — While not an official part of the game, creating partnerships is necessary in order to win These themes also are relevant to the world of real-life fraud risk prevention. The difference is that the stakes are real and much higher. Let’s look at how these themes play out in real-life fraud risk prevention: Strategy — Like in the game, you need a strategy for fraud risk detection and prevention. That strategy must be flexible and adaptable since fraudsters (your enemies) also continuously adapt to changing environments, usually at a much quicker, less bureaucratic pace. For example, your competitors (other countries) may improve their defenses, so fraudsters will mount a more focused attack on you. Fraudsters also may build alliances to attack you from different vectors or channels, resulting in a more sophisticated, comprehensive strike. Attack — As the game begins, all players have access to all competitors (countries). This means that fraudsters might have the upper hand in a certain area of the business. You can sit back and try to defend the territory you already “own,” where fraudsters have no traction, but it’s best to be aggressive and attack fraudsters by expanding your coverage across all channels. For example, you might have plenty of controls in place to manage your Web orders (occupied territory), but your call center operations (opponents’ territory) aren’t protected, i.e., the fraudsters “own” this space. You need to attack that channel to drive fraudsters out. Fortify — In the game, you can fortify your position after a successful move — that is, move more troops to your newly conquered territories. In real life, you always have the option to fortify your position, and you should constantly look for ways to improve your controls. You can’t afford to maintain on your current position, because fraudsters constantly are looking for weaknesses. Alliances — In business, we often are hesitant to share information with our competitors. Fraudsters use this to their advantage. Just as fraudsters act in a coordinated fashion, so must we. Use all available resources and partners to shore up your defenses Leverage the power of consortium data Learn new methods from traditional competitors Always team up with internal and external partners to defend your territory If you apply these themes, you will be positioned for global domination in the fight against fraud risk. You can read more about fraud-prevention strategies in our recent ebook, Protecting the Customer Experience. As a side note, I’m always ready for a game of Risk, so contact me if you’re interested. But be forewarned — I’m competitive.
What will the EMV shift really mean for consumers and businesses here in the U.S.? Businesses and consumers across the U.S. are still adjusting to their new EMV credit cards. The new credit cards are outfitted with computer chips in addition to the magnetic strips to help prevent point-of-sale (POS) fraud. The new system, called EMV (which stands for Europay, MasterCard and Visa), requires signatures for all transactions. EMV is a global standard for credit cards. In the wake of the rising flood of large-scale data breaches at major retailers – and higher rates of counterfeit credit card fraud – chip-and-signature, as it is also called, is designed to better authenticate credit card transactions. Chip-and-signature itself is not new. It has been protecting consumers and businesses in Europe for several years and now the U.S. is finally catching up. But what will the EMV system really mean for consumers and businesses here in the U.S.? There is the potential for businesses that sell both offline and online, to see an increase in fraud that takes place online called Card Not Present (CNP) fraud. Will credit card fraud ever really be wiped out? Can we all stop worrying that large-scale point-of-sale breaches will happen again? Will the EMV shift affect holiday shopping and should retailers be concerned? Join us as we explore these questions and more on an upcoming Webinar, Chipping Away at EMV Myths. Our panel of experts includes: David Britton, Vice President, Industry Solutions, Experian Julie Conroy, Research Director, Aite Group Mike Klumpp, Director of Fraud Prevention, Citibank Moderated by: Keir Breitenfeld, Vice President, Product Management, Experian
Small Business Fraud When you hear the word “fraud” it’s unlikely that small business fraud comes to mind. However, in terms of potential losses, business identity theft could be considered as big if not a larger threat than consumer identity theft. Just like consumers, businesses face a broad- range of first- and third-party fraud behaviors, varying significantly in frequency, severity and complexity. Small businesses are especially vulnerable, because they typically do not have the layers of security and oversight, an alert accounting or I.T. department, or the sophisticated security technology that larger businesses may have. Over $8 billion is lost or stolen from small businesses each year and 60% of businesses who suffer business identity fraud close their doors within one year. A first-party, or victim-less, fraud profile is characterized by having some form of material misrepresentation (for example, manipulation or falsification of business filings and records) by the business owner without that owner’s intent or immediate capacity to pay the loan item. Historically, during periods of economic downturn or misfortune, this type of fraud is more common. This intuitively makes sense — individuals under extreme financial pressure are more likely to resort to desperate measures, such as misstating financial information on an application to obtain credit. Third-party commercial fraud occurs when a third party steals the identification details of a known business or business owner in order to open credit in the business victim’s name. With creditors becoming more stringent with credit-granting policies on new accounts, we’re seeing seasoned fraudsters shift their focus on taking over existing business or business owner identities. The rising trend of commercial fraud is illustrated by several key reasons including: One of the most common reasons for this is that commercial fraud doesn’t receive the same amount of attention as consumer fraud. Thus, it’s become easier for fraudsters to slip under the radar by perpetrating their crimes through the commercial channel. Keep in mind that businesses are often not seen as victims in the same way that consumers are. For example, victimized businesses aren’t afforded the protections that consumers receive under identity theft laws, such as access to credit information. Another factor is that most businesses are eager to open a new account for a business, after all businesses spend more than consumers. In some cases, opening a new business account can be even easier than opening a new consumer account. Business also have higher credit limits and the invoicing and payment terms allows identity thieves the opportunity to receive products and services without early detection. Finally, it is much easier to get information on a business versus a consumer. Unlike the protections provided to consumers to protect their identity, their credit information much of a business’s information is public record. Armed with the just a business name, address and EIN (employer identification number) fraudulent accounts can be opened and the game of theft begins. These factors, coupled with the fact that business-to-business fraud is approximately three-to-ten times more “profitable” per occurrence than consumer fraud, play a role in leading fraudsters increasingly toward commercial fraud. To learn more about how to protect your business view our interactive Fraud e-book.
Understanding and managing first party fraud Background/Definitions Wherever merchants, lenders, service providers, government agencies or other organizations offer goods, services or anything of value to the public, they incur risk. These risks include: Credit risk — Loosely defined, credit risk arises when an individual receives goods/services in exchange for a promise of future repayment. If the individual’s circumstances change in a way that prevents him or her from paying as agreed, the provider may not receive full payment and will incur a loss. Fraud risk — Fraud risk arises when the recipient uses deception to obtain goods/services. The type of deception can involve a wide range of tactics. Many involve receiving the goods/services while attributing the responsibility for repayment to someone else. The biggest difference between credit risk and fraud risk is intent. Credit risk usually involves customers who received the goods/services with intent to repay but simply lack the resources to meet their obligation. Fraud risk starts with the intent to receive the goods/services without the intent to repay. Between credit risk and fraud risk lies a hybrid type of risk we refer to as first-party fraud risk. We call this a hybrid form of risk because it includes elements of both credit and fraud risk. Specifically, first party fraud involves an individual who makes a promise of future repayment in exchange for goods/services without the intent to repay. Challenges of first party fraud First party fraud is particularly troublesome for both administrative and operational reasons. It is important for organizations to separate these two sets of challenges and address them independently. The most common administrative challenge is to align first-party fraud within the organization. This can be harder than it sounds. Depending on the type of organization, fraud and credit risk may be subject to different accounting rules, limitations that govern the data used to address risk, different rules for rejecting a customer or a transaction, and a host of other differences. A critical first step for any organization confronting first-party fraud is to understand the options that govern fraud management versus credit risk management within the business. Once the administrative options are understood, an organization can turn its attention to the operational challenges of first-party fraud. There are two common choices for the operational handling of first-party fraud, and both can be problematic. First party fraud is included with credit risk. Credit risk management tends to emphasize a binary decision where a recipient is either qualified or not qualified to receive the goods/services. This type of decision overlooks the recipient’s intent. Some recipients of goods/services will be qualified with the intent to pay. Qualified individuals with bad intentions will be attracted to the offers extended by these providers. Losses will accelerate, and to make matters worse it will be difficult to later isolate, analyze and manage the first party fraud cases if the only decision criteria captured pertained to credit risk decisions. The end result is high credit losses compounded by the additional first party fraud that is indistinguishable from credit risk. First party fraud is included with other fraud types. Just as it’s not advisable to include first party fraud with credit risk, it’s also not a good idea to include it with other types of fraud. Other types of fraud typically are analyzed, detected and investigated based on the identification of a fraud victim. Finding a person whose identity or credentials were misused is central to managing these other types of fraud. The types of investigation used to detect other fraud types simply don’t work for first-party fraud. First party fraudsters always will provide complete and accurate information, and, upon contact, they’ll confirm that the transaction/purchase is legitimate. The result for the organization will be a distorted view of their fraud losses and misconceptions about the effectiveness of their investigative process. Evaluating the operational challenges within the context of the administrative challenges will help organizations better plan to handle first party fraud. Recommendations Best practices for data and analytics suggest that more granular data and details are better. The same holds true with respect to managing first party fraud. First party fraud is best handled (operationally) by a dedicated team that can be laser-focused on this particular issue and the development of best practices to address it. This approach allows organizations to develop their own (administrative) framework with clear rules to govern the management of the risk and its prevention. This approach also brings more transparency to reporting and management functions. Most important, it helps insulate good customers from the impact of the fraud review process. First-party fraudsters are most successful when they are able to blend in with good customers and perpetrate long-running scams undetected. Separating this risk from existing credit risk and fraud processes is critical. Organizations have to understand that even when credit risk is low, there’s an element of intent that can mean the difference between good customers and severe losses. Read here for more around managing first party fraud risk.
Protecting your customer The impact of fraud on the customer relationship Sadly fraudsters seem to always be one-step ahead of fraud-prevention strategies, causing organizations to play catch-up to the criminals. And as information security tightens and technologies evolve, so does the industrious nature of organized identity and online fraud. It should be no surprise then that fraud risk mitigation and management will continue to be an ongoing issue for organizations. But what continues to drive investment in identity management and online risk tools is the arms race across organizations to deliver superior customer experience and functionality. While the monetary cost of fraud losses can be high and rather detrimental, the impact of lost customers and overall reputational decline due to poor customer experiences can be higher. The key is finding the right balance between identifying and segmenting likely fraudulent customers across the vast majority of legitimate customers and transactions. I want to share a recent interactive eBook we launched which outlines the authentication and identity management balance with a focus on the consumer. We highlight current trends and what organizations should be thinking about and doing to protect their business, institution, or agency and customers. I hope you enjoy this look at the impact of fraud on the customer relationship.
Increased volume of fraud attempts during back to school shopping season Back to school shopping season will be the first time many consumers\' use their chip-enabled credit cards and stores\' new card readers. With the average K-12 family spending $630.36 per child in back to school shopping, and more than 1/3 shopping online, according to the National Retail Federation - is your fraud strategy prepared to handle the increased volume? And are you using a dynamic knowledge based authentication (KBA) solution that incorporates a wide variety of questions categories as part of your multi-faceted risk based authentication approach to fraud account management? Binary verification, or risk segmentation based on a single pass/fail decision is like trying to stay dry in a summer rain storm by wearing a coat. It’s far more effective to wear rubber boots and a use an umbrella, in addition to wearing a rain coat. Binary verification can occur based on evaluating identity elements with two outcomes –pass or fail – which could leave you susceptible to a crafty fraudster. When we recommend a risk based authentication approach, we take a more holistic view of a consumers risk profile. We advocate using analytics and weighting many factors, including identity elements, device intelligence and a robust knowledge-based authentication solution that work in concert to provide overall risk based decision. After all, the end-goal is to enable the good consumers to continue forward based, while preventing the fraudster from compromising your customer’s identity and infiltrating you’re your business.
Protecting consumers from fraud this summer vacation It’s that time of year again – when people all over the U.S. take time away from life’s daily chores and embark upon that much-needed refresh: vacation! But just as fraud activity spikes during the holidays, evidence shows fraudster activity also surges during the summer, as the fraudster’s busy season is when we step away for some well-deserved rest and relaxation. With consumers on vacation, identity theft becomes easier. We all know someone who has been the victim of identity theft, resulting in fraudulent purchases on their credit card, or their bank accounts being emptied. Consumers are most likely to break from their normal spending habits, and credit card’s fraud analytics teams struggle to differentiate these changes in spending behavior for a family on vacation from a fraudster who has compromised dad’s identity. To make matter seven more challenging, consumers are less likely to take measures that will help minimize fraud while they are out of town, making the fraudster’s job easier. Identifying risky behaviors, or patterns outside of a consumer’s normal behavior when used in combination with a knowledge-based authentication session can help validate that the individual is indeed who they claim to be. A knowledge-based authentication solution with a wide variety of question types to complicate the fraudsters ability to pass should be part of a risk-based approach to on-going account management, especially when combined with a risk score and device intelligence. Take measures to incorporate a knowledge-based authentication solution with a diverse range of question types to help protect your business and your customers from being burned while on vacation, at least by fraudsters. For more on travel spending behavior and projections for summer 2015, click here.
Imagine the following scenario: an attacker acquires consumers’ login credentials through a data breach. They use these credentials to test account access and observe account activity to understand the ebbs and flows of normal cash movement – peering into private financial records – verifying the optimal time to strike for the most financial gain. Surveillance and fraud staging are the seemingly benign and often-transparent account activities that fraudsters undertake after an account has been compromised but before that compromise has been detected or money is moved. Activities include viewing balances, changing settings to more effectively cover tracks, and setting up account linkages to stage eventual fraudulent transfers. The unfortunate thing is that the actual theft is often the final event in a series of several fraudulent surveillance and staging activities that were not detected in time. It is the activity that occurs before theft that can severely undermine consumer trust and can devastate a brand’s reputation. Read more about surveillance, staging and the fraud lifecycle in this complimentary whitepaper.
Understanding shelf companies and shell companies In our world of business challenges with revenues level or trending down and business loans tougher than ever to get, “shelf” and “shell” companies continue to be an easy option for business opportunities. Shelf companies are defined as corporations formed in a low-tax, low-regulation state in order to be sold off for its excellent credit rating. Click on the internet and you will see a plethora of vendors selling companies in a turn-key business packages. Historically off-the-shelf structures were used to streamline a start-up, where an entrepreneur instantly owns a company that has been in business for several years without debt or liability. However, selling them as a way to get around credit guidelines is new, making them unethical and possibly illegal. Creating companies that impersonate a stable, well established companies in order to deceive creditors or suppliers in another way that criminals are using shelf companies for fraudulent use. Shell companies are characterized as fictitious entities created for the sole purpose of committing fraud. They often provide a convenient method for money laundering because they are easy and inexpensive to form and operate. These companies typically do not have a physical presence, although some may set up a storefront. According to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network, shell companies may even purchase corporate office “service packages” or “executive meeting suites” in order to appear to have established a more significant local presence. These packages often include a state business license, a local street address, an office that is staffed during business hours, a conference room for initial meetings, a local telephone listing with a receptionist and 24-hour personalized voice mail. In one recent bust out fraud scenario, a shell company operated out of an office building and signed up for service with a voice over Internet protocol (VoIP) provider. While the VoIP provider typically conducts on-site visits to all new accounts, this step was skipped because the account was acquired through a channel partner. During months one and two, the account maintained normal usage patterns and invoices were paid promptly. In month three, the account’s international toll activity spiked, causing the provider to question the unusual account activity. The customer responded with a seemingly legitimate business explanation of activity and offered additional documentation. However, the following month the account contact and business disappeared, leaving the VoIP provider with a substantial five figure loss. A follow-up visit to the business showed a vacant office suite. While it’s unrealistic to think all shelf and shell companies can be identified, there are some tools that can help you verify businesses, identify repeat offenders, and minimize fraud losses. In the example mention above, post-loss account review through Experian’s BizID identified an obvious address discrepancy – 12 businesses all listed at the same address, suggesting that the perpetrator set up numerous businesses and victimized multiple organizations. It is possible to avoid being the next victim and refine and revisit your fraud best practices today. Learn more about Experian BizID and how to protect your business.
A recent Experian survey found that while consumers are getting better about protecting their information on a regular basis, many do not take the same precautions when traveling. According to the survey, 1 in 5 consumers has had an item with sensitive information lost or stolen while traveling, and 39% have experienced identity theft while traveling or know someone who has. Organizations can protect themselves and customers by using innovative fraud-detection tools designed to reduce potential losses while preserving the customer experience. >> Video: The reputational impact of fraud and identity theft
Apple eschewed banks for a retailer focus onstage at their Worldwide Developers Conference (WWDC) when it spoke to payments. I sense this is an intentional shift – now that stateside, you have support from all four networks and all the major issuers – Apple understands that it needs to shift the focus on signing up more merchants, and everything we heard drove home that note. That includes Square’s support for NFC, as well as the announcements around Kohls, JCPenney and BJ’s. MasterCard\'s Digital Enablement Service (MDES) - opposite Visa’s Token Service - is the tokenization service that has enabled these partnerships specifically through MasterCard’s partners such as Synchrony – (former GE Capital) which brought on JCPenney, Alliance Data which brought on BJ’s, and CapitalOne which enabled Kohls. Within payments common sense questions such as: “Why isn’t NFC just another radio that transmits payment info?” or “Why aren’t retailer friendly payment choices using NFC?” have been met with contemptuous stares. As I have written umpteen times (here), payments has been a source of misalignment between merchants and banks. Thus – conversations that hinged on NFC have been a non-starter, for a merchant that views it as more than a radio – and instead, as a trojan horse for Visa/MA bearing higher costs. When Android opened up access to NFC through Host Card Emulation (HCE) and networks supported it through tokenization, merchants had a legitimate pathway to getting Private label cards on NFC. So far, very few indeed have done that (Tim Hortons is the best example). But between the top two department store chains (Macy’s and Kohls) – we have a thawing of said position, to begin to view technologies pragmatically and without morbid fear. It must be said that Google is clearly chasing Apple on the retailer front, and Apple is doing all that it can, to dig a wider moat by emphasizing privacy and transparency in its cause. It is proving to be quite effective, and Google will have to “apologize beforehand” prior to any merchant agreement – especially now that retailers have control over which wallets they want to work with – and how. This control inherits from the structures set alongside the Visa and MasterCard tokenization agreements – and retailers with co-brand/private label cards can lean on them through their bank partners. Thus, Google has to focus on two fronts – first to incentivize merchants to partner so that they bring their cards to Android Pay, while trying to navigate through the turbulence Apple has left in its wake, untangling the “customer privacy” knot. For merchants, at the end of the day, the questions that remain are about operating costs, and control. Does participation in MDES and VEDP tokenization services through bank partners, infer a higher cost for play – for private label cards? I doubt if Apple’s 15bps “skim off the top” revenue play translates to Private Label, especially when Apple’s fee is tied to “Fraud Protection” and Fraud in Private Label is non-existent due to its closed loop nature. Still – there could be an acquisitions cost, or Apple may plan a long game. Further, when you look at token issuance and lifecycle management costs, they aren’t trivial when you take in to context the size of portfolio for some of these merchants. That said, Kohls participation affords some clarity to all. Second, Merchants want to bring payments inside apps – just like they are able to do so through in-app payments in mobile, or on online. Forcing consumers through a Wallet app – is counter to that intent, and undesirable in the long scheme. Loyalty as a construct is tangled up in payments today – and merchants who have achieved a clean separation (very few) or can afford to avoid it (those with large Private label portfolios that are really ‘loyalty programs w/ payments tacked on’) – benefit for now. But soon, they will need to fold in the payment interaction in to their app, or Apple must streamline the clunky swap. The auto-prompt of rewards cards in Wallet is a good step, but that feels more like jerry rigging vs the correct approach. Wallet still feels very v1.5 from a merchant integration point of view. Wallet not Passbook. Finally, Apple branding Passbook to Wallet is a subtle and yet important step. A “bank wallet” or a “Credit Union wallet” is a misnomer. No one bank can hope to build a wallet – because my payment choices aren’t confined to a single bank. And even where banks have promoted “open wallets” and incentivized peers to participate – response has been crickets at best. On the flip side, an ecosystem player that touches more than a device, a handful of experiential services in entertainment and commerce, a million and a half apps – all with an underpinning of identity, can call itself a true wallet – because they are solving for the complete definition of that term vs pieces of what constitutes it. Thus – Google & Apple. So the re-branding while being inevitable, finds a firm footing in payments, looks toward loyalty and what lies beyond. Solving for those challenges has less to do with getting there first, but putting the right pieces in play. And Apple’s emphasis (or posturing – depending on who you listen to) on privacy has its roots in what Apple wants to become, and access, and store on our behalf. Being the custodian of a bank issued identity is one thing. Being a responsible custodian for consumer’s digital health, behavior and identity trifecta has never been entirely attempted. It requires pushing on all fronts, and a careful articulation of Apple’s purpose to the public must be preceded by the conviction found in such emphasis/posturing. Make sure to read our perspective paper to see why emerging channels call for advanced fraud identification techniques
Fraud Prevention: Gaining insight fraud throughout the customer lifecycle & future trends Earlier this week, I had the pleasure of chairing the annual Grad School session during CNP Expo 2015. The group was energized by the participation of the attendees and we hope that all gained insight into issues regarding fraud throughout the customer lifecycle as well as future trends in payments, identity and cross border growth. For those who were unable to join us in Orlando, the CNP Expo Grad School focused on the importance of creating a comprehensive fraud strategy to protect your organization throughout the customer lifecycle. To help articulate the varied fraud challenges posed at each stage, we brought an esteemed group of fraud experts, who collectively have served in the industry for over 100 years. We kicked off Grad School with Lawrence Baldwin, CIO of myNetWatchman. He described how fraudsters can transform low value credentials, which can be purchased on the black market for fractions of a cent, into high-value validated credentials that facilitate burgeoning Account Takeover attacks. Jeramie Driessen, a Sr. Risk Analyst in Experian’s Fraud and ID group, then delved into the challenges merchants need to address when evaluating new account opening for merchants and card issuers. Yours truly covered the various stages of Account Takeover and described the evolving fraud vectors that are targeting existing accounts. During part two of the three-hour Grad School, Angela Montoya, Product Management Analyst for Experian Fraud and ID, and David Stewart, Manager of Corporate Security at Virgin America, shared their insights about transaction fraud and dived deep into the nuances of sniffing out crime rings and setting up new fraud teams. We ended with Dan Elvester, Sr. Director of Business Development at Experian, sharing facts and market trends around ecommerce growth, cross-border expansion and emerging fraud tools just before Cherian Abraham, Sr. Consultant with Experian’s Global Consulting Practice, covered advanced topics regarding Apple Pay, Tokenization and the future of Identity Verification. Overall, the CNP Expo 2015 Grad School reinforced our central theme of creating a multi-layered fraud strategy that places controls not just on the monetary transactions executed on your website but also on the account management, origination and even acquisition phases of your customers’ lifecycle. Thanks again to our speakers and attendees for your engagement and interest in Experian’s ongoing efforts to stop fraud. To follow along the topics that were covered a copy of our grad school presentation can be viewed here:
Credit card declines Surag Patel, vice president of global product management for 41st Parameter, led a panel discussion on Digital Consumer Trust with experts from the merchant community and financial services industry at this week’s CNP Expo. During the hour-long session, the expert panel – which included Patel, Jeff Muschick of MasterCard and TJ Horan from FICO – discussed primary research explaining the $40 billion in revenue lost each year to unwarranted CNP credit card declines and what businesses can do to avoid it. Patel began the Thursday morning session by asking the audience how many have bought something online—of course, everyone raised their hands. He then asked how many had been declined—about half the hands stayed up. “Of those with your hands still up,” he said, “how many of you are fraudsters?” The audience chuckled, but the reality of false positives and unnecessary declines is no laughing matter. Unnecessary declines cause lost revenue and damage the customer relationship with merchants, banks and card issuers. The panel cited a 41st Parameter survey of 1,000 consumers and described their responses to the question, what do you do after you get declined? While many would call the card issuer or try a different payment method, one in six would actually skip the purchase altogether, one in ten would purchase from a different online merchant, and one in twelve would go buy the item at a brick-and-mortar store. So regardless of who the customer blames, ultimately, when a good purchase is declined, everybody loses. Jeff Muschick, who works in fraud solutions for MasterCard, spoke about the need for a solid rules engine, and recommended embracing new tools as they emerge to enhance their fraud prevention strategy. He acknowledged that for smaller merchants, keeping up with fraudsters can be incredibly taxing, and often even at larger organizations, fraud departments are understaffed. For that reason, he highlighted a tool that many fraud prevention strategies are leaving on the table, and that’s cooperation: “We talk about collaboration, but it’s not as gregarious as we’d like it to be.” TJ Horan, who is responsible for fraud solutions at FICO, encouraged merchants, banks, and card issuers to mitigate the damage of good declines through customer education. He observed that “if there was a positive thing to come out of the Target breach (and that’s a big ‘if’), it is an increase in general consumer awareness of credit-card fraud and data protection.” This helps inform customers’ attitudes when they are declined, because they realize it is probably a measure being taken for their own protection, and they are likely to be more forgiving. Click here for more information about TrustInsight and how online merchants can increase sales by approving more trusted transactions.
Recently, I sat down to answer three questions for “The Year of Payments - 2015: One Quarter in” for PYMNTS.com on the topic of mobile payments in regards to: How Q1 2015 is different than Q1 2014 What’s the most significant development so far this year? If “Payments 2015” were a brand and had a tagline, what would it be and why? A significant factor in shaping the next frontier in fraud management is the continued rapid growth in online and mobile payments as the preferred methods of doing business for many consumers. With more than a third of customers interacting with a single business in five or more channels and more than 85 percent of consumers using online or mobile to conduct business, the need for omnichannel fraud prevention becomes a requirement. These trends make mobile-device intelligence as important to the authentication process as traditional personally identifiable information. As a result, the need to integrate device intelligence into the authentication process to associate a consumer to a known device is critical. Companies already are beginning to incorporate device intelligence into their authentication strategies. The ability to verify a customer through his or her device is a huge benefit to the overall customer experience and not only makes it easier for the customer to do business with you, but also adds an additional layer of validation. The challenge with any new emerging business or new technology is maintaining a frictionless customer experience foremost because fraudsters are always the early adopters. Make sure to read our perspective paper to see why emerging channels call for advanced fraud identification techniques and what myself and other industry leaders had to say on the topic of mobile payments:
At the start of the Vision 2015 Conference, Experian® announced a new dedicated enterprise Fraud and ID business in North America. This newly established business unit allows Experian, the leading global information services company, to more aggressively address the growing variety of fraud risk and identity management challenges businesses, financial institutions and government agencies face. “The rapid progression of wide-scale fraud and data breaches have led to a significant increase in identity theft related risk, and potential fraud losses on a larger scale than ever anticipated,” said Charles Chung, president of Decision Analytics, Experian North America. “For nearly two decades, we have been helping clients solve the difficult and ever-changing problems of fraud detection and identity management. Our core expertise was further enhanced by the recent acquisition of 41st Parameter which added device identification as another important layer of sophistication to our suite of fraud detection tools. Now the creation of a new fraud business unit brings all components of our Fraud and ID services together to better serve all markets through our innovative authentication techniques, advanced analytics and Big Data insights.” Having one comprehensive operation allows Experian to deliver greater value across its various addressable markets through customized approaches that balance privacy, security and compliance requirements with client reputation, customer experience, convenience and efficiency. The integration brings together a wide set of enterprise services ranging from identity and device risk assessment and anti–money laundering to consumer identity monitoring and alerts, letting Experian continue to proactively meet client needs surrounding the complex risks they face. Dr. Jon Jones has been appointed to lead the new business unit as senior vice president and general manager of Fraud and ID for Experian North America. “Data security and fraud management affect many industries as identity data has become so compromised that authenticating consumers through traditional means is not enough to safeguard against fraud. Modern fraud risks now absolutely require Big Data assets and the proven ability to derive predictive analytical capabilities to meet these challenges,” said Jones. “Today, online and mobile commerce, and customer demands for convenience and speed are intersecting with the increasing sophistication of criminal fraud networks. Experian’s new integrated fraud business delivers next-generation holistic fraud management services, leveraging our vast data landscape to identify customers’ risk for fraud even when no threat has been detected to stay ahead of the growing market demands.” Accounting for the real risk of identity compromise over time continues with the launch of Experian’s Identity Element NetworkSM which identifies real-time fraud volume and velocity linkages across multiple industries to predict when consumers are showing risk of identity compromise. Experian monitors and predicts when seemingly random identity element linkages become meaningful risk clusters, including: When an identity likely has been compromised When an identity is victim of a data breach When a transaction is part of an identity theft scheme, particularly an account takeover When consumers’ identities are exhibiting identity theft, visible by monitoring a broad portfolio of breached or compromised consumers \"Cybercriminals continue to rapidly escalate their assault on sensitive data across a variety of industries, with no end in sight,\" said Julie Conroy, research director at Aite Group. \"This requires fraud prevention capabilities to undergo a similar rapid evolution, with a new, more advanced approach to identity management sitting squarely in the middle of risk mitigation. Simple personally identifiable information is no longer enough to verify identity; the next wave of fraud and cybersecurity services needs to employ robust data and advanced analytical capabilities in order to make faster and more informed identity decisions.\" Experian’s Identity Element Network service can be utilized through its flagship fraud enterprise platform, Precise ID®, using its data assets and analytics alongside 41st Parameter’s FraudNet to deliver a comprehensive view of the Customer Life Cycle of traditional identity, device confidence and risk assessment. Learn more about Experian’s Big Data fraud service for breach identity compromise detection for your business.
Learn More Image
