Fraud & Identity Management
By: Kristan Frend As if business owners need one more thing to worry about — according to the Javelin Strategy & Research’s 2010 Identity Fraud Survey Report, respondents who defined themselves as “self-employed” or “small business owners” were one-and-a-half times more likely to be victims of identity theft. Intuitively this makes sense- business owners exposure would be higher than the average consumer as their information is viewed more often due to the broad array of business service needs. Also consider the fact that until recently, multiple states had public records containing proprietors social security numbers as tax identification numbers readily accessible on-line. What a perfect storm this has all created! Javelin’s report also explained that while the average fraud incidence for business owners was lower than the average consumers, small business owner’s consumer costs were higher. In other words the small business owner suffered more out of pocket costs for identity theft losses than the average consumer. Experts believe this is due to the fact that commercial accounts often do not receive the same fraud guarantee protections that consumer accounts are afforded. While compliance regulations such as Red Flags Rules will enhance consumer safety, institutions must further develop their prevention and protection methods beyond what is legally required to sufficiently protect their small business customers from future fraud attacks. Small business owner fraud and the challenges organizations face in identifying and mitigating these losses are frequently overlooked and overshadowed by consumer fraud. Simply put, fraud is prevented because fraud is detected- verifying that the business owners is who they say they are using multiple data sources is critical to identifying applicant irregularities and protecting small business owners. A well-executed fraud strategy is more than just good business – it helps reduce small business customer acquisition costs and ultimately allows you to make better business decisions, creating a mutually beneficial relationship between your organization and the small business owner.
There are a number of people within the industry heralding the death of knowledge based authentication. To those people I would say, “In my humble opinion you are as wrong as those recent tweets proclaiming the death of Bill Cosby.” Before anyone’s head spins around, let me explain. When I talk about knowledge based authentication and out of wallet questions, I mean it in the truest sense, a la dynamic questions presented as a pop quiz and not the secret questions you answered when you set-up an account. Dynamic knowledge based authentication presents questions are generated from information known about the consumer, concerning things the true consumer would know and a fraudster wouldn’t. The key to success, and the key to good questions, is the data, which I have said many, many times before. The truth is every tool will let some fraud through; otherwise, you’re keeping too many good customers away. But if knowledge based authentication truly fails, there are two places to look: Data: There are knowledge based authentication providers who rely solely on public record data for their KBA solutions. In my opinion, that data is a higher data risk segment for compromise. Experian’s knowledge based authentication practice is disciplined and includes a mix of data. Our research has shown us that a question set should, ideally, include questions that are proprietary, non-credit, credit and innovative. Yes, it may make sense to include some public record data in a question set, but should it be the basis for the entire question set? Providers who can rely on their own data, or a strategic combination of data sources, rather than purchasing it from one of the large data aggregators are, in my opinion, at an advantage because fraudsters would need to compromise multiple sources in order to “game the system.” Actual KBA use: Knowledge based authentication works best as part of a risk management strategy where risk based authentication is a component within the framework and not the single, determining factor for passing a consumer. Our research has shown that clients who combine fraud analytics and a score with knowledge based authentication can increase authentication performance from 20% - 30% or more, depending on the portfolio and type of fraud (ID Fraud vs. First Party, etc.)… and adding a score has the obvious benefit of increasing fraud detection, but it also allows organizations to prioritize review rates efficiently while protecting the consumer experience. So before we write the obituary of KBA, let’s challenge those who tinker with out of wallet products, building lists of meaningless questions that a 5th grader could answer. Embrace optimized decisions with risk based authentication and employ fraud best practices in your use of KBA.
A few days ago I saw an article about hackers working from Russia, while committing check fraud in the United States. In what those investigating are calling a brilliant operation, the fraudsters compromised companies that archive and store records of check images or checks themselves. They then downloaded those check images and all available information. By printing new checks and using an old Internet “money mule” scheme, the fraudsters were able to send the bogus checks to ”the mule”, often as a payment, and have the check cashed at the mule’s bank to get the balance of the funds wired to an off-shore bank account. That article made me think about new breakthroughs in technology. What if those fraudsters had been a little savvier? What if they had the most recent smart phone application installed and didn’t need a mule to wire the money? They could have simply written checks and uploaded them for deposit to an account to which they had gained access with the hottest application du jour – deposit via photo image uploaded from a smart phone. That application would have allowed the fraudsters to cash the bogus check, gain access to the funds and move them to the next account at will. Or would it? Given the move toward mobile banking, it isn’t really a stretch to see this kind of thing happening. Probably not, but if organizations offering this kind of service use a risk based authentication approach it is more likely they use fraud models and decisioning strategies to minimize fraud and protect consumers while pushing out the latest technology. For those reasons, risk management solutions and enterprise fraud vendors need to not only keep pace with technology but also stay ahead of the curve in order to provide optimized decisions and the most relevant fraud analytics. Considering recent fraud trends and my love affair with mobile everything, I know I want the organizations I do business with to do everything they can to prevent fraud…and I’m positive I want my smart phone to be as smart as possible.
In “An ounce of prevention is worth a pound of cure” Kristan Frend touched on the vulnerabilities faced by members of our Armed Services. That post made me think about recent fraud trends. Over the course of this spring and summer, I attended a few conferences and at one of these events something a bit disturbing occurred – a staff member for one of the exhibitors was victimized during the event. The individual’s wallet, containing cash and credit cards, was stolen along with the person’s passport and the victim didn’t realize it until they received their wake-up call the next morning. The few people who heard about it wondered “How could this happen at an event of industry professionals?” The answer is simple. Even industry professionals are every-day consumers, vulnerable to attack. As part of our Knowledge Based Authentication practice, Experian engages in blind focus group interviews with “every-day consumers” facilitated by an independent consulting group on Experian’s behalf. What we learn during those sessions informs our best practices for many of the fraud products and guides our process for new question generation in Knowledge Based Authentication. It is also an eye-opening experience. Through our research we have learned that participant consumers are now more aware and accepting of Knowledge Based Authentication than in past years. Knowledge Based Authentication has become a bellwether, consumers expect it. They also expect organizations they deal with to have an Identity Theft Prevention Program – and the ability to recognize when something “just isn’t right” about a situation. However, few participants cited a comprehensive strategy to protect themselves against identity theft, and even fewer actually demonstrated a commitment to follow a strategy, even when they had one. During open and honest conversation in a relaxed setting, participants revealed their true behavior. Many admitted they still use the same password for all their accounts, write their passwords down, and keep copies of their passwords in easily accessible places, such as a purse or a wallet, a desk drawer or an online application. The bottom line is this: Most people will attempt to do what they think they should to protect themselves from identity theft, including shredding or tearing up mail offers, selectively using credit cards and/or monitoring their garbage. However, if the process is too cumbersome or if it requires that they remember too much, they will default to old habits. As Kristan pointed out, thieves may increasingly rely on computer attacks to gather data, but many still resort to low-tech methods like dumpster diving, mail tampering, and purse and wallet theft to obtain privacy sensitive information. When that purse or wallet contains not only personally identifiable information, but also account passwords, the risk levels are significantly higher. Cyber attacks are a threat, but a consumer’s own behavior may be just as risky. As for the victim in this story… a very sharp desk clerk at a neighboring hotel thought it strange that someone was checking-in for a number of days without a reservation at full rate and without luggage, which started the ball rolling and led to the perpetrator being caught and the victim getting everything back except for some cash that had been spent at a coffee merchant. Clearly, this close call didn’t turn-out as badly as it could have.
By: Kristan Frend Last week I came across a news article that said the NYPD arrested 26 people who allegedly took at least $5 million from stealing identities. What I found most disturbing was that criminals allegedly affected more than 200 soldiers, including many of whom were unaware of what was happening, since they were serving overseas. To help reduce the risk of identity theft and minimize fraud losses, all three major credit bureaus provide Active- Duty Alerts, which allow deployed soldiers to have their credit frozen while they are overseas. While these fraud alerts, coupled with financial institutions implementing identity theft programs, can help prevent identity theft losses, what is being done to reduce the risk of military personnel data being exposed and stolen? As social security numbers play a key role in identity theft, I was surprised and disturbed to learn that government issued military ID cards include the card holder’s social security number in full on the front. This creates an obvious security vulnerability to the card holder. Especially considering that the military ID card must be shown in a number of situations, such as getting on and off base, medical care, picking up prescriptions, entering a base shopping exchange, mess hall, etc. There are many situations where the service member encounters people in positions that were once filled by military personnel but are now filled by civilians, who may not have the same code of honor toward others in the military community. While it’s true that thieves are increasingly using computer hacking, phishing, malware, spyware and key stroke loggers to gather SSNs, thieves still resort to low-tech methods like dumpster diving, mail tampering, and purse and wallet theft to obtain privacy sensitive information. The need to show ID so often and the fact that it contains all of their pertinent data, puts service members at particular risk when they may be in harm’s way, focused more on missions than money missing from their bank account. The good news is that the Department of Defense launched a Social Security Number reduction initiative consisting of a phased removal of SSNs. Phase one, removal of dependent SSNs from ID cards is underway. Phase two, removal of printed SSNs from all cards has been placed on hold indefinitely, and phase three, removal of SSNs embedded in barcodes will begin in 2012. My point is not to be critical of the use of SSNs; I think we all can agree that the use of SSNs have become an integral part of our culture. However, we should look to see that organizations carefully balance the value of how SSNs are used with the vulnerabilities that its use creates. The old adage “an ounce of prevention is worth a pound of cure” could never be truer than with identity theft. The easiest way to minimize fraud is to avoid it by not giving criminals the opportunity to perpetrate identity theft against individuals.
By: Kennis Wong Several weeks ago, I attended and presented at Experian’s sold-out annual conference, Vision, in Phoenix, Arizona. One of the guest speakers was Malcolm Gladwell, best-selling author of The Tipping Point, Blink, Outliers and What the Dog Saw: And Other Adventures. Since I\'ve read three of his four books, I could be considered a fan. And yes, his hair did look as wild in person as it appears in the pictures on the insides of his book covers. But that was not why I was so impressed by his speech. The real reason was that his topic was so relevant to how Experian Decision Analytics delivers value to our clients. Gladwell spent the whole hour addressing the difference between “puzzle” and “mystery”, providing abundant examples for both. The puzzle-versus-mystery topic was from one of his articles in The New Yorker. To solve a puzzle, one or more pieces of information are needed. The source of the problem is that insufficient data is available to have a conclusive answer to the question. An example would be finding Osama Bin Laden’s whereabouts. We simply do not have enough information to locate him, and we need more intelligence. On the other hand, a mystery is not solved by simply gathering more information. It is a matter of making sense out of a massive amount of data available, using analysis and judgment. Enron’s creative accounting was an example of a mystery. All the information was out in the open. Pages and pages of SEC filings and annual reports were there for anyone who was willing and able to analyze them. All that was needed to solve the mystery was to make sense out of the data. In the Fraud and Identity Solutions team, we satisfy clients’ needs by providing solutions for both puzzles and mysteries to fend off fraudsters. Besides the core credit bureau data, we have demographic data, fraud consortium data, past application data, automotive data and much more. We also have strategic partnerships to deliver demand deposit account, cell phone, and device data. All these data sources ensure that our clients get the data they need to piece the puzzle together. Our consulting and analytics, on the other hand, help clients to solve mysteries. Looking at individual pieces of disparate data is inefficient and provides little or no value. That’s why our numerous scoring solutions combine the available data in a way that is most predictive of various fraud outcomes. For example, our Precise ID Score and Fraud Shield Score Plus predict first- and third-party fraud; our BustOut Score predicts the likelihood of bust outs; our Never Pay score predicts the likelihood of a consumer never making a payment. As more data are available, we incorporate them into existing or new models if it increases the effectiveness of the models. So we have both the puzzle and mystery grounds covered. A note to Malcolm Gladwell: Great job at Vision! If you write a book about this topic, I’ll definitely buy it.
With the upcoming changes to overdraft fee policies coming to the banking industry July 1st, courtesy of the Federal Reserve, banks and credit unions are re-examining the revenue growth opportunities through their new account opening process. We frequently hear from our fraud risk and operations client partners that when there is a push for revenue growth, fraud detection gets de-prioritized as a trade off to bringing in more new customers. A DDA-friendly risk based authentication approach may offer some compromise to this seemingly “one for one” exchange. Here are some quick revenue-friendly, risk-averse practices being seen in the branches, call centers, and online channels of Experian clients: • Drive referrals to knowledge based authentication (KBA), negative record checks (account abuse, fraud records) or both off of an upfront fraud score, such as the Precise ID(SM) for Account Opening score. Segmenting based on risk is cost efficient and promotes an improved customer experience. • Bolster the fraud defenses of your online channel by raising the “pass” or “accept” threshold. The lower acquisition costs for this online account opening are tempting but this is also the venue most exploited by fraudsters. Some incremental manual reviews should work out as a small price to pay to catch the higher prevalence of fraud. • Cross sell and up sell with confidence based on more comprehensive authentication. By applying appropriate risk based authentication strategies, more products can be offered and exposure is reduced because you know you are dealing with the true consumer.
I often provide fraud analyses to clients, whereby they identify fraudsters that have somehow gotten through the system. We then go in and see what kinds of conditions exist in the fraudulent population that exist to a much lesser degree in the overall population. We typically do this with indicators, flags, match codes, and other conditions that we have available on the Experian end of things. But that is not to say there aren\'t things on your side of the fence that could be effective indicators of fraud risk as well! One simple example could be geography. If 50% of your known frauds are coming from a state that only sees 5% of your overall population, then that state sounds like a great indicator of fraud risk! What action you take based on this knowledge is up to you (and, I suppose, government regulation). One option would be to route the risky customers through a more onerous authentication procedure. For example, they might have to come into a branch in person to validate their identity. Geography is certainly not the only potential indicator of fraud risk. Be creative! There might be previously untapped indicators of fraud risk lurking in your customer databases. Do not limit yourself to intuition either. Oftentimes the best indicators of fraud risk that I find are counterintuitive. Just compare the percentage of time a condition occurs in your fraud population to the percentage of time it occurs in the overall population. It might be that you have a fraud ring that is leaving some telltale fingerprint on their behavior--one that is actionable in ways that will jumpstart your fraud prevention practices and minimize fraud losses!
In case you’ve never heard of it, a Babel fish is a small translator; that allows a carrier to understand anything said in any form of language. Alta Vista popularized the name but I believe Douglas Adams, author of The Hitchhiker’s Guide to the Galaxy, should be given credit for coining the term. So, what does a Babel fish have to do with Knowledge Based Authentication? Knowledge Based Authentication is always about the data – I have said this before. There is one universal truth: data doesn’t lie. However, that doesn’t mean it is easy to understand what the data is saying. It is a bit like a foreign language. You may have taken classes, and you can read the language or carry on a passable conversation, but that doesn’t mean it’s a good idea to enter into a contract – at least, not without an attorney who speaks the language, or your very own Babel fish. Setting up the best Knowledge Based Authentication configuration for risk management of your line of business can sometimes seem like that contract in a foreign language. There are many decisions to be made and the number of questions to present and which questions to ask is often the easy part. To truly get the most out of fraud models, it is necessary to consider where the score cuts that will be used with your Knowledge Based Authentication session will be set and what methodology will be used to invoke the Knowledge Based Authentication session: objective score performance, manual review and decision, etc. It is also important to consider the “kind of fraud” you might be seeing. This is where it is helpful to have your very own Babel fish – one designed specifically for fraud trends, fraud data, fraud models and Knowledge Based Authentication. If your vendor doesn’t offer you a Babel fish, ask for one. Yours could have one of many titles, but you will know this person when you speak with them, for their level of understanding of not only your business but, more importantly, your data and what it means. Sometimes the Babel fish will work in Consulting, sometimes in Product Management, sometimes in Analytics – the important thing is that there are fraud-specific experts available to you. Think about that for a minute. Business today is a delicate balance between customer experience/relationship management and risk management. If your vendor can’t offer you a Babel fish, tell them you have fish to fry – elsewhere.
We\'ve blogged about fraud alerts, fraud analytics, fraud models and fraud best practices. Sometimes, though, we delude ourselves into thinking that fraud prevention strategies we put into place today will be equally effective over time. Unfortunately, when a rat finds a dead-end in a previously-learned maze, it just keeps hunting for an exit. Fraudsters are no different. Ideally we want to seal off all the exits, and teach the rats to go and do something productive with their lives, but sadly that is not always the case. We also don\'t want to let too many good consumers get stuck either, so we cannot get too trigger-happy with our fraud best practices. Fraud behavior is dynamic, not static. Fraudsters learn and adapt to the feedback they receive through trial and error. That means when you plug a hole in your system today, there will be an increased push to seek out other holes tomorrow. This underscores the importance of keeping a close eye on your fraudsters\' behavior trends. But there must be some theoretical breaking point where the fraudsters simply give up trying--at least with your company. This behavioral extinction may be idealistic in the general sense, but is nonetheless a worthy goal as related to your business. One of the best things you can do to prevent fraud is to gain a reputation amongst the fraudsters of, \"Don\'t even try, it\'s not even worth it.\" And even if you don\'t succeed in getting them to stop trying altogether, it\'s still satisfying to know you are lowering their ROI while improving yours
Well, in my last blog, I was half right and half wrong. I said that individual trade associations and advocacy groups would continue to seek relief from Red Flag Rules ‘coverage’ and resultant FTC enforcement. That was right. I also said that I thought the June 1 enforcement date would ‘stick’. That was wrong. Said FTC Chairman Jon Leibowitz, “Congress needs to fix the unintended consequences of the legislation establishing the Red Flag Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift. As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.” I think the key words here are ‘unintended consequences’. It seems to me that the unintended consequences of the Red Flag Rules reach far beyond just which industries are covered or not covered (healthcare, legal firms, retailers, etc). Certainly, the fight was always going to be brought on by non-financial institutions that generally may not have had a robust identity authentication practice in place as a general baseline practice. What continues to be lost on the FTC is the fact that here we are a few years down the road, and I still hear so much confusion from our clients as to what they have to do when a Red Flag compliance condition is detected. It’s easy to be critical in hindsight, yes, but I must argue that if a bit more collaboration with large institutions and authentication service providers in all markets had occurred, creating a more detailed and unambiguous Rule, we may have seen the original enforcement date (or at least one of the first or second postponement dates) ‘stick’. At the end of the day, the idea of mandating effective and market defined identity theft protection programs makes a lot of sense. A bit more intelligence gathering on the front end of drafting the Rule may, however, have saved time and energy in the long run. Here’s hoping that December 31st ‘sticks’…I’m done predicting.
By: Kristan Frend I recently gave a presentation on small business fraud at the annual National Association of Credit Managers (NACM) Credit Congress. Following the session, several B2B credit professionals shared recent fraud issues The attendees confirmed what we’ve been hearing from our customers: fraudsters are shifting from consumer to business/commercial fraud and they’re stepping up their game. One of the schemes mentioned by an attendee included fraudsters obtaining parcel provider’s tracking numbers to reroute shipments meant for their B2B customer. The perpetrator calls the business’s call center, impersonates the legitimate business customer to place an order, obtains the tracking number, and then calls back with the tracking number to request that the shipment be rerouted. Often the new shipping location is a residential address where an individual has been recruited for a work-at-home employment opportunity. The individual is instructed to sign for deliveries and then reship merchandise to a freight company within the country or directly to destinations outside the United States. The fraud is uncovered once the legitimate B2B customer receives an invoice for goods which they never ordered or received. I encourage you to take a look at your business’s policies and procedures on handling change of address shipment requests. What tools do you employ to verify the individual making the request? Are you verifying who the new address belongs to? You may also want to ask your parcel provider about account setting options available for when your employees submit reroute requests. While a shipping reroute request isn’t always indicative of fraud, I recommend you assess your fraud risk and consider whether your fraud-related business processes need refining. Keep an eye out here for postings on these topics: known fraud, bust out fraud, and how best to minimize fraud loss.
Well, here we are about two weeks from the Federal Trade Commission’s June 1, 2010 Red Flags Rule enforcement date. While this date has been a bit of a moving target for the past year or so, I believe this one will stick. It appears that the new reality is one in which individual trade associations and advocacy groups will, one by one, seek relief from enforcement and related penalties post-June 1. Here’s why I say that: The American Bar Association has already file suit against the FTC, and in October, 2009, The U.S. District Court for the District of Columbia ruled that the Red Flags Rule is not applicable to attorneys engaged in the practice of law. While an appeal of this case is still pending, in mid-March, the U.S. District Court for the District of Columbia issued another order declaring that the FTC should postpone enforcement of the Red Flags Rule “with respect to members of the American Institute of Certified Public Accountants” engaged in practice for 90 days after the U.S. Court of Appeals for the District of Columbia renders an opinion in the American Bar Association’s case against the FTC.” Slippery slope here. Is this what we can expect for the foreseeable future? A rather ambiguous guideline that leaves openings for specific categories of “covered entities” to seek exemption? The seemingly innocuous element to the definition of “creditor” that includes “businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later” is causing havoc among peripheral industries like healthcare and other professional services. Those of you in banking are locked in for sure, but it ought to be an interesting year as the outliers fight to make sense of it all while they figure out what their identity theft prevention programs should or shouldn’t be.
I received a call on my cell phone the other day. It was my bank calling because a transaction outside of my normal behavior pattern tripped a flag in their fraud models. “Hello!\" said the friendly, automated voice, “I’m calling from [bank name] and we need to talk to you about some unusual transaction activity on your account, but before we do, I need to make sure Monica Bellflower has answered the phone. We need to ask you a few questions for security reasons to protect your account. Please hold on a moment.” At this point, the IVR (Interactive Voice Response) system invoked a Knowledge Based Authentication session that the IVR controlled. The IVR, not a call center representative, asked me the Knowledge Based Authentication questions and confirmed the answers with me. When the session was completed, I had been authenticated, and the friendly, automated voice thanked me before launching into the list of transactions to be reviewed. Only when I questioned the transaction was I transferred, immediately – with no hold time, to a human fraud account management specialist. The entire process was seamless and as smooth as butter. Using IVR technology is not new, but using IVR to control a Knowledge Based Authentication session is one way of controlling operational expenses. An example of this is reducing the number of humans that are required, while increasing the ROI made in both the Knowledge Based Authentication tool and the IVR solution. From a risk management standpoint, the use of decisioning strategies and fraud models allows for the objective review of a customer’s transactions, while employing fraud best practices. After all, an IVR never hinted at an answer or helped a customer pass Knowledge Based Authentication, and an IVR didn\'t get hired in a call center for the purpose of committing fraud. These technologies lend themselves well, to fraud alerts and identity theft prevention programs, and also to account management activities. Experian has successfully integrated Knowledge Based Authentication with IVR as part of relationship management and/or risk management solutions. To learn more, visit the Experian website at: https://www.experian.com/decision-analytics/fraud-detection.html?cat1=fraud-management&cat2=detect-and-reduce-fraud). Trust me, Knowledge Based Authentication with IVR is only the beginning. However, the rest will have to wait; right now my high-tech, automated refrigerator is calling to tell me I\'m out of butter.
By: Ken Pruett I want to touch a bit on some of the third party fraud scenarios that are often top of mind with our customers: identity theft; synthetic identities; and account takeover. Identity Theft Identity theft usually occurs during the acquisition stage of the customer life cycle. Simply put, identity theft is the use of stolen identity information to fraudulently open up a new account. These accounts do not have to be just credit card related. For example, there are instances of people using others identities to open up wireless phone and utilities accounts Recent fraud trends show this type of fraud is on the rise again after a decrease over the past several years. A recent Experian study found that people who have better credit scores are more likely to have their identity stolen than those with very poor credit scores. It does seem logical that fraudsters would likely opt to steal an identity from someone with higher credit limits and available purchasing power. This type of fraud gets the majority of media attention because it is the consumer who is often the victim (as opposed to a major corporation). Fraud changes over time and recent findings show that looking at data from a historical perspective is a good way to help prevent identity theft. For example, if you see a phone number being used by multiple parties, this could be an indicator of a fraud ring in action. Using these types of data elements can make your fraud models much more predictive and reduce your fraud referral rates. Synthetic Identities Synthetic Identities are another acquisition fraud problem. It is similar to identity theft, but the information used is fictitious in nature. The fraud perpetrator may be taking pieces of information from a variety of parties to create a new identity. Trade lines may be purchased from companies who act as middle men between good consumers with good credit and perpetrators who creating new identities. This strategy allows the fraud perpetrator to quickly create a fictitious identity that looks like a real person with an active and good credit history. Most of the trade lines will be for authorized users only. The perpetrator opens up a variety of accounts in a short period of time using the trade lines. When creditors try to collect, they can’t find the account owners because they never existed. As Heather Grover mentioned in her blog, this fraud has leveled off in some areas and even decreased in others, but is probably still worth keeping an eye on. One concern on which to focus especially is that these identities are sometimes used for bust out fraud. The best approach to predicting this type of fraud is using strong fraud models that incorporate a variety of non-credit and credit variables in the model development process. These models look beyond the basic validation and verification of identity elements (such as name, address, and social security number), by leveraging additional attributes associated with a holistic identity -- such as inconsistent use of those identity elements. Account Takeover Another type of fraud that occurs during the account management period of the customer life cycle is account takeover fraud. This type of fraud occurs when an individual uses a variety of methods to take over an account of another individual. This may be accomplished by changing online passwords, changing an address or even adding themselves as an authorized user to a credit card. Some customers have tools in place to try to prevent this, but social networking sites are making it easier to obtain personal information for many consumers. For example, a person may have been asked to provide the answer to a challenge question such as the name of their high school as a means to properly identify them before gaining access to a banking account. Today, this piece of information is often readily available on social networking sites making it easier for the fraud perpetrators to defeat these types of tools. It may be more useful to use out of wallet, or knowledge-based authentication and challenge tools that dynamically generate questions based on credit or public record data to avoid this type of fraud.
Learn More Image
