Fraud & Identity Management

At the start of the Vision 2015 Conference, Experian® announced a new dedicated enterprise Fraud and ID business in North America. This newly established business unit allows Experian, the leading global information services company, to more aggressively address the growing variety of fraud risk and identity management challenges businesses, financial institutions and government agencies face. “The rapid progression of wide-scale fraud and data breaches have led to a significant increase in identity theft related risk, and potential fraud losses on a larger scale than ever anticipated,” said Charles Chung, president of Decision Analytics, Experian North America. “For nearly two decades, we have been helping clients solve the difficult and ever-changing problems of fraud detection and identity management. Our core expertise was further enhanced by the recent acquisition of 41st Parameter which added device identification as another important layer of sophistication to our suite of fraud detection tools. Now the creation of a new fraud business unit brings all components of our Fraud and ID services together to better serve all markets through our innovative authentication techniques, advanced analytics and Big Data insights.” Having one comprehensive operation allows Experian to deliver greater value across its various addressable markets through customized approaches that balance privacy, security and compliance requirements with client reputation, customer experience, convenience and efficiency. The integration brings together a wide set of enterprise services ranging from identity and device risk assessment and anti–money laundering to consumer identity monitoring and alerts, letting Experian continue to proactively meet client needs surrounding the complex risks they face. Dr. Jon Jones has been appointed to lead the new business unit as senior vice president and general manager of Fraud and ID for Experian North America. “Data security and fraud management affect many industries as identity data has become so compromised that authenticating consumers through traditional means is not enough to safeguard against fraud. Modern fraud risks now absolutely require Big Data assets and the proven ability to derive predictive analytical capabilities to meet these challenges,” said Jones. “Today, online and mobile commerce, and customer demands for convenience and speed are intersecting with the increasing sophistication of criminal fraud networks. Experian’s new integrated fraud business delivers next-generation holistic fraud management services, leveraging our vast data landscape to identify customers’ risk for fraud even when no threat has been detected to stay ahead of the growing market demands.” Accounting for the real risk of identity compromise over time continues with the launch of Experian’s Identity Element NetworkSM which identifies real-time fraud volume and velocity linkages across multiple industries to predict when consumers are showing risk of identity compromise. Experian monitors and predicts when seemingly random identity element linkages become meaningful risk clusters, including: When an identity likely has been compromised When an identity is victim of a data breach When a transaction is part of an identity theft scheme, particularly an account takeover When consumers’ identities are exhibiting identity theft, visible by monitoring a broad portfolio of breached or compromised consumers "Cybercriminals continue to rapidly escalate their assault on sensitive data across a variety of industries, with no end in sight," said Julie Conroy, research director at Aite Group.  "This requires fraud prevention capabilities to undergo a similar rapid evolution, with a new, more advanced approach to identity management sitting squarely in the middle of risk mitigation. Simple personally identifiable information is no longer enough to verify identity; the next wave of fraud and cybersecurity services needs to employ robust data and advanced analytical capabilities in order to make faster and more informed identity decisions." Experian’s Identity Element Network service can be utilized through its flagship fraud enterprise platform, Precise ID®, using its data assets and analytics alongside 41st Parameter’s FraudNet to deliver a comprehensive view of the Customer Life Cycle of traditional identity, device confidence and risk assessment. Learn more about Experian’s Big Data fraud service for breach identity compromise detection for your business.

Published: May 4, 2015 by Guest Contributor

Identity fraud and the utility industry In the utility industry today, gaining enterprise-wide systemic control over credit risk assessment, identity verification and compliance oversight are causing many leading organizations major headaches.   The ability for IT departments to modify their core legacy systems to effectively implement and support these critical functions is ever-challenging.  And for the business, the inability to gain real-time access and control to these functions means slower speed to market with automated risk controls, costing the organization (and therefore rate-paying customers) tens of millions in losses annually and lost productivity in manual reviews and call center costs.   In addition to the obvious financial impact, customer experience invariably suffers, negatively impacting those good paying, low-risk customers and leading to downstream issues with complaints to regulators. The ideal solution provides organizations the ability to quickly identify customers and compliance requirements, while maintaining a strong and transparent security posture for user authentication and strategic control over the complete customer life-cycle.   To minimize barriers to implementation, such a solution requires a flexible, user-friendly hosted platform incorporating all the various credit and alternate data sources with reporting and industry best practice strategies available “out of the box”. While there are several types of fraud perpetrated on utilities, one common form involves the opening of an account in a legitimate consumer’s or business’s name by a fraudulent party with the service address belonging to the fraudulent party (aka the “name game”). Utility fraud may take a long time to discover, as the fraudster may have a history of making some payment, but often times leaves the organization with a significant, unpaid balance.  Even after an account goes to collections for nonpayment, it can take a very long time before the fraud is confirmed.  Even if consumers and businesses periodically check their credit reports, they may not be aware that accounts had been opened in their name because the accounts usually aren’t reported until they reach collections. This means utility fraud through identity theft can lead to eroding customer relationships and losses. Best Practices for Customer Identity Verification An overall compliance or identity checking program will prevent fraud losses and increase customer satisfaction.  The same basic principles that apply to customer centric decisions apply here. gain knowledge of the customer through data, gain insight through specifically developed models and analytics, and make identity decisions using expert strategies. A best practice identity service will employ a customer acquisition platform like PowerCurve OnDemand to automatically acquire critical consumer and business identity authentication data, scores and analytics.  Models such as Precise ID and BizID allow clients to make decisions that are tailored to these specifications.  These results can be incorporated into automated accept or referral decisioning. Clients can customize these decision strategies for results based on the presence and absence of both positive and high-risk conditions. Specifically, the service helps clients to: Positively identify legitimate consumers Preserve positive consumer experiences by limiting or eliminating the need for more manual and arduous authentication processes that require more customer engagement and time Direct more intensive authentication procedures, such as knowledge-based authentication questions, only to the riskiest applicants or transactions Preserve positive customer experiences by preventing fraudulent accounts being opened in their name Detect potential fraud and reduce charge-offs FACTA and Red Flag Compliance Another advantage of using an acquisition platform like PowerCurve OnDemand is if the utility is obtaining consumer credit reports for other purposes, such as to determine a deposit amount, the platform can also perform many of the FACT Act and Red Flag checks that are required under the Fair Credit Reporting Act to limit identity theft as well.  So, at the same time, the platform can help meet compliance due-diligence requirements during application and account management processes. Matching Finally, the software platform may be able to perform a “matching process” on the applicant against existing or former customers.  If there is a match, this may also bring insight into whether or not an identity theft may be occurring. In Conclusion Consider a comprehensive platform that assists in identity verification process for both consumer and business accounts.  Ensure it can bring in world class data, models and analytics to gain insight on the identity of the consumer or business.  If applicable, leverage the platform for compliance related checks as well.  The rewards in lower write offs and increased customer satisfaction should yield great results.

Published: April 24, 2015 by Guest Contributor

With more than one-third of customers interacting with a single business in five or more channels and more than 85 percent of consumers using online or mobile to conduct business, omnichannel fraud prevention has become a necessity. Implementing a layered approach to authentication and integrating device intelligence into the process to associate a consumer with a known device are critical components of a fraud mitigation strategy. In addition to providing another layer of validation, verifying a customer through his or her device makes it easier for the customer to interact with the business and is a huge benefit to the overall customer experience. Perspective paper: Protecting the customer experience - The impact of fraud on the customer relationship

Published: April 23, 2015 by Guest Contributor

Gift cards are the most requested gift item and have been for the last eight years. Merchants love gift cards because they take up very little space and the recipient often ends up spending more than the value of the gift card.

Published: April 16, 2015 by Guest Contributor

Cont. Understanding Gift Card Fraud By: Angie Montoya In part one, we spoke about what an amazing deal gift cards (GCs) are, and why they are incredibly popular among consumers. Today we are going to dive deeper and see why fraudsters love gift cards and how they are taking advantage of them. We previously mentioned that it’s unlikely a fraudster is the actual person that redeems a gift card for merchandise. Although it is true that some fraudsters may occasionally enjoy a latte or new pair of shoes on us, it is much more lucrative for them to turn these forms of currency into cold hard cash. Doing this also shifts the risk onto an unsuspecting victim and off of the fraudster. For the record, it’s also incredibly easy to do. All of the innovation that was used to help streamline the customer experience has also helped to streamline the fraudster experience. The websites that are used to trade unredeemed cards for other cards or cash are the same websites used by fraudsters. Although there are some protections for the customer on the trading sites, the website host is usually left holding the bag when they have paid out for a GC that has been revoked because it was purchased with stolen credit card information. Others sites, like Craigslist and social media yard sale groups, do not offer any sort of consumer protection, so there is no recourse for the purchaser. What seems like a great deal— buying a GC at a discounted rate— could turn out to be a devalued Gift card with no balance, because the merchant caught on to the original scheme. There are ten states in the US that have passed laws surrounding the cashing out of gift cards. * These laws enable consumers to go to a physical store location and receive, in cash, the remaining balance of a gift card. Most states impose a limit of $5, but California has decided to be a little more generous and extend that limit to $10. As a consumer, it’s a great benefit to be able to receive the small remaining balance in cash, a balance that you will likely forget about and might never use, and the laws were passed with this in mind. Unfortunately, fraudsters have zeroed in on this benefit and are fully taking advantage of it. We have seen a host of merchants experiencing a problem with fraudulently obtained GCs being cashed out in California locations, specifically because they have a higher threshold. While five dollars here and ten dollars there does not seem like it is very much, it adds up when you realize that this could be someone’s full time job. Cashing out three ten dollar cards would take on average 15 minutes. Over the course of a 40-hour workweek it can turn into a six-figure salary. At this point, you might be asking yourself how fraudsters obtain these GCs in the first place. That part is also fairly easy. User credentials and account information is widely available for purchase in underground forums, due in part to the recent increase in large-scale data breaches. Once these credentials have been obtained, they can do one of several things: Put card data onto a dummy card and use it in a physical store Use credit card data to purchase on any website Use existing credentials to log in to a site and purchase with stored payment information Use existing credentials to log in to an app and trigger auto-reloading of accounts, then transfer to a GC   With all of these daunting threats, what can a merchant do to protect their business? First, you want to make sure your online business is screening for both the purchase and redemption of gift cards, both electronic and physical. When you screen for the purchase of GCs, you want to look for things like the quantity of cards purchased, the velocity of orders going to a specific shipping address or email, and velocity of devices being used to place multiple orders. You also want to monitor the redemption of loyalty rewards, and any traffic that goes into these accounts. Loyalty fraud is a newer type of fraud that has exploded because these channels are not normally monitored for fraud— there is no actual financial loss, so priority has been placed elsewhere in the business. However, loyalty points can be redeemed for gift cards, or sold on the black market, and the downstream affect is that it can inconvenience your customer and harm your brand’s image. Additionally, if you offer physical GCs, you want to have a scratch off PIN on the back of the card. If a GC is offered with no PIN, fraudsters can walk into a store, take a picture of the different card numbers, and then redeem online once the cards have been activated. Fraudsters will also tumble card numbers once they have figured out the numerical sequence of the cards. Using a PIN prevents both of these problems. The use of GCs is going to continue to increase in the coming years— this is no surprise. Mobile will continue to be incorporated with these offerings, and answering security challenges will be paramount to their success. Although we are in the age of the data breach, there is no reason that the experience of purchasing or redeeming a gift card should be hampered by overly cautious fraud checks. It’s possible to strike the right balance— grow your business securely by implementing a fraud solution that is fraud minded AND customer centric. *The use of GC/eGC is used interchangeably

Published: March 26, 2015 by Guest Contributor

Apple Pay fraud solution Apple Pay is here and so are increased fraud exposures, confirmed losses, and customer experience challenges among card issuers. The exposure associated with the provisioning of credit and debit cards to the Apple Pay application was in time expected as fraudsters are the first group to find weaknesses. Evidence from issuers and analyst reports points to fraud as the result of established credit/debit cards compromised through data breaches or other means that are being enrolled into Apple Pay accounts – and being used to make large value purchases at large merchants. Keir Breitenfeld, our vice president of Fraud and Identity solutions said as much in a recent PYMNTS.com story where he was quoted about whether the Apple Watch will help grown Apple Pay.    The challenge is that card issuers have no real controls over the provisioning or enrollment process so they currently only have an opportunity to authenticate their cardholder, but not the provisioning device. Fraud exposure can lie within call centers and online existing customer treatment channels due to: Identity theft and account takeover based on breach activity. Use of counterfeit or breached card data. Call center authentication process inadequacies. Capacity and customer experience pressures driving human error or subjectively lax due diligence. Existing customer/account authentication practices not tuned to this emerging scheme and level of risk. The good news is that positive improvements have been proven with bolstering risk-based authentication at the card provisioning process points by comparing the inbound provisioning device to the device that is on file for the cardholder account. This, in combination with traditional identity risk analytics, verifications, knowledge-based authentication, and holistic decisioning policies vastly improve the view afforded to card issuers for layered process point decisioning. Learn more on why emerging channels, like mobile payments,  call for advanced fraud identification techniques.

Published: March 11, 2015 by Guest Contributor

Gift cards have risen in popularity over the last few years both for consumers and for fraudsters, causing a huge increase in gift card fraud

Published: March 5, 2015 by Guest Contributor

Listen to what Matt Lane, says about the reputational impact of fraud theft on an organization

Published: February 27, 2015 by Guest Contributor

The experience of being a victim of data breaches has created a shift in consumer behavior and attitude over the past year. A recent Ponemon Institute study found that more than one-third of consumers ignored data breach notification letters, taking no action to protect themselves against fraud. To combat data breach fatigue, companies should communicate with customers sincerely and avoid treating the notification process as a compliance issue. Notification letters should include an apology, a clear explanation of what happened and why, and steps consumers can take to protect themselves from fraud. 2015 Data Breach Industry Forecast

Published: February 19, 2015 by Guest Contributor

While marketers typically spend vast amounts of money to increase customer acquisitions, fraud prevention can undercut those efforts. According to a recent 41st Parameter® study, average card-not-present declines represent 15 percent of all transactions; however, one to three percent of those declined transactions turn out to be false positives, equating to 1.2 billion dollars in lost revenue annually. Marketers can avoid unnecessary declines and create a seamless customer experience by communicating campaign plans to the fraud-risk team early on and coordinating marketing and fraud-prevention efforts. Download Experian’s latest fraud prevention report. Report: Holiday Marketing & Fraud

Published: February 18, 2015 by Guest Contributor

Identity verification techniques have been evolving over the past few years to meet business priorities beyond fraud prevention

Published: February 17, 2015 by Guest Contributor

The news of the latest breach last week reported that tens of millions of customer and employee records were stolen by a sophisticated hacker incursion. The data lost is reported to include names, birth dates, Social Security numbers, and addresses. The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. What’s more, the data likely includes identity data on millions of dependent minors, who are prime targets for identity thieves and whose credit goes frequently unmonitored. According to the Identity Theft Resource Center’s 2014 Data Breach Report, a record 783 breaches, representing 85 million records, occurred from January through September 2014 alone. The breaches have ranged across virtually every industry segment and data type. So where does all this breached data go? It goes into the massive, global underground marketplace for stolen data, where it’s bought and sold, and then used by cybercriminals and fraudsters to defraud organizations and individuals. Like any market, supply and demand determines price, and the massive quantity of recent breaches has made stolen identities more affordable to more fraudsters, exacerbating the overall problem. In fact, stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. The big question: So what now? The answer: Assume that all data has been breached, and act accordingly. Such a statement sounds a bit trivial, but it’s a significant paradigm shift. It’s a clear-headed recognition of the implications of the ongoing, escalating covert war between cybercriminals and fraudsters, on one side, and organizations and consumers on the other. For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign up for a credit monitoring service that covers all three credit bureaus to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. Many parents do not check their child’s credit regularly, if at all. For organizations, it’s a war on two fronts: data protection and fraud prevention. And the stakes are huge, bigger than many of us recognize. We’re not just fighting to prevent financial theft, we’re fighting to preserve trust — trust between organizations and consumers, at the first level, and ultimately widespread consumer trust in the institutions of finance, commerce, and government. We must collectively strive to win the war on data protection, no doubt, and prevent future data breaches. But what breaches illustrate is that, when fundamental identity data is breached, a terrible burden is placed on the second line of defense — fraud prevention. Simply put, organizations must continually evolve their fraud prevention control and skills, and minimize the damage caused by stolen identity data. And we must do it in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate the criminals. At 41st Parameter, we are at the front lines of fraud prevention every day, and what we see are risks throughout the ecosystem. Account opening is a particular vulnerability, as consumer identity data obtained in the underground will undoubtedly be used to open lines of credit, submit fraudulent tax returns, etc. unbeknownst to the consumer. Since so much data has been breached, many of these new accounts will look “clean,” presenting a major challenge for traditional identity-based fraud and compliance solutions. But it’s more than new accounts — account takeover, transactions, loyalty, every stage is in jeopardy now that so much identity data is on the loose. Even the call center is vulnerable, as the very basis for caller authentication often relies on components of identity. At 41st Parameter and Experian Fraud & Identity solutions, we advocate a comprehensive layered approach that leverages multiple solutions such as FraudNet, Precise ID, KIQ, and credit data to protect all aspects of the customer journey while ensuring a seamless, positive user experience across channels and lines of business. Read our fraud perspective paper to learn more. Now is the time to take action.  http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924

Published: February 11, 2015 by Guest Contributor
The Implications of Sharing Personal Data

In today’s increasingly digital world, it can be difficult for consumers to understand the value of their personal data.

Published: January 28, 2015 by Guest Contributor

The availability and opportunities for customers to conduct business through mobile devices continues to multiply, challenging organizations to protect customers without impacting their experience. Our infographic highlights five challenges of customer authentication that businesses face and what customers feel in an increasingly mobile world. Personally Identifiable Information (PII) is more available, but less reliable, than ever before. 35% performance improvement using models built with attributes beyond simple identity element validation. More transactions are taking place in an omnichannel environment. 36% of organizations interact with their customer in five or more channels. Diversity of devices and technology complicates customer authentication. 85% of consumers use online or mobile to conduct business. 17% of consumers reported having an online transaction declined when device information was not available. Increased online transactions have multiplied fraud opportunities, resulting in more false positives. Of those surveyed who have had Card Not Present (CNP) transactions declined: 31% blame the merchant 38% blame the credit card network 83% felt embarassed or angry Stringent requirements change the way organizations interact with customers. 80% expect the focus on managing regulatory risk to be more than it is today Download our fraud prevention perspective paper to gain more insight on how you can prepare your business.  

Published: January 21, 2015 by Guest Contributor

Subscribe to our blog

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our Experian Insights blog

Don't miss out on the latest industry trends and insights!
Subscribe