Fraud & Identity Management

Experian’s eighth annual identity and fraud report found that consumers continue to express concerns with online security, and while businesses are concerned with fraud, only half fully understand its impact – a problem we previously explored in last year’s global fraud report. In our latest report, we explore today’s evolving fraud landscape and influence on identity, the consumer experience, and business strategies. We surveyed more than 2,000 U.S. consumers and 200 U.S. businesses about their concerns, priorities, and investments for our 2023 Identity and Fraud Report. This year’s report dives into: Consumer concerns around identity theft, credit card fraud, online privacy, and scams such as phishing.Business allocation to fraud management solutions across industries.Consumer expectations for both security and their experience.The benefits of a layered solution that leverages identity resolution, identity management, multifactor authentication solutions, and more. To identify and treat each fraud type appropriately, you need a layered approach that keeps up with ever-changing fraud and applies the right friction at the right time using identity verification solutions, real-time fraud risk alerts, and enterprise orchestration. This method can reduce fraud risks and help provide a more streamlined, unified experience for your consumers. To learn more about our findings and how to implement an effective solution, download Experian’s 2023 Identity and Fraud Report. Download the report

Banking uncertainty creates opportunity for fraud The recent regional bank collapses left anxious consumers scrambling to withdraw their funds or open new accounts at other institutions. Unfortunately, this situation has also created an opportunity for fraudsters to take advantage of the chaos. Criminals are exploiting the situation and posing as legitimate customers looking to flee their current bank to open new accounts elsewhere. Financial institutions looking to bring on these consumers as new clients must remain vigilant against fraudulent activity. Fraudsters also prey on vulnerable individuals who may be financially stressed and uncertain about the future. This creates a breeding ground for scams as fear and uncertainty cloud judgment and make people more susceptible to manipulation. Beware of fraudulent tactics Now, it is more important than ever for financial institutions to be vigilant in their due diligence processes. As they navigate this period of financial turbulence, they must take extra precautions to ensure that new customers are who they say they are by verifying customer identities, conducting thorough background checks where necessary, and monitoring transactions for any signs of suspicious activity. Consumers should also maintain vigilance — fraudulent schemes come in many forms, from phishing scams to fake investment opportunities promising unrealistic returns. To protect yourself against these risks, it is important to remain vigilant and take precautions such as verifying the legitimacy of any offers or investments before investing, monitoring your bank and credit card statements regularly for suspicious activity, and being skeptical of unsolicited phone calls, emails, or text messages. Security researcher Johannes Ulrich reported that threat actors are jumping at the opportunity, registering suspicious domains related to Silicon Valley Bank (SVB) that are likely to be used in attacks. Ulrich warned that the scammers might try to contact former clients of SVB to offer them a support package, legal services, loans, or other fake services relating to the bank's collapse. Meanwhile, on the day of the SVB closure, synthetic identity fraud began to climb from an attack rate of .57 to a first peak of 1.24% on the Sunday following the closure, or an increase of 80%. After the first spike reduced on March 14, we only saw a return of an even higher spike on March 21 to 1.35%, with bumps continuing since then. As the economy slows and fraud rises, don’t let your guard down The recent surge in third-party attack rates on small business and investment platforms is a cause for concern. There was a staggering nearly 500% increase in these attacks between March 7th and 11th, which coincided with the release of negative news about SVB. Bad actors had evidently been preparing for this moment and were quick to exploit vulnerabilities they had identified across our financial system. They used sophisticated bots to create multiple accounts within minutes of the news dropping and stole identities to perpetrate fraudulent activities. This underscores the need for increased vigilance and proactive measures to protect against cyber threats impacting financial institutions. Adopting stronger security measures like multi-factor authentication, real-time monitoring, and collaboration with law enforcement agencies for timely identification of attackers is of paramount importance to prevent similar fraud events in the future. From frictionless to friction-right As businesses seek to stabilize their operations in the face of market turbulence, they must also remain vigilant against the threat of fraud. Illicit activities can permeate a company's ecosystem and disrupt its operations, potentially leading to financial losses and reputational damage. Safeguarding against fraud is not a simple task. Striking a balance between ensuring a smooth customer experience and implementing effective fraud prevention measures can be a challenging endeavor. For financial institutions in particular, being too stringent in fraud prevention efforts may drive customers away, while being too lenient can expose them to additional fraud risks. This is where a waterfall approach, such as that offered by Experian CrossCore®, can prove invaluable. By leveraging an array of fraud detection tools and technologies, businesses can tailor their fraud prevention strategies to suit the specific needs and journeys of different customer segments. This layered, customized approach can help protect businesses from fraud while ensuring a seamless customer experience. Learn more

With an ever-present need for efficiency, security, and seamless citizen services, many agencies are looking at the benefits of a data-driven government. Last year, the federal government kicked off a unified effort to enable data-driven decision making. The goal at that level – and across all agencies – is to serve citizens more efficiently and effectively. By embracing the power of data and analytics, agencies of all sizes can set themselves up to better serve their citizens. What is a data-driven government? Agencies collect citizen data from a variety of service-based sources, including the Postal Service, Census Bureau, social welfare departments, and agencies that issue government IDs. When properly leveraged, this data holds many possibilities. However, many agencies face challenges when it comes to efficient collection, sharing, usage, integrity, and accessibility. Due to the amount of data collected and the potential lack of consistency in the collection and storage techniques, the data may not be usable. Without proper management and analysis, there’s little government agencies can do with their data to improve their processes. A data-driven government has well-managed data and uses that data to drive their decisions as they relate to citizen requests for benefits, tax collection, elections, and more. What are the benefits of data-driven decision making? Data management and government data analytics enable agencies to react quickly to citizen demands and concerns and proactively anticipate an issue before it becomes a crisis. With the right tools, agencies can gain a holistic view of their citizens, communicate effectively internally, provide digitally-driven services and improve overall efficiency through government-wide data integration and management. These changes have a wide range of benefits, including reduction of cost, fraud, waste and abuse, the automation of manual processes, and better service delivery. Why is a data-driven strategy required? In addition to the benefits listed above, a data-driven strategy also helps agencies align with published NIST guidelines and the need to monitor, evaluate, and maintain digital identity systems. Proper use of data-driven digital identity strategies will enhance equity and the usability of the solutions agencies provide to their citizens. Building an effective data-driven strategy The right strategy starts with ensuring that all departments about the need for proper data management and analytics and the guidelines that will govern it, such as maintaining up-to-date data, removing silos, and leveraging the right tools. The next step is finding the right partner. An effective partner can help agencies develop and maintain data management systems and implement the right tools and analytics – things like machine learning in government – to help each agency function efficiently and safeguard the data of its citizens. To learn how Experian can help your agency improve its use of data, visit us or request a call. Visit us

The fraud problem is ever-present, with 94% of businesses reporting it as a top priority, and fraudsters constantly finding new targets for theft. Preventing fraud requires a carefully orchestrated strategy that can recognize and treat a variety of types — without adding so much friction that it drives customers away. Experian’s fraud prevention and detection platform, CrossCore®, was recently named an Overall Leader, Product Leader in Fraud Reduction Intelligence Platforms, Innovation Leader and Market Leader in Fraud Reduction by KuppingerCole. CrossCore is an integrated digital identity and fraud risk platform that enables organizations to connect, access, and orchestrate decisions that leverage multiple data sources and services. CrossCore combines risk-based authentication, identity proofing, and fraud detection into a single, state-of-the-art cloud platform. It engages flexible decisioning workflows and advanced analytics to make real-time risk decisions throughout the customer lifecycle. This recognition highlights Experian’s comprehensive approach to combating fraud and validates that CrossCore offers best-in-class capabilities by augmenting Experian’s industry-leading identity and fraud offerings with a highly curated ecosystem of partners which enables further optionality for organizations based on their specific needs. To learn more about how CrossCore can benefit your organization, read the report or visit us. Learn more

On average, the typical global consumer owns three or more connected devices.1 80% of consumers bounce between devices, while 31% who turned to digital channels for their last purchase used multiple devices along the way.2 Considering these trends, many lenders are leveraging multiple channels in addition to direct mail, including email and mobile applications, to maximize their credit marketing efforts. The challenge, however, is effectively engaging consumers without becoming overbearing or inconsistent. In this article, we explore what identity resolution for credit marketing is and how the right identity tools can enable financial institutions to create more cohesive and personalized customer interactions. What is identity resolution? Identity resolution connects unique identifiers across touchpoints to build a unified identity for an individual, household, or business. This requires an identity graph, a proprietary database that collects, stitches, and stores identifiers from digital and offline sources. As a result, organizations can create a persistent, high-definition customer view, allowing for more consistent and meaningful brand experiences. What are the types of identity resolution? There are two common approaches to identity resolution: probabilistic ID matching and deterministic ID matching. Probabilistic ID matching uses multiple algorithms and data sets to match identity profiles that are most likely the same customer. Data points used in probabilistic models include IP addresses and device types. Deterministic ID matching uses first-party data that customers have produced, enabling you to merge new data with customer records and identify matches among existing identifiers. Examples of this type of data include phone numbers and email addresses. What role does identity resolution play in credit marketing? Maintaining a comprehensive customer view is crucial to credit marketing — the insights gained allow lenders to determine who they should engage and the type of offer or messaging that would resonate most. But there are many factors that can prevent financial institutions from doing this effectively: poor data quality, consumers bouncing between multiple devices, and so on. Seven out of 10 consumers find it important that companies they interact with online identify them across visits. Identity resolution for credit marketing solves these issues by matching and linking customer data from disparate sources back to a single profile. This enables lenders to: Create highly targeted campaigns. If your data is incomplete or inaccurate, you may waste your marketing spend by engaging the wrong audience or sending out irrelevant credit offers. An identity resolution solution that leverages expansive, regularly updated data gives you access to high-definition views of individuals, resulting in more personalization and greater campaign engagement. Deliver seamless, omnichannel experiences. To further improve your credit marketing efforts, you’ll need to keep up with consumers not only as their needs or preferences change, but also as they move across channels and devices. Instead of creating multiple identity profiles for the same person, identity resolution can recognize an individual across touchpoints, allowing you to create consistent offers and cohesive experiences. Picking the right marketing identity resolution solution While the type of identity resolution for marketing solution can vary depending on your business’s goals and challenges, Experian can help you get started. To learn more, visit us today. 1 Global number of devices and connections per capita 2018-2023, Statista. 2 Cross Device Marketing - Statistics and Trends, Go-Globe.

Jennifer Schulz, CEO of Experian, North America kicked off Experian’s annual Vision conference Tuesday morning pointing to data, analytics, technology and collective curiosity as the drivers for change and a more impactful tomorrow to more than 700 attendees. Keynote speaker: Jennifer Bailey Jennifer Bailey, Vice President of Apple Pay and Apple Wallet, spoke about the customer experience “ethos.” She explained how Apple takes a long-term view and values the single most important performance metric as customer experience. She said creating a seamless customer experience comes down to making things simple and understandable, and asking, “Are we solving a customer problem?” and “How are we making it easier for customers to enjoy and liver their lives. Bailey, who said of all apps she uses the weather app the most, also talked about innovation, and that both intent and making mistakes are important parts of the process. Apple’s products are known for their user-friendliness, and design is part of that. She encouraged the audience to give design teams room to create without bottom line pressures and not to be afraid to take well-considered risks. Keynote Speaker: Gary Cohn Gary Cohn, Vice Chairman of IBM, talked about the current economic climate, and while it’s a natural viewpoint to look to the past for guidance, the current environment is unlike any before. Cohn discussed regulatory compliance in the banking industry and prioritizing safety and soundness. While AI is topical and in numerous headlines recently, Cohn reminded the conference goers that AI isn’t new. He said what is new and important is that you can now teach models to find the information needed rather than having to feed all the information yourself. He believes AI is not the end of employment, but rather helps boost productivity, efficiency, and job satisfaction and provides organizations more data. As for advice for the audience, Cohn shared opportunities are in the uncomfortable zones and you have to be willing to fail in order to succeed. Session highlights – Day 1 The conference hall was buzzing with conversations, discussions and thought leadership. Overall themes that were frequently part of the conversation included seamless customer experiences, agility in face of economic changes and leveraging AI/ML into strategies. Fraud automation and preventing commercial fraud More businesses are opening than ever before and lenders and service providers need a way to determine risk from businesses who are less than a year old. There is no one-size-fits-all approach to fraud. A layered solution assesses risk and applies the correct friction to resolve the risk and pass or refer the applicant. Identity Today’s consumer wants a personalized experience and is privacy conscious. Additionally, regulators are also pushing for greater privacy. Clean rooms allow you and a partner to add data to a safe space and learn more about consumers without exposing data. The right data improves acquisition rates, identity verification and allows you to anticipate customer needs. Advanced scoring Data, models and strategy are the levers institutions are using to leverage responsible analytics to meet their objectives like safely growing existing portfolios, managing the “right” level of risk, and providing a seamless digital experience. However, the total value of a decisioning system is almost always constrained by its most rudimentary component. The panel of experts discussed their uses and goals for leveraging models and customer experience was at the top of their priorities. Recession preparedness Delinquency is on the rise and lending offers made continue to drop. Changes in the economic climate require frequent monitoring of portfolio and decisions, benchmarking against peers, updating credit models and decision strategies, and stress testing portfolio and models. Trends in credit risk management While AI at the hands of everyone is topical today, it ranked lowest on the list of trends attendees believed were impacting their business. At the top of the list? The growing demand for simpler, faster and seamless experiences. More insights from Vision to come. Follow @ExperianVision and @ExperianInsights to see more of the action.

The rise of the digital channel lead to a rise in new types of fraud – like cryptocurrency and buy now, pay later scams.  While the scams themselves are new, they’re based on tried-and-true schemes like account takeover and synthetic identity fraud that organizations have been working to thwart for years, once again driving home the need for a robust fraud solution.   While the digital channel is extremely attractive to many consumers due to convenience, it represents a balancing act for organizations – especially those with outdated fraud programs who are at increased risk for fraud. As organizations look for ways to keep themselves and the consumers they serve safe, many turn to fraud risk mitigation. What are fraud risk management strategies? Fraud risk management is the process of identifying, understanding, and responding to fraud risks. Proper fraud risk management strategies involve creating a program that detects and prevents fraudulent activity and reduces the risks associated with fraud. Many fraud risk management strategies are built on five principles: Fraud Risk AssessmentFraud Risk GovernanceFraud PreventionFraud DetectionMonitoring and Reporting By understanding these principles, you can build an effective strategy that meets consumer expectations and protects your business. Fraud risk assessment Fraud protection begins with an understanding of your organization’s vulnerabilities. Review your top risk areas and consider the potential losses you could face. Then look at what controls you currently have in place and how you can dial those up or down to impact both risk and customer experience. Fraud risk governance Fraud risk governance generally takes the form of a program encompassing the structure of rules, practices, and processes that surround fraud risk management. This program should include the fraud risk assessment, the roles and responsibilities of various departments, procedures for fraud events, and the plan for on-going monitoring. Fraud prevention “An ounce of prevention is worth a pound of cure.” This adage certainly rings true when it comes to fraud risk management. Having the right controls and procedures in place can help organizations stop a multitude of fraud types before they even get a foot in the door. Account takeover fraud prevention is an ideal example of how organizations can keep themselves and consumers safe. Fraud detection The only way to stop 100% of fraud is to stop 100% of interactions. Since that’s not a sustainable way to run a business, it’s important to have tools in place to detect fraud that’s already entered your ecosystem so you can stop it before damage occurs. These tools should monitor your systems to look for anomalies and risky behaviors and have a way to flag and report suspicious activity. Monitoring and reporting Once your fraud detection system is in place, you need active monitoring and reporting set up. Some fraud detection tools may include automatic next steps for suspicious activity such as step-up authentication or another risk mitigation technique. In other cases, you’ll need to get a person involved. In these cases it’s critical to have documented procedure and routing in place to ensure that potential fraud is assessed and addressed in a timely fashion. How to implement fraud risk management By adhering to the principles above, you can gain a holistic view of your current risk level, determine where you want your risk level to be, and what changes you’ll need to make to get there. While you might already have some of the necessary tools in place, the right next step is usually finding a trusted partner who can help you review your current state and help you use the right fraud prevention services that fit your risk tolerance and customer experience goals. To learn more about how Experian can help you leverage fraud prevention solutions, visit us or request a call. Learn more

What Is Identity Proofing? Identity proofing, authentication and management are becoming increasingly complex and essential aspects of running a successful enterprise. Organizations need to get identity right if they want to comply with regulatory requirements and combat fraud. It's also becoming table stakes for making your customers feel safe and recognized. Nearly 75 percent of consumers expect businesses to protect them online, and 70 percent say it's important for businesses they frequently deal with to identify them across visits.1 Identify proofing is the process organizations use to collect, validate and verify information about someone. There are two goals — to confirm that the identity is real (i.e., it's not a synthetic identity) and to confirm that the person presenting the identity is its true owner. The identity proofing process also relates to and may overlap with other aspects of identity management. Identity proofing vs identity authentication Identity proofing generally takes place during the acquisition or origination stages of the customer lifecycle — before someone creates an account or signs up for a service. Identity authentication is the ongoing process of re-checking someone's identity or verifying that they have the authorization to make a request, such as when they're logging into an account or trying to make a large transaction. READ: Leveraging Artificial Intelligence to Optimize Digital Identity Strategies How does identity proofing work? The National Institute of Standards and Technology (NIST) Special Publication 800-63-3, Digital Identity Guidelines, has an overview of the three stages of the identity proofing process: Resolution: The goal of the first step is to accurately identify the single, unique individual that the identity represents. Resolution is relatively easy when detailed identity information is provided. In the real world, collecting detailed data conflicts with the need to provide a good customer experience. Resolution still has to occur, but organizations have to resolve identities with the minimum amount of information. Validation: The validation step involves verifying that the person's information and documentation are legitimate, accurate and up to date. It potentially involves requesting additional evidence based on the level of assurance you need. Verification: The final step confirms that the claimed identity actually belongs to the person submitting the information. It may involve comparing physical documents or biometric data and liveness tests, such as a comparison of the driver's license to a selfie that the person uploads. The NIST guidelines are the standards that federal agencies must follow for their digital identity services, and industry often uses the same guidelines as a framework for their identity and access processes. The current NIST guidelines — Revision 3 — were updated in 2017 and have three identity assurance levels (or IALs). IAL 1: Doesn't require identity proofing to create an account. For example, you may be able to sign up for an online game or newsletter without submitting any identification. IAL 2: Requires users to submit identifying information and evidence either in-person or remotely. For example, when you need to upload a picture of your driver's license and a selfie to create an account or confirm a transaction. It also requires address confirmation and may include (but doesn't require) biometric checks, such as a fingerprint or face scan. IAL 3: Requires in-person or supervised remote identity verification, address verification and biometric checks. There is a proposal to update the NIST guidelines, and the NIST is requesting comments on the proposed Revision 4 through March 24, 2023. The updates aim to advance equity, give consumers additional choices, deter fraud and build on the lessons learned from previous revisions and real-world implementation. It also has four identity assurance levels, starting with IAL0, which is when there's no requirement for identity proofing. Service providers that offer identity proofing, verification and management services can get certified if they conform to the current NIST guidelines. For example, Experian's identity proofing solutions are NIST 800-63-3 IAL2 certified by Kantara Initiative. Building an effective identity proofing strategy By requiring identity proofing before account opening, organizations can help detect and deter identity fraud and other crimes. And although the NIST offers guidelines, you can use different online identity verification methods to implement an effective digital identity proofing and management system. These may include: Document verification plus biometric data: The consumer uploads a copy of an identification document, such as a driver's license, and takes a selfie or records a live video of their face. Database validations: The proofing solution verifies the shared identifying information, such as a name, date of birth, address and Social Security number against trusted databases, including credit bureau and government agency data. Knowledge-based authentication (KBA): The consumer answers knowledge-based questions, such as account information, to confirm their identity. It can be a helpful additional step, but they offer a low level of assurance, partially because data breaches have exposed many people's personal information. In part, the processes you'll use may depend on business policies, associated risks and industry regulations, such as know your customer (KYC) and anti-money laundering (AML) requirements. But organizations also have to balance security and ease of use. Each additional check or requirement you add to the identity proofing flow can help detect and prevent fraud, but the added friction they bring to your onboarding process can also leave customers frustrated — and even lead to customers abandoning the process altogether. WATCH: Webinar: Identity Evolved — Building consumer trust and engagement Finding the right amount of friction can require a layered, risk-based approach. And running different checks during identity proofing can help you gauge the risk involved. For example, comparing information about a device, such as its location and IP address, to the information on an application. Or sending a one-time password (OTP) to a mobile device and checking whether the phone number is registered to the applicant's name. With the proper systems in place, you can use high-risk signals to dynamically adjust the proofing flow and require additional identity documents and checks. At the same time, if you already have a high level of assurance about the person's identity, you can allow them to quickly move through a low-friction flow. Experian goes beyond identity proofing Experian builds on its decades of experience with identity management and access to multidimensional data sources to help organizations onboard, authenticate and manage customer identities. With a single API integration, Experian CrossCore® gives you access to a suite of identity proofing and fraud detection capabilities, including identity element verifications, risk analytics, device intelligence, document validation and biometrics. CrossCore Doc Capture offers end-to-end support for document and selfie verification, and you can use step-up OTP or KBV checks when appropriate. Learn more

With fraud expected to surge amid uncertain economic conditions, fraudsters are preparing new deception techniques to outsmart businesses and deceive consumers. To help businesses prepare for the coming fraud threats, we created the 2023 Future of Fraud Forecast. Here are the fraud trends we expect to see over the coming year: Fake texts from the boss: Given the prevalence of remote work, there’ll be a sharp rise in employer text fraud where the “boss” texts the employee to buy gift cards, then asks the employee to email the gift card numbers and codes. Beware of fake job postings and mule schemes: With changing economic conditions, fraudsters will create fake remote job postings, specifically designed to lure consumers into applying for the job and providing private details like a social security number or date of birth on a fake employment application. Frankenstein shoppers spell trouble for retailers: Fraudsters can create online shopper profiles using synthetic identities so that the fake shopper’s legitimacy is created to outsmart retailers’ fraud controls. Social media shopping fraud: Social commerce currently has very few identity verification and fraud detection controls in place, making the retailers that sell on these platforms easy targets for fraudulent purchases. Peer-to-peer payment problems: Fraudsters love peer-to-peer payment methods because they’re an instantaneous and irreversible way to move money, enabling fraudsters to get cash with less work and more profit “As fraudsters become more sophisticated and opportunistic, businesses need to proactively integrate the latest technology, data and advanced analytics to mitigate the growing fraud risk,” said Kathleen Peters, Chief Innovation Officer at Experian Decision Analytics in North America. “Experian is committed to continually innovating and bringing solutions to market that help protect consumers and enable businesses to detect and prevent current and future fraud.” To learn more about how to protect your business and customers from rising fraud trends, download the Future of Fraud Forecast and check out Experian’s fraud prevention solutions. Future of Fraud Forecast Press Release

  Kathleen Peters, Chief Innovation Officer, Decision Analytics for Experian, was recently featured on the Eliances Heroes podcast as part of the new weekly segment, the “Experian Identity Report.” In the introductory show, podcast host David Cogan, spoke with Kathleen about why identity is so important to our society. Listen to the podcast for the full discussion and see the transcript below. Learn more about Experian Identity David Cogan: How critical is it? Well, I’ll tell you. Payment fraud will exceed $206 billion in the next five years and let’s face it. Managing one’s personal identity is very complicated on its own and if the business enterprise managing customer identities in a strategic and secure way and scale across countless interaction is extremely complicated. And it’s only going to get more complex with the future from what I understand and all the technology that’s coming out if not by the day, by the hour. And that’s why we’re bringing this to you. Interviews with the world’s leading experts on the game changing impact of identity and the need to use reliable data to make confident decisions that securely accelerate customer engagement and that’s why we’re honored here today to have with us Kathleen Peters, Chief Innovation Officer, Experian Decision Analytics North America. Kathleen Peters: Thanks so much David, it’s great to be here with you. DC: $206 billion of payment fraud in the next five years? I mean who’s going to want to turn on their computer after this. That is a serious number. What do we do? KP: It’s really important that we get our arms around this both as consumers as well as businesses because we want to engage online. So much of what we’re doing is digital. It especially started in COVID when we were having our groceries delivered and everything else and even our grandparents are having to do their banking transactions online. The world is changing, and fraudsters take notice of that as well. Fraudsters are opportunistic and when they see a bunch of folks doing stuff online that they’ve never done before, they’re seeing that as an opportunity too. DC: You know the days of people horseback riding and overtaking trains are long gone and now it’s all digital. KP: It’s a lot easier these days. DC: Why is identity so important to our daily digital lives and in business? KP: It’s a great question, David. And as a consumer myself, you, and I when we transact online whether that’s to have food delivered, or I’m buying something for my kids or I’m even paying a bill, I want to be able to trust that my information will be safe, that my privacy will be protected and that my experience will be as smooth as possible. I think that’s what we all want. So as consumers and as businesses, how do we enable all the opportunities this new digital world is presenting to us in a way that we are safe and also businesses can transact with us securely and have confidence on who’s engaging with them online. DC: Let’s talk about identity. What really makes identity so challenging to manage at a business enterprise level especially with how complex the business portion is? KP: Absolutely. It really comes down to there are so many elements that comprise our identity. It’s multidimensional. So historically, when we think about identity, we probably think about the things that were on our DL or passport the kind of information that’s pretty static – name, address, SSN, date of birth – those kinds of things. Once we get online, that identity becomes a little more challenging. We’re not necessarily physically in front of the business that we’re engaging with so the business needs to determine if the person is who we say we are. There’s a famous Far Side comic from years ago where a dog is sitting in front of the computer and he says “On the internet, no one knows you’re a dog.” And that still rings true in that you need to be able to ensure that the customer that’s coming to your business online is a real person and not a bot, is a person with good intent and not a fraudster. You need to look no farther than some of the recent controversies around Twitter and Elon Musk’s on-again, off-again, on-again intent to buy the company. A few months ago he had pulled back because he wanted to know definitively how many users on Twitter are humans versus bots and sometimes determining that can be really hard. And that comes down to managing all these new definitions of identity. DC: That’s very important. The thing is businesses and consumers want to know really what to be able to do. So, what kinds of things is Experian able to offer to help with all of that? KP: We’re in a great position as Experian because we have such a depth and breadth of identity data. We have the analytics horsepower and really touchpoints that are really unique when it comes to thinking about identity. So we’ve been talking about these traditional identity elements and digital, online identity. When you think about it, Experian also really understands your financial identity. So when you bring those things together and a consumer is looking to maybe understand what their financial identity means, their credit score or even how to improve their credit score, Experian’s there. We’ve got a robust direct to consumer business, we’ve got offerings like Boost and Go that help people establish and build their credit. We’ve got marketplaces for cards, insurance, etc. And then when consumers want to open a new account at a financial institution, or a fintech, or a retailer, or even maybe buy some crypto or log into a business, Experian can bring that wealth of capability to help our clients, help businesses, separate those good consumers with good intent from the fraudsters and do that very quickly and efficiently so that consumers can have a great experience and build that trust with who they’re engaging with. DC: Kathleen, that’s really amazing. Alright, now with all of that going on, what is Experian doing now with innovating for the identity space? KP: This is a real passion of mine David and this is where I spend a lot of my time. We’re always looking ahead to see what is the new data, new capabilities that can help us improve that consumer experience and engagement, help clients find the right consumers online to engage and target, and really allow our clients to grow their businesses safely. So, we’re building some products in house, where we’re connecting new pieces that might be new to Experian like linking some of that traditional identity data with particular payment instruments. Is this Kathleen’s credit card? Is this my bank account? When I come and try to do transactions online. But we’re also partnering with new companies. There are a number of startups that are being formed that have been in business looking at new ways to stop fraud and new ways to help identify and authenticate users online. So, as we innovate, we’re building some things in house, we’re partnering, we’re investing in young companies, and sometimes we’re even acquiring. So, bringing together that breadth of data, analytics, really trying to think about what will be the next way that we’ll think about identifying ourselves online is some of the ways we’re innovating. DC: Well, we’re very fortunate to have you and your company here to be able to do that because it’s growing by leaps and bounds. I’m amazed by the number $206 billion which is probably going to go higher, so we’re very fortunate that Experian is around and really identifying this issue and trying to do something now. What do you think our audience will learn about these weekly, critical chats about identity with Experian experts? KP: These are going to be great conversations that we’re going to be able to share and talk about how rapidly things are changing and evolving and how this really relates to our daily lives and the things that are going on in this very dynamic economic climate, digital climate, the way things are changing the way we’re engaging. I think people are also going to learn a lot about Experian’s mission around financial inclusion and opportunity creation. We’re a very mission driven company and we’re the consumer’s bureau, so we want to do this journey in partnership with consumers so that you can take an active part in protecting yourself, understanding what’s going on, helping us fight fraud, but also just really be able to take advantage of all of these new opportunities in a safe way.

Written by: Mihail Blagoev As there is talk about the global economy potentially heading into a recession, while some suggest that it has already started, there is an expectation that many of the world's countries will see their economic output decline in the next couple of months or a year. Among the negative trends that can occur during a recession are companies making fewer sales and people losing their jobs. Unfortunately, just like any other economic crisis, fraud is expected to go in the opposite direction as criminals continue finding innovative ways to attack consumers when they’re most vulnerable. There is also a concern that first-party fraud attempts might rise as genuine consumers are pushed over the edge by inflation and economic uncertainty. With that in mind, here are six fraud trends that are likely to happen during a recession: Fraudsters exploiting the vulnerable  It is well-documented that fraudsters found numerous ways to exploit the vulnerable during the pandemic. Unfortunately, this is expected to happen again in the coming months. As the cost of living rises, criminals will try to use that in their favor by looking for people who can't pay their utility bills or can't afford the price of gas or even food. Fraudsters will try to exploit that by offering them deals, discounts, refunds, or just about anything that will make people believe they are paying less for something that has increased in value or is out of reach at its normal price. Fraudsters have two main goals behind these tactics – stealing personal information to use in other crimes or gaining immediate financial benefits. Although their tactics are well-known – applying pressure on their victims to make quick decisions or offering them something that sounds like a great deal, but in truth, it isn't – that won't prevent them from trying. These scams show that, unlike in other industries, criminals do not rely on high success rates to achieve their goals. All they need is one or two victims out of every few hundred to fall for their schemes. Loan origination fraud Periods of financial instability often result in an increase in first-party fraud, among others. This could take many forms, and there is a possibility for an increase in fraudulent loan applications by genuine consumers to be among the most popular ones. In this type of fraud, bad actors lie on registration forms or applications to gain access to funds they wouldn't normally receive if they added their real information. That could be done by lying about their income and employment information, usually inflating their salaries, extending the amount of time they worked for a certain company, or simply adding a company they have never worked for. Other popular forgeries include anything from supplying fake phone numbers and addresses to providing fake bank statements and utility bills. Money mules Recessions can result in layoffs or people looking for work not being able to find any. That's another opportunity for fraudsters to exploit the vulnerable by offering them “jobs.” This could be achieved by posting job ads on real employment websites or social media. Once recruited, people are asked to open new bank accounts or use their previously opened accounts to transfer funds to accounts that are in the possession of criminals. In the end, the funds get laundered, while the genuine account holder receives a fee for the service. People of all ages are a possible target, but this is especially true for younger generations who often don't understand the consequences of their activities.  Friendly fraud Another type of first-party fraud that could go up as a result of the increased economic pressures could be friendly fraud. In this type of fraud that mostly affects the retail industry, consumers charge back genuine payments made by them in order to end up with both the product purchased and the funds for it back in their possession. They could then keep the product or quickly resell it for less than its original value. Luxury goods and electronics could be especially attractive for this type of fraud. Claiming non-deliveries or transactions not being recognized could be among the top reasons used for charging back the transactions. Investment fraud During times of economic hardship, people are often looking for ways to keep their savings from getting eaten by inflation. Investments in property could be one solution, but as it is not affordable for everyone, people are also looking for other ways to invest their money. While this isn’t exactly a vulnerability, it is something that criminals are looking to exploit greatly. They usually reach out to potential victims through social media while also presenting them with fake websites that mimic those by real investors. The opportunities being offered can range from cryptocurrency to various schemes and products that don’t exist or are worthless. However, after the criminals obtain possession of the funds, they discontinue their contact with the victims. Fake goods While this shouldn't happen to the same extent that was seen in 2020, there is a chance that some goods might disappear from certain markets. There could be a variety of reasons for that, from companies limiting their production or going out of business due to inability to pay their bills or shortage in sales to issues with supply chains due to the high gas and oil prices. Expect fraudsters to be the first to move in if there are shortages and start offering fake products or goods that will never arrive.  It is still difficult to measure if or when a recession will hit each corner of the world or how long it will take for the next phase in the financial cycle to begin. However, one thing that is certain is that the longer it takes the economy to settle, the more opportunities criminals will have to benefit from their schemes and come up with new ways to defraud people. Businesses should monitor the fraud environment around them closely and be ready to adjust their fraud management strategies quickly. They should also understand the complexity of the problems in front of them and that they will likely need a mixture of capabilities to sort them out while keeping their customer base happy. This is where fraud orchestration platforms could help by offering the needed solutions to solve multiple fraud issues and the flexibility to turn any of these tools on and off when needed. Contact us

The preference for digital is here to stay, with consumers reporting that they are online 25% more today than a year ago. The explosive growth in remote work and e-commerce results in more transactions, and opportunities for online fraud are occurring. This new reality means that organizations of all types will face more and newer types of fraud risks. External fraud generally results from deceptive activity intended to produce financial gain that is carried out by an individual, a group of people or an entire organization. Fraudsters may prey on any organization or individual, regardless of the size or nature of their activities. The tactics used are becoming increasingly sophisticated, requiring a multilayered defense strategy. Fraud mitigation involves using tools to reduce the frequency or severity of these risks, ultimately protecting the bottom line and the future of the organization. Fraud impacts the bottom line and so much more According to the Federal Trade Commission, consumers reported losing more than $5.8 billion to fraud in 2021, a 70% increase over 2020. Another report places the losses much higher, with credit card fraud alone representing an estimated $9.3 billion. These costs extend beyond the face value of the theft to include fees and interest incurred, fines and legal fees, labor and investigation costs and external recovery expenses. Aside from dollar losses and direct costs, fraud can also pose legal risks that lead to fines and other legal actions and diminish credibility with regulators. Word of deceptive activities can also create risk for the brand and reputation. These factors can, in turn, result in a loss of market confidence, making it difficult to retain clients and engage new business. Leveraging fraud mitigation best practices As the future unfolds, three things are fairly certain: 1) The future is likely to bring more technological advances and, thereby, new ways of working and creating. 2) Fraudsters will continue to look for ways to exploit those opportunities. 3) The future is here, today. Organizations that want to remain competitive in the digital economy should make fraud mitigation and prevention an integral part of their operational strategy. Assess the risk environment While enhancing revenue opportunities, the global digital economy has increased the complexity of risk management. Be aware of situations that require people to enforce fraud risk policies. While informed, experienced people are powerful resources, it is important to automate routine decisions where you can and leverage people on the most challenging cases. It is also critical to consider that not every fraud risk aligns directly to losses. Consider touchpoints where information can be exposed that will later be used to commit fraud. Information that crooks attempt to glean from idle chatter during a customer service call can be a source of unexpected vulnerability. These activities can benefit from greater transparency and automated oversight. Create a tactical plan to prevent and handle fraud Leverage analytics wherever possible to streamline decisions and choose the right level of friction that’s appropriate for the risk, and palatable for good customers. Consumers and small businesses have come to expect a customized and frictionless experience. Employee productivity, and ultimately revenue growth, requires the ability to operate with speed and informed confidence. A viable fraud mitigation strategy should incorporate these goals seamlessly with operational objectives. If not, prevention and mitigation controls may be sidelined to get legitimate business done, creating inroads for fraudsters. Look for a partner who can apply the right friction to situations depending on your risk appetite and use existing data (including your internal data and their own data resources) to better identify individual consumers. This identification process can actually smooth the way for known consumers while providing the right protection against fraudsters and giving consumers who are new to your organization a sense of safety and security when logging in for the first time. It's equally important that everyone in your organization is working together to prevent fraud. Establish and document best practices and controls, beginning with fostering a workplace culture in which fraud mitigation is part of everyone's job. Empower and train all staff to identify and report suspicious activity and ensure they know how to raise concerns. Consider implementing ways to encourage open and swift communication, such as anonymous or confidential reporting channels. Stay vigilant and tap into resources for managing risks It is likely impossible to think of every threat your organization might face. Instead, think of fraud mitigation as an ongoing process to identify and isolate any suspected fraud fast — before the activity can develop into a major threat to the bottom line — and manage any fallout. Incorporating technology and robust data collection can fortify governance best practices. Technology can also help you perform the due diligence faster, ensuring compliance with Know Your Customer (KYC) and other regulations. As necessary, work with risk assessment consultants to get an objective, experienced view.  Learn more about fraud mitigation and fraud prevention services. Learn more  

What is elder abuse fraud? Financial abuse is reportedly the fastest-growing form of elder abuse, leaving many Americans vulnerable to theft scams, and putting businesses and other organizations on the frontlines to provide protection and help prevent fraud losses.   Financial elder abuse fraud occurs when someone illegally uses a senior’s money or other property. This can be someone they know, or a third party – like fraudsters who are perpetrating romance scams Older consumers and other vulnerable digital newbies were prime targets for this type of abuse during the start of the pandemic when many of them became active online for the first time or started transacting in new ways. This made them especially attractive targets for social engineering (when a fraudster manipulates a person to divulge confidential or private information) and account takeover fraud. While most of us have become used to life online (in fact, there’s been a 25% increase in online activity since the start of the pandemic), some seniors still have risky habits such as poor password maintenance, that can make them more attractive targets for fraudsters. What is the impact of elder abuse fraud? According to the FBI’s Internet Crime Complaint Center (IC3), elder abuse fraud cost Americans over the age of 60 more than $966 million in 2020. In addition to the direct cost to consumers, elder abuse fraud can leave organizations vulnerable to the fallout from data breaches via account takeover, and lost time and money spent helping seniors and other vulnerable Americans recoup their losses, reset accounts, and more. Further, the victim may associate the fraud with the bank, healthcare provider, or other businesses where the account was taken over and decide to stop utilizing that entity all together. How can organizations prevent elder abuse fraud? Preventing elder abuse fraud can take many forms. Organizations should start with a robust fraud management solution that can help prevent account takeover, first-party, synthetic identity fraud, and more. This platform should also include the ability to use data analysis to detect and flag sudden changes in financial behavior, online activities, and transaction locations that could indicate abuse or takeover of the account. With the right fraud strategy in place, organizations can help prevent fraud and build trust with older generations. Given that 95% of Baby Boomers cite security as the most important aspect of their online experience, this step is too important to miss.   To learn more about how Experian is helping organizations develop and maintain effective fraud and identity solutions, be sure to visit us or request a call. Contact us  

Between social unrest across the globe, the lingering pandemic, and the digital transformation brought on by the health crisis, the fraud landscape has expanded dramatically for businesses and consumers alike. According to Experian’s latest global identity and fraud report, 93% of U.S. companies have mid-to-high concern for fraud, and 81% say that their worries about fraud have increased over the past 12 months. Monitoring unused or dormant accounts for fraud is often a warning directed at consumers. However, it’s now advice an increasing number of businesses are wishing they’d followed, as growing synthetic identity (SID) fraud is fueling a dramatic increase in losses—SID related charge-offs ballooned to $20 billion in 2021 alone, according to the Federal Reserve Bank of Boston. The threat of SIDs SIDs are made to look like an actual consumer, combining both real and fake data to form a new composite identity. They typically evolve using a combination of tactics that include: Identifying and creating relationships with businesses that have a high tolerance for identity discrepancies. These include businesses whose products expose the business to low fraud risk and/or products offered to market segments where identity verification is expected to be challenging. Either of these enable an SID to be planted among consumer data sources. Attaching the SID to existing accounts and relationships that belong to other consumers. Often these existing accounts were established by collusive criminals or by using other SIDs, but there are also ways for legitimate consumers to collect ‘rent’ in exchange for adding other consumers to existing accounts. Either approach improves the SID’s appearance of credit worthiness. Progressively building the SID’s independent ability to access larger and larger amounts of credit until they spend quickly and default on all obligations, leaving no one for the victimized businesses to pursue. “They’re difficult to identify because of the combination of real and fake data and because there’s no actual victim reporting an identity theft. As a result, businesses typically have trouble separating SID losses from credit losses,” said Chris Ryan, Experian’s go-to-market lead for fraud and identity. “SID fraud isn’t committed haphazardly.  It’s carefully planned and executed—and it adapts to policy changes. Some businesses change their underwriting policy or focus on early-lifecycle account activity like purchases, payments, and requests for additional credit to reduce SID losses that occur immediately after an account is opened. SIDs can adapt to this. If six months of responsible account behavior earns a credit line increase or the ability to spend large amounts in a single billing cycle, the perpetrators are willing to wait,” Ryan said. “It’s something businesses and lenders need to be on guard for, especially with the fast-paced holiday shopping season ahead,” he said. Addressing SIDs Solving the increasingly complex problem of SID fraud requires a thoughtful approach. The institutions seeing success at preventing multi-faceted fraud are using a layered approach to identifying and mitigating fraud. Here are three steps lenders can take today to prevent SID fraud across your portfolio: Use data and analytics that extend beyond credit to evaluate identities and their histories more completely. Apply those analytics across the lifecycle from marketing and origination to portfolio management recognizing that SID risk is not restricted to a single lifecycle stage. Have a rigorous verification process that escalates to document verification or the Social Security Administrations Electronic Consent Based SSN Verification (eCBSV) process For more information on how you can leverage a multi-layered approach to fraud in your business, visit our fraud and identity solutions hub or request a call to discuss customizing a solution for your company.

Reports of romance scams have spiked in the past two years, partly due to the rise in popularity of online dating and social apps while Americans were isolated at home. With more consumers looking for love online, fraudsters have jumped on the chance to build intimate, trusted relationships without the immediate pressure to meet in person. And these shams seemingly paid off: from January 1 to July 31, 2021, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center received over 1,800 complaints related to an online romance scam, resulting in losses of approximately $133 million. These romance scams carry financial and security risks that impact both the targets of the fraud and the businesses with which they interact. Experian predicts that romance scams will continue to rise in 2022, leaving consumers and businesses vulnerable to attacks and theft. What is a romance scam? According to the FBI, a romance scam occurs when “a criminal adopts a fake online identity to gain a victim's affection and trust." Typically, fraudsters seek out their marks in dating or socializing settings, such as online apps, and strive to build intimacy and trust as quickly as possible. To avoid suspicion, they may claim that they travel frequently for work or give other excuses about why they can't meet in person. Their attentions are in the context of love and dating, so it's not uncommon for romance scammers to offer marriage proposals or other commitments to intensify the relationship, but the whole point of this fraud is to get their targets to send money. Sometimes fraudsters simply ask for a “loan" to cover medical expenses, an unforeseen shortfall or even travel costs to see the victim in person. Other times, they might ask for gifts or gift cards. Requests for money ­– whether through direct deposit, gift cards or credit card payments – are all red flags. Increasingly, romance scammers have tried to lure people into investment deals, including cryptocurrency. Romance scams predate the internet by centuries, but the emergence of digital technologies has made them easier to accomplish – and easier to get away with, too. Romance scams are increasing In 2020, there were around 44 million users of online dating services in the United States and this increased to 49 million users in 2021, according to Statista Research Department. By 2022, two years into the COVID-19 pandemic, that number jumped to more than 50 million, and it's projected to rise to 53.3 million by 2025. More users mean more potential targets. According to the Federal Trade Commission (FTC), romance scams hit a record high in 2021, with consumers reporting $547 million in losses that year ­– up 80 percent from 2020. The median individual loss reported to the FTC from romance scams was $2,400. With the help of modern technologies, romance scammers have added new tactics to their grift. For example, in addition to usual requests for money, a target might be asked to participate in bogus investment schemes involving cryptocurrency. In these cases, the median loss was $10,000. According to the FTC, romance scammers have conned Americans out of an estimated $1.3 billion over the past five years. Worryingly, romance scams also present a serious data risk. Damage could spread beyond financial losses into even more hazardous territory if the scammer can gain access to a target's personally identifiable information (PII) or financial data. In these cases, fraudsters might engage in identity theft to create new accounts or take over existing ones. Breaking up with romance scammers Businesses may not be susceptible to the lure of love, but they're still vulnerable when it comes to the fallout from romance scams. Companies must ensure they have a layered solution that seamlessly recognizes returning customers, while monitoring for indicators that the user presenting an identity is not actually the owner of that identity. Some warning signs include logins from a new IP address nowhere near the user's registered physical address; unusual types or frequencies of transactions; and the addition of a suspicious new authorized user to a credit card account. Businesses also have access to fraud prevention help. Using vast data resources, decades of identity and credit risk management, consumer-permissioned data and industry-leading analytics, Experian enables businesses to detect and prevent fraud by identifying credible customers. This empowers businesses to apply the appropriate amount of friction to each interaction to protect their customers, their data and themselves. To learn more about how Experian is assisting businesses with their fraud prevention efforts, visit us or request a call. And keep an eye out for additional in-depth explorations of our Future of Fraud Forecast. Future of Fraud Forecast Fraud Prevention