Fraud & Identity Management

Leadership and Cybersecurity Multiple studies suggest many executives aren’t as engaged as they should be when ensuring their organizations are prepared to mitigate and manage cybersecurity risks. Insights from our Fourth Annual Data Breach Preparedness Survey, conducted by the Ponemon Institute, support this sentiment. Of the privacy, compliance and IT professionals polled: 57% said their company’s board, chairman and chief executive officer were not informed about or involved in data breach response planning. 60% have leadership who don’t want to know immediately when a material breach occurs. 66% have a board that doesn’t understand the specific cybersecurity threats their organization faces. 74% said their board isn’t willing to take ownership for successful incident response plan implementation. For organizations to protect themselves, cybersecurity professionals need to create greater engagement among the organization’s leadership. Next week, we’ll look at how they can accomplish this. If you’d like, you can jump ahead and read it now. Fourth Annual Data Breach Preparedness Survey

Published: August 24, 2017 by Guest Contributor

We live in a digital world where online identities are ubiquitous. But with the internet’s inherent anonymity, how do you know you’re interacting with a legitimate individual rather than an imposter? Too often we hear stories about consumers who see unauthorized purchases on their credit cards, enable access to their devices based on an imposter claiming to be a security vendor or send money to someone they met online only to learn they’ve been “catfished” by a fraudster. These are growing problems, as more consumers transition to digital services and look to businesses to protect them, enable seamless trusted interactions and maintain their privacy. I recently chatted with MarketWatch about how consumers can protect themselves and their privacy when using online dating apps, as well as what businesses are doing to safeguard digital data. As part of the discussion, I mentioned that a simple, standard verification process companies of all sizes can leverage is vital to our rapidly evolving digital economy. Today, companies have their own policies, processes and definitions of identity verification, depending on the services they offer. This ranges from secure access requiring strong identity proofing, document verification, multifactor authentication and biometric enrollment to new social profiles that do little more than validate receipt of an email to establish an online account. To satisfy those diverse risk-based needs, more organizations are turning to federated identity verification options. A federated system allows businesses to leverage trusted, reputable, third-party sources to validate identity by cross-referencing the information they’ve received from a consumer against these sources to determine whether to establish an account or allow a transaction. While some organizations have attempted to develop similar identity verification capabilities, many lack a trusted identity source. For example, there are solutions that leverage data from social media accounts or provide multifactor fraud and authentication options, but they often become easily compromised because of the absence of verifiable data. A trusted solution aggregates data across multiple providers that have undergone thorough security and data quality vetting to ensure the identity data is accurately submitted in accordance with business and compliance requirements. In fact, there are only a handful of trusted identity sources with this level of due diligence and oversight. At Experian, we assess verification requests against an aggregate of hundreds of millions of records that include identity relationships, profile risk attributes, historical usage records and demographic data assets. With decades of knowledge about identity management and fraud prevention, we help companies of all sizes balance risk mitigation and maintain compliance requirements — all while ensuring consumer data privacy. Trust takes years to build and mere seconds to lose, and the industry has made undeniable progress in security. But there is much left to do. Consumers are increasingly involved in the protection and use of their data. However, they often don’t realize downloading a hot new app and entering personal details or linking to their friends exposes them to unnecessary risk. It’s important for businesses to be clear about their identity verification processes so consumers can make educated decisions before electing to provide invaluable identity data. The most effective fraud prevention and identity strategy is one that quickly establishes trust without inconveniencing the consumer. By staying up to date on verification methods, businesses can ensure customers have a smooth, personalized and engaging online experience.

Published: August 8, 2017 by Mike Gross

A combination of mass identity data compromise and the increasing abilities of organized fraud rings has created a synthetic identity epidemic that is impacting all markets. Here are the three ways that synthetic identities are generally created: Credit applications and inquiries that result in synthetic credit profile creation or build. Exploitation of the authorized user process designed to take over or piggyback on legitimate credit profiles. Data furnishing schemes that falsify regular credit reporting agency updates. When it comes to fighting synthetic fraud, we all need to be a part of the solution – or we are just a part of the problem. Mitigate synthetic identity fraud >

Published: July 13, 2017 by Guest Contributor

Mitigating synthetic identities Synthetic identity fraud is an epidemic that does more than negatively affect portfolio performance. It can hurt your reputation as a trusted organization. Here is our suggested 4-pronged approach that will help you mitigate this type of fraud: Identify how much you could lose or are losing today to synthetic fraud. Review and analyze your identity screening operational processes and procedures. Incorporate data, analytics and cutting-edge tools to enable fraud detection through consumer authentication. Analyze your portfolio data quality as reported to credit reporting agencies. Reduce synthetic identity fraud losses through a multi-layer methodology design that combats both the rise in synthetic identity creation and use in fraud schemes. Mitigating synthetic identity fraud>  

Published: June 22, 2017 by Guest Contributor

The creation of synthetic identities (synthetic id) relies upon an ecosystem of institutions, data aggregators, credit reporting agencies and consumers. All of which are exploited by an online and mobile-driven market, along with an increase in data breaches and dark web sharing. It’s a real and growing problem that’s impacting all markets. With significant focus on new customer acquisition and particular attention being paid to underbanked, emerging, and new-to-country consumers, this poses a large threat to your onboarding and customer management policies, in addition to overall profitability. Synthetic identity fraud is an epidemic that does more than negatively affect portfolio performance. It can hurt your reputation as a trusted organization and expose institutions, like yours, as paths of lesser resistance for fraudsters to use in the creation and farming of synthetic identities. Here is a suggested four-pronged approach to mitigate this type of fraud: The first step is knowing your risk exposure to synthetic identity fraud. Identify how much you could lose or are losing today using a targeted segmentation analysis to examine portfolios or customer populations. Next, review your front- and back-end identity screening operational processes and procedures and analyze that information to ensure you have industry best practices, procedures and verification tools deployed. Then incorporate data, analytics and some of the industry’s cutting edge tools. This enables you to perform targeted consumer authentication and identify opportunities to better capture the majority of fraud and operational waste. Lastly, ensure your organization is part of the solution – not the problem. Analyze your portfolio data quality as reported to credit reporting agencies and then minimize your exposure to negative compliance audit results and reputational risk. Our fraud and identity management consultants can help you reduce synthetic identity fraud losses through a multilayer methodology design that combats the rise in synthetic identity creation and use in fraud schemes.

Published: June 18, 2017 by Keir Breitenfeld

Experian’s ID Fraud Tracker, a quarterly analysis of fraud rates across consumer financial products, found that British families who are struggling financially — about 4 million people — are increasingly becoming prime targets of financial fraud. The research performed on data from 2014 to 2016 in the United Kingdom also revealed: There has been a 203% increase in the total number of fraudulent credit applications over the past two years. Current account, credit card and loan fraud were the most common types of credit products fraudsters applied for in other people’s names, making up 94% of the total. 35% of all third-party fraud came from households with high salaries and large disposable incomes. Fraud’s increasing around the world. We all have a responsibility to be vigilant and take measures to protect our business and customers, online and offline. Protect your customers >

Published: May 18, 2017 by Guest Contributor

So many insights and learnings to report after the first full day of 2017 Vision sessions. From the musings shared by tech engineer and pioneer Steve Wozniak, to a panel of technology thought leaders, to countless breakout sessions on a wide array of business topics … here’s a look at our top 10 from the day. A mortgage process for the digital age. At last. In his opening remarks, Experian President of Credit Services Alex Lintner asked the audience to imagine a world when applying for a mortgage simply required a few clicks or swipes. Instead of being sent home to collect a hundred pieces of paper to verify employment, income and assets, a consumer could click on a link and provide a few credentials to verify everything digitally. Finally, lenders can make this a reality, and soon it will be the only way consumers expect to go through the mortgage process. The global and U.S. economies are stable. In fact, they are strong. As Experian Vice President of Analytics Michele Raneri notes, “the fundamentals and technicals look really solid across the countries.” While many were worried a year ago that Brexit would turn the economy upside down, it appears everything is good. Consumer confidence is high. The Dow Jones Index is high. The U.S. unemployment rate is at 4.7%. Home prices are up year-over-year. While there has been a great deal of change in the world – politically and beyond – the economy is holding strong. The rise of the micropreneur. This term is not officially in the dictionary … but it will be. What is it? A micropreneur is a business with 0 to 4 employees bringing in no more than $200k in annual revenue. But the real story is that numbers show microbusiness are improving on many fronts when it comes to contribution to the economy and overall performance compared to other small businesses. Keep an eye on these budding business people. Fraud is running fierce. Synthetic identity losses are estimated in the hundreds of millions annually, with 50% year-over year growth. Criminals are now trying to use credit cleaners to get tradelines removed from used Synthetic IDs. Oh, and it is essential for businesses to ready themselves for “Dark Web” threats. Experts advise to harden your defenses (and play offense) to keep pace with the criminal underground. As soon as you think you’ve protected everything, the criminals will find a gap. The cloud is cool and so are APIs. A panel of thought leaders took to the main stage to discuss the latest trends in tech. Experian Global CIO Barry Libenson said, “The cloud has changed the way we deliver services to our customers and clients, making it seamless and elastic.” Combine that with API, and the goal is to ultimately make all Experian data available to its customers. Experian President of Decision Analytics Steve Platt added, “We are enabling you to tap into what you need, when you need it.” No need to “rip and replace” all your tech. Expect more regulation – and less. A panel of regulatory experts addressed the fast-changing regulatory environment. With the new Trump administration settling in, and calls for change to Dodd-Frank and the Consumer Financial Protection Bureau (CFPB), it’s too soon to tell what will unfold in 2017. CFPB Director Richard Cordray may be making a run for governor of Ohio, so he could be transitioning out sooner than the scheduled close of his July 2018 term. The auto market continues to cruise. Experian’s auto expert, Malinda Zabritski, revealed the latest and greatest stats pertaining to the auto market. A few numbers to blow your mind … U.S. passenger cars and light trucks surpassed 17 million units for the second consecutive year Most new vehicle buyers in the U.S. are 45 years of age or older Crossover and sport utility vehicles remain popular, accounting for 40% of the market in 2016 – this is also driving up finance payments since these vehicles are more expensive. There are signs the auto market is beginning to soften, but interest rates are still low, and leasing is hot. Defining alternative data. As more in the industry discuss the need for alternative data to decision, it often gets labeled as something radical. But in reality, alternative data should be simple. Experian Sr. Director of Government Affairs Liz Oesterle defined it as “getting more financial data in the system that is predicted, validated and can be disputed.” #DeathtoPasswords – could it be a reality? It’s no secret we live in a digital world where we are increasingly relying on apps and websites to manage our lives, but let’s throw out some numbers to quantify the shift. In 2013, the average U.S. consumer had 26 online accounts. By 2015, that number increased to 118 online accounts. By 2020, the average person will have 207 online accounts. When you think about this number, and the passwords associated with these accounts, it is clear a change needs to be made to managing our lives online. Experian Vice President David Britton addressed his session, introducing the concept of creating an “ultimate consumer identity profile,” where multi-source data will be brought together to identify someone. It’s coming, and all of us managing dozens of passwords can’t wait. “The Woz.” I guess you needed to be there, but let’s just say he was honest, opinionated and notes that while he loves tech, he loves it even more when it enables us to live in the “human world.” Too much wonderful content to share, but more to come tomorrow …

Published: May 8, 2017 by Kerry Rivera

During our recent webinar, Detect and Prevent: The current state of e-commerce fraud, Julie Conroy, Aite Group research director, shared 5 key trends relating to online fraud: Rising account takeover fraud. Targeting of loyalty points. Growing global transactions. Frustrating false declines. Increasingly mobile consumers. Fraud is increasing. Be prepared. Protect your business and customers with a multilayered approach to fraud prevention. For more trends and predictions, watch the webinar recording.

Published: April 27, 2017 by Guest Contributor

Knowing where e-commerce fraud takes place matters We recently hosted a Webinar with Mike Gross, Risk Strategy Director at Experian and  Julie Conroy, Research Director  at Aite Research Group, looking at the current state of card-not-present fraud, and what to prepare for in the coming year. Our biannual analysis of fraud attacks, served as a backdrop for the trends we’ve been seeing. I wanted to share some observations from the Webinar. Of course, if you prefer to hear it firsthand, you can download the archive recording here. I’ll start with the current landscape of card-not-present fraud. Julie shared 5 key trends her firm has identified regarding e-commerce fraud: Rising account take-over fraud Loyalty points targeted Increasingly global transactions Frustrating false declines Increasingly mobile consumers One particularly interesting note that Julie made was regarding consumer frustration levels towards forgotten passwords. While consumers are more frustrated when they’re locked out of access to their banking accounts (makes sense, it’s their money), forgotten passwords are more detrimental to e-commerce retailers since consumers are likely to go to another site. This equates to a frustrated consumer, and lost revenue for the business. Next, Mike went through the findings from our 2016 e-commerce fraud attack analysis. Fraud attack rates show the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders. Overall, e-commerce attack rates spiked 33% in 2016. The biggest trends we saw included: Increased EMV adoption is driving a shift from counterfeit to card-not-present fraud 2B breached records disclosed in 2016, more than 3x any previous year Consumers reporting credit card fraud jumped from 15% in 2015 to over 32% in 2016 Attackers shifting locations slightly and international orders rely on freight forwarders 10 states saw an increase of over 100% in fraudulent orders Over 70 of the top 100 riskiest postal codes were not in last year’s list So, what will 2017 bring? Be prepared for more attacks, more global rings, more losses for businesses, and the emergence of IoT fraud. Businesses need to anticipate an increase of fraud over time and to be prepared. The value of employing a multi-layered approach to fraud prevention especially when it comes to authenticating consumers to validate transactions cannot be understated. By looking at all the points of the customer journey, businesses can better protect themselves from fraud, while maintaining a good consumer experience. Most importantly, having the right fraud solution in place can help businesses prevent losses both in dollars and reputation.

Published: April 14, 2017 by Traci Krepper

With the recent switch to EMV and more than 4.2 billion records exposed by data breaches last year*, attackers are migrating their fraud attempts to the card-not-present channel. Our recent analysis found the following states to be the riskiest for e-commerce fraud in 2016. Delaware Oregon Florida New York Nevada Attackers are extremely creative, motivated, and often connected. Prevent e-commerce fraud by protecting all of your customer contact points. Fraud Heat Map>  

Published: April 13, 2017 by Guest Contributor

Turns out, Americans still don’t know much about CyberSecurity. That’s according to new research from the Pew Data Center, which conducted a cybersecurity knowledge quiz. The 13 question quiz was designed to test American’s knowledge on a number of cybersecurity issues and terms. A majority of online adults can identify a strong password and recognize the dangers of using public Wi-Fi. However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or determine if a webpage they are using is encrypted. As we in the industry know, cybersecurity is a complicated and diverse subject, but given the pervasiveness of news around cybersecurity, I was still a little surprised by the lack of knowledge. The typical (median) respondent answered only five of the 13 questions correctly (with a mean of 5.5 correct answers). 20% answered more than eight questions accurately, and just 1% received a “perfect score” by correctly answering all 13 questions. The study showed that public knowledge of cybersecurity is low on some relatively technical issues, like identifying the correct example of multi-factor authentication, understanding how VPNs minimize risk and knowing what a botnet is. On the flip side, the two questions that the majority of respondents answered correctly included identifying the strongest password from a list of four options and understanding that public Wi-Fi networks have risk even when they are password protected. Given the median scores, I was proud of missing only one question – guess I have more reading to do on Botnets. As an industry, it is our duty to not only create systems and securities to improve the tactical effectiveness of fraud prevention, but to educate consumers on many of these topics as well. They often are the first line of defense in stopping fraud and reducing the threat of breaches.

Published: April 3, 2017 by Traci Krepper

Newest technology doesn’t mean best when it comes to stopping fraud I recently attended the Merchant Risk Conference in Las Vegas, which brings together online merchants and industry vendors including payment service providers and fraud detection solution providers. The conference continues to grow year to year – similar to the fraud and risk challenges within the industry. In fact, we just released analysis, that we’ve seen fraud rates spike to 33% in the past year. This year, the exhibit hall was full of new names on the scene – evidence that there is a growing market for controlling risk and fraud in the e-commerce space. I heard from a few merchants at the conference that there were some “cool” new technologies out to help combat fraud. Things like machine learning, selfies and other two-factor authentication tools were all discussed as the latest in the fight against fraud. The problem is, many of these “cool” new technologies aren’t yet efficient enough at identifying and stopping fraud. Cool, yes.  Effective, no.  Sure, you can ask your customer to take a selfie and send it to you for facial recognition scanning. But, can you imagine your mother-in-law trying to manage this process? Machine Learning, while very promising, still has some room to grow in truly identifying fraud while minimizing the false positives. Many of these “anomaly detection” systems look for just that – anomalies. The problem is, we’re fighting motivated and creative fraudsters who are experts at avoiding detection and can beat anomaly detection. I do not doubt that you can stop fraud if you introduce some of these new technologies. The problem is, at what cost? The trick is stopping fraud with efficiency – to stop the fraud and not disrupt the customer experience. Companies, now more than ever, are competing based on customer experience. Adding any amount of friction to the buying process puts your revenue at risk. Consider these tips when evaluating and deploying fraud detection solutions for your online business. Evaluate solutions based on all metrics What is the fraud detection rate? What impact will it have on approvals? What is the false positive rate and impact on investigations? Does the attack rate decline after implementing the solution? Is the process detectable by fraudsters? What friction is introduced to the process? Use all available data at your disposal to make a decision Does the consumer exist? Can we validate the person’s identity? Is the web-session and user-entered data consistent with this consumer? Step up authentication but limit customer friction Is the technology appropriate for your audience (i.e. a selfie, text-messaging, document verification, etc...)? Are you using jargon in your process? In the end, any solution can stop 100% of the fraud – but at what cost. It’s a balance - a balance between detection and friction. Think about customer friction and the impact on customer satisfaction and revenue.

Published: March 29, 2017 by Bill Sallurday

Has the EMV liability shift caused e-commerce fraud to increase 33% in 2016? According to Experian data, CNP fraud increased with Florida, Delaware, Oregon and New York ranked as the riskiest states. Miami accounted for the most fraudulent ZIP™ Codes in the US for shipping and billing fraud.

Published: March 28, 2017 by Matt Tatham

The adoption of EMV terminals has pressured attackers to migrate their fraud attempts to the card-not-present channel. This is a major driver to the increase in e-commerce fraud attacks – more than 30% over last year. Here’s how this fraud victimization has increased across the country: 16% in North Central states. 25% in Northeastern states. 32% in Southern states. 25% in Western states. Attackers are extremely creative, motivated, and often connected. Protect all points of connection with your customers to prevent e-commerce fraud with a comprehensive, multilayered approach. Where does your state rank?

Published: March 23, 2017 by Guest Contributor

Legitimate address discrepancies are common, which surprises most people. And handling every address discrepancy as a high fraud risk is operationally expensive and inhibits the customer experience. You can avoid this type of fraud by employing these best practices: Use a distinct Know Your Customer and underlying Customer Identification Program process. Avoid verifications based on self-reported data. Maintain hotlist addresses. Fraud always will find the path of least resistance, and organized criminals will test you daily to isolate the weakest link. Be sure to regularly revisit your own policies and procedures for handling this type of fraud. Address manipulation fraud  

Published: March 16, 2017 by Guest Contributor