Fraud & Identity Management
Fraud and address manipulation (Part 1) Identifying an address as incorrect seems simple enough. But in reality, address mismatches between an application and credit bureau data aren’t uncommon. Here are several legitimate reasons why this may occur: Change of residence. Credit bureau’s unique logic for determining which address is the \"best.\" New/Emerging consumers often have fluctuating address data. Issuers that employ risk-based approaches allowing incorrect addresses to pass and those that use self-reported data for verification face the highest level of risk for this type of fraud. Next week, we’ll let you know how you can avoid these types of losses. Or you can get ahead and read our latest paper. Address manipulation fraud>
Experian's fraud and identity platform, CrossCore™ won New Security Product or Service and Security Product Management / Development Team of the Year awards at the 13th Annual Info Security Products Guide’s 2017 Global Excellence Awards®.
There has been a lot of discussion around the auto loan market regarding delinquency rates in the past year. It is a topic Experian is asked about frequently from clients in regard to what particular economic market behaviors mean for the overall consumer lending. To understand this issue more clearly, I ran a deeper dive on the data from our Q3 Experian-Oliver Wyman Market Intelligence report. There are some interesting, and perhaps concerning, trends in the data for automotive loans and leases. Want Insights on the latest consumer credit trends? Register for our 2016 year-end review webinar. Register now Auto loan delinquency rates are at their highest mark since 2008 The findings indicate that the performance of the most recent loans opened from Q4 2015 are now performing as poorly as the loans from the credit crisis back in 2008. In fact, you have to go back to 2008, and in some cases, 2007, to see loan default rates as poorly as the Q4 2015 auto loans originated in the last year. Below we have the auto loan vintage performance for loans originated in Q4 of the last 8 years — going back to 2008. The lines on the chart each represent 60 days late or more (60+) delinquency rates over specific time period grades. For these charts, I analyzed the first three, six, and nine months from the loan origination date. As you can see, the rates of delinquency have steadily increased in recent years, with the increase in the Q4 2015 loans opened equaling or even surpassing 2008 levels. The above chart reflects all credit grades, so one might think that this change is a result of the change in the credit origination mix. By digging a little deeper into the data, we can control for the VantageScore at the loan opening, or origination date, and review performance by looking at two different score segments separately. Is there concern for Superprime and Prime consumers auto loans? In the chart immediately below, the same analysis as above has been conducted, but only for trades originated by Superprime and Prime consumers at the time of origination. You can see that although the trend is not as pronounced as when all grades are considered, even these tiers of consumers are showing significant increases in their 60+ days past due (DPD) rates in recent vintages. Separately, looking at the Subprime and Deep Subprime segments, you can really see the dramatic changes that have occurred in the performance of recent auto vintages. Holding score segments constant, the data indicates a rate of credit deterioration in the Subprime and Deep Subprime segments that we have not observed since at least 2008 — back to when we started tracking this data. What’s concerning here is not only the absolute values of the vintage delinquencies but also the trend, which is moving upward for all three time periods. Where does the risk fall? Now that we see the evidence of the deterioration of credit performance across the credit spectrum, one might ask – who is bearing the risk in these recent vintages? Taking a closer look at the chart below, you can see the significant increase in the volumes of loans across lender type, but particularly interesting to me is the increase in 2016 for the Captive Auto lenders and Credit Unions, who are hitting highs in their lending volumes in recent quarters. If the above trend holds and the trajectory continues, this suggests exposure issues for those lenders with higher volumes in recent months. What does this mean for your business? Speak to Experian\'s global consulting practice to learn more. Learn more Just to be thorough, let\'s continue and look at the relative amounts of loans going to the different score segments by each of the lender types. Comparing the lender type and the score segments (below) reveals that finance lenders have a greater than average exposure to the Subprime and Deep Subprime segments. To summarize, although auto lending has recently been viewed as a segment where loan performance is good, relative to historical levels, I believe, the above data signals a striking change in that perspective. Recent loan performance has weakened to a point where comparing the 2008 vintage with 2015 vintage, one might not be able to distinguish between the two. // <![CDATA[ var elems={'winWidth':window.innerWidth,'winTol':600,'rotTol':800,'hgtTol':1500}, updRes=function(){var xAxislabelSize=function(){if(elems.winWidth<elems.winTol){return'12px'}else{return'14px'}},xAxislabelRotation=function(){if(elems.winWidth<elems.rotTol){return-90}else{return 0}},seriesLabelSize=function(){if(elems.winWidth<elems.winTol){return'12px'}else{return'16px'}},legenLabelSize=function(){if(elems.winWidth<elems.winTol){return'12px'}else{return'16px'}},chartHeight=function(){if(elems.winWidth<elems.rotTol){return 600}else{return 400}},labelInside=function(){if(elems.winWidth<elems.rotTol){return false}else{return true}},chartStack=function(){if(elems.winWidth<elems.rotTol){return null}else{return'normal'}};this.sourceRef=function(){return['Source: Experian.com']};this.seriesColor=function(){return['#982881','#0d6eb6','#26478D','#d72b80','#575756','#b02383']};this.chartFontFamily=function(){return'"Roboto",Helvetica,Arial,sans-serif'};this.xAxislabelSize=function(){return xAxislabelSize()};this.xAxislabelOverflow=function(){return'none'};this.xAxislabelRotation=function(){return xAxislabelRotation()};this.seriesLabelSize=function(){return seriesLabelSize()};this.legenLabelSize=function(){return legenLabelSize()};this.chartHeight=function(){return chartHeight()};this.labelInside=function(){return labelInside()};this.chartStack=function(){return chartStack()}}(), updY=function(chart){var points=chart.series[0].points;for(var i=0;i elems.rotTol){if(thisWidth<20){var y=points[i].dataLabel.y;y-=10;points[i].dataLabel.css({color:'#575756'}).attr({y:y-thisWidth})}}}},updX=function(chart){var points=chart.series[0].points;for(var i=0;i elems.rotTol){if(thisWidth
Internet-connected devices provide endless possibilities, but they rely on technology and collected data to deliver on their promises. This can compromise your network security. Follow these tips to enjoy the conveniences provided by Internet of Things devices while keeping your network safe. Look for devices that use end-to-end encryption. Change default passwords before connecting devices to your network. Enable two-factor authentication, when available. Leverage all security options, such as passwords, encryption, firewalls and firmware. The Internet of Things is only as strong as its weakest link. That\'s why it’s so important to understand and treat each connected device as part of a broader network. More security tips
Using digital technology like a big bank How was your holiday? Are the chargebacks rolling in yet? It’s no secret - digital technology like mobile device usage has increased significantly over the years, making it a breeding ground for fraudsters. As credit unions continue to grow their membership, their fraud security treatments need to grow as well. Bigger banks are constantly updating their fraud tools and strategies to fight against cybercrime and, therefore, fraudsters are setting their eyes on credit unions. Even as I write this, fraudsters are searching and targeting credit unions that don’t have their mobile channel secured. They attempt to capitalize on any weakness or opportunity: Registering stolen cards to mobile wallets Taking over an account via mobile banking apps Using a retailers’ mobile app to make fraudulent payments Disabling the SIM card in the victim’s phone and diverting the one-time password sent through text message to their own phones These are clever ways to commit fraud. But credit unions are becoming wise to these new threats and are serious about protecting their members. They are incorporating device intelligence with a solid identity authentication service. This multi-layered approach is essential to securing mobile channels, and protecting your Credit Union from chargebacks. To learn more about our fraud solutions, click here.
Experian shares five trends and twists coming over the next 12 months, that could push new boundaries and in many cases improve the customer experience as it pertains to the world of credit and finance.
Fraud and cybersecurity are two of the biggest risks challenging organizations and the economy today. Fraud has become its own industry, to the tune of $500 billion in estimated losses annually. To strengthen your fraud risk strategies, you need: A multilayered authentication and risk-based approach to prevent fraud. A comprehensive approach to identity with true customer intelligence. To avoid silos and recognize the value of combining your solutions into one platform. The rapid growth of fraud-related activity only reinforces the need for aggressive fraud prevention strategies and the adoption of new technology to prepare for the latest emerging cybersecurity threats. Want to know more?
Technology sharing can unlock a more effective strategy in fighting fraud. Experian’s multi-layered and risk-based approach to fraud management is discussed as many businesses are learning that combining data and technology to strengthen their fraud risk strategies can help reduce losses. Evolving fraud schemes, changes in regulatory requirements and the advent of new digital initiatives make it difficult for businesses to manage all of the tools needed to keep up with the relentless pace of change.
Happy holidays! It’s the holiday season and a festive time of year. Colorful lights, comfort food and holiday songs – all of these things contribute to the celebratory atmosphere which causes many people to let their guards down and many businesses to focus more on service than on risk. Unfortunately, fraudsters and other criminals can make one of the busiest shopping times of the year, a miserable one for their victims. The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign-up for a credit monitoring service to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. The good news is, in addition to the credit bureau, many banks and auto clubs now offer this as a service to their customers. For organizations, the focus should be on two fronts: data protection and fraud prevention. Not just to prevent financial theft, but to preserve trust — trust between organizations and consumers, as well as widespread consumer trust. Organizations must strive to evolve data protection controls and fraud prevention skills to minimize the damage caused by stolen identity data. There are dozens of tools in the industry for identifying that a consumer is who they say they are – and these products are an important part of any anti-fraud strategy. These options may tell you that the combination of elements is the consumer, but do you know that it is the REAL consumer presenting them? The smart solution is to use a broad data set for not only identity verification, but also to check linkage and velocity of use. For example: Is the name linking to other addresses being presented in the past week? Is the phone number showing up to other addresses and names over the past 30 days? Has the SSN matched to other names over the past 90 days? Since yesterday the address matches to four phone numbers and two names – is this a problem? And it must be done in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate criminals. Click here to learn more about Experian’s products and services that can help. As we go walking in the winter wonderland, remember, the holiday season is a time for cheer… and vigilance!
2017 data breach landscape Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast report with five key predictions What will the 2017 data breach landscape look like? While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution released its fourth annual Data Breach Industry Forecast white paper. The industry predictions in the report are rooted in Experian\'s history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry. \"Preparing for a data breach has become much more complex over the last few years,\" said Michael Bruemmer, vice president at Experian Data Breach Resolution. \"Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans. Our report sheds a light on a few areas that could be troublesome in 2017 and beyond.\" \"Experian\'s annual Data Breach Forecast has proven to be great insight for cyber and risk management professionals, particularly in the healthcare sector as the industry adopts emerging technology at a record pace, creating an ever wider cyber-attack surface, adds Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA). \"The consequences of a medical data breach are wide-ranging, with devastating effects across the board - from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital.\" \"The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. \"The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations\' incident response plans should certainly be updated to account for these new laws set to go in effect in 2017.\" Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added \"Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks.\" Download Whitepaper: Fourth Annual 2017 Data Breach Industry Forecast Learn more about the five industry predictions, and issues such as ransomware and international breach notice laws in our the complimentary white paper. Click here to learn more about our fraud products, find additional data breach resources, including webinars, white papers and videos.
How will the FinCEN revisions impact your business? (Part 2) I recently discussed the new FinCEN requirements to Customer Due Diligence. This time, I’d like to focus on the recent FinCEN advisory regarding “email-compromise fraud.” This new advisory sheds additional light on the dual threats of both Email Account Compromise impacting the general public and Business Email Compromise that targets businesses. FinCEN has rightly identified and communicated several high-risk conditions common to the perpetration of scams such as varied languages, slight alterations in email addresses, out-of-norm account and transaction information, and social engineering in the form of follow-up requests for additional transfers. In addition to introducing operational standards to detect such conditions, institutions also would benefit from these other tactics and focal points as they respond to email requests for financial transfers: Email validation and verification — use of third-party vendor services that can deliver a measurable level of confidence in the association of an email address to an actual, true identity. Multifactor authentication — use of dual-step or out-of-band verification of the requested transaction using alternate channels such as phone. Robust KYC/CIP at application and account opening to ensure that name, address, date of birth and Social Security number are verified and positively and consistently linked to a single identity, as well as augmented with phone and email verification and association for use in customer communications and multifactor authentications. Customer transactional monitoring in the form of establishing typical or normal transfer activity and thresholds for outlying variations of concern. Known and suspected fraud databases updated in real time or near real time for establishing blacklist emails to be segmented as high risk or declines upon receipt. Identity application and transactional link analysis to monitor for and detect the use of shared and manipulated email addresses across multiple transaction requests for disparate identities. Access to device intelligence and risk assessment to ensure consistent association of a true customer with one or more trusted devices and to detect variance in those trusted associations. Which of these 7 tactics are you using to stop email-compromise fraud?
Reinventing Identity for the Digital Age Electronic Signature & Records Association (ESRA) conference I recently had the opportunity to speak at the Electronic Signature & Records Association (ESRA) conference in Washington D.C. I was part of a fantastic panel delving into the topic, ‘Reinventing Identity for the Digital Age.’ While certainly hard to do in just an hour, we gave it a go and the dialogue was engaging, healthy in debate, and a conversation that will continue on for years to come. The entirety of the discussion could be summarized as: An attempt to directionally define a digital identity today The future of ownership and potential monetization of trusted identities And the management of identities as they reside behind credentials or the foundations of block chain Again, big questions deserving of big answers. What I will suggest, however, is a definition of a digital identity to debate, embrace, or even deride. Digital identities, at a minimum, should now be considered as a triad of 1) verified personally identifiable information, 2) the collective set of devices through which that identity transacts, and 3) the transactional (monetary or non-monetary) history of that identity. Understanding all three components of an identity can allow institutions to engage with their customers with a more holistic view that will enable the establishment of omni-channel communications and accounts, trusted access credentials, and customer vs. account-level risk assessment and decisioning. In tandem with advances in credentialing and transactional authorization such as biometrics, block chain, and e-signatures, focus should also remain on what we at Experian consider the three pillars of identity relationship management: Identity proofing (verification that the person is who they claim to be at a specific point in time) Authentication (ongoing verification of a person’s identity) Identity management (ongoing monitoring of a person’s identity) As stronger credentialing facilitates more trust and open functionality in non-face-to-face transactions, more risk is inherently added to those credentials. Therefore, it becomes vital that a single snapshot approach to traditionally transaction-based authentication is replaced with a notion of identity relationship management that drives more contextual authentication. The context thus expands to triangulate previous identity proofing results, current transactional characteristics (risk and reward), and any updated risk attributes associated with the identity that can be gleaned. The bottom line is that identity risk changes over time. Some identities become more trustworthy … some become less so. Better credentials and more secure transactional rails improve our experiences as consumers and better protect our personal information. They cannot, however, replace the need to know what’s going on with the real person who owns those credentials or transacts on those rails. Consumers will continue to become more owners of their digital identity as they grant access to it across multiple applications. Institutions are already engaged in strategies to monetize trusted and shareable identities across markets. Realizing the dynamic nature of identity risk, and implementing methods to measure that risk over time, will better enable those two initiatives. Click here to read more about Identity Relationship Management.
How will the FinCEN revisions impact your business? (Part 1) Some recently published FinCEN revisions and advisories are causing a stir. First, let’s look at revisions to Customer Due Diligence that require compliance by May 2018. Under the updated requirements for Customer Due Diligence, covered financial institutions must expand programs, including Customer Identification Programs (CIP), to include Beneficial Owners of Legal Entity customers. Under the new rule, financial institutions must collect and verify identity information (name, address, date of birth, Social Security number or passport number for foreign individuals): For each Natural Person with at least 25% ownership in the Legal entity and For an individual with significant responsibility for managing or controlling the business — for example, a chief executive officer, a chief financial officer, a chief operating officer, a managing member, a general partner, a president, a vice president or a treasurer The U.S. Treasury estimates that illicit proceeds generated in the United States alone total $400 billion annually. These requirements are intended to prevent anonymous access to financial systems through shielded or minority ownership. While the effort to stem the tide of illicit proceeds is laudable, the impact to business may be significant. Most organizations will need to audit their data collection practices, and many will need to make changes to either data collection or workflow processes to ensure compliance. While quite simple and straightforward on paper, the standardization of additional CIP policies and procedures tend to create substantive impact to the customer experience as well as operational resource allocations and utilization. Covered financial institutions should already be discussing with their current or prospective fraud risk and identity management vendors to ensure that: There is a clear path to altering both data collection and verification of these additional identity elements. Clear and accurate benchmarking around expected verification rates is available ahead of the compliance date to allow for operational workflow design to accommodate both ‘verifications’ and ‘referrals stemming from lack of full verification.’ Service providers are granting access to best-in-class data assets and search & match logic related to identity element verification and risk assessment, along with multi-layered options to reconcile those initial verification ‘fails.’ Full business reviews and strategy design sessions are underway or being scheduled to align and document overall objectives of the program, benchmarking of leading industry practices, current and future state gaps, near- and long-term initiatives and a prioritized roadmap, a viable business case toward additional investment in services and resources, and a plan of execution. Will this impact your business? Will you need to make any changes? Click here to read part two - FinCEN and email-compromise fraud.
Experian is recognized as a leading security solution provider for fraud and identity solutions in order to protect customers and financial institutions
U.S. Communities national contract awarded to Experian to use their data and analytic solutions in order to enable state and local government agencies to help consumers and better serve their communities for the future.
Learn More Image
