Uncategorized

Remember the new customers or subscribers you brought on last year, and how great they looked on paper?  High credit score, low revolving debt—clean as a whistle, solid as a rock. How do those stellar profiles look right now, in 2011? Still solid? Or has their luster recently faded? In today’s uncertain environment, it’s both a legitimate and prudent question credit departments should often ask. Regular portfolio reviews: illuminate, eliminate Because of the financial relationship between your company and its customers, you have a right to make “soft” inquiries to uncover new credit-quality risk. Red Flag indicators include a recent bankruptcy, an increase in late payments, and other credit obligations staying past due longer. Whatever the changes are, you’re entitled to know them, and regular portfolio reviews are an effective way to illuminate (and eliminate) risk. The other side of the coin Thankfully, telecom/cable credit trends are not all gloom and doom. Many people have actually improved their scores and are good candidates for better terms, better rates and cross-sell opportunities that can increase your wallet share. Of course, once you land good customers, keeping them happy becomes paramount. Increasing the number of products or services they use can make customers “stickier” and more loyal. So if, as mentioned in my previous post, acquisition is about prospect quality (not quantity), then retention and risk reduction are about regular portfolio reviews and keeping people happy. Supplementing reviews by letting customers know you value and appreciate their business, will help them stay put when pesky competitors come knocking.

Experian Decision Analytics has recorded increased demand from the marketplace for service integrations with interactive voice response (IVR), a phone technology that allows for automated detection of both voice and touch–tones. In the past quarter, there has been a more than 70 percent increase in IVR interest and it continues to grow. Why is there a demand for knowledge based authentication through IVR? Besides consumer acceptance of out of wallet questions, there is a dramatic increase in the need for remote authentication and fraud analytics that are accurate, not a burden to the consumer, cost–effective for organizations and part of an overall risk based authentication approach. Consumers stay connected in a number of ways — phone, online, mobile and short message service (SMS) — and are demanding the means to remain safe without compromising convenience. Knowledge based authentication through IVR provides this safety. Organizations must consider all the tools at their disposal to keep consumer data protected while preserving and promoting a positive customer experience. Given the interactive nature of knowledge based authentication, it is quite adaptable to various customer access channels, such as IVR, and it enables full automation of both inbound and outbound authentication calls. We know from both our own experience and from working with clients that consumers are more connected, more mobile and more networked than ever before - and fraud trends demonstrate this increases risk. As consumers continue to expand online profiles and fraud artists continue to seek out victims, successful fraud prevention will become paramount to financial survival. Leveraging products already in use by combining the technology capitalizes on an existing investment and is good business.

Cybersecurity is back in the news, thanks in no small part to a number of government reports and developments with WikiLeaks. It’s also becoming increasingly important to businesses and lawmakers alike. Although not a new concern for the telecommunications industry, cybersecurity is quickly becoming a priority for the new Congress as pressure increases to develop a national plan. What should cybersecurity protect? A national cybersecurity plan would likely entail setting baseline security standards to protect critical networks – many of which are run by private organizations. For policymakers, the challenge will be to craft guidelines that protect consumer data and still allowing technological innovation. Last year, we saw a number of legislative proposals debated before Congress that would place new requirements on network infrastructure and strengthen coordination between federal regulators. So far, the proposals have been broad and have only raised additional questions. The hurdle for lawmakers will be addressing how existing data protection laws fit within new proposals in order that businesses do not face over burdensome requirements. Where does the FCC fit in? When it comes to cybersecurity, the role of the FCC is even more undefined – however that’s changing. Last summer, the FCC asked for public comments about the creation of a Cybersecurity Roadmap to identify vulnerabilities to communications networks and to develop countermeasures and solutions to cyber threats. The roadmap was first recommended as part of a broader strategy to create a National Broadband Plan that required the FCC to identify the five most critical security threats and establish a two-year plan to address them. While the Commission has accepted public comments, it’s unclear when a final Roadmap will be introduced. A national breach notification standard As part of a comprehensive plan, policymakers are also looking at what happens after a breach occurs. Currently, 46 states have passed laws requiring companies to notify consumers after a security breach. As a result, policymakers have begun to examine whether a national data breach law is necessary given the varying degrees of consumer notification. The FCC has indicated their support of a uniform law and has recommended that Congress include telecoms in the legislative discussion. Despite the uncertainty, one thing is sure: cybersecurity will be increasingly important to monitor during 2011. One way to stay current is to subscribe via email or RSS as we continue to look at the latest legislative or regulatory developments concerning the wireless and telecommunications industry. In the near future, we’ll be taking a look at recent data privacy recommendations by federal regulators and the privacy agenda of the new Congress. Meanwhile, if you’d like more information on Data Breach Notification or Fraud Management Compliance, your Experian representative can help. Let us know your concerns regarding cybersecurity and pending legislative issues so that we can address them in future posts.

In an attempt to out-innovate competitors, today’s communications companies seem busier than ever. The number of new products, services, devices and bundles continues to skyrocket, giving consumers more shiny new options than ever before. A double-edged sword More choices means greater opportunity to cross-sell, upsell or otherwise optimize customer value. But there is also increased risk, due to process or information gaps between internal acquisition, billing, account management and collections teams. There are also threats from the outside. Avoid being hit by “cyclers” These include hard-to-monitor, multiple-account households, and high-risk account “cyclers” who attempt to game the system by manipulating personal data; for example, providing different information when opening an account, buying a device or activating service. Undetected, such activity can severely impact corporate profitability. Fortunately, you can gain a clearer picture of both positive and negative activity by using assets and resources you already own. Extra benefits. No extra cost. The first step is working with IT to better mine internal data by linking disparate databases together (tips and best practices will be presented in future posts). This will give you a holistic view of all accounts. Experian recently did this with greater-than-expected success. In a similar effort, one utility we know identified more than $2.5 million in uncollected bad debt from current, active customers. What benefits can you expect? Besides gaining insight into driving the full value of multi-product customers, linking together internal data sources also enables you to: Illuminate resell/cross-sell opportunities and unfulfilled revenue potential Mitigate risk by identifying low value, high risk customers, and fraudulent behaviors Help in-house credit professionals “bridge the gap” with marketing and work in a more collaborative and integrated fashion Improve the customer experience across sales and support Best practices yield best results You already own the data you need. The secret to success is linking it together and putting it to work—without burdening already overworked teams. A structured set of best practices can make it happen. So what say you? What challenges does your communications company face with regard to customer data?

Many compliance regulations such the Red Flags Rule, USA Patriot Act, and ESIGN require specific identity elements to be verified and specific high risk conditions to be detected. However, there is still much variance in how individual institutions reconcile referrals generated from the detection of high risk conditions and/or the absence of identity element verification. With this in mind, risk-based authentication, (defined in this context as the “holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time") offers institutions a viable strategy for balancing the following competing forces and pressures: Compliance – the need to ensure each transaction is approved only when compliance requirements are met; Approval rates – the need to meet business goals in the booking of new accounts and the facilitation of existing account transactions; Risk mitigation – the need to minimize fraud exposure at the account and transaction level. A flexibly-designed risk-based authentication strategy incorporates a robust breadth of data assets, detailed results, granular information, targeted analytics and automated decisioning. This allows an institution to strike a harmonious balance (or at least something close to that) between the needs to remain compliant, while approving the vast majority of applications or customer transactions and, oh yeah, minimizing fraud and credit risk exposure and credit risk modeling. Sole reliance on binary assessment of the presence or absence of high risk conditions and identity element verifications will, more often than not, create an operational process that is overburdened by manual referral queues. There is also an unnecessary proportion of viable consumers unable to be serviced by your business. Use of analytically sound risk assessments and objective and consistent decisioning strategies will provide opportunities to calibrate your process to meet today’s pressures and adjust to tomorrow’s as well.

When we think about fraud prevention, naturally we think about mininizing fraud at application. We want to ensure that the identities used in the application truly belong to the person who applies for credit, and not from some stolen identities. But the reality is that some fraudsters do successfully get through the defense at application. In fact, according to Javelin’s 2011 Identity Fraud Survey Report, 2.5 million accounts were opened fraudulently using stolen identities in 2010, costing lenders and consumers $17 billion. And these numbers do not even include other existing account fraud like account takeover and impersonation (limited misusing of account like credit/debit card and balance transfer, etc.). This type of existing account fraud affected 5.5 million accounts in 2010, costing another $20 billion. So although it may seem like a no brainer, it’s worth emphasizing that we need to continue to detect fraud for new and established accounts. Existing account fraud is unlikely to go away any time soon.  Lending activities have changed significantly in the last couple of years. Origination rate in 2010 is still less than half of the volume in 2008, and booked accounts become riskier. In this type of environment, when regular consumers are having hard time getting new credits, fraudsters are also having hard time getting credit. So naturally they will switch their focus to something more profitable like account takeover. Does your organization have appropriate tools and decisioning strategy to fight against existing account fraud?

Cell phone use on the rise A Wikipedia list of cell phone usage by country showed that as of December 2009, the U.S. had nearly 286 million cell phones in use. In parallel, a recent National Center for Health Statistics study found that one in every seven homes surveyed received all or almost all their calls on cell phones, even though they had a landline. Study results further indicated, one in four homes in the U.S. relied solely on cell phones. This statistic highlights these households had no land line at all during the last half of 2009. Since this time, the number of households that fall within this category have increased 1.8 percent. Implications for communications companies The increasing use of cell phones, coupled with the decreasing use of landlines, raises some very important concerns for communications companies: The physical address on file may not be accurate, since consumers can keep the same number as they jump providers. The increased use of pre-paid cell phones shines a new light on the growing issue that contact numbers are not a consistent means of reaching the consumer. These two issues make locating cell phone-only customers for purposes of cross-selling and/or collections an enormous challenge. It would certainly make everyone’s job easier if cell phone providers were willing to share their customer data with a directory assistance provider. The problem is, doing so, exposes them to attacks from their competition and since provider churn rate concerns are at an all-time high, can you really blame them? Identifying potentially risky customers, among cell phone-only consumers, becomes more difficult. Perfectly good customers may no longer use a landline. From a marketing point of view, calling cell phones for a sales pitch is not allowed, how then do you reach your prospects?     What concerns you? Certainly, this list is by no means complete. The concerns above warrant further discussion in future blog posts. I want to know what concerns you most when it comes to the rise in cell phone-only consumers. This feedback will allow me to gear future posts to better address your concerns.

-- by, Andrew GulledgeOne of the quickest and easiest ways to reduce fraud in your portfolio is to incorporate question weighting into your out of wallet question strategy. To continue the use of knowledge based authentication without question weighting is to assign a point value of 100 points to each question. This is somewhat arbitrary (and a bit sloppy) when we know that certain questions consistently perform better than others.So if a fraudster gets 3 easier questions right, and 1 harder question wrong they will have an easier time passing your authentication process without question weighting. If, on the other hand, you adopt question weighting as part of your overall risk based authentication approach, that same fraudster would score much worse on the same KBA session. The 1 question that they got wrong would have cost them a lot of points, and the 3 easier questions they got right wouldn’t have given them as many points. Question weighting based on known fraud trends is more punitive for the fraudsters.Let’s say the easier questions were worth 50 points each, and the harder question was worth 150 points. Without question weighting, the fraudster would have scored 75% (300 out of 400 points). With question weighting, the fraudster would have scored 50% (150 out of 300 points correct). Your decisioning strategy might well have failed him with a score of 50, but passed him with a score of 75. Question weighting will often kick the fraudsters into the fail regions of your decisioning strategy, which is exactly what risk based authentication is all about.Consult with your fraud account management representative to see if you are making the most out of your KBA experience with the intelligent use of question weighting. It is a no-brainer way to improve your overall fraud prevention, even if you keep your overall pass rate the same.Question weighting is an easy way to squeeze more value of your knowledge based authentication tool. 

-- by, Andrew GulledgeThe intelligent use of question weighting in KBA should be a no-brainer for anyone using out of wallet questions. Here’s the deal: some authentication questions consistently give fraudsters a harder time than other questions. Why not capitalize on that knowledge?Question weighting is where each question type has a certain number of points associated with it. So a question that fraudsters have an easier time with might be worth only 50 points, while a question that fraudsters often struggle with might be worth 150 points. So the KBA score ends up being the total points correct divided by the total possible points. The point is to make the entire KBA session more punitive for the bad guys.Fraud analytics are absolutely essential to the use of intelligent question weighting. While fraud prevention vendors should have recommended question weights as part of their fraud best practices, if you can provide us with as many examples as possible of known fraud that went through the out of wallet questions, we can refine the best practice question weighting model to work better for your specific population.Even if we keep your pass rate the same, we can lower your fraud rate. On the other hand, we can up your pass rate while keeping the fraud rate consistent.  So whether your aim it to reduce your false positive rate (i.e., pass more of the good consumers) or to reduce your fraud rate (i.e., fail more of the fraudsters), or some combination of the two, question weighting will help you get there.

Quite a scary new (although in some ways old) form of identity theft in the headlines recently. Here’s a link to the article, which talks about how children’s dormant Social Security numbers are being found and sold by companies online under the guise of CPN’s – aka credit profile numbers or credit protection numbers.  Using deceased, “found”, or otherwise illicitly obtained Social Security numbers is not something new.  Experian’s and any good identity verification tool is going to check against the Social Security Administration’s list of numbers listed as deceased as well as check to ensure the submitted number is in an SSA valid issue range.  But the two things I find most troubling here are: One, the sellers have found a way around the law by not calling them Social Security numbers and calling them CPN’s instead.  That seems ludicrous!  But, in fact, the article goes on to state that “Because the numbers exist in a legal gray area, federal investigators have not figured out a way to prosecute the people involved”. Two, because of the anonymity and the ability to quickly set up and abandon “shop”, the online marketplace is the perfect venue for both buyer and seller to connect with minimal risk of being caught. What can we as consumers and businesses take away from this?  As consumers, we’re reminded to be ever vigilant about the disclosure of not only OUR Social Security number but that of our family members as well.  For businesses, it’s a reminder to take advantage of additional identity verification and fraud prediction tools, such as Experian’s Precise ID, Knowledge IQ, and BizID, when making credit decisions or opening accounts rather than relying solely on consumer credit scores.

Working with clients in the financial sector means keeping an eye toward compliance and regulations like the Gramm-Leach-Bliley Act (GLB), the Fair Credit Reporting Act (FCRA) or Fair and Accurate Credit Transactions Act (FACTA). It doesn’t really matter what kind of product it is, if a client is a financial institution (FI) of some kind, one of these three pieces of legislation is probably going to apply. The good part is, these clients know it and typically have staff dedicated to these functions. In my experience, where most clients need help is in understanding which regulations apply or what might be allowed under each. The truth is, a product designed to minimize fraud, like knowledge based authentication, will function the same whether using FCRA regulated or non-FCRA regulated data. The differences will be in the fraud models used with the product, the decisioning strategies set-up, the questions asked and the data sources of those questions. Under GLB it is acceptable to use fraud analytics for detection purposes, as fraud detection is an approved GLB exception. However, under FCRA rules, fraud detection is not a recognized permissible purpose (for accessing a consumer’s data). Instead, written instructions (of the consumer) may be used as the permissible purpose, or another permissible purpose permitted under FCRA; such as legitimate business need due to risk of financial loss. Fraud best practices dictate engaging with clients, and their compliance teams, to ensure the correct product has been selected based on client fraud trends and client needs. A risk based authentication approach, using all available data and appropriately decisioning on that data, whether or not it includes out of wallet questions, provides the most efficient management of risk for clients and best experience for consumers.

By: Tom Hannagan An article in American Banker* today discusses how many community banks are now discouraging new deposit gathering. We have seen many headlines in the past couple of years about how banks are not lending. Loan origination has been trending downward for many months. Now, they aren’t seeking deposits either. You would think this is the ultimate way to lower risk, but that’s not necessarily so. There are many different reasons why banks have or may be reducing their balance sheets. Tighter credit standards, and relatively low loan demand are chief among them. This is largely a reaction, on the part of banks and borrowers, to the economic contraction and painfully slow recovery. The softness in real estate is still a large overhanging problem – for consumers, businesses, governments and the banks. Banks are still working on loss provisioning in an attempt to deal with the embedded credit risk from the last recession. Even though they may be shrinking, or very slowly growing their loan portfolio, all of the forward risk management considerations are still there. That is true for the lending business and for managing the overall balance sheet. Most apparent among all these considerations is that the entire existing loan portfolio is steadily coming up for renewal consideration. That is as much of an opportunity for reconsidering a loan’s risk and return characteristics as is considering a new loan. It is also an opportunity to review the relationship management strategy, including the value of other relationship services or the time to sell new services to that client. All these sales situations involve risk and return considerations. Not least among them are the deposit services – existing and potential – associated with the relationship. The main point in the American Banker article was that banks can have trouble putting new deposit funds to work profitably. That makes sense. Deposits involve operating risk and operating costs. The costs include both fixed and variable costs. There are four or five major types of deposits. Each of them has very different operating cost profiles, balance behavior and levels of interest expense. They also involve market risk in that their loyalty or likely duration varies. So, it is important to take both the risk and return factors of new/renewed loans into account AND to take the risk and return factors of new/existing deposit balances into account as part of ongoing relationship management – and the bank’s resulting balance sheet direction. This is a lot to consider. A good risk-based profitability regimen is as critical as ever. *American Banker, Tuesday, July 27, 2010. In Cash Glut, Banks Try to Discourage New Deposits. By, Paul Davis

By: Staci Baker For the one-third of the U.S. population that rents, in the past, rental payment history has not been included in determining a credit score. With the acquisition of RentBureau by Experian, renters’ credit can now be affected by on-time payments or account delinquency, the same as an individual that owns a home. Why is it important to include rental payment history? Including rental payment history in credit score data strengthens the analytics used to compile credit scores by giving a more complete picture of an individual’s payment history. For consumers with no history on which to build a credit score, this allows them to create track record of continuous, on time, repayment. I believe the power this brings to multi-family owned units is the ability to quickly and easily determine who is either a low credit risk, or higher credit risk when leasing an apartment. As a property manager or resident screener, the risk that is taken on new tenants can be high. There are many unknown variables regarding a tenant’s credit worthiness, even once an application is completed – do they have a good history of making payments on time, did they fill out their application truthfully, will they be a good neighbor and many more.  Now that the credit risk management of applicants includes rental payment history in the consumer credit file, it will identify better quality residents, reduce delinquency rates and lead to greater collections management.

US interest rates are at historically low levels, and while many Americans are taking advantage of the low interest rates and refinancing their mortgages, a great deal more are struggling to find jobs,  and unable to take advantage of the rate- friendly lending environment.  This market however, continues to be complex as lenders try to competitively price products while balancing dynamic consumer risk levels, multiple product options and minimize the cost of acquisition. Due to this, lenders need to implement advanced risk-based pricing strategies that will balance the uncertain risk profiles of consumers while closely monitoring long-term profitability as re-pricing may not be an option given recent regulatory guidelines. Risk-based pricing has been a hot topic recently with the Credit Card Act and Risk-Based Pricing Rule regulation and pending deadline. For lenders who have not performed a new applicant scorecard validation or detailed portfolio analysis in the last few years now is the time to review pricing strategies and portfolio mix. This analysis will aid in maintaining an acceptable risk level as the portfolio evolves with new consumers and risk tiers  while ensuring short and long-term profitability and on-going regulatory compliance. At its core, risk-based pricing is a methodology that is used to determine the what interest rate should be charged to a consumer based on the inherent risk and profitability present within a defined pricing tier. By utilizing risk-based pricing, organizations can ensure the overall portfolio is profitable while providing competitive rates to each unique portfolio segment. Consistent review and strategy modification is crucial to success in today’s lending environment. Competition for the lowest risk consumers will continue to increase as qualified candidate pools shrink given the slow economic recovery.  By reviewing your portfolio on a regular basis and monitoring portfolio pricing strategies closely an organization can achieve portfolio growth and revenue objectives while monitoring population stability, portfolio performance and future losses.

In case you’ve never heard of it, a Babel fish is a small translator; that allows a carrier to understand anything said in any form of language.  Alta Vista popularized the name but I believe Douglas Adams, author of The Hitchhiker’s Guide to the Galaxy, should be given credit for coining the term.  So, what does a Babel fish have to do with Knowledge Based Authentication? Knowledge Based Authentication is always about the data – I have said this before.  There is one universal truth: data doesn’t lie.  However, that doesn’t mean it is easy to understand what the data is saying.  It is a bit like a foreign language.  You may have taken classes, and you can read the language or carry on a passable conversation, but that doesn’t mean it’s a good idea to enter into a contract – at least, not without an attorney who speaks the language, or your very own Babel fish. Setting up the best Knowledge Based Authentication configuration for risk management of your line of business can sometimes seem like that contract in a foreign language. There are many decisions to be made and the number of questions to present and which questions to ask is often the easy part.  To truly get the most out of fraud models, it is necessary to consider where the score cuts that will be used with your Knowledge Based Authentication session will be set and what methodology will be used to invoke the Knowledge Based Authentication session: objective score performance, manual review and decision, etc.  It is also important to consider the “kind of fraud” you might be seeing. This is where it is helpful to have your very own Babel fish – one designed specifically for fraud trends, fraud data, fraud models and Knowledge Based Authentication.  If your vendor doesn’t offer you a Babel fish, ask for one.  Yours could have one of many titles, but you will know this person when you speak with them, for their level of understanding of not only your business but, more importantly, your data and what it means.  Sometimes the Babel fish will work in Consulting, sometimes in Product Management, sometimes in Analytics – the important thing is that there are fraud-specific experts available to you. Think about that for a minute.  Business today is a delicate balance between customer experience/relationship management and risk management.  If your vendor can’t offer you a Babel fish, tell them you have fish to fry – elsewhere.