Fraud is not a point-in-time problem and data breaches should not be considered isolated attacks, which break through network defenses to abscond with credentials. In fact, data breaches are just the first stage of a rather complex lifecycle that begins with a vulnerability, advances through several stages of validation and surveillance, and culminates with a fraudulent transaction or monetary theft. Cyber criminals are sophisticated and have a growing arsenal of weapons at their disposal to infect individual and corporate systems and capture account information: phishing, SMSishing and Vishing attacks, malware, and the like are all attempts to thwart security and access-protected information. Criminal tactics have even evolved to include physical-world approaches like infiltrating physical call centers via social engineering attacks aimed at unsuspecting representatives. This, and similar efforts, are all part of the constant quest to identify and exploit weaknesses in order to stage and commit financial crimes. There are some companies that claim malware detection is the silver bullet to preventing fraud. This is simply not the case. The issue is that malware is only one method by which fraudsters may obtain credentials. The seemingly endless supply of pristine identity and account data in the criminal underground means that detecting a user’s system has been compromised is akin to closing the barn door after the hose has bolted. That is, malware can be an indicator that an account has been compromised, but it does not help identify the subsequent usage of the stolen credentials by the criminals, regardless of how the credentials were compromised. Compromised data is first validated by the seller as one of their “value adds” to the criminal underground and typically again by the buyer. Validation usually involves logging into an account to ensure that the credentials work as expected, and allows for a much higher “validated” price point. Once the credentials and/or account have been validated, cyber criminals can turn their attention to surveillance. Remember, by the time one realizes that credential information has been exposed, cyber criminal rings have captured the information they need – such as usernames, passwords, challenge responses and even token or session IDs – and have aded it to their underground data repositories. with traditional online authentication controls, it is nearly impossible to detect the initial fraudulent login that uses ill-gotten credentials. That is why it is critical to operate from the assumption that all account credentials have been compromised when designing an online authentication control scheme.

Consumer debt for every major consumer lending category has decreased over the past few years, except for student loans.

I have heard from a few creditors that when it comes to allocating accounts to collection agencies for recoveries creating a rule based strategy isn’t always in the cards. When clients use multiple collection agencies their ability to allocate accounts to the different agencies based on rule based strategies isn’t always available.  Some have a single setting on a billing or assignment system that indicates the account is to be assigned to Collection Agency X versus Collection Agency Y, and there is no easy method to make that assignment based on a true strategy.  Worse yet, it is often difficult to impossible to reassign that account from Collection Agency X to Collection Agency Y if the account status or risk level changes.  This means that their use of multiple collection agencies is not as “optimized” as it could be if a scripting or rule based tool was available to the business user.   Optimizing assignments means that the account is initially as well as subsequently assigned to the right agency at the right time based on its type, risk, history, balance, status and other circumstances to maximum recoveries.   This approach can make a significant difference in the recovery of bad debt. Furthermore, test results or allocations should be displayed after a script has been entered.  This usually provides a “what if” on collection agency assignments displaying the number or dollar value assigned if the rule was implemented.  That way you know if the script is correct (ballpark allocation seems reasonable), and if the allocation to any particular agency is within policy limits by dollar amount or number of accounts. Do you believe that you are optimizating your allocations to the agencies you use?  Do you have the tools you need to effectively assign each account to the right agency? Experian can help with its agency allocation and management solutions through Tallyman Agency Allocation. Learn more about our Tallyman Agency Allocation software.