Tag: fraud prevention

From malware and phishing to expansive distributed denial-of-service attacks, the sophistication, scale and impact of cyberattacks have evolved significantly in recent years. Mitigate risk by employing these best practices: Manage third-party risks. Regularly review response plans. Opt in to software updates. Educate, educate, educate. Organizations must adopt stronger, more advanced technical solutions to protect sensitive data. While enhanced technology is necessary for defending against data breaches, it can’t work independently. Learn more

While it’s important to recognize synthetic identities when they knock on your door, it’s just as important to conduct regular portfolio checkups. Every circumstance has unique parameters, but the overarching steps necessary to mitigate fraud from synthetic IDs remain the same: Identify current and near-term exposure using targeted segmentation analysis. Apply technology that alerts you when identity data doesn’t add up. Differentiate fraudulent identities from those simply based on bad data. Review front- and back-end screening procedures until they satisfy best practices. Achieve a “single customer view” for all account holders across access channels — online, mobile, call center and face-to-face. With the right set of analytics and decisioning tools, you can reduce exposure to fraud and losses stemming from synthetic identity attacks at the beginning and across the Customer Life Cycle. Learn more

Global Fraud and Identity Report 2018 Customer recognition. Convenience. Trust. Fraud risk. We obtained input from more than 5,500 consumers and 500 businesses worldwide on these priorities for our Global Fraud and Identity Report 2018. Top takeaways include: Your customers expect you to protect them. Are you meeting this need? Spot fraud by recognizing your customers. Can you identify yours? While perfect fraud prevention shouldn't undermine customer happiness, we can't forget that fraud victims aren’t happy customers. Businesses recognize the importance of trust - and the need for technology to enable it. Most businesses tend to demonstrate suspicion when it comes to preventing fraud, following a route of detection rather than permission or trust. This leads to lost sales and damages that customer’s lifetime value. There’s a better approach. Read the full report>

The multitude of modern fraud strategies available today necessitates applying an appropriate level of confidence to increase the likelihood of catching fraudsters without disrupting legitimate customers’ experiences. This approach is known as “rightsizing” your fraud solution. Here’s how fraud detection rates can be improved while reducing the number of false positives and disruption of legitimate customers: A right-size approach means tackling your fraud problem with a highly tailored solution that enables your business rather than crippling it. Next week, we’ll discuss this forward-looking approach to fighting fraud, or you can jump ahead and read our latest tip sheet. Tip sheet>

Traditional verification and validation parameters alone are not enough to stop identity fraud. Fortunately, there are many emerging trends and best practices for modern fraud and identity strategies: Applying right-sized fraud and identity proofing solutions to reduce user friction and manage fraud risk appropriately. Maintaining a universal user view by employing diverse breadth and depth of data assets and applied analytics. Expanding the user view through a blended ecosystem by collaborating with vendors, peer agencies, and partners in identity and fraud management. The future of identity proofing is more than just verifying individual identities. Check out our tip sheet linked below for more strategies. Modernize your fraud and identity strategies>

Sophisticated criminals work hard to create convincing, verifiable personas they can use to commit fraud. Here are the 3 main ways fraudsters manufacture synthetic IDs: Credit applications and inquiries that build a synthetic credit profile over time. Exploitation of authorized user processes to take over or piggyback on legitimate profiles. Data furnishing schemes to falsify regular credit reporting agency updates. Fraudsters are highly motivated to innovate their approaches rapidly. You need to implement a solution that addresses the continuing rise of synthetic IDs from multiple engagement points. Learn more

Despite rising concerns about identity theft, most Americans aren’t taking basic steps to make it harder for their information to be stolen, according to a survey Experian conducted in August 2017: Nearly 3 in 4 consumers said they’re very or somewhat concerned their email, financial accounts or social media information could be hacked. This is up from 69% in a similar survey Experian conducted in 2015. Nearly 80% of survey respondents are concerned about using a public Wi-Fi network. Yet, barely half said they take the precaution of using a password-protected Wi-Fi network when using mobile devices. 59% of respondents are annoyed by safety precautions needed to use technology — up 12% from 2015. When your customer’s identity is stolen, it can negatively impact the consumer and your business. Leverage the tools and resources that can help you protect both. Protect your customers and your business>

Synthetic identity fraud is on the rise across financial services, ecommerce, public sector, health and utilities markets. The long-term impact of synthetic identity remains to be seen and will hinge largely upon forthcoming efforts across the identity ecosystem made up of service providers, institutions and agencies, data aggregators and consumers themselves. Making measurement more challenging is the fact that much of the assumed and confirmed losses are associated with credit risk and charge offs, and lack of common and consistent definitions and confirmation criteria. Here are some estimates on the scope of the problem: Losses due to synthetic identity fraud are projected to reach more than $800 million in 2017.* Average loss per account is more than $10,000.* U.S. synthetic credit card fraud is estimated to reach $1.257 billion in 2020.* As with most fraud, there is no miracle cure. But there are best practices, and topping that list is addressing both front- and back-end controls within your organization. Synthetic identity fraud webinar> *Aite Research Group

Evolution of first-party fraud to third Third-party and first-party schemes are now interchangeable, and traditional fraud detection practices are less effective in fighting these evolving fraud types. Fighting this shifting problem is a challenge, but it isn’t impossible. To start, incorporate new and more robust data into your identity verification program and provide consistent fraud classification and tagging. Learn more>

Businesses may be increasingly aware of identity theft threats to their customers, but an Experian survey shows that many consumers still seriously underestimate their risk of falling victim to identity thieves. In fact, the persistent and harmful myth that the majority of consumers are not vulnerable to identity theft is badly in need of debunking. Consumer misconceptions The online Experian survey of 1,000 Americans, age 18 and older, found many consumers have a false sense of security about identity theft, even those who regularly engage in behaviors that can dramatically elevate their risk of having their identities stolen. For example: Sixty-two percent of consumers said the security of their personal information online is a minor concern that doesn’t worry them much, and 17 percent never worry about it at all. The top reason for their lack of concern? Twenty-seven percent said it was because they didn’t share that much personal identifiable information (PII) online. Yet consumers store an average of 3.4 types of PII online, and have a large digital footprint that can make it easy for cybercrooks to track and steal their information. Half believe poor credit means identity thieves won’t be interested in stealing their PII. Twelve percent believe they’re safe because they take security precautions, and 9 percent think using only secure websites insulates them from identity theft risks. Risky behaviors When identity theft occurs, consumers are likely to blame any business they associate with the theft. A Gemalto survey found that consumers said protecting their data is 70 percent the responsibility of the companies they do business with, and just 30 percent their own responsibility, Infosecurity Magazine reports. What’s more, 29 percent said they don’t think businesses take their responsibilities seriously enough when it comes to protecting consumer data. Yet the survey found consumers are probably far more responsible for identity theft than they think because they continue to engage in behaviors that put them at greater risk. These include: Shopping online over a public Wi-Fi connection (43 percent) Allowing others to use online account names and passwords (33 percent) Letting others know their mobile device passwords (29 percent) Sharing payment card numbers and/or PINs (25 percent) Letting others use their PII to secure a job or credit (20 percent) Failing to enroll in credit monitoring or identity theft protection services (82 percent) Leaving it up to their banks and credit card companies to catch signs of fraud (81 percent) These dangerous habits can expose consumers’ PII to cybercriminals, even though half of those we surveyed didn’t think they were likely to become victims of identity theft. Impact of identity theft When consumers become identity theft victims, they experience a range of negative emotions and real consequences that affect them personally and financially. According to a survey by the Identity Theft Resource Center, identity theft victims reported feeling frustrated, fearful, angry and stressed. Many had trouble concentrating, lost sleep and felt physically ill because of the crime. They also reported the identity theft overshadowed their personal relationships, their personal and professional credibility, and even affected their ability to get jobs. Some even lost their jobs as a result. What companies can do Clearly, identity theft can be devastating and consumers need to do more to protect themselves. When it occurs, identity theft also undermines the consumer’s trust in companies and institutions, especially if the identity theft occurred in connection to or following a data breach. Helping consumers protect themselves from identity theft benefits everyone. Consumers can avoid the financial and emotional turmoil identity theft causes, and companies can help preserve their relationship with customers. As part of an effective data breach response plan, companies should include a consumer care element that provides breached consumers with: Free identity theft protection and credit monitoring services Dark web and internet records scanning Fraud resolution services Identity theft insurance Myth debunked Year after year, identity theft statistics demonstrate that most consumers are at risk of falling prey to identity thieves, no matter what they believe to the contrary. Unfortunately, consumers continue to take actions that can place their identities at risk. While you can’t force your customers to stop accessing their bank accounts over airport Wi-Fi or using the same password for all their financial accounts, you can take steps to reduce the risk they’ll experience identity theft because of something your organization did or didn’t do. Helping consumers protect themselves from identity theft makes good business sense, and it’s the right thing to do. Plus, consumers expect it; according to the Ponemon Institute’s “Mega Data Breach: Consumer Sentiment” survey, 63 percent of consumers believe a company that experiences a data breach should offer free identity protection to customers affected by the breach. Learn more about our Data Breach solutions

Most companies aren’t prepared to respond to a global data breach, and aren’t yet ready to comply with the European Union’s General Data Protection Regulation (GDPR), even though it takes effect in less than a year, according to the latest Ponemon Institute report sponsored by Experian® Data Breach Resolution. Nearly a third of the 588 information security and compliance professionals interviewed for the survey said their organizations had no global incident response plan in place, and 38 percent have a single plan that’s applied around the world. Just 27 percent reported having separate plans at the country or regional level, but even those who had a plan weren’t confident about its efficacy. The global scope of data breaches The number of data breaches reached a record high in 2016 — 4,149 incidents in 102 countries around the world exposed more than 4.2 billion records, according to cybersecurity company Risk Based Security. Ponemon’s survey underscores the scope of global data breaches; 51 percent of respondents reported their companies experienced a global data breach in the past five years, and 56 percent of breached companies had more than one incident. When the GDPR goes into effect in May 2018, any company that processes and/or holds the personal data of European Union consumers will be required to comply with the regulation, regardless of where the company is located. Failure to comply can lead to fines ranging from 2 percent to 4 percent of a company’s annual global turnover. Despite the escalating risks of falling victim to a global data breach and the possible repercussions of not complying with the GDPR, Ponemon’s survey shows a widespread lack of preparedness among companies. Levels of unpreparedness When it comes to preventing and responding to a global data breach, and ensuring they comply with the GDPR’s strict notification rules, many survey respondents expressed significant shortfalls in preparedness: Outdated and inadequate security solutions would hinder the ability of 49 percent to cope with a global data breach. Just 40 percent of respondents felt confident their organizations’ security technologies would adequately protect information assets and IT infrastructures overseas, and only 39 percent said they had the right policies and procedures to do so. Slightly more than a third thought their companies could successfully manage cultural differences and privacy and data security expectations in different areas of the world. A majority of respondents (89 percent) predicted the GDPR will significantly affect their data protection practices, and 69 percent felt non-compliance would hinder their companies’ ability to do business globally. Yet only a quarter said their companies were ready to comply with the new regulation. While most understand GDPR is something they need to worry about, many aren’t sure what to do. The survey reveals some companies may be feeling desperate enough about the looming regulation to take drastic measures; 34 percent said their preparations include closing operations in countries with high non-compliance rates. Timely notification of regulators and EU citizens affected by a data breach is a key component of the GDPR, yet the majority of our survey respondents (69 percent) said they would have trouble meeting the time limitations. The GDPR requires breached companies to notify regulators within 72 hours of discovering a breach, and affected consumers “without undue delay.” Half of our survey respondents said they experienced a global breach that required notification of victims. Only 10 percent were able to do so within the GDPR’s 72-hour window; 38 percent reported notification took two to five months to complete. Obstacles to preparedness The years-long evolution of the GDPR, which will replace older regulations, is evidence that world governments are taking data breach risks seriously. Unfortunately, our study indicates not all C-suite decision-makers are as concerned about global data breach risks as they should be and their antipathy is impairing their organizations’ ability to prepare for a global data breach. While the security professionals surveyed cited high-volume breaches (65 percent) and breaches involving high-value information (50 percent) as the data risks that concern them the most, only 30 percent said their organization’s C-suite was fully aware of the company’s compliance status. Further, just 38 percent said their executives viewed global data regulations as a top priority. Technology limitations and lack of executive support are significant obstacles to preparedness and compliance, but they’re not the only ones. Additionally, survey respondents cited: Reluctance to make needed comprehensive changes in business practices (60 percent) Not enough budget to hire staff (37 percent) Unrealistic demands from regulators/regulations (35 percent) Not enough money for appropriate security technology (34 percent) Lack of knowledge about global data breach response (29 percent) What companies must do Some survey respondents indicated their organizations are taking the right steps toward preparedness and compliance. They are putting in place security technologies to quickly detect a data breach (48 percent), have tested and proven response plans (44 percent), can quickly identify whether a breach will require notification (15 percent) and are prepared to notify regulators within 72 hours of breach discovery (13 percent). However, many organizations could be doing more to prepare for a global data breach and to comply with the GDPR. Global data breach risks continue to increase in number, scope and impact, and the potential loss of business and financial impact of a breach could prove catastrophic for affected companies. With less than a year to go until the GDPR takes effect, any company that conducts business internationally needs to act now to ensure it will be ready to deal with a global data breach when it occurs. Learn more about our Data Breach solutions

Mitigating synthetic identities Synthetic identity fraud is an epidemic that does more than negatively affect portfolio performance. It can hurt your reputation as a trusted organization. Here is our suggested 4-pronged approach that will help you mitigate this type of fraud: Identify how much you could lose or are losing today to synthetic fraud. Review and analyze your identity screening operational processes and procedures. Incorporate data, analytics and cutting-edge tools to enable fraud detection through consumer authentication. Analyze your portfolio data quality as reported to credit reporting agencies. Reduce synthetic identity fraud losses through a multi-layer methodology design that combats both the rise in synthetic identity creation and use in fraud schemes. Mitigating synthetic identity fraud>  

Like an unimmunized person in a roomful of flu patients, the healthcare sector continues to be at high risk of catching something unpleasant. Cyberattacks and data breaches jeopardize the well-being of healthcare organizations of every size, and too often their exposure is a result of not doing everything they can to immunize themselves against attack. In our 2017 Data Breach Industry Forecast, we predicted the profitability and uneven defenses of the healthcare sector would cause cybercriminals to continue to focus attacks on healthcare organizations. Numbers from the Identity Theft Resource Center indicate our prediction was right; by mid-year, 151 healthcare breaches have compromised more than 1.9 million records, accounting for nearly 22 percent of all 2017 breaches thus far. We also predicted: Ransomware would emerge as a top threat for healthcare organizations. Cybercriminals would expand their range of targets within the sector, causing mega breaches to broaden their focus from insurers to other organizations, including hospital networks. Electronic health records and mobile applications would increasingly be targeted. The year so far In mid-May the WannaCry ransomware cyberattack became the largest ever, affecting computer systems in more than 150 countries. Ransomware uses malicious code to infect systems, seize control and shut down user access until the affected organization or individual pays a ransom to unlock their systems. Britain’s National Health Service (NHS) was one of the largest victims of WannaCry, which infected medical devices as well as administrative PCs. The impact was widespread, affecting critical operations and causing hospitals to reject patients, doctor’s offices to shut down and emergency rooms to divert patients. Like a patient with a compromised immune system who ignores his doctor’s advice to get an annual flu shot, the NHS allegedly disregarded multiple security warnings to update and protect its systems. Cybercriminals have also expanded their targets for mega breaches beyond insurers. So far in 2017, the largest known healthcare breach in terms of number of compromised records occurred at a urology practice in Austin, Texas. ITRC statistics show nearly 280,000 records were compromised through the breach of the practice, which has eight locations in the greater Austin area. According to the practice’s official data breach notice, a ransomware attack encrypted data stored on the organization’s servers. Electronic health records were the target of cyberattacks at numerous healthcare organizations, including a fertility and menopause clinic in New Jersey, where more than 17,000 records were compromised, ITRC reports. The number, scope and impact of healthcare cyberattacks will only grow. The industry that focuses on taking care of Americans’ physical and mental health should proactively take steps to safeguard its own health by updating security measures and data breach response plans. Learn more about our Data Breach solutions

Turns out, Americans still don’t know much about CyberSecurity. That’s according to new research from the Pew Data Center, which conducted a cybersecurity knowledge quiz. The 13 question quiz was designed to test American’s knowledge on a number of cybersecurity issues and terms. A majority of online adults can identify a strong password and recognize the dangers of using public Wi-Fi. However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or determine if a webpage they are using is encrypted. As we in the industry know, cybersecurity is a complicated and diverse subject, but given the pervasiveness of news around cybersecurity, I was still a little surprised by the lack of knowledge. The typical (median) respondent answered only five of the 13 questions correctly (with a mean of 5.5 correct answers). 20% answered more than eight questions accurately, and just 1% received a “perfect score” by correctly answering all 13 questions. The study showed that public knowledge of cybersecurity is low on some relatively technical issues, like identifying the correct example of multi-factor authentication, understanding how VPNs minimize risk and knowing what a botnet is. On the flip side, the two questions that the majority of respondents answered correctly included identifying the strongest password from a list of four options and understanding that public Wi-Fi networks have risk even when they are password protected. Given the median scores, I was proud of missing only one question – guess I have more reading to do on Botnets. As an industry, it is our duty to not only create systems and securities to improve the tactical effectiveness of fraud prevention, but to educate consumers on many of these topics as well. They often are the first line of defense in stopping fraud and reducing the threat of breaches.

Has the EMV liability shift caused e-commerce fraud to increase 33% in 2016? According to Experian data, CNP fraud increased with Florida, Delaware, Oregon and New York ranked as the riskiest states. Miami accounted for the most fraudulent ZIP™ Codes in the US for shipping and billing fraud.