Tag: fraud
By: Maria Moynihan Mobile devices are everywhere, and landlines and computer desktops are becoming things of the past. A recent American Marketing Association post mentioned that there already are more than 1 billion smartphones and more than 150 million tablets worldwide. As growth in mobile devices continues, so do expectations around convenience, access to mobile-friendly sites and apps, and security. What is your agency doing to get ahead of this trend? Allocating resources toward mobile device access and improved customer service is inevitable, and, arguably, investment and shifts in one of these areas ultimately will affect the other. As ease of information and services improves online or via mobile app, secure logons, identity theft safeguards and authentication measures must all follow suit. Industry best practices in network security call for advancements in: Authenticating users and their devices at the point of entry Detecting new and emerging fraud schemes in processes Developing seamless cross-checks of individuals across channels Click here to see what leading information service providers like Experian are doing to help address fraud across devices. There is a way to confidently authenticate individuals without affecting their overall user experience. Embrace the change.
According to a recent 41st Parameter® study, 85 percent of consumers use online or mobile channels to conduct business.
A recent survey reveals that 30 percent of travelers have experienced identity theft while traveling or know someone who has.
How mobile is transforming the banking industry and the fraud concerns with it, a Q&A with Mike Gross Mike Gross is the director of risk strategy and professional services at 41st Parameter and has more than 10 years of experience in financial services fraud prevention and risk management. At 41st Parameter, Mike is responsible for identifying banking, ecommerce, and travel industry trends, highlighting emerging fraud threats, understanding client and partner risk management controls, and defining, implementing, and measuring the performance of new risk strategies for top global online brands. I sat down with Mike to discuss how the banking industry is changing to adapt to new mobile technology and the new forms of fraud that exist as a result. Matt: Mobile is transforming the banking industry, what are current fraud trends that banks and financial service companies need to be prepared for? Mike: Current fraud trends in mobile include increasingly sophisticated malware and attackers capitalizing on banks\' providing new service offerings to consumers via mobile devices. As consumer adoption of smartphones and tablets continues to steam-roll PCs (nearly 50% of logins via native app at some of the largest US banks, according to 41st data), we\'re seeing more fraudsters taking advantage of services like mobile deposit capture and peer-to-peer payments options in native applications and mobile websites. The growth of mobile malware (especially within the Android OS) is also particularly concerning. While most malware is intended to capture user credentials, which can be used by attackers to log into accounts and cause victims financial damage, more recent sophisticated variants like Svpeng leverage standard features like SMS balance checks to complement typical phishing, keylogging, and ransomware capabilities. Mobile banking fraud trends from Experian Decision Analytics Matt: What do you see as the next trend in fraud within the banking industry as the shift to mobile increases? Mike: We haven\'t seen much fraud originating from smartphones and tablets in comparison to PCs, but what we are seeing is the continued growth of mobile fraud. As services that directly target mobile users continue to expand we will see more attacks because many features were designed for convenience and not for security. Here are some fraud trends within mobile banking: Mobile deposit capture has been a consumer hit from a service and convenience perspective, but it has also been a major concern at top banks because risk and security teams are often not closely aligned with marketing initiatives as they are being designed and developed. So risk mitigation teams are often left scrambling to fill security gaps in new app functionality rather than being closely consulted throughout the development of new mobile-specific offerings. Mobile malware is seeing a meteoric rise, and the sophistication and number of new variants is also troubling. Malware is the most common attack method to steal consumer information, whether that is through a phishing site that redirects users or some other scheme. For example, a consumer opens the banking app but they are redirected to a phishing site that asks for account credentials as well as additional information like card number, PIN, SSN, etc. Another method is through keylogging to capture login details. Almost every variant of malware leverages one of these methods for data and credential theft. Social engineering via emails, calls, links, etc. also continues to be a growing threat, as attackers are increasingly leveraging knowledge of relationships to make attempts more personal and legitimate-looking. The days of the Nigerian 419 and lottery scams with misspellings and no personalization are long gone. Today\'s attacks often leverage personal information for the fraudster and look incredibly legitimate. As such, they can trick consumers into providing a few missing pieces of data that can be used to open accounts, transact online, etc. Matt: As discussed, the ability to provide mobile money transfers is a very popular feature for mobile banking, what are the fraud risks with this option? Mike: Most mobile money transfer services (either through banks or other applications enabling P2P transfers and bill payments) traditionally required the service to be set up online where there was more control and security in place to identify attacks. But those services are increasingly being expanded via native application enhancements. In the past, consumers could send money via mobile phone, but they could only transfer funds to individuals who had been set up through the online channel as receivers / payees. Today, for added convenience, more functionality is being pushed to consumers and essentially allows account to account transfers with nothing more than a receiver\'s e-mail address. This absolutely adds risk and banks have added layers of phone-based step-up authentication controls to ensure that mobile transfers are not fraudulent. Obviously, this is a fraud concern and will continue to grow as an attacker MO, along with consumer wire and other transfer types. Matt: How much have cybersecurity policies changes in the past few years within the banking industry? Mike: There has been intense industry regulatory pressure, which has even grown recently in light of several data breaches with large point-of-sale stores, online retailers and other providers. Compromised data is free-flowing in the criminal underground, and unfortunately, no amount of regulation can completely address that problem. So organizations are left to protect themselves from a wide array of attack types where fraudsters often have pristine identity data and can answer basic out-of-wallet questions or pass standard authentication controls. Obviously, pressure will continue around data security through PCI, encryption, EMV, and even tokenization for the retail and online community. But we\'re finally starting to see regulatory attention given to security in the mobile channel as well. That\'s been a major gap in previous guidance such as the FFIEC Online Guidance of 2005 and update in 2011. The most obvious and pivotal change, however, is that employing basic authentication methods to determine whether an individual really is who they say they are online is no longer acceptable. Regulators demand more and require that organizations deploy multiple strategies to prevent losses resulting from account compromises. This begins with basic know your customer (KYC) requirements, but often layers solutions like device intelligence, malware detection, behavior analytics, and anomaly detection on top of existing risk-based authentication solutions. Even that is not a guarantee that attackers won\'t be successful, however. There have been countless examples where several layers of security were in-place but banks and retailers still failed to spot the attacks due to all of the noise around differentiating good customers from attempts by attackers. It will be increasingly important for organizations to not just have solutions deployed — but to have those solutions optimized and layered in a way that produces minimal friction for legitimate users and stops attackers at the door. Matt: What can banks do to help protect themselves but also consumers who bank with them? Mike: Banks should employ multiple layered security through a continuously refined set of controls that immediately identify fraudulent access attempts so they can protect their invaluable customer relationships. Device intelligence coupled with a powerful risk engine is one critical component of such a layered approach, and it needs to be in-place across mobile and online channels. With the abundance of compromised data from recent breaches, relying solely on usernames / passwords, accurate identity information, and basic step-up authentication to protect accountholders at login is a recipe for disaster without visibility into attacks across the entire online estate. The list of alternative or complementary two-factor authentication approaches is long, and most enterprises are implementing multiple complementary controls and options to meet security needs and limit user inconvenience. This is often a delicate balancing act, but technologies like device intelligence and SMS-based tokens are seeing mass adoption. Biometrics, geo-location, and other native app technologies continue to show promise for mobile devices, but are often viewed as too intrusive unless the consumer is performing transactions that require a significant increase in security. These are also often opt-in only solutions, which could ultimately limit adoption. We also see more institutions rolling out technologies that are focused on quickly authenticating good users to make their user experience as convenient as possible. Covert device intelligence is a strong option for this use case as well, since it limits friction and can enable seamless consumer interaction across all channels, from desktops to smartphones and tablets to any device capable of an Internet connection. To learn more please visit: https://www.experian.com/decision-analytics/41st-parameter.html
By: Ken Pruett The great thing about being in front of customers is that you learn something from every meeting. Over the years I have figured out that there is typically no “right” or “wrong” way to do something. Even in the world of fraud and compliance I find that each client\'s approach varies greatly. It typically comes down to what the business need is in combination with meeting some sort of compliance obligation like the Red Flag Rules or the Patriot Act. For example, the trend we see in the prepaid space is that basic verification of common identity elements is really the only need. The one exception might be the use of a few key fraud indicators like a deceased SSN. The thought process here is that the fraud risk is relatively low vs. someone opening up a credit card account. So in this space, pass rates drive the business objective of getting customers through the application process as quickly and easily as possible….while meeting basic compliance obligations. In the world of credit, fraud prevention is front and center and plays a key role in the application process. Our most conservative customers often use the traditional bureau alerts to drive fraud prevention. This typically creates high manual review rates but they feel that they want to be very customer focused. Therefore, they are willing to take on the costs of these reviews to maintain that focus. The feedback we often get is that these alerts often lead to a high number of false positives. Examples of messages they may key off of are things like the SSN not being issued or the On-File Inquiry address not matching. The trend is this space is typically focused on fraud scoring. Review rates are what drive score cut-offs leading to review rates that are typically 5% or less. Compliance issues are often resolved by using some combination of the score and data matching. For example, if there is a name and address mismatch that does not necessarily mean the application will kick out for review. If the Name, SSN, and DOB match…and the score shows very little chance of fraud, the application can be passed through in an automated fashion. This risk based approach is typically what we feel is a best practice. This moves them away from looking at the binary results from individual messages like the SSN alerts mentioned above. The bottom line is that everyone seems to do things differently, but the key is that each company takes compliance and fraud prevention seriously. That is why meeting with our customers is such an enjoyable part of my job.
With the most recent guidance newly issued by the Federal Financial Institutions Examination Council (FFIEC) there is renewed conversation about knowledge based authentication. I think this is a good thing. It brings back into the forefront some of the things we have discussed for a while, like the difference between secret questions and dynamic knowledge based authentication, or the importance of risk based authentication. What does the new FFIEC guidance say about KBA? Acknowledging that many institutions use challenge questions, the FFIEC guidance highlights that the implementation of challenge questions can greatly impact efficacy of its usefulness. Chances are you already know this. Of greater importance, though, is the fact that the FFIEC guidelines caution on the use of less sophisticated systems and information that can be easily guessed or obtained from an Internet search, given the amount of information available. As mentioned above, the FFIEC guidelines call for questions that “do not rely on information that is often publicly available,” recommending instead a broad range of data assets on which to base questions. This is an area knowledge based authentication users should review carefully. At this point in time it is perfectly appropriate to ask, “Does my KBA provider rely on data that is publicly sourced” If you aren’t sure, ask for and review data sources. At a minimum, you want to look for the following in your KBA provider: · Questions! Diverse questions from broad data categories, including credit and noncredit assets · Consumer question performance as one of the elements within an overall risk-based decisioning policy · Robust performance monitoring. Monitor against established key performance indicators and do it often · Create a process to rotate questions and adjust access parameters and velocity limits. Keep fraudsters guessing! · Use the resources that are available to you. Experian has compiled information that you might find helpful: www.experian.com/ffiec Finally, I think the release of the new FFIEC guidelines may have made some people wonder if this is the end of KBA. I think the answer is a resounding “No.” Not only do the FFIEC guidelines support the continued use of knowledge based authentication, recent research suggests that KBA is the authentication tool identified as most effective by consumers. Where I would draw caution is when research doesn’t distinguish between “secret questions” and dynamic knowledge based authentication, which we all know is very different.
Lately there has been a lot of press about breaches and hacking of user credentials. I thought it might be a good time to pause and distinguish between authentication credentials and identity elements. Identity elements are generally those bits of meta data related to an individual. Things like: name, address, date of birth, Social Security Number, height, eye color, etc. Identity elements are typically used as one part of the authentication process to verify an individual’s identity. Credentials are typically the keys to a system that are granted after someone’s identity elements have been authenticated. Credentials then stand in place of the identity elements and are used to access systems. When credentials are compromised, there is risk of account takeover by fraudsters with mal intent. That’s why it’s a good idea to layer-in risk based authentication techniques along with credential access for all businesses. But for financial institutions, the case is clear: a multi-layered approach is a necessity. You only need to review the FFIEC Guidance of Authentication in an Internet Banking Environment to confirm this fact. Boiled down to its essence, the latest guidance issued by the FFIEC is rather simple. Essentially it’s asking U.S. financial institutions to mitigate risk using a variety of processes and technologies, employed in a layered approach. More specifically, it asks those businesses to move beyond simple device identification — such as IP address checks, static cookies and challenge questions derived from customer enrollment information — to more complex device intelligence and more complex out-of-wallet identity verification procedures. In the world of online security, experience is critical. Layered together, Experian’s authentication capabilities (including device intelligence from 41st Parameter, out-of-wallet questions and analytics) offers a more comprehensive approach to meeting and exceeding the FFIEC’s most recent guidance. More importantly, they offer the most effective and efficient means to mitigating risk in online environments, ensuring a positive customer experience and have been market-tested in the most challenging financial services applications.
By: Kennis Wong On the surface, it’s not difficult to define existing account fraud. Obviously, it is fraud perpetrated against an existing account. But the way I see it, existing account fraud can be broken down into four types. The first type is account takeover fraud, which is what most organizations think as the de facto existing account fraud. This is when a real consumer using his or her own identity to open a legitimate account, but the account later on get taken over by an identity fraudster. The idea is that when the account was first established, it was created by the rightful person. But somewhere along the way, the account and identity information were compromised. The fraudster uses the compromised information to engineer their way into the account. The second type is impersonation. Impersonation is somewhat similar to account takeover in the sense that it is also misusing the victim’s account. But the difference is that impersonation is more of a one or few times misuses of the account. Examples are a fraudulent use of a credit card or wire transfer. These are the obvious categories. But I think we should also think about these other categories. My definition of existing account fraud also includes this third type – identity fraud that was undetected during application. In other words, an account is established based on stolen identity. Many organizations call this “new account fraud”, which I don’t have a problem with. But I think it’s really also existing account fraud, because – is this existing account? The answer is yes. Is this fraud? Absolutely. It’s not that difficult, is it? Similarly, I am including first-party fraud in existing account fraud as well. A consumer can use his or her own identity to open an account, with an intention to default after the account is established. Example is bust out fraud. You see that this is an expanded definition of existing account fraud, because my focus is on detection. No matter at what point and how identity fraud comes in, it becomes an account in your organization, and that is where we need to discover the fraud. But at the end of the day, it’s not too important how to categorize or name the fraud - whether it\'s application fraud, existing account fraud, first party fraud or third party fraud, as long as organizations understand them enough and have a good way to detect them. Read more blog posts on existing account fraud.
The Communications Fraud Control Association’s annual meeting and educational event was held last week (June 14 – 16) at the Allerton hotel in Chicago, IL. The Communications Fraud Control Association is made up of communications and security professionals, fraud investigators, analysts, and managers, law enforcement, those in risk management, and many others. As an organization, they started out as a small group of communications professionals from the major long distance carriers who were looking for a better and more collaborative way to address communications fraud. Now, almost 30 years later, they’ve got over 60 members – a great representation of the industry yet still a nimble size. From what I hear, this makes for a specialized but quite effective “working” conference. Unfortunately I was not able to attend the conference but my colleague, Kennis Wong, attended and presented on the topic of Account Takeover and existing account fraud. It’s an area of fraud and compliance that Experian has spent some R&D on recently, with some interesting findings. In the past, we’ve been more focused on helping clients prevent new account and application fraud. It might seem like an interesting time to expand into this area, with some studies citing large drops in existing account fraud (2011 Identity Fraud Survey Report by Javelin). BUT...consumer costs in this area are way UP, not to mention the headline-grabbing news stories about small business account takeover. Which means it’s still a large pain point for financial institutions. Experian’s research and development in existing account fraud, combined with our expertise in fraud scores and identity theft detection, has resulted in a new product which is launching at the end of this month: Precise ID for Customer Management. Stay tuned for more exciting details.
Whether you call it small business, commercial, or corporate account takeover, this form of existing account fraud has been in the headlines lately and seems to be on the rise. While account takeover happens to individual consumers quite frequently, it’s the sensational loss amounts and the legal battles between companies and their banks that are causing this form of commercial fraud to make the news. A recent BankInfoSecurity.com article, Fraud Verdict: Opinions Vary, is about a court opinion on a high profile ACH fraud case - Experi-Metal Inc. vs. Comerica Bank – that cites a number of examples of corporate account takeover cases with substantial losses: · Village View Escrow of Redondo Beach, Calif.: lost $465,000 to an online hack · Hillary Machinery: settled with its bank for undisclosed terms in 2010. · The Catholic Diocese of Des Moines, Iowa: lost $600,000 in fraudulent ACH transactions. I was curious what information was out there and publicly available to help businesses protect themselves and minimize fraud losses / risk. NACHA, the electronics payment association, had some of the best resources on their website. Labeled the “Corporate Account Takeover Resource Center”, it has a wide variety of briefs, papers, and recommendations documents including prevention practices for companies, financial institutions, and third-party service providers. There’s even a podcast on how to fight ACH fraud! One thing was interesting to note, though. NACHA makes a point to distinguish between ACH fraud and corporate account takeover in this statement at the top of the web page: Corporate Account Takeover is a form of corporate identity theft where a business’ online credentials are stolen by malware. Criminal entities can then initiate fraudulent banking activity. Corporate Account Takeover involves compromised identity credentials and is not about compromises to the wire system or ACH Network. ACH fraud and wire fraud, terms mistakenly used to describe this type of criminal activity, are a misnomer. The ACH Network is safe and secure. Mostly I agree –the ACH Network is safe and secure. But from an F.I.\'s or company’s perspective, corporate account takeover and ACH Fraud often go hand in hand.
At Experian’s recent client conference, Vision 2011, there was a refreshing amount of positive discussion and outlook on origination rates and acquisition strategies for growth. This was coming not only from industry analysts participating in the conference but from clients as well. As a consumer, I’d sensed the ‘cautious optimism’ that we keep hearing about because my mailbox(the ‘original’ one, not email) has slowly been getting more and more credit card offer letters over the last 6 months. Does this mean a return to prospecting and ultimately growth for financial institutions and lenders? It’s a glimmer of hope, for sure, although most agree that we’re a long way from being out of the woods, particularly with unemployment rates still high and the housing market in dire shape. Soooo…..you may be wondering where I’m going with this…. Since my job is to support banks, lenders, utilities and numerous other businesses’ in their fraud prevention and compliance efforts, where my mind goes is: how does a return to growth – even slight – impact fraud trends and our clients’ risk management policies? While many factors remain to be seen, here are a few early observations: · Account takeover, bust out fraud, and other types of existing account fraud had been on the rise while application fraud had declined or stayed the same (relative to the decrease in new originations); with prospecting and acquisition activity starting to increase, we will likely see a resurgence in new account fraud attempts and methods. · Financial institutions and consumers are under increasing risk of malware attacks; with more sophisticated malware technology popping up every day, this will likely be a prime means for fraudsters to commit identity theft and exploit potentially easier new account opening policies. · With fraud loss numbers flat or down, the contracted fraud budgets and delayed technology investments by companies over the last few years are a point of vulnerability, especially if the acquisition growth rate jumps substantially.
It’s that time of year again – when people all over the U.S. take time away from life’s daily chores and embark upon that much-needed refresh: vacation! But just as fraud activity spikes during the holidays, there are also fraud trends suggesting spikes in fraudster activity during the summer. With consumers on vacation, identity theft becomes easier. Consumers are most likely to break their normal spending trends and break patterns established by fraud analytics; and consumers are less likely to be as attentive to elements that can help minimize fraud while out of town. There has been plenty of research to demonstrate that fraudsters perpetrate account takeover by changing the pin, address, or email address of an account. Now, fraudsters are more likely to add themselves as an authorized user to the account, which may not be considered a high-risk flag in transactional decisioning strategies. By identifying risky behaviors or patterns outside of a consumer’s normal behavior and an engaging in a knowledge based authentication session with the consumer, it is possible to help minimize the risk of fraud. Knowledge based authentication provides strong authentication and can be part of a risk-based approach to on-going account management, protecting both businesses and consumers from being burned, at least by fraudsters, while on vacation.
By: Staci Baker It seems like every time I turn on the TV there is another natural disaster. Tsunami in Japan, tornadoes and flooding in the Mid-West United States, earthquakes and forest fires – everywhere; and these disasters are happening worldwide. They are not confined to one location. If a disaster were to happen near any of your offices, would you be prepared? Living in Southern California, this is something I think of often. Especially, since we are supposed to have had “the big one” for the past several years now. When developing a preparedness plan for a company, there are several things to take into consideration. Some are obvious, such as how to keep employees safe, developing steps for IT to take to ensure data is protected , including an identity theft prevention program, and establishing contingency business plans in case a disaster directly hits your business and doors need to remain closed for several days, weeks, or …. But, what about the non-obvious items that should be included in a disaster preparedness plan? When a natural disaster hits, there is an increase in fraud. So much so, that after Hurricane Katrina battered the Gulf, the Hurricane Katrina Fraud Task Force, now known as the National Center for Disaster Fraud, was created. In addition to the items listed above, I recommend including the following. Create a plan that will put fraud alerts in place to minimize fraud. Fraud alerts are not just to notify your clients when there is fraudulent activity on their accounts. Alerts should also be put in place to let you know when there is fraudulent activity within your own business as well. Depending on the type of disaster, delinquency rates may increase, since borrower funds may be diverted to other needs. Implement a disaster collections strategy, which may include modifying credit terms, managing credit risk, and loan loss provisioning. Although these are only a few things to be considered when developing a disaster preparedness plan, I hope it gets you thinking about what your company needs to do to be prepared. What are some things you have already done, or that are on your to do list to prepare your company for the next big event that may affect you?
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:\"Table Normal\"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:\"\"; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:\"Calibri\",\"sans-serif\"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:\"Times New Roman\"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:\"Table Normal\"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:\"\"; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:\"Calibri\",\"sans-serif\"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:\"Times New Roman\"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} By: Kristan Frend I was recently pleased to see that the state I reside in, Minnesota finished in the bottom third of a state ranking. Luckily the rankings weren’t about overall health (#6), high school graduation (#3), or SAT scores (#2); instead it was the Federal Trade Commission’s state identity theft complaint ranks. Minnesota has just 49.2 complaints per 100,000 population, whereas the highest ranked state, Florida, as 114.8 complaints per 100,000 population. The top three states leading identity theft consumer complaints (per 100,000 population) included Florida, Arizona, and California. Besides warm sunshine and top-tier golf courses, what do these three states have in common? According to the February 2011 RealtyTrac U.S. Foreclosure Market Report™, all three rank in the top 5 states for foreclosure, and two of the three (Florida and California) rank #49 and #50 in unemployment rates, according to a March 2011 report released by the Bureau of Labor Statistics. On a national level unemployment rates and identity fraud incidence rates both improved from 2009 to 2010. From 2009 to 2010, unemployment rates went from 10.0% to 9.4% while according to Javelin’s 2010 Annual Identity Fraud Survey Report, identity fraud incidence rates fell from 4.8% to 3.5%. While it may be inaccurate to state that economic distress causes higher rates of identity fraud, there does seem to be a natural correlation between economic downswings and fraudulent activity. As we move further into 2011, it will be interesting to see if identity fraud incidence rates will continue to decrease as unemployment and economic outlook is on the upward swing. Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:\"Table Normal\"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:\"\"; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:\"Calibri\",\"sans-serif\"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:\"Times New Roman\"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}
By: Kristan Frend Imagine you’re on the #1 ranked relay swim team at the World Championships and you’re leading off. You finish your leg of the race with the team in first place. As your third teammate approaches the wall, your team is in first by a full body length. You’re on pace to set a new world record. Yet the anchor of your team is nowhere to be found, ultimately resulting in your team being disqualified. If only your fourth teammate would have made it to the blocks in time…. When you take a step back and look at your fraud risk management solutions, do you ever feel like you have all of the tools and processes available yet feel like the anchor is missing? Perhaps it’s time to reexamine your internal resources. You may have an assembly of sophisticated and robust online fraud detection tools from vendors, but you may be missing a critical piece if you’re not also effectively leveraging internal data. Through our work with clients, we’re found that it is not uncommon for organizations to manage the customer relationship through different departments or silos within the organization. All too often there is less than optimal coordination between these functional areas in taking advantage of their own internal negative data to combat application fraud. Additionally some organizations may have negative internal data but do not incorporate the check within their verification or risk based authentication tool, creating multiple steps and operational inefficiencies. One of the ways to overcome some of these issues is by incorporating internal negative data within an automated front-end check. Once loss data is loaded into a historical database, the next time that name, phone, address, driver’s license or SSN reappears on a new application, the data element is immediately identified as one associated with a previous loss. The negative data is securely stored for only your organization’s use and is not shared with users outside of your organization.
Learn More Image
