Tag: fraud

Since 2002, lenders have been aware of the importance of Know Your Customer (KYC) and the associated Customer Identification Program (CIP) requirements. As COVID-19 has changed procedures and priorities for businesses and consumers across the board, it’s more important than ever for institutions to ensure their CIP process includes ongoing monitoring of identity risk.   What is CIP?   Standard KYC programs include a Customer Identification Program to verify and validate identities along with due diligence to assess the risks associated with each identity.   CIP defines the process by which a business collects data to establish a reasonable belief that the identity is valid, and that the individual is eligible to participate in our financial system. While this process works in conjunction with other fraud mitigation tactics, they serve different purposes. A good CIP program emphasizes the customer experience, regulatory compliance, cost control, and smart growth. Fraud mitigation focuses on ensuring that an eligible identity is being presented by its true owner, rather than as part of a scheme to acquire goods and services with intent to default on repayment obligations.   Businesses who focus on solely on fraud mitigation rather than complying with KYC and CIP regulations run the risk of potential harm to business reputation, and of course, financial penalties. Fenergo found that as of the end of 2019, global penalties for AML and KYC non-compliance totaled $36 billion.   CIP vs. Fraud Mitigation Many financial institutions equate a CIP program with efforts to mitigate fraud. It’s understandable, as both processes include emphasis on the accuracy of an identity as it’s presented by a consumer. It is assumed that only the true owner of the identity would possess the detailed information necessary to meet CIP requirements and therefore would not likely be committing fraud.   There was a time—prior to large scale thefts of stored information, personal details shared through social media and other behavior changes that made personal information very public—when this would have been true. Unfortunately, those days have passed and even an amateur criminal with limited experience and resources could find current, accurate identity information for sale online, information good enough to pass the CIP test and be considered a legitimate consumer.   The real challenge is that when they go through CIP, many real consumers may inadvertently provide true information that doesn’t meet the verification standard. This is a result of consumer lifestyle changes outpacing the sources of data used to verify the information they’ve provided. It makes sense; in most years roughly 13% of American adults change their address. New homes, job changes and changes in marital status impact a large number of people every day. Adding to the confusion—it’s life’s changes that prompt people to borrow and purchase. The result is that many of the people that are more likely to fail CIP verification are the very people trying to legitimately access financial services.   The result is that CIP verification often isn’t a challenge for those intending to commit fraud, but it can be for genuine consumers.   The challenges of CIP In a recent internal study, Experian reviewed the ability to pass a standard CIP strategy that assessed the accuracy of the name, current address, date of birth and Social Security number provided by a large sample of consumers. We then compared legitimate consumers to those later confirmed to have been identity thieves impersonating a victim. Consistently, the identity thieves were at least as proficient at passing CIP as their true-consumer counterparts.   In a second step, we applied a fraud score that looked for identity theft by assessing the past uses of the identities, their consistency, velocity and many other characteristics unrelated to the accuracy of the data. The difference between CIP verification and a fraud risk assessment was striking. Across the entire range of fraud risk, the percentage of records that passed CIP verification remained the same.   That said, CIP still plays a very important role in risk mitigation. In fact, CIP and fraud prevention are inextricable in financial services. Just as a CIP verified identity can still be fraud, a record that may appear to be low fraud risk may not pass CIP. Since both processes have existed side by side for nearly two decades, each presumes that the other is in place and both are necessary to detect and prevent fraud.   Striking a balance   CIP verification and fraud mitigation strategies are both necessary and important to protecting assets and the broader financial system from fraud. It’s important to leverage a layered approach where both eligibility and risk are assessed, and next steps for verification include resolution of identity discrepancies alongside verification that ensures an identity is not being misused for fraud.   Experian can help you confidently verify customer identities, understand and anticipate customer activities, and implement ongoing monitoring. If you’d like to set up a review of your current strategy or learn more about how we can help you with CIP and fraud mitigation to strengthen your ability to know your customer compliantly, let us know. Contact us

Over the last several weeks, I’ve shared articles about the problems surrounding third-party, first-party and synthetic identity fraud. To wrap up this series, I’d like to talk about account takeover fraud and how digital transformation has impacted it over the last year. What is account takeover fraud? Account takeover fraud is a form of identity theft that involves unauthorized access to a user’s online accounts to enable financial crimes. Criminals can obtain information in a number of ways, including the dark web, spyware and malware, and phishing to allow them to make unauthorized transactions with the user’s account. Fraudsters have made efforts to also gain control of mobile or email accounts so they can intercept one-time passwords or password change instructions to retain control of the account. Once fraudsters have control of one account, they can use it to access other personal information to breach additional accounts and graduate to full-scale identity theft. How does account takeover fraud impact me? Account takeover fraud is damaging to businesses and consumers. It leads to losses and well as resources invested to confirm fraud. The potential losses from account takeover fraud have spiked over the last year, in large part due to the opportunities created by the rapid increase of digital interactions and the influx of users interacting with merchants and financial institutions online for the first time. Aite research shows that 64% of financial institutions are seeing higher rates of ATO fraud attacks now than prior to the pandemic. – Trace Fooshee, Senior Analyst, Aite Group1 Account takeover can also be difficult to detect. Unlike credit card fraud where the true owner might quickly notice suspicious charges, an account takeover attack can go undetected for long periods of time. That’s because the criminal can change login and contact information, ensuring that the real accountholder doesn’t realize they’ve been compromised immediately. Solving the account takeover fraud problem A good account takeover fraud prevention strategy requires two things: frictionless customer experience and robust risk management. It’s clear that customers expect seamless interactions with merchants and lenders. At the same time, businesses need to be able to spot risky or suspicious behavior before a bad transaction occurs. That’s where a layered fraud management solution comes into play. With the right tools—including risk-based identity and device authentication and targeted step-up authentication—businesses can provide a good customer experience and only pull in staff for deeper investigations where necessary. With this strategy in place, businesses can easily recognize good customers and provide a more personalized experience, while at the same time combatting fraud – boosting growth and minimizing losses in the long run. I hope this series has helped provide insights into the different types of fraud and why each of them requires different treatment. To learn more about the risks of account takeover and how a layered fraud management solution can help protect your business and your customers, feel free to contact us. 1Key Trends Driving Fraud Transformation in 2021 and Beyond, Aite Group, December 2020

It’s obvious that 2020 was a year of unprecedented change and created brand new opportunities for fraud. In 2021, fraudsters will continue to iterate on new and old methods of attack, requiring businesses to remain flexible and proactive to prevent losses. We created the 2021 Future of Fraud Forecast to help businesses anticipate new types of fraud and prepare and protect consumers on the road ahead. Here are the trends we expect to see over the coming year: Putting a Face to Frankenstein IDs: Synthetic identity fraud will start to rely on “Frankenstein faces” for biometric verification. “Too Good to Be True” COVID Solutions: The promise of at-home test kits, vaccines and treatments will be used as means for sophisticated phishing and social engineering schemes. Stimulus Fraud Activity, Round Two: Fraudsters will take advantage of additional stimulus funding by using stolen data to intercept payments. Say ‘Hello’ to Constant Automated Attacks: Once the stimulus fraud attacks run their course, hackers will increasingly turn to automated methods. Survival of the Fittest for Small Businesses: In 2021, businesses with lackluster fraud prevention tools will suffer large financial losses. To learn more about how to protect your business and customers, download the Future of Fraud Forecast and check out Experian’s fraud prevention solutions. Future of Fraud Forecast Request a call

Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity.   Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility.   Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out.   More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don't appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue.   How does synthetic identity fraud impact me?   As mentioned, when synthetic identities bust out, businesses are stuck footing the bill.   Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1   Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies.   Solving the synthetic identity fraud problem   Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle.   During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities.   Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience.   With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses.   To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud.   Contact us Download whitepaper   1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020

2020 is finally over – been there, done that. And while it seems safe to say most everyone is all too eager to kick off a new calendar year, the reality is we’re still reeling – and will continue to reel – through the economic impacts of the COVID-19 global pandemic. As we inch closer to the one year marker of when many businesses were sent home – across all industries, including those tech-inclined and those less so – the understatement of the year is that the world has since changed as have consumer communication preferences, how businesses and customers interact, tweaked definitions of privacy, and new (heightened) expectations of evolving a positive customer experience with minimal friction and maximum security. While last year’s predictions of entering a new set of Roaring 20’s may not have panned out the way we had initially imagined, many of the trends thought to evolve over the last 365 days did. As we all look toward a post-pandemic world, here are six top trends to keep tabs on throughout 2021. 1. Data Data as a commodity and as a business differentiating factor has reached an all-time high. It’s doing more across the entire customer lifecycle and can elevate businesses to best prep for growth, especially as consumers begin to look for more financial products (whether looking for financial assistance as the CARES Act accommodation period ends, or to take advantage of the booming mortgage industry, etc.). Data can also give more insights into consumers than ever before. Far beyond just credit scores and financial data, today’s data sets can reveal consumers’ lifestyle preferences, their preferred communication channels, their rental histories, and so much more. With alternative credit data and non-traditional data (including consumer-permissioned data), businesses can get a holistic picture of their customers’ payment behaviors. That streaming media service monthly payment may seem minimal, but now could increase your credit score through Experian Boost. Experian is still making big strides in all efforts to use data for good. As of December 31, 2020, Experian Boost has “boosted” Americans’ credit scores nearly 47 million points. Additionally, throughout 2020, Experian worked with financial institutions and credit furnishers to continue to put consumers first and serve as the consumer’s bureau. Coming up in 2021? Using data for differentiation, which can ultimately drive business growth. From instant prescreens to identifying your best customers (and offering them cross-sell and upsell opportunities to increase retention and customer loyalty) to helping customers that may be on the brink of financial distress and connecting them with management solutions to help them get back on their feet, data can help businesses – and their customers – get there. 2. Fraud and Friction (And the Reduction of Both) With the pandemic, fraud saw increases across the board. Here are just some quick stats: 200% increase in first-time online banking usage immediately following shelter-in-place orders (Aite Group, “Workplace Distancing: Adapting Fraud and AML Operations to COVID-19,” April 2020) 652% year-over-year increase in records found on the dark web (Experian CyberAgent technology) 50% increase in human farming – real people being hired for purposes of fraud – month-over-month in March 2020 (Arkose Labs) And, unsurprisingly, consumer and business sentiments toward fraud are also evolving with these increasing trends. For example, according to Experian’s North America Trends Report, half of consumers continue to site security as the most important factor of their online experience. Additionally, there’s been an increase in the percentage of businesses who have recently increased or are planning to increase fraud budget from 76% in 2019 to 89% as of Sept. 2020. More complex phishing schemes and increased fraudster activity is due in part to numerous industries having to shift to online processes and business transactions overnight. Adoption for mobile wallets has jumped 11% since July 2020, according to the 2020 Global Insights Report. Systems and technology that were not ready or not armed with the necessary infrastructure left critical access points open that could be exploited by fraudsters. Fraud exists across the customer lifecycle, at every access point. And while fraud is complex, with Experian as your partner, solving it isn’t. Innovative technology enables businesses to prevent fraud by identifying credible customers and applying the correct treatment to the riskiest consumer and business accounts. We can help you develop a layered risk management strategy so you can focus resources on growing and protecting your customer relationships. 3. A New Administration – Changing of the Guards on the Regulatory Front With the new year enters the inauguration of a new president and administration. Though there is still much to be determined, certain areas are drawing a lot of attention with this changing of the guards. The highlights? The CFPB. Priorities and leadership could change. With COVID-19 top of mind, it is likely there will be aggressive agendas put forth to help protect the millions of consumers who have suffered economic distress and harm as a result of the pandemic. Data Portability. With an increased consumer appetite to port their data, questions and concerns around data security – and how to verify for a third party asking for the data – are also on the rise. There are a number of issues facing financial institutions around data portability, one of the largest being defining the line between consumer account information and proprietary data. All things privacy – state vs. national bills. The debate continues on how to move forward (whether privacy legislation will be handled by the states or at the national level), but for now it seems there is more progress at the state level. California was the first state to push through state-level privacy legislation in the form of the California Consumer Privacy Act of 2018. Twenty-four states are considering legislation that would require consent before collecting or disclosing personal information with third parties. 4. Analytics + Digitalization – Smarter, Better, Faster COVID-19 accelerated digital transformation for many. Some companies were ready, having already started making the headway in years prior, while others struggled – and some continue to struggle. The pandemic – and its corresponding recovery – is reason now, more than ever, to get some of your digital transformation priorities checked off of your list. Your customers demand it and your business needs it. Tackling analytics and digitalization not only brings your business up to speed, but improves your decisioning, enhances your offerings, and enables better platforms and data usage. In addition to digitalization, artificial intelligence for credit decisioning and personalized banking can also be expected to be a top trend, especially AI that is ethical and explainable, as will the increasing adoption and implementation of cloud computing. As consumer experience continues to reign supreme, any and all technology to enhance and improve that experience – think chatbots and virtual assistants – will also likely increase in presence. 5. Verification & Identity Identity has been a trending topic over the last few years, brought on by increasingly digital lifestyles and the intersection of personalization, frictionless transactions and adequate security. Identity verification and verification of other information such as income, employment and the like are increasingly needed in a today’s pandemic and tomorrow’s post-pandemic world. Leveraged across the lifecycle and during critical customer interactions, the need is especially heightened for insights, data accuracy, and diversification of data sets – to name a few. And while it was already established that identity verification is not just for marketing services, there are now even greater needs for financial institutions to be able to confidently know that their customers are who they say they are. Some areas to keep your eye on in 2021? Identity, income, assets and employment. 6. Redefining the Modern Mortgage As has been a common trend, spurred by the disruption caused by COVID-19, the mortgage industry is one of the many to have a magnifying glass brought to its areas for improvement. Some of those areas include operational efficiency, digital adoption and transparency. In line with the better and faster needs that lenders are continually trying to pace with, the need for speed is hitting mortgage originations, with an ideal situation outlined as closing in 30 days or less. Creating operational efficiencies through faster, fresher data can be the key for lenders to more accurately assess a borrower’s ability to pay upfront. Additionally, now, as most mortgage lenders are breaking previous origination records by a landslide (thanks pandemic), there’s new focus on other performance indicators. With such impetus, the modern mortgage is constantly evolving, incorporating customer-centric facets including a seamless digital process, providing meaningful customer experiences and leveraging the latest and greatest technology to better future-proof the industry through scalable technology, while aiming to reduce costs. For all your needs in 2021 and beyond, Experian has you covered. Learn More

Previously, we discussed the risks of account takeover and how a Defense in Depth strategy can protect your business. Before implementation it’s important to understand the financial benefits of the strategy. There are a few key steps to assessing and quantifying the value of Defense in Depth. Transaction risk assessment: This requires taking inventory of all possible transactions. Session-level risk analysis: With the transactions categorized by risk level, the next step is to review session history based on the highest risk activity within the session. Quantify the cost of a challenge: There are multiple costs associated with challenging a user using step-up authentication. Consider both direct and indirect costs – failure rate, contact center operational cost, and attrition rate following failed challenges (consider lifetime value of account) Quantify the expected challenge rate: This can be done by comparing the Defense in Depth approach to a traditional approach. Below is a calculator that will help determine the cost of the reduced challenges associated with a Defense in Depth strategy versus a traditional strategy. initIframe('5f039d2e4c508b1b0aafa4bd'); In addition to the quantitative benefits, it is important to consider some of the qualitative benefits of this approach: Challenging at moments that matter: Customers appreciate and expect protection in online banking, especially when moving money externally or updating contact information. This is a great way to achieve both convenience and security. Improved fraud management: By staging the risk decision at the transaction level, the business can balance the type of challenge with the transaction risk. There are incremental cost considerations to include in the business case as well. For instance, there is an increase in transaction calls for a risk assessment at the medium/high risk transactions – about 10% in the example above. Generally, the increased transaction cost is more than offset by the reduction in cost of challenges alone. A Defense in Depth strategy can help businesses manage fraud risk and prevent account takeover in online banking without sacrificing user experience. If you are interested in assistance with building your business case and understanding the strategies to implement a successful Defense in Depth strategy, contact us today. Contact us 1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020

Preventing account takeover (ATO) fraud is paramount in today’s increasingly digital world. In this two-part series, we’ll explore the benefits and considerations of a Defense in Depth strategy for stopping ATO. The challenges with preventing account takeover Historically, managing fraud and identity risk in online banking has been a trade-off between customer experience and the effectiveness of fraud controls. The basic control structure relies on a lock on the front door of online banking front door—login—as the primary authentication control to defend against ATO. Within this structure, there are two choices. The first is tightening the lock, which equals a higher rate of step-up authentication challenges and lower fraud losses. The second is loosening the lock, which results in a lower challenge rate and higher fraud loses. Businesses can layer in more controls to reduce the false positives, but that only allows marginal efficiency increases and usually represents a significant expense in both time and budget to add in new controls. Now is the perfect time for businesses reassess their online banking authentication strategy for a multitude of reasons: ATO is on the rise: According to Javelin Strategy & Research, ATO increased 72% in 2019.1 Users’ identities and credentials are at more risk than ever before: Spear phishing and data breaches are now a fact of life leading to reduced effectiveness of traditional authentication controls. Online banking enrollments are on the rise: According to BioCatch, in the months following initial shelter-in-place orders across the country, banks have seen a massive spike in first time online banking access. Users expect security in online banking: Half of consumers continue to cite security as the most important factor in their online experience. Businesses who reassess the control structure for their online banking will increase the effectiveness of their tools and reduce the number of customers challenged at the same time – giving them Defense in Depth. What is Defense in Depth? Defense in Depth refers to a strategy in which a series of defense mechanisms are layered in order to protect data and information. The basic assumptions underlying the value of a Defense in Depth strategy are: Different types of transactions within online banking have different levels of inherent risk (e.g., external money movement is considerably higher risk compared to viewing recent credit card transactions) At login, the overall transaction risk associated with the session risk is unknown The risk associated with online banking is concentrated in relatively small populations – the vast majority of digital transactions are low risk This is the Pareto principle at play – i.e., about 80% of online banking risk is concentrated within about 20% of sessions. Experian research shows that risk is even more concentrated – closer to >90% of the risk is concentrated in <10% of transactions. This is relatively intuitive, as the most common activities within online banking consist of users checking their balance or reviewing recent transactions. It is much less common for customers to engage in higher risk transaction. The challenge is that businesses cannot know the session risk at the time of challenge, thus their efficiency is destined to be sub-optimal. The benefits of Defense in Depth A Defense in Depth strategy can really change the economics of an online banking security program. Adopting a strategy that continuously assesses the overall session risk as a user navigates through their session allows more efficient risk decisions at moments that matter most to the user. With that increased efficiency, businesses are better set up to prevent fraud without frustrating legitimate users. Defense in Depth allows businesses to intelligently layer security protocols to protect against vulnerability – helping to prevent theft and reputational losses and minimize end-user frustration. In addition to these benefits, a continuous risk-based approach can have lower overall operational costs than a traditional security approach. The second part of this series will explore the cost considerations associated with the Defense in Depth strategy explored above. In the meantime, feel free to reach out to discuss options. Contact us 1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020

Enterprise Security Magazine recently named Experian a Top 10 Fraud and Breach Protection Solutions Provider for 2020.   Accelerating trends in the digital economy--stemming from stay-at-home orders and rapid increases in e-commerce and government funding--have created an attractive environment for fraudsters. At the same time, there’s been an uptick in the amount of personally identifiable information (PII) available on the dark web. This combination makes innovative fraud and breach solutions more crucial than ever.   Enterprise Security Magazine met with Kathleen Peters, Experian’s Chief Innovation Officer, and Michael Bruemmer, Vice President of Global Data Breach and Consumer Protection, to discuss COVID-19 digital trends, the need for robust fraud protection, and how Experian’s end-to-end breach protection services help businesses protect consumers from fraud.   According to the magazine, “With Experian’s best in class analytics, clients can rapidly respond to ever-changing environments by utilizing offerings such as CrossCore® and Sure ProfileTM to identify and prevent fraud.”   In addition to our commitment to develop new products to combat the rising threat of fraud, Experian is focused on helping businesses minimize the consequences of a data breach. The magazine noted that, “To serve as a one-stop-shop for data breach protection, Experian offers a wide range of auxiliary services such as incident management, data breach notification, identity protection, and call center support.”   We are continuously working to create and integrate innovative and robust solutions to prevent and manage different types of data breaches and fraud. Read the full article Contact us

The shift created by the COVID-19 pandemic is still being realized. One thing that we know for sure is that North American consumers’ expectations continue to rise, with a focus on online security and their digital experience.   In mid-September of this year, Experian surveyed 3,000 consumers and 900 businesses worldwide—with 300 consumers and 90 businesses in the U.S.—to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of consumers surveyed continue to expect more security steps when online, including more visible security measures in place on websites and more knowledge about how their data is being protected and stored. However, those same consumers aren’t willing to wait more than 60 seconds to complete an online transaction making it more important than ever to align your security and experience strategies.   While U.S. consumers are optimistic about the economy’s recovery, they are still dealing with financial challenges and their behaviors have changed. Future business plans should take into account consumers’:   High expectations of their online experience Increases in online spending Difficulty paying bills Reduction in discretionary spending   Moving forward, businesses are focusing on use of AI, online security, and digital engagement. They are emphasizing revenue generation while looking into the future of online security. Nearly 70% of businesses also plan to increase their fraud management budgets in the next 6 months.   Download the full North America Insights Report to get all of the insights into North American business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a look at how trends have changed from early in the pandemic. North America Insights Report Global Insights Report

In the wake of unprecedented unemployment fraud since the start of COVID-19, Experian announced it was selected as the exclusive partner for identity and fraud verification for the Unemployment Insurance (UI) Integrity Center’s centralized Identity Verification (IDV) capability. IDV is available to state agencies at no cost through UI Integrity Center, which is operated by the National Association of Workforce Agencies (NASWA) in partnership with the U.S. Department of Labor.   With the Federal Bureau of Investigations (FBI) reporting a spike in fraudulent unemployment insurance claims complaints related to COVID-19, it’s more important than ever for state agencies to use innovative solutions to verify identities that are applying for unemployment insurance to protect consumers. If improper unemployment insurance payments are made to fraudsters, the efforts of the CARES Act could be largely wasted.   The IDV capability leverages Experian’s Precise IDTM to provide a centralized identity verification and proofing solution. Precise ID combines identity analytics with advanced fraud risk models to distinguish various types of fraud, which can help state agencies maximize time and resources. When state agencies submit claims, the IDV solution will return ID theft scoring and associated cause codes, enabling them to assess whether a claim may be fraudulent.   “Due to the COVID-19 health crisis, unemployment is high, with over roughly 60 million Americans filing for unemployment since March,” said Robert Boxberger, president of Experian’s Decision Analytics in North America. “At Experian, we’re proud to have a strong culture dedicated to continuous innovation that helps protect consumers’ financial health. We’re taking that same consumer focus and helping make the unemployment insurance application process more efficient and safer for constituents.”   The Integrity Data Hub (IDH) is a robust, multi-state data system that contains a continuously expanding set of sources to provide advanced cross-matching and analytic capabilities to states. It is designed to be easily implemented by any state Unemployment Insurance agency, regardless of claim volume, technology, or access to internal resources. The IDH was designed and built using the latest National Institute of Standards and Technology IT security standards, including the use of asymmetric encryption and other techniques to ensure the security of sensitive data.   “We’re excited to partner with Experian and utilize its Precise ID solution to assist states in mitigating fraud during these unprecedented times,” said Scott Sanders, NASWA Executive Director. “States are finding this to be a very valuable tool and we are pleased that we can offer this solution to states through our partnership with the U.S. Department of Labor.” Read Press Release Learn More About Precise ID

The COVID-19 pandemic created a global shift in the volume of online activity and experiences over the past several months. Not only are consumers increasing their usage of mobile and digital channels to bank, shop, work and socialize — and anticipating more of the same in the coming months — they’re closely watching how businesses respond to their needs.   Between late June and early July of this year, Experian surveyed 3,000 consumers and 900 businesses to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of businesses surveyed believe their operational processes have mostly or completely recovered since COVID-19 began. However, many consumers fear that a second wave of COVID-19 will further deplete their already strained finances. They are looking to businesses for reassurance as they shift their behaviors by:   Reducing discretionary spending Building up emergency savings Tapping into financial reserves Increasing online spending   Moving forward, businesses are focusing on short-term investments in security, managing credit risk with artificial intelligence, and increasing online customer engagement.   Download the full report to get all of the insights into global business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a deeper dive into US-specific findings. Download the report

Pre COVID-19, operations functions for retailers and financial institutions had not typically consisted of a remote (stay at home) workforce. Some organizations were better prepared than others, but there is a firm belief that retail and banking have changed for good as a result of the pandemic and resulting economic and workforce shifts. Market trends and implications When stay at home orders were issued, non-essential brick and mortar businesses closed unexpectedly. What were retailers to do with no traffic coming through the doors at their physical locations? The impact on big-box retailers like Best Buy, Dick’s Sporting goods, Sears, JCPenney, Nike, Starbucks, Macy’s, Neiman Marcus, Nordstrom, Kohl’s to name a few, has been unprecedented; some have had to shut their doors for good. Over the past several months global retail has seen e-commerce sales grow over 81% compared to the same period last year, according to Card Not Present. Some sectors have seen triple-digit growth year over year. Most online retailers have been ill-prepared to handle this increase in transactional volume in such a short amount of time, which has resulted in rapid fraud loss increases. A recent white paper from Aite Group reported that prior to COVID-19, a large financial institution forecasted an 8% decrease in fraud for 2020, but has since revised the projection to increase 10-15%. What does this all mean?  Bad actors are taking advantage of the pandemic to exploit the online retail channel. The increased remote channel usage—online, mobile, and contact centers in particular—continues to be an area where retailers are exposed. Account takeover, through phishing and relaxed call center controls, is rising as well. Increases in phishing attacks are leading to compromised and stolen identities and synthetic identity fraud. Account takeover (ATO) fraud has increased 347% since 2019 according to PYMNTS.com. A recent survey found more than a quarter of merchants (27%) admit that they don’t have measures to prevent ATO. 24% of merchants can’t identify an ATO during a purchase. 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them. When criminals use these compromised accounts to make fraudulent purchases, the merchant loses revenue and the value of the goods. They can also suffer from damage to brand reputation and a loss of customer confidence. A lack of account security can have lasting effects as 65% of customers surveyed say they would likely stop buying from a merchant if their account was compromised, according to that same Card Not Present study. So how can retailers start to identify bad actors with malicious intent? This will be a constant struggle for retailers. Rather than a one size fits all solution, retailers must move toward a strategy that is nimble and dynamic and can address multiple areas of exposure. A fraudster could easily slip by one verification method—for instance with a stolen credential—only to be foiled by a secondary authentication tactic like device identity. A layered fraud strategy continues to be the industry best practice, where both passive and active authentication methods are leveraged to frustrate fraudsters without applying undue friction to “good” consumers. The layered solution should also utilize device risk, identity verification and fraud analytics, with tailoring to each businesses’ needs, risk tolerance, and customer profiles. Learn more about how to build a layered fraud strategy today. Learn more

Every few months we hear in the news about a fraud ring that has been busted here in the U.S. or in another part of the world. In May, I read about a fraud ring based in Georgia and Louisiana that bought 13,000 stolen identities of children who were on the Louisiana Medicaid program and billed the government for services not rendered. This group defrauded the Medicaid program of more than $500,000.   This is just one of many stories that we hear about fraud rings, and given the rapidly changing economic environment, now is the time for businesses to think about how to protect against fraud rings. There are a number of challenges that organizations may have when it comes to sharing trends and collaborations, understanding the ways to tie fraud rings together, creating treatments for identifying fraud rings and ways to store and catalogue fraud ring experiences so they can be easily recognized.   The trouble with identifying fraud rings   It’s important to understand the challenges that organizations have because they see the fraud rings through their own internal lens. Here are a few of the top things businesses should work on:   Think like a fraudster. This will help businesses become more creative in their approach to fraud prevention. Facilitate internal collaboration. Share with in-organization partners. Sometimes this can be difficult due to organizational structure. Promote external collaboration. Intel-sharing groups are a great way for businesses to network within their industries and learn about the fraud that others are seeing. An organization that I’ve worked with in the past is the National Cyber Forensic and Training Alliance (NCFTA).   Putting the pieces together   How do businesses identify a fraud ring? There are three steps to get started. The first is reviewing and understanding the data. Fraudsters are lazy and want to replicate the process over and over again, and because of this there is always some piece of information that is repeated. It could be a name, an email address, device fingerprint, or similar.   The second step is tying the fraud ring together. This is done by creating rules to help identify the trends. Having rules in place to identify fraud rings allows businesses to easily pull stats together for their leadership.   Lastly, applying an acronym or name to the particular fraud ring and adding comments to the cases associated with a particular ring will help with post-investigation analysis.   Learning from the past   Before I became a consultant, I remember identifying a fraud ring that was submitting events with the same language pack and where the device fingerprint was staying consistent. Those events were being referred out for review and marked with the same note. At a post-mortem review, I was able to talk to the fraud ring we had seen, and it was easy to pull all events associated with this fraud ring because my team had marked the events with the same comments.   Another fraud ring example happened a few years ago. A client called me and said that they were under a fraud attack and this fraud ring was rotating the email handle. I reviewed the data and came up with a rule to catch this activity. Fraud rings will use email handle rotation to help them keep track of accounts that are opened or what emails they used in the past. By coupling the email handle rotation with an email verification service like Emailage, this insight could be very telling. I would assume that when fraud rings use email handle rotation these emails are new and have just been created.   These are just a few of the many fraud rings that I’ve encountered over the course of my career and I’m sure there will be a lot more in the years to come. The best advice I can give to anyone that reads this post is to understand the data that you are reviewing, look for anomalies within the data, ask questions and test your theories by running queries on the data that you’re reviewing. I would love to hear about the different fraud rings that you’ve encountered over your career.   Stay safe.   Contact us

Experian’s own Chris Ryan and Bobbie Paul recently joined David Mattei from Aite to discuss the latest research and insights into emerging fraud schemes and how businesses can combat them in light of COVID-19 and the resulting economic changes. Between them, Chris, Bobbie, and David have more than 60 years of experience in the world of fraud prevention. Listen in as they discuss how businesses can shape their fraud prevention plan in the short term, including: The impacts of the health crisis and physical distancing The rise of e-commerce and consumer digital engagement Changes in criminal activity Fraud attack vectors 2020 fraud loss projections Critical next steps for the 30-60 day time frame Experian · Make Your Fraud Plan Recession-Ready: 2020 Fraud Trends

This is the next article in our series about how to handle the economic downturn – this time focusing on how to prevent fraud in the new economic environment. We tapped two new experts—Chris Ryan, Market Lead, Fraud and Identity and Tischa Agnessi, Go-to-Market Lead, Decisioning Software—to share their thoughts on how to keep fraud out of your portfolio while continuing to lend. Q: What new fraud trends do you expect during the economic downturn? CR: Perhaps unsurprisingly, we tend to see high volumes of fraud during economic downturn periods. First, we anticipate an uptick in third-party fraud, specifically account takeover or ATO. It’ll be driven by the need for first-time users to be forced online. In particular, the less tech-savvy crowd is vulnerable to phishing attacks, social engineering schemes, using out-of-date software, or landing on a spoofed page. Resources to investigate these types of fraud are already strained as more and more requests come through the top of the funnel to approve new accounts. In fact, according to Javelin Strategy & Research’s 2020 Identity Fraud Study, account takeover fraud and scams will increase at a time when consumers are feeling financial stress from the global health and economic crisis. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships. We also expect that first party fraud (including synthetic identity fraud) will trend upwards as a result of the deliberate abuse of credit extensions and additional financing options offered by financial services companies. Forced to rely on credit for everyday expenses, some legitimate borrowers may take out loans without any intention of repaying them – which will impact businesses’ bottom lines. Additionally, some individuals may opportunistically look to escape personal credit issues that arise during an economic downturn. The line between behaviors of stressed consumers and fraudsters will blur, making it more difficult to tell who is a criminal and who is an otherwise good consumer that is dealing with financial pressure. Businesses should anticipate an increase in synthetic identity fraud from opportunistic fraudsters looking to take advantage initial financing offers and the cushions offered to consumers as part of the stimulus package. These criminals will use the economic upset as a way to disguise the fact that they’re building up funds before busting out. Q: With payment stress on the rise for consumers, how can lenders manage credit risk and prevent fraud? TA: Businesses wrestle daily with problems created by the coronavirus pandemic and are proactively reaching out to consumers and other businesses with fresh ideas on initial credit relief, and federal credit aid. These efforts are just a start – now is the time to put your recession readiness plan and digital transformation strategies into place and find solutions that will help your organization and your customers beyond immediate needs. The faceless consumer is no longer a fraction of the volume of how organizations interact with their customers, it is now part of the new normal. Businesses need to seek out top-of-line fraud and identity solutions help protect themselves as they are forced to manage higher digital traffic volumes and address the tough questions around: How to identify and authenticate faceless consumers and their devices How to best prevent an overwhelming number of fraud tactics, including first party fraud, account takeover, synthetic identity, bust out, and more. As time passes and the economic crisis evolves, we will all adapt to yet another new normal. Organizations should be data-driven in their approach to this rapidly changing credit crisis and leverage modern technology to identify financially stressed consumers with early-warning indicators, predict future customer behavior, and respond quickly to change as they deliver the best treatment at the right time based on customer-specific activities. Whether it’s preparing portfolio risk assessment, reviewing debt management, collections, and recovery processes, or ramping up your fraud and identity verification services, Experian can help your organization prepare for another new normal. Experian is continuing to monitor the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help financial institutions differentiate legitimate consumers from fraudsters and protect their business and customers. Learn more About Our Experts [avatar user="ChrisRyan" /] Chris Ryan, Market Lead, Fraud and Identity Chris has over 20 years of experience in fraud prevention and uses this knowledge to identify the most critical fraud issues facing individuals and businesses in North America, and he guides Experian’s application of technology to mitigate fraud risk. [avatar user="tischa.agnessi" /] Tischa Agnessi, Go-to-Market Lead, Decisioning Software Tischa joined Experian in June of 2018 and is responsible for the go to market strategy for North America’s decisioning software solutions. Her responsibilities include delivering compelling propositions that are unique and aligned to markets, market problems, and buyer and user personas. She is also responsible for use cases that span the PowerCurve® software suite as well as application platforms, such as Decisioning as a ServiceSM and Experian®One.