Tag: identity theft
A recent Experian survey shows a growing concern over identity theft and tax fraud. 42% of consumers are concerned that someone could access their personal data through their tax return, compared with 35% in 2014 and 38% in 2015 28% of consumers have been a victim or know someone who has been a victim of tax fraud Tax season is a busy time of year for identity thieves. While consumers should take steps to protect themselves, businesses also need to employ ID theft protection solutions in order to safeguard consumer information. >> Identify and prevent multiple types of fraud
Looking at true fraud rate I’ve talked with many companies over the years about their fraud problems. Most have a genuine desire to operate under the fraud prevention model and eliminate all possible fraud from their systems. The impact on profit is often the primary motivation for implementing solutions, but in reality most companies employ a fraud management schema, offsetting the cost of fraud with the cost of managing it. There are numerous write-ups and studies on the true cost of fraud. What most people don’t realize is that, for each item lost to fraud, a business operating on 10 percent net profit margins will need to sell 10 times the amount of product in order to recover the expense associated with the loss. These hard costs don’t include the soft dollar costs, such as increased call center expenses to handle customer calls. Recently, some organizations have started to add reputational risk into their cost-of-fraud equation. With the proliferation of social media, a few unhappy customers who have been victims of fraud easily can impact an organization’s reputation. This is an emerging fuzzy cost that eventually can be tied back to lost revenue or a drop in share price. Most companies say with pride that their acceptable fraud rate is zero. But when it comes time to choose a partner in fraud detection, it almost always comes down to return on investment. How much fraud can be stopped — and at what price? More informed organizations take all operational expenses and metrics into consideration, but many look at vendor price as the only cost. It’s at this point that they start to increase their acceptable fraud rate. In other words, if — hypothetically — Vendor A can stop only 80 percent of the fraud compared with Vendor B, but Vendor A costs less than 80 percent of what Vendor B costs, they’ll choose Vendor A. All of a sudden, their acceptable fraud rate is no longer zero. This method of decision making is like saying we’ll turn off the security cameras for 20 percent of the day because we can save money on electricity. On the surface, I understand. You have to be accountable to the shareholders. You have to spend and invest responsibly. Everyone is under pressure to perform financially. How many executives, however, take the time to see where those lost dollars end up? If they knew where the money went, would they change their view? We must be vigilant and keep our acceptable fraud rate at zero.
A recent Experian survey found that while consumers are getting better about protecting their information on a regular basis, many do not take the same precautions when traveling. According to the survey, 1 in 5 consumers has had an item with sensitive information lost or stolen while traveling, and 39% have experienced identity theft while traveling or know someone who has. Organizations can protect themselves and customers by using innovative fraud-detection tools designed to reduce potential losses while preserving the customer experience. >> Video: The reputational impact of fraud and identity theft
Apple Pay fraud solution Apple Pay is here and so are increased fraud exposures, confirmed losses, and customer experience challenges among card issuers. The exposure associated with the provisioning of credit and debit cards to the Apple Pay application was in time expected as fraudsters are the first group to find weaknesses. Evidence from issuers and analyst reports points to fraud as the result of established credit/debit cards compromised through data breaches or other means that are being enrolled into Apple Pay accounts – and being used to make large value purchases at large merchants. Keir Breitenfeld, our vice president of Fraud and Identity solutions said as much in a recent PYMNTS.com story where he was quoted about whether the Apple Watch will help grown Apple Pay. The challenge is that card issuers have no real controls over the provisioning or enrollment process so they currently only have an opportunity to authenticate their cardholder, but not the provisioning device. Fraud exposure can lie within call centers and online existing customer treatment channels due to: Identity theft and account takeover based on breach activity. Use of counterfeit or breached card data. Call center authentication process inadequacies. Capacity and customer experience pressures driving human error or subjectively lax due diligence. Existing customer/account authentication practices not tuned to this emerging scheme and level of risk. The good news is that positive improvements have been proven with bolstering risk-based authentication at the card provisioning process points by comparing the inbound provisioning device to the device that is on file for the cardholder account. This, in combination with traditional identity risk analytics, verifications, knowledge-based authentication, and holistic decisioning policies vastly improve the view afforded to card issuers for layered process point decisioning. Learn more on why emerging channels, like mobile payments, call for advanced fraud identification techniques.
Reputational impact of fraud It’s all over the news. Hackers are compromising personal information and using that to access customer accounts. It’s critical that organizations have technology in place to distinguish valid customers from fraudsters as quickly as possible. The impact of fraud on the customer relationship requires more elaborate and accurate fraud prevention. Customers have a legitimate expectation that the institutions with which they do business will safeguard their identities, accounts and sensitive data. When fraud or a data breach occurs, that trust can be broken. All the work an institution has done to build its brand image can be damaged suddenly. With the right controls in place, even when customer information is compromised organizations can easily tell the difference between good customers and fraudsters. Listen to what Matt Lane, Experian\'s 41st Parameter vice president of customer management, says about the reputational impact of fraud theft on an organization: Learn more about the reputational impact of fraud thefts on an organization.
A recent survey reveals that 30 percent of travelers have experienced identity theft while traveling or know someone who has.
2011 was the 12th consecutive year that identity theft topped the list of FTC consumer complaints. Florida had the highest rate of complaints, followed by Georgia and California. Rank State Complaints per 100,000 population 1 Florida 179 2 Georgia 120 3 California 104 Learn how to detect and manage fraud activity while meeting regulatory requirements. Source: Consumer info.com infographic and FTC\'s Consumer Sentinel Network Data Book for January-December 2011.
By: Kennis Wong On the surface, it’s not difficult to define existing account fraud. Obviously, it is fraud perpetrated against an existing account. But the way I see it, existing account fraud can be broken down into four types. The first type is account takeover fraud, which is what most organizations think as the de facto existing account fraud. This is when a real consumer using his or her own identity to open a legitimate account, but the account later on get taken over by an identity fraudster. The idea is that when the account was first established, it was created by the rightful person. But somewhere along the way, the account and identity information were compromised. The fraudster uses the compromised information to engineer their way into the account. The second type is impersonation. Impersonation is somewhat similar to account takeover in the sense that it is also misusing the victim’s account. But the difference is that impersonation is more of a one or few times misuses of the account. Examples are a fraudulent use of a credit card or wire transfer. These are the obvious categories. But I think we should also think about these other categories. My definition of existing account fraud also includes this third type – identity fraud that was undetected during application. In other words, an account is established based on stolen identity. Many organizations call this “new account fraud”, which I don’t have a problem with. But I think it’s really also existing account fraud, because – is this existing account? The answer is yes. Is this fraud? Absolutely. It’s not that difficult, is it? Similarly, I am including first-party fraud in existing account fraud as well. A consumer can use his or her own identity to open an account, with an intention to default after the account is established. Example is bust out fraud. You see that this is an expanded definition of existing account fraud, because my focus is on detection. No matter at what point and how identity fraud comes in, it becomes an account in your organization, and that is where we need to discover the fraud. But at the end of the day, it’s not too important how to categorize or name the fraud - whether it\'s application fraud, existing account fraud, first party fraud or third party fraud, as long as organizations understand them enough and have a good way to detect them. Read more blog posts on existing account fraud.
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:\"Table Normal\"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:\"\"; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:\"Calibri\",\"sans-serif\"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:\"Times New Roman\"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:\"Table Normal\"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:\"\"; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:\"Calibri\",\"sans-serif\"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:\"Times New Roman\"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} By: Kristan Frend I was recently pleased to see that the state I reside in, Minnesota finished in the bottom third of a state ranking. Luckily the rankings weren’t about overall health (#6), high school graduation (#3), or SAT scores (#2); instead it was the Federal Trade Commission’s state identity theft complaint ranks. Minnesota has just 49.2 complaints per 100,000 population, whereas the highest ranked state, Florida, as 114.8 complaints per 100,000 population. The top three states leading identity theft consumer complaints (per 100,000 population) included Florida, Arizona, and California. Besides warm sunshine and top-tier golf courses, what do these three states have in common? According to the February 2011 RealtyTrac U.S. Foreclosure Market Report™, all three rank in the top 5 states for foreclosure, and two of the three (Florida and California) rank #49 and #50 in unemployment rates, according to a March 2011 report released by the Bureau of Labor Statistics. On a national level unemployment rates and identity fraud incidence rates both improved from 2009 to 2010. From 2009 to 2010, unemployment rates went from 10.0% to 9.4% while according to Javelin’s 2010 Annual Identity Fraud Survey Report, identity fraud incidence rates fell from 4.8% to 3.5%. While it may be inaccurate to state that economic distress causes higher rates of identity fraud, there does seem to be a natural correlation between economic downswings and fraudulent activity. As we move further into 2011, it will be interesting to see if identity fraud incidence rates will continue to decrease as unemployment and economic outlook is on the upward swing. Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:\"Table Normal\"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:\"\"; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:\"Calibri\",\"sans-serif\"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:\"Times New Roman\"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}
By: Kristan Frend According to the 2011 Identity Theft Assistance Center Outlook (ITAC), new forms of small business identity theft are emerging. This shouldn’t be a surprise that criminals view small business accounts as a lucrative funding source. What is surprising is that the ‘new’ form of small business identity theft consists of the U.S. Postal Inspection Service reporting a surge in criminal rings using small business information from stolen mail, check writing software and other tactics to counterfeit checks. That’s the new wave of small business identity theft??? I consider this one of the least sophisticated types of fraud that can easily be eliminated by small business owners not leaving mail unattended. Reading this report makes me realize that we have a long way to go in identifying and reporting the more sophisticated types of small business fraud. As I’ve mentioned before, the industry has come a long way in advancing consumer fraud solutions. Yet, as fraud has migrated into business accounts, we as an industry still have a ways to go in reporting the latest business fraud trends and tracking statistics. I’m adding this to my wish list for 2011… What’s on your wish list? On a side note, I’ve noticed nearly all of the articles posted in our blog include no reader comments. I’d like to think that this means our readers are too busy to add comments and/or our articles are so well-written that they answer all of your questions. One can dream right? Seriously though, as we approach 2011 and plan our topics, we’d love to hear from you- if you can think of any topic you’d like us to cover more in depth, please let us know.
By: Kennis Wong In the last entry, I mentioned that consumers’ participation in protecting their own identity information is an important aspect of an identity theft prevention program to minimize fraud loss. Large financial institutions are starting to take charge in educating their customers, but others are having a hard time investing in such initiatives. I do understand that it is difficult to establish a direct linkage of revenue and positive return on investment for this type of activities. Business may view customer education of identity protection as a public service but not a necessity. After all, if my customer loses his identity information, it doesn’t necessarily mean that identity fraud will happen to my very own organization. But educating customers about identity protection and fraud trends can be a marketing tool and can increase customer loyalty, in additions to actual fraud prevention. Although consumers may not be aware of all the precautions they can take to protect their identity, undoubtedly identity theft is a hot topic in the media today. If there are two banks providing about the same service, but one of them goes an extra mile to provide me education on preventing identity theft, I would go with that bank. Also, as a financial institution, if my customers understand identity protection more, they would understand why I am putting some procedure in place and would be glad to comply with them. For example, they would be more patient when spending another minute in answering knowledge-based authentication questions, so that for their own protection, the bank can assure they are the true identity owners. Consumers can also actively monitor their credit report, whether through the bank or through other third party vendors. When consumers receive fraud alert from activities that could be a result of identity theft, they can actively contact the financial institutions about the situation. The sooner the identity fraud is discovered, the better off for both the consumers and the businesses.
By: Kennis Wong As a fraud management professional, naturally I am surrounded by fraud prevention topics and other professionals in the field all the time. Financial, ecommerce, retail, telecommunication, government and other organizations are used to talking about performance, scoring models, ROI, false-positives, operational efficiency, customer satisfaction trade-off, loss provisioning, decisioning strategy or any other sophisticated measures when it comes to fraud management. But when I bring up the topic of fraud outside of this circle, I am always surprised to see how little educated the general public is about an issue that is so critical to their financial health. I met a woman in an event several weeks ago. After learning about my occupation, she told me her story about someone from XYZ credit card company calling her and asking for her Social Security number, date of birth and other personal identifying information. Only days after she gave out the information that she realized things didn’t seem right. She called the credit card company and got her credit card re-issued. But at the time I talked to her, she still didn’t know enough to realize that the fraudster could now use her identity to start any new financial relationship under her name. As long as consumers are ignorant about protecting their identity information, businesses’ identity theft prevention program will not be complete and identity fraud will occur as a result of this weak link. To address this vulnerability and minimize fraud, consumers need to be educated.
Quite a scary new (although in some ways old) form of identity theft in the headlines recently. Here’s a link to the article, which talks about how children’s dormant Social Security numbers are being found and sold by companies online under the guise of CPN’s – aka credit profile numbers or credit protection numbers. Using deceased, “found”, or otherwise illicitly obtained Social Security numbers is not something new. Most identity theft prevention programs consider deceased and non-issued ranges as identity theft red flags under the FACTA Red Flag guidelines. In fact, Experian’s and any good identity verification tool is going to check against the Social Security Administration’s list of numbers listed as deceased as well as ensure the submitted number is in an SSA valid issue range – providing fraud alerts if not. A child’s valid but dormant Social Security number, however, would not flag as either. The two things I find most troubling here are: One, the sellers have found a way around the law by not calling them Social Security numbers and calling them CPN’s instead. That seems ludicrous! But, in fact, the article goes on to state that “Because the numbers exist in a legal gray area, federal investigators have not figured out a way to prosecute the people involved”. Two, because of the anonymity and the ability to quickly set up and abandon “shop”, the online marketplace is the perfect venue for both buyer and seller to connect with minimal risk of being caught. What can we as consumers and businesses take away from this? As consumers, we’re reminded to be ever vigilant about the disclosure of not only OUR Social Security number but that of our family members as well. For businesses, it’s a reminder to take advantage of additional identity verification and fraud prediction tools, such as Experian’s Precise ID, Knowledge IQ, and BizID, when making credit decisions or opening accounts rather than relying solely on consumer credit scores. Knowledge IQ’s knowledge based authentication offers out of wallet questions that may help ensure you’re dealing with the true consumer.
Ah…the summer vacation. I’ve just returned from mine and it got me wondering, “Do fraudsters take a vacation?” You know they must. Probably somewhere nice courtesy of their illicit activities. On our summer vacation, we stayed in rental homes rather than in hotels because of the convenience of having a kitchen, more space to move around, etc. There are many websites that provide vacation home rentals, either offered by an agency or directly by the owners themselves. It would be interesting to know how many (any?) of these sites have Identity Theft Prevention Programs in place for their clients and prospective renters. Although Red Flags rules do not apply to this industry, certainly some fraud best practices and a proactive risk management approach is good for business. In the case of the homeowners dealing directly with prospective renters, what struck me is that there is quite a bit of trust involved in these arrangements. It’s safe to say that most transactions, like ours, are conducted over email and/or the phone. Payment is collected in advance by check or credit card but in our case, and in many if not most others, there is no deposit. Since I work daily around commercial and consumer fraud, I couldn’t help but wonder what the exposure is for fraud risk and identity theft – both to the home owner as well as to the person renting the home. Just look at the information exchanged… The renter provides: name, address, phone number, email address, check (which would include account and routing number) OR credit card number and expiration date. The owner provides: name, phone number, email address, and a home or office address (to which the renter mails the payment). Additionally, the renter knows of a second address associated with the owner – the rental property itself! With account takeover fraud still quite prevalent, that’s quite a bit of personal information that both parties know about each other. Now, the fact that these types of rental transactions occur often and without many (at least publicized) known fraud and identity theft incidents seems to indicate that people on both sides are trustworthy. Still…it does make you think of the exposure if one of the parties is less than honest….say a fraudster on their summer vacation?
By: Ken Pruett I want to touch a bit on some of the third party fraud scenarios that are often top of mind with our customers: identity theft; synthetic identities; and account takeover. Identity Theft Identity theft usually occurs during the acquisition stage of the customer life cycle. Simply put, identity theft is the use of stolen identity information to fraudulently open up a new account. These accounts do not have to be just credit card related. For example, there are instances of people using others identities to open up wireless phone and utilities accounts Recent fraud trends show this type of fraud is on the rise again after a decrease over the past several years. A recent Experian study found that people who have better credit scores are more likely to have their identity stolen than those with very poor credit scores. It does seem logical that fraudsters would likely opt to steal an identity from someone with higher credit limits and available purchasing power. This type of fraud gets the majority of media attention because it is the consumer who is often the victim (as opposed to a major corporation). Fraud changes over time and recent findings show that looking at data from a historical perspective is a good way to help prevent identity theft. For example, if you see a phone number being used by multiple parties, this could be an indicator of a fraud ring in action. Using these types of data elements can make your fraud models much more predictive and reduce your fraud referral rates. Synthetic Identities Synthetic Identities are another acquisition fraud problem. It is similar to identity theft, but the information used is fictitious in nature. The fraud perpetrator may be taking pieces of information from a variety of parties to create a new identity. Trade lines may be purchased from companies who act as middle men between good consumers with good credit and perpetrators who creating new identities. This strategy allows the fraud perpetrator to quickly create a fictitious identity that looks like a real person with an active and good credit history. Most of the trade lines will be for authorized users only. The perpetrator opens up a variety of accounts in a short period of time using the trade lines. When creditors try to collect, they can’t find the account owners because they never existed. As Heather Grover mentioned in her blog, this fraud has leveled off in some areas and even decreased in others, but is probably still worth keeping an eye on. One concern on which to focus especially is that these identities are sometimes used for bust out fraud. The best approach to predicting this type of fraud is using strong fraud models that incorporate a variety of non-credit and credit variables in the model development process. These models look beyond the basic validation and verification of identity elements (such as name, address, and social security number), by leveraging additional attributes associated with a holistic identity -- such as inconsistent use of those identity elements. Account Takeover Another type of fraud that occurs during the account management period of the customer life cycle is account takeover fraud. This type of fraud occurs when an individual uses a variety of methods to take over an account of another individual. This may be accomplished by changing online passwords, changing an address or even adding themselves as an authorized user to a credit card. Some customers have tools in place to try to prevent this, but social networking sites are making it easier to obtain personal information for many consumers. For example, a person may have been asked to provide the answer to a challenge question such as the name of their high school as a means to properly identify them before gaining access to a banking account. Today, this piece of information is often readily available on social networking sites making it easier for the fraud perpetrators to defeat these types of tools. It may be more useful to use out of wallet, or knowledge-based authentication and challenge tools that dynamically generate questions based on credit or public record data to avoid this type of fraud.
Learn More Image
