Tag: identity theft
Well, here we are nearly at the beginning of November and the Red Flags Rule has been with us for nearly two years and the FTC’s November 1, 2009 enforcement date is upon us as well (I know I’ve said that before). There is little value in me chatting about the core requirements of the Red Flags Rule at this point. Instead, I’d like to shed some light on what we are seeing and hearing these days from our clients and industry experts related to this initiative: Red Flags Rule responses clients 1. Most clients have a solid written and operational Identity Theft Prevention Program in place that arguably meets their interpretation of the Red Flags Rule requirements. 2. Most clients have a solid written and operational Identity Theft Prevention Program in place that creates a boat-load of referrals due to the address mismatches generated in their process(es) and the requirement to do something with them. 3. Most clients are now focusing on ways in which to reduce the number of referrals generated and procedures to clear the remaining referrals via a cost-effective and automated manner…of course, while preventing fraud and staying compliant to Red Flags Rule. In 2008, a key focus at Experian was to help educate the market around the Red Flags Rule concepts and requirements. The concentration in 2009 has nearly fully shifted to assisting the market in creating risk-based authentication programs that leverage holistic views of a consumer, flexible tools that are pointed to a consumer based on that person’s authentication and risk profile. There is also an overall decisioning strategy that balances risk, compliance, and resource constraints. Spirit of Red Flags Rule The spirit of the Red Flags Rule is intended to ensure all covered institutions are employing basic identity theft prevention procedures (a pretty good idea). I believe most of these institutions (even those that had very robust programs in place years before the rule was introduced) can appreciate this requirement that brings all institutions up to speed. It is now, however, a matter of managing process within the realities of, and costs associated with, manpower, IT resources, and customer experience sensitivities.
As I wrote in my previous posting, a key Red Flags Rule challenge facing many institutions is one that manages the number of referrals generated from the detection of Red Flags conditions. The big ticket item in referral generation is the address mismatch condition. Identity Theft Prevention Program I’ve blogged previously on the subject of risk-based authentication and risk-based pricing, so I won’t rehash that information. What I will suggest, however, is that those institutions who now have an operational Identity Theft Prevention Program (if you don’t, I’d hurry up) should continue to explore the use of alternate data sources, analytics and additional authentication tools (such as knowledge-based authentication) as a way to detect Red Flags conditions and reconcile them all within the same real-time transaction. Referral rates Referral rates stemming from address mismatches (a key component of the Red Flags Rule high risk conditions) can approach or even surpass 30 percent. That is a lot. The good news is that there are tools which employ additional data sources beyond a credit profile to “find” that positive address match. The use of alternate data sources can often clear the majority of these initial mismatches, leaving the remaining transactions for treatment with analytics and knowledge-based authentication and Identity Theft Prevention Program. Whatever “referral management” process you have in place today, I’d suggest exploring risk-based authentication tools that allow you to keep the vast majority of those referrals out of the hands of live agents, and distanced from the need to put your customers through the authentication wringer. In the current marketplace, there are many services that allow you to avoid high referral costs and risks to customer experience. Of course, we think ours are pretty good.
Learn More Image
