Test

Replay attacks may threaten your customers’ online security Today, consumer online security is more important than ever. This year, the FTC has already received nearly six million reports of fraud, and 1.4 million of those cases were specifically identity theft.[1] In addition, a recent study reported that losses due to identity fraud amounted to almost $23 billion in 2023.[2] And consumers aren’t the only ones at risk. According to CyberArk’s global research report, 93% of organizations had two or more identity-related breaches in the past year.[3] This means it’s not only up to consumers to protect themselves against identity theft. It’s also up to businesses to protect themselves and their customers from the threat of fraud. As security technology advances, so do the tactics of hackers attempting to steal information such as usernames, account numbers, and passwords from innocent online users. One method that hackers use to obtain this information is called a replay attack, which can pose a serious threat to your customers’ online security. What is a replay attack? A replay attack is a network-based security hack in which a hacker intercepts legitimate data transmission and then fraudulently repeats it to gain access to a network or system. These attacks are designed to fool the victim into believing the hacker is a genuine user, and they happen in three steps: Eavesdropping: The hacker listens in on secure network communications, such as information sent through a Virtual Private Network (VPN), to learn about the activity happening on that network. Interception: The hacker intercepts legitimate user information – usernames, user activity, computer specs, passwords, etc. Replay: The hacker illegally resends (or “replays”) the valid information they gathered to trick the receiver into thinking that they are a genuine user. Here’s an example: John transfers funds from one online banking account to another. A hacker illegally captures that transaction message (which is often accompanied by a digital signature or token) and “replays” that same transaction message multiple times to trigger additional fund transfers, all without the genuine user’s knowledge or permission. The bank doesn’t recognize a problem because the “replayed” transaction messages includes the legitimate digital signature/token, so the bank approves the additional transfers. Replay attacks aren’t just used for banking transactions. They can be used for various activities, such as: Internet of Things (IoT) device attacks: IoT devices include a multitude of “smart home” devices such as smart plugs, cameras, locks, appliances, speakers, lights, and more. Vulnerabilities in these devices can allow hackers to replicate commands to these devices that seem legitimate, such as turning on cameras, unlocking doors, and disabling security systems.[4] Remote keyless entry systems for vehicles: Most vehicles use a remote key fob to lock and unlock the doors. This key fob usually uses radio waves to send the lock/unlock signal to the car. Hackers can use a device to receive and transmit radio waves near a person’s vehicle that mimic that same lock/unlock signal, and then “replay” that signal to unlock the person’s car themselves.[5] Text-dependent speaker verification: Some people use voice recognition to verify their identity when accessing an account or system. Hackers can record a person’s voice when the person speaks to verify their identity, and then “replay” that voice recording to fraudulently access the account.[6] How to prevent replay attacks Replay attacks are dangerous because they are often unnoticed or overlooked until the damage has already been done. Fortunately, there are ways to stop hackers from using replay attacks to access your customers’ personal information. Device intelligence: By leveraging unique intelligence about the device being used, replay attacks can be thwarted even when fraudsters are using authentic, but stolen, information. Time stamping: By forcing a timestamp on all sent and received messages, you can prevent hackers from sending repeated messages with legitimate information obtained illegally. Geolocation review: By identifying suspicious language and/or time zones, you can compare access routes to confirm customers are authentic and secure. Why it matters for your business Consumers in the U.S. value network security more than ever, with 70% rating security a top priority, even over personalization and convenience.[7] People want to feel safe online, and if they experience a threat of identity theft or fraud, they’ll need to find a reliable resource to keep their personal information secure. Successful replay attacks allow fraudsters to impersonate real users and potentially gain partial or full access to their personal online accounts. If your customers fall victim to these kinds of attacks, the resulting stress may have a negative impact on your relationship with them. With our fraud management solutions, your business can strengthen your customers’ trust and security by leveraging highly trained fraud analysts to help uncover suspicious activity that might not be noticed otherwise. Lower fraud losses and achieve fraud capture rates that exceed industry averages. Protect your customers by using a covert, frictionless solution the reduces false positives. Improve operational efficiency by prioritizing resources across the board. Protect your consumers with powerful fraud management solutions 63% of consumers say it’s important for businesses to be able to recognize them online, and 81% say they are more trusting of businesses that can accomplish easy and accurate identification.[8] While replay attacks can cause consumers stress and anxiety, taking action to prevent them can fortify a strong, trusting relationship between your business and your customers. Protect your customers and prevent replay attacks with our powerful fraud management solutions. Get started [1] IdentityTheft.org, 2024 Identity Theft Facts and Statistics. [2] Javelin, 2024 Identity Fraud Study: Resolving the Shattered Identity Crisis. [3] CyberArk, Report: 93% of Organizations Had Two or More Identity-Related Breaches in the Past Year, May 2024. [4] Hackster.io, IoT Devices May Be Susceptible to Replay Attacks with a Raspberry Pi and RTL-SDR Dongle, 2017. [5] Automotive World, How to mitigate vulnerabilities in keyless entry systems, 2023. [6] Antispoofing, Audio Replay Attacks and Countermeasures Against Them, 2022. [7] 2018 Experian® Global Fraud Report [8] Experian® 2024 Identity and Fraud Report Highlights Evolving Fraud Landscape This article includes content created by an AI language model and is intended to provide general information.

At Experian, we believe in fostering innovation and collaboration to solve complex challenges. Recently, Ivan Ahmed, one of our talented product management leaders at Experian Housing, had the opportunity to participate in the FHFA 2024 TechSprint, where his team won the award for the best Risk Management and Compliance idea. In this article, we share Ivan's experience as he reflects on the TechSprint, the inspiration behind his team's project, and the valuable lessons learned. Can you share your experience participating in the FHFA 2024 TechSprint? What was the atmosphere like, and how did it feel to be recognized for the best Risk Management and Compliance idea? Let me start by explaining what a TechSprint is. It is a fast-paced, high-energy collaborative workshop where diverse experts and stakeholders come together to design technological solutions to complex problems. Each team is given a high-level problem and use case. From there, stakeholders and domain experts must develop a proof of concept within 3 days to best address the problem. On the last and final day, called the “Demo Day,” teams must showcase their solution in front of a panel of judges. It’s a fun, high-energy, challenging, and rewarding experience. A TechSprint is a convergence of everything I love – technology, business, and design and I think FHFA did a wonderful job orchestrating the event. Each team consisted of representatives from different functions in the housing ecosystem, including lenders, technologists, product managers, and regulators. We were given access to a room, whiteboards, and, most importantly, delicious snacks. We were also given access to industry subject matter experts outside our teams, including representatives from Fannie Mae and Freddie Mac, FHFA, and leaders from top companies. What I found the most impactful was the ability to pressure test our ideas and solutions against these industry subject matter experts. Ideating in a vacuum can be challenging, so being able to stress test things rapidly with these experts allowed us to change course quickly as new information was introduced. Winning the best Risk Management and Compliance idea award was rewarding, especially as we were able to ideate a solution to such a critical accessibility issue. Ultimately, our goal was to help create a fairer, more equitable, and inclusive housing finance system. A big shoutout to my teammates, Wemimo Abbey, Joseph Karbowski, Will Regenauer, and Eddy Atkins. What inspired Team Arsenal to focus on identifying potential gaps in ADA compliance within multifamily buildings, and what were some of the key challenges your team faced during the process? My mother has suffered from several disabilities most of her life. With age, she has become more wheelchair-dependent, and traveling has become a major challenge. On a recent family trip, the entry to our hotel building wasn’t ADA-compliant, and I had to carry her up a flight of stairs. It was frustrating to deal with. I later went down a rabbit hole around ADA compliance and, much to my surprise, learned that only 0.15% of all homes in the U.S. are wheelchair accessible! As we explored the problem space further as a team, we learned how difficult it is to ensure that new and existing rental homes are ADA-compliant. We hypothesized that a solution is needed to establish incentives for borrowers, lenders, and GSEs to meet compliance. A technological solution could more easily enable multi-family lenders and builders to identify rental units that are non-ADA compliant and could provide ways to address the gaps. We noticed two primary challenges: an enforcement gap and an incentive gap. We learned that agency loans (Fannie Mae and Freddie Mac) account for most multi-family home loan originations. If we could tackle the enforcement challenge at the GSE level, we could set up the proper incentives for all players in the multi-family lending process. By providing tools to both the borrower and the GSE’s, we could help foster a more inclusive and accessible rental housing market. How do you envision your AI-driven solution impacting the rental housing market and improving ADA compliance for multifamily buildings? We wanted to ensure that we leveraged the true power of Generative AI, which meant that our solution could take multimodal inputs and produce multimodal outputs. For example, we could train the Generative AI model on photos of interior multi-family rental units and structured or unstructured text like building sketches, site layouts, and local building codes. We could then incorporate ADA design requirements and analyze discrepancies. The result would be a compliance report or tool outlining the adherence level to ADA design requirements and providing tips and recommendations on remediation. The solution could be delivered as a free tool by the GSEs, who could incentivize its usage by offering price concessions to borrowers. Developers could also use the tool to evaluate whether new or existing builds were ADA-compliant. How did your background and experience with Experian contribute to developing your team's winning idea at the FHFA TechSprint? Much of my role at Experian has involved exploring ways to leverage proprietary and public record property data for marketing, account review, and analytical use cases. I work very closely with property data at Experian, so I was very familiar with the types of input fields of property data that would be the most relevant to improving a generative AI model output. Specifically, in our use case, we wanted to train the model to better identify homes and features that were non-compliant with ADA and provide clear remediation steps. We knew that public record property information was available from various sources and could be leveraged as additional third-party input data to improve our model accuracy. What advice would you give to other teams or individuals looking to participate in future TechSprint events, especially those aiming to tackle complex issues like risk management and compliance? It’s important to remember that an ideal solution is both impactful and practical. Practicality is achieved when the solution has both business and technical viability. Therefore, it’s crucial to carefully vet problems and solutions by understanding their viability. Working as a team to solve the problem means leveraging the expertise of subject matter experts around you. Each team member should draw on their strengths, making the collective effort stronger than individual contribution. Most importantly, fairness, inclusivity, and accessibility matter. An effective solution should strive to have a positive social impact in addition to other considerations. Winning with purpose Ivan’s journey through the FHFA 2024 TechSprint exemplifies the innovative and collaborative spirit that drives our team at Experian. His reflections highlight the impact of well-designed technological solutions on critical issues like ADA-compliance in multifamily housing. We hope Ivan’s experience inspires others to explore their potential in solving complex problems and to participate in future TechSprints, where innovative thinking and a commitment to social good can lead to meaningful change.

Driven by a range of appealing factors including lower monthly payments and a wider array of models—due to the continuous rise in new vehicle inventory—leasing has reappeared as an optimal choice for consumers who are in the market for a vehicle. According to Experian’s State of the Automotive Finance Market Report: Q2 2024, leasing increased to 25.35%, up from 21.14% in Q2 2023 and 19.30% the year prior. While the average monthly payment and interest rate for a new loan modestly increased year-over-year, leasing is increasingly becoming a more attractive option for those leaning towards flexibility and affordability. For example, the average monthly payment on a leased vehicle was $148 less than a loan this quarter. What’s more, it seems consumers are leaning towards larger vehicles. For instance, the Honda CR-V (2.98%) continued to lead the top leased models in Q2 2024, and it was followed closely by the Tesla Model Y (2.61%). Rounding out the top five were the Honda Civic (2.29%), Ford F-150 (2.02%), and Chevrolet Silverado 1500 (1.86%). Prime financing grows and lease payments decline across all segments When looking at risk distribution trends in Q2 2024, prime consumers accounted for nearly 70% of the total finance market—with prime coming in at 37.82%, down from 39.84% last year and super prime increasing from 28.98% to 31.59% year-over-year. Subprime also saw a slight increase, going from 13% to 13.06% during the same period. It’s notable that all risk segments experienced a decrease in average monthly payments for leased vehicles, as super prime went from $601 in Q2 2023 to $586 in Q2 2024, prime declined to $583 this quarter, from $596 last year, and subprime was at $597, from $611. With the average monthly payments declining year-over-year for majority of shoppers, it can potentially create a more competitive market and drive more consumers towards this finance option—something automotive professionals should keep a close eye on. New and used vehicle finance market overview Data in Q2 2024 found that new vehicle loan amounts increased slightly, reaching $40,927, up from $40,743 last year, and the average interest rate went from 6.78% to 6.84% year-over-year. Despite the increases, the average monthly payment for a new vehicle only experienced a $1 growth to $734 this quarter. On the used side, the average loan amount declined from $27,316 Q2 2023 to $26,248 in Q2 2024, and the average rate grew from 11.47% to 12.01% in the same time frame. Though, the average monthly payment declined to $525 this quarter, from $536 last year. As the automotive industry continues to adapt to the changing market conditions and consumer preferences, it’s important for professionals to leverage the most current data—this will allow them to effectively assist consumers by meeting their financial needs with the available options. To learn more about automotive finance trends, view the full State of the Automotive Finance Market: Q2 2024 presentation on demand.