Test

Insights from the Cyber Risk Summit Beverly Hills – October 2023 Authored by Ryan Coyne I recently participated in a panel with industry experts, delving into third-party cyber risks. The panel shed light on best practices, challenges, and strategies to mitigate the impact of third-party incidents. Panel Participants: Stu Panensky (Moderator) – FisherBroyles, LLP Ryan Coyne – Experian Tom Egglestone – Resilience Mark Grazman – Fenix24  Matthew Saidel – FTI Consulting Agenda: Incident Best Practices: Collaboration & Coordination on IR Action Items Upstream Risk of Third Parties: Vendors, Suppliers & Business Partners Downstream Risk in the Policyholder Supply Chain The Cyber Risk Summit held in Beverly Hills provided valuable insights into the risks of engaging unsecured third parties. Key Takeaways Understanding the Significance Tom emphasized the longstanding nature of cyber risk exposure tied to third-party relationships. The increasing reliance on external vendors in a tech-enabled world has heightened this risk, especially with the surge in outsourcing and software adoption. Tom highlighted that, even in 2019, Gartner research indicated that 60% of surveyed companies worked with over 1000 third parties in their supply chain, setting the stage for the escalated risk environment post-pandemic. Crisis Communications in Third-Party Incidents Matt shared insights into the challenges faced when third-party incidents unfold. The necessity of involving crisis communications consultants early in the process, especially for upstream and downstream, was stressed. Preserving the right to operate and maintaining client trust amid incidents were key points Matt made.Hands-On Restoration PerspectiveMark, providing a hands-on restoration perspective, discussed the rarity of involvement at the inception of an event. His emphasis on locking down infrastructure, understanding the threat actor’s persistency, and encouraging robust backup strategies showcased the intricacies involved in restoration efforts.“Restoration efforts often kick in when patient zero is unidentified. Locking down the infrastructure and focusing on repairing affected elements are essential” – Mark Grazman, Fenix24 Notification Strategies and Legal Implications Representing Experian, I shared my perspective on notification complexities that the average consumer may not be aware of, such as notifying everyone upfront versus opt-in processes. The legal implications of notifying on behalf of others and coordinating with multiple parties. The nuanced approach to call center communication and the crucial factor of making details clear in notification letters in minimizing confusion for recipients.I want to emphasize a point I made earlier in the panel on the downstream impact of notification strategies and the need to customize communication for recipients.“For these incidents, it’s most important to minimize complexity on the notification side and minimize confusion for the recipient of your notification letter.” – Ryan Coyne, Experian Insights from an Insurance Claims Handler Tom, as an insurance claims handler, underscored the importance of understanding vendor contracts, particularly clauses related to defense and indemnity. He highlighted the need for transparency in the vendor’s incident response process, especially when the insured isn’t in control, adding a layer of complexity to communication and expectation setting. Crafting a Seamless Notification Process: Public-Private Partnerships Stu Panensky, Moderator: Public-private partnerships emerged as a recurring theme during the panel discussions. The need for collaboration between law enforcement, insurance companies, and businesses became evident. Stu emphasized the role of public-private partnerships in influencing better outcomes and impacting data protection, regulation, and litigation. The insights from the 2023 Beverly Hills Cyber Risk Summit underline the interconnected nature of cyber risks and the critical importance of proactive measures. Stakeholders are urged to adopt a collaborative approach, navigate legal complexities, and stay vigilant in the face of evolving challenges. I welcome you to watch the full discussion on-demand. Watch the panel session on-demand now

This article was updated on February 5, 2024. Identity management can refer to how a company creates, verifies, stores, and uses its customers' digital identities. Traditionally, many large organizations relied on a highly segmented and siloed approach. For example, marketing, risk, and support departments might each have a limited view of a customer, and the tools and systems that support their specific purpose. Organizations are now shifting to a more holistic approach to enterprise identity management. By working together, departments help contribute to building a more complete, single view of a customer. Some companies have renewed or increased their focus on the transformation during the pandemic, and the transition to an enterprise-wide identity management strategy can have long-lasting benefits. But it isn't always easy. Challenges of an enterprise-wide identity management strategy Gathering the initial momentum needed to break out of a siloed approach can be particularly challenging for large organizations when each business unit has an ingrained identity system that meets the unit's needs. Smaller organizations might have an easier time gathering consensus, but budget or technological limitations may be serious constraints. Even after a decision is made and the budget gets set aside, organizations need to think through how they'll create and manage a new enterprise-wide identity management system. It's not a one-and-done upgrade. For the strategy to succeed, you'll need to have processes in place to onboard, verify, secure, and activate the new digital identities. READ: What is Effective Multifactor Identity Authentication? Why use an enterprise-wide approach? Motivations and specifics can vary depending on an organization's size and structure, but some companies find a more holistic approach to customer identity management helps them: Improve customer experiences Save money by removing redundancies Boost sales with better-targeted marketing Better understand customers' needs Provide faster and more relevant support Make more informed decisions Detect and prevent fraud These benefits can play out across the entire customer lifecycle, and identity management systems are able to achieve this by pulling in data from various sources to build robust consumer identities and systems. Your internal, first-party data will be the most valuable and insightful, but you can append multidimensional data from third-party sources, such as consumer credit databases, demographic data or device data. And second-party data from partner brands or organizations. READ: Experian 2023 Identity and Fraud Report Consider the regulatory and security challenges An enterprise identity data management approach can also mean re-evaluating the applicable regulations and security challenges. The passage of the E.U.'s General Data Protection Regulation and California Consumer Privacy Act marked an important shift in how companies need to handle consumers' personal information — but that was only the start. Some U.S. states have also passed or are currently considering data privacy laws. Industry-specific regulations can apply as well, particularly in the healthcare and financial services industries. It's not as if a siloed approach lets an organization avoid regulation, but keeping current and upcoming laws in mind can be important during a large digital transformation. Additionally, consider how going beyond the minimum requirements could be beneficial. In a 2023 Experian white paper, we found that 61 percent of consumers want complete control over how companies use their personal data.1 Security also needs to be top of mind for any organization that collects and stores consumers' personal information. An enterprise-wide identity management system may make managing increasing amounts of data easier, which could help decrease fraud risks. And your customers may be willing to help — 67 percent are open to sharing data if it will increase security and help prevent fraud.2 Keeping customers' desires front and center Experian partnered with Aite-Novarica to study enterprise-wide identity management. All but one of the 12 executives interviewed said client experience is a primary or predominant driver in the transformation of their identity management programs.3 Once implemented, a holistic view of customers can increase the experience in many ways: Meaningful engagement: You can deliver relevant and timely offers if you understand when, where and why consumers are interested in your products and services. Similarly, you'll know who isn't a good fit and won't bother them (or waste money) by showing them ads. Verification: Using a single, persistent identity could make the initial and ongoing identity verification an easier process that doesn't disrupt consumers' lives or lead to frustration. Ongoing recognition: Nearly 70 percent of all consumers want businesses to recognize them across multiple visits.3 But you'll need to study your customers to determine how much friction is acceptable. Some people prefer security over convenience and are willing to trade a little time to use extra verification methods. Customer service: Having more insight into a customer's entire history and interactions with your organization can help you quickly respond when an issue arises, or even anticipate and solve potential problems. Security: Nearly two-thirds (64 percent) of consumers say they're very or somewhat concerned with online security.4 Companies that can quickly and accurately identify consumers can also help keep them safe from fraud and identity theft. While these may be some consumers' top concerns today, continue listening to your customers to better understand their wants and needs. WATCH: Webinar: Identity Evolved — Building consumer trust and engagement Implementing an enterprise-wide identity management strategy Identity management can become a daunting task, particularly as new data sources begin to flow. As a result, many organizations turn to outside partners who can help manage part, or all, of the process. For example, an identity management solution may offer identity resolution and help create and host an identity graph (the database that stores the unique digital identities). A more robust offering may also help with other parts of identity management, including ongoing data hygiene and helping you turn your unique customer insights into actionable marketing campaigns. Experience managing vast amounts of data is also important, as is access to additional offline and online data sources. In 2023, Experian found that 85 percent of companies said poor quality customer contact data negatively impacted their operation's processes and efficiency.5 An enterprise-wide system that allows business units to update a single customer profile with the latest contact information might help. But working with a data provider that appends the latest info from outside databases could be a better way to ensure you have customers' latest contact info. When researching potential partners, also consider how their offerings and approach align with your goals. If, like others, improving the customer experience is a priority, make sure the solution provider also has a customer-first approach. In turn, this means security is a top priority — it's what customers want and it's important for protecting you and your reputation. Learn more about Experian's identity management solutions and how you can benefit from working with a company that understands identities are personal. Learn more 1Experian (2023). White paper: Making identities personal 2Ibid. 3Aite-Novarica and Experian (2022). Enterprise Identity Management: Evolving Aspirations and Improved Collaboration Are Transforming the Discipline 4Experian (2023). Identity and Fraud Report 5Experian (2023). White paper: Making identities personal

  Auto dealerships may sell dreams of open roads and freedom, but unfortunately, they also attract a different kind of customer: the identity thief. With high-value transactions and access to sensitive personal information, auto dealerships are prime targets for various fraudulent schemes. So, buckle up as we explore the most common types of identity fraud impacting dealerships and how to keep your wheels safe. Four common fraud schemes dealers need to be aware of 1. Third-Party Identity Fraud (Stolen Identities): Hijacking the Identity Highway This method doesn't involve creating new identities; it steals existing ones. Thieves steal personal information, often through data breaches or phishing scams, and use it to apply for auto loans under the victim's name. The dealership unwittingly approves the loan, leaving the real person saddled with the debt and a ruined credit score. 2. Synthetic Identity (Fabricated Credentials): Frankenstein Fraud on the Fast Lane Think of synthetic identity fraud as identity theft with a twist. Criminals combine real and fake information, like stolen Social Security numbers and fabricated addresses, to create entirely new personas. These fabricated identities then build clean credit histories, allowing them to qualify for high-value loans like car financing. By the time the dealership realizes the fraud, the car, and the fake persona have vanished. 3. First Party: No Way Will I Pay This method doesn't involve creating new identities; rather it is when a person knowingly misrepresents their identity or gives false information for financial or material gain. Fraudsters often have no plans to pay for their vehicle. 4. Document Fraud: Paper Trails of Deception Fraudsters can also manufacture fake or altered documents like driver's licenses, proof of income and employment verification. These forged documents create a veneer of legitimacy, allowing them to bypass dealership verification checks and secure loans based on fabricated information. Four ways dealerships can keep their brakes on fraud 1. Robust verification: Implementing multi-factor authentication, cross-referencing information with reliable sources, and verifying documents with advanced technology can significantly reduce the risk of deception. Fraud Protect™ from Experian Automotive leverages license scanning and selfie capture to verify identity. Dealers can find the true person and verify the activity through device, behavior, and step-up services. 2. Employee vigilance: Training staff to identify suspicious behavior and report potential fraud attempts can create a strong internal defense system. Fraud Protect fits within your current systems and processes. The software integrates with your CRM and does not require heavy software training or any additional hardware simplifying employee usage. 3. Secure data: Investing in data security measures like encryption and access controls can significantly deter hackers and minimize the damage from data breaches. Fraud Protect leverages Experian’s world-class data to handle the customer relationship carefully and detect errors and discrepancies. 4. Partnerships: Collaborating with credit bureaus, law enforcement agencies and fraud prevention systems can provide valuable insights and resources for fighting fraud. Experian is the world’s leading information services company. Fraud Protect from Experian Automotive offers a unique partnership for dealers through seamless CRM integration. This simple process makes multiple levels of risk identification quick and efficient for busy buyers. By acknowledging the various forms of identity fraud and implementing proactive measures, dealerships can protect themselves and their consumers from the impact of identity fraud. Fraud Protect empowers dealers with our leading fraud, identity and verification capabilities, integrated within your unique workflows. Whether on your website, leveraged before test drives, initiating out-of-state & and remote closings, or before contracting, Fraud Protect quickly uncovers potential fraud. The entire process is a quick and painless way to address risk while establishing customer trust. Take the first step in protecting profits and preventing fraud by visiting our auto fraud prevention solutions webpage.