Margins and Paddings Update

I nearly made a bad mistake a couple of weeks ago after I received an email from a top online retailer stating there was a “problem with my recent order.” I had recently purchased several items and knew that any delay would jeopardize my holiday gift delivery. I was just about to click the “Login” button and then stopped. Thankfully, I had the presence of mind to double-check the sender, and, it wasn’t my favorite shopping site after all – just a really good fake email from a phishy sender. I had almost fallen victim to one of the oldest and most common fraud scams in the books — a phishing email. Phishing is the fraudulent practice of sending emails claiming to be from reputable companies. Fraudsters do this to get recipients to click a link and reveal personal information, like passwords and credit card numbers. Sometimes, they will even install malware on your mobile device or computer, directing you to a fake storefront to pilfer information like bank accounts or create new fraudulent accounts using your identity information. First, I thought, “Wow, what a dumb mistake, especially given our focus at work.” But phishing scams today have become more sophisticated and personal. We are all busy with life – our work, family, commute, and dinner plans, along with keeping up on the latest news cycle. Virtually anyone could be inclined to quickly click on a link stating there is an issue with their recent order. The best phishing scams are those that appear to come from a trusted source and reference real information about you, one of your recent shopping orders, or your personal preferences. Sometimes, a scam can even take the form of an “update” on the delivery of your recent orders, and you might rush into clicking links to resolve the problem. Know then trust What is it about phishing scams that make them so effective? It is the personal nature of the attack. The best ones are those that appear to come from a trusted source and discuss information about you, a recent order, your personal preferences, or even just to provide an “update” on delivery to rush you into clicking based on an issue or delay. One extremely lucrative attack that comes to mind is a recent UK bank attack where fraudsters obtained banking login credentials and accessed accounts in an attempt to submit fraudulent wire transfers. Posing as bank employees, the fraudsters contacted the accountholders to let them know that a fraudulent wire transfer attempt had been made on their account. And in order for the bank to cancel the wire, they needed the accountholders to provide a confirmation code that they would receive instantaneously through their mobile device to confirm their identity. What the accountholders didn’t realize is that the bank’s standard process for any wire transfer was to send a one-time password to the mobile phone number on file to confirm an abnormal transfer’s authenticity – not to stop fraudulent attempts. So, when the accountholders received the passcode, they unknowingly provided them to the fraudsters over the phone, effectively authenticating the transfers with the bank. Oh phishing fraud… Oh phishing fraud… But what about the holidays, you ask? Given our chaotic lives, fraudsters love to use phishing during the holidays. Attackers generally focus on major online retailers to enable the largest possible attack. Many consumers have established two-factor verification for accounts with top online retailers, but fraudsters can use this to their advantage if you’re not vigilant. For example, a scammer might send an email to suggest there is a problem with your recent order, then when you click on a link in the email to check on the issue, you might see a pop-up indicating that you’re using a different device than previously seen in the account. Without thinking too far into it, you’re given a one-time passcode that you enter to confirm your identity. The attacker can use your credentials and passcode to successfully log in as you, purchase goods using on-file payment information, and have the goods shipped to an alternate address. Another effective method for fraudsters is to leverage mediums that billions of consumers around the world use daily, like social media. This is the time of year where everyone is sharing photos and links with their friends and family – which is a prime opportunity for fraudsters to use malware or keyloggers to access social media accounts, masquerade as you, and amplify attacks by reaching out to all of your connections. And since fraudsters can just as easily take advantage of the latest AI and machine learning advances, scams are more sophisticated than ever before. Today’s attacks often use millions of servers worldwide to make attacks appear personal – to look like messages from a friend, family member, or other connection. They know your name, mention something personal that they found on one of your social media posts and ask you to do something – like click on the latest viral video or picture. This can all be done automatically and be sent to millions of people at the touch of a button. Send phishing scams on their way I know this all seems unsurmountable, but there are things that businesses and consumers can do to identify if they’ve been a victim and to avoid becoming a victim in these types of schemes. From a business perspective, the most effective approach is to assess users’ historical behavior. Are you seeing a large number of customers trying to move similar amounts to recently linked accounts or purchasing huge volumes of in-demand items? Perhaps the contact center is getting a lot of calls claiming fraud, which can be a sign of recent fraud attacks. Businesses can closely monitor transactions, educate their employees and customers to not click on untrusted links, and make sure there is more than one person to sign off on any account changes or large money transfers. For consumers, the number one thing you can do is to immediately contact the organization or financial institution where you were victimized. I know this takes time out of an already busy day, but it provides the best chance of recouping any lost funds. The other thing you can do is to immediately notify your social contacts about the scam if you’ve fallen victim. That way, others can protect themselves and help limit the damage and spread of any phishing incident. My experience with an “almost” phishing scam is that no one is immune. But the more everyone is aware of the potential consequences and how they can protect themselves, the less likely phishing attempts will be successful. Check out the Experian Insights blog to learn more about how Experian helps businesses and consumers during the holidays and throughout the year.

It’s an exciting time for all of us at Experian. When I became CEO, just over four years ago, we set a clear path to put an even greater focus on our relationship with consumers and how we can help them in their financial journey. Today, as we prepare to launch Experian Boost, we are marking a major milestone in that commitment. There are more than 100 million Americans who don't have fair access to credit today. These consumers are often overlooked by lenders and forced to rely on high interest credit cards and loans. Too often they find themselves stuck in a never-ending cycle in which the best of intentions and the desire for a better financial future clash with reality. At Experian, we know that a credit score is the gatekeeper to better financial opportunities. It can make or break people’s access to the very things that help them thrive in today’s economy like getting a loan for a family car or access to a credit card with a lower interest rate. Unfortunately, many consumers have credit files that are considered too “thin”. And while they may be paying their utility, mobile phone and cable TV bills on time month after month, this responsible behavior hasn’t been acknowledged or rewarded with a higher credit score. Experian Boost changes this scenario and give consumers the credit they deserve. As a business, we want to ensure that as many people as possible can access and participate in the financial system and we believe everyone deserves a fair shot at achieving their financial dreams. Today’s Experian Boost announcement drives our mission forward by giving consumers more control over their credit score. This industry-first online platform will give consumers an opportunity to instantly improve their credit scores by adding positive telecom and utility payment information directly into their credit profile. Experian Boost is free and will be accessible to every credit-active adult in America. We recently briefed Experian’s Consumer Council, a group of 12 leaders from organizations committed to helping consumers on their financial journey, on Experian Boost with great feedback. Here’s what one of the organizations, the Credit Builders Alliance, had to say: “Limited credit activity and history are key barriers for consumers to achieve their financial goals,” said Dara Duguay, executive director, Credit Builders Alliance. “We fully support initiatives that promote financial inclusion and think Experian Boost could play an important role in overcoming that barrier. We look forward to seeing how Experian’s new platform impacts consumers.” Innovations like this and the modernization of an industry don’t happen easily. I couldn't be prouder of our employees who have been working for past three years to make this platform a reality. We are pioneering a bright future for the world of credit with Experian Boost, a product which is emblematic of the innovation culture we foster at Experian. Experian has a fundamental purpose that is shared by colleagues around the world: to strive to be a champion for the consumer. With Experian Boost, we're bringing our purpose to life and we can’t wait to share it with you. To find out more about Experian Boost, please visit: experian.com/boost.

Most of us have experienced the feeling of frustration when it comes to online security protocols. You need to log-in to an account, but you’ve forgotten your password. When you choose an option to reset your password, you are asked to answer one of your security questions. But you forget which movie you said was your favorite while you were growing up. You take a guess, but unfortunately it’s the wrong one and you find yourself locked out of your account. At this point, you’re annoyed and wonder why accessing your account is so difficult in the first place. Historically, the attempt to balance customer security and convenience has been one of the biggest challenges online businesses have faced. As consumer expectations for smooth online experiences increase, businesses aim to deliver security protocols that make customers feel safe and protected, while allowing for easy and convenient access. According to our recent Global Fraud and Identity Report, 66 percent of consumers like security protocols when they transact online because it makes them feel protected. In fact, the lack of visible security was the number one reason customers abandoned a transaction. However, while consumers may tolerate the nuisance of common barriers to accessing their accounts, including forgetting their password or having to re-renter other security controls like CAPTCHA or two-factor authentication, higher friction doesn’t necessarily mean better security or a better overall experience. If businesses were able to offer a frictionless customer experience that was as secure, if not more secure, than the experience today, they could potentially increase overall revenue and growth. One-third of the consumers we surveyed said they would do more transactions online if there weren't so many security hurdles to overcome. And the number rose even higher in different age groups. For instance, the percentage rose to 42 percent when it came to millennials. We believe that a fundamental shift in the thinking is required. No longer, should businesses attempt to balance security against consumer convenience, but rather, we believe that with the right use of technology, analytics and data, both goals can be simultaneously achieved. In the name of both security and convenience independently, we are already seeing data-driven, artificial-intelligence powered systems operating behind the scenes. We believe that a merging of these two functions will yield significant benefits for the business as a whole. For this to work, businesses will need to gain and maintain the customer's trust without the familiar perception of security. Customers want to be recognized and businesses want to address the growing fraud they are experiencing. Solutions that combine device and behavioral intelligence with other data points such as biometrics, processed via advanced machine-learning, could help businesses in the future, simultaneously recognize their customers more accurately, and do so without challenging them. Winning companies will move from balancing security against convenience, to achieving both goals via a synergistic approach, and ultimately will evolve trust through technology, data and analytics.