All posts by Guest Contributor

Last week we had the pleasure of joining more than 400 clients at the 35th annual Vision Conference — connecting business leaders to ideas and solutions. Over the next few weeks, we’ll be sharing some insights from our fraud and identity dedicated session track. I had the pleasure of presenting alongside the U.S. Secret Service, and we had a packed session to discuss the Dark Web — what it is, how it’s accessed, how criminals are exploiting it to commit fraud and the human impact of the massive global cybercrime problem. According to McAfee®, cybercrime represents a $500 billion cost to the global economy — and that’s projected to rise to $600 billion this year, outpacing any other form of crime. With the Internet economy generating between $2 trillion and $3 trillion annually, that means cybercrime is extracting roughly 15 to 20 percent of the entire value created by the Internet. This is a massive problem, and it’s not going away. Unfortunately, there are countless tools and services to commit fraud available on the Web, providing attackers with the cloak of anonymity they need to compromise accounts, mimic legitimate users and submit fraudulent transactions. Device intelligence helps unmask these activities. It is a critical component to defend against the threat, and it provides insight into every interaction throughout a typical customer journey (from account setup to login and account maintenance to transactions). Without this visibility into users’ historical behavior and typical population patterns, organizations often have limited options to target attackers and identify anomalous behaviors. This is key to a successful cybercrime detection and mitigation strategy. Another important point in the session regarded recent law enforcement and private industry successes in identifying, tracking, apprehending and prosecuting online attackers. We thankfully have made significant strides in this area, as evidenced by the work of the Secret Service and other law enforcement organizations, but the collaboration must continue — and intensify. As mentioned in a CNBC story published on the same day as our presentation, the Dark Web is an increasingly mainstream source for everything from financial crime to drug trade and human trafficking. Unfortunately, most businesses are in the dark about the growing criminal underground, but Experian can help. With proper fraud expertise and innovative tools to defend against these ever-evolving threats, organizations can uncloak the attackers and safeguard the business.

HELOC originations continued to benefit from the real-estate recovery and consumer desire to tap into available equity. According to the latest Experian–Oliver Wyman Market Intelligence Report, HELOC originations totaled $37.7 billion during Q1 2016 — an increase of 14% over Q1 2015. As HELOC originations continue their growth trend, lenders can stay ahead of the competition by using advanced analytics to target the right customers and increase profitability. Revamp Mortgage Acquisition Strategies

False declines are often unwarranted and occur due to lack of customer information Have you ever been shopping online, excited to get your hands on the latest tech gadget, only to be hit with the all-too-common disappointment of a credit card decline? Whom did you blame? The merchant? The issuer? The card associations? The answer is probably all of the above. False declines like the situation described above provoke an onslaught of consumer emotions ranging from shock and dismay to frustration and anger. Of course, consumers aren’t the only ones negatively impacted by false declines. Many times card issuers lose their coveted “top of wallet” position and/or retailers lose revenue when customers abandon the purchase altogether. False declines are unpleasant for everyone, yet consumers struggle with this problem every day — and fraud controls are only getting tighter. How does the industry mutually resolve this growing issue? The first step is to understand why it occurs. Most false declines happen when the merchant or issuer mistakenly declines a legitimate transaction due to perceived high risk. This misperception is usually the result of the merchant or issuer not having enough information to verify the authenticity of the cardholder confidently. For example, the consumer may be a first-time customer or the purchase may be a departure from the card holder’s normal pattern of transaction activity. Research shows that lack of a holistic view and no cross-industry transaction visibility result in approximately $40 billion of e-commerce declines annually. Think about this for a minute — $40 billion in preventable lost revenue due to lack of information. Merchants’ customer information is often limited to their first-hand information and experience with consumers. To solve this growing problem, Experian® developed TrustInsight™, a real-time engine to establish trusted online relationships over time among consumers, merchants and issuers. It works by anonymously leveraging transactional information that merchants and financial institutions already have about consumers to create a crowd-sourced TrustScore™. This score allows first-time online customers to get a VIP experience rather than a brand-damaging decline. Another common challenge for merchants is measuring the scope of the false declines problem. Proactively contacting consumers, directly capturing feedback and quickly verifying transaction details to recoup potential lost sales are best practices, but merchants are often in the dark as to how many good customers are being turned away. The solution — often involving substantial operational expense — is to hold higher-risk orders for manual review rather than outright declining them. With average industry review rates nearing 30 percent of all online orders (according to the latest CyberSource Annual Fraud Benchmark Report: A Balancing Act), this growing level of review is not sustainable. This is where industry collaboration via TrustInsight™ offers such compelling value. TrustInsight can reduce the review population significantly by leveraging consumers’ transactions across the network to establish trust between individuals and their devices to automate more approvals. Thankfully, the industry is taking note. There is a groundswell of focus on the issue of false declines and their impact on good customers. Traditional, operations-heavy approaches are no longer sufficient. A trust-based industry-consortium approach is essential to enhance visibility, recognize consumers and their devices holistically, and ensure that consumers are impacted only when a real threat is present.

According to a recent Experian survey, the majority of newlyweds say financial responsibility is a key quality in a spouse. Yet many neglect to discuss finances with their partner before marriage. Other factors unknown to newlyweds include: Their spouse’s credit score (40%) Their spouse’s annual income (25%) Their spouse’s long-term financial goals (31%) The amount of their spouse’s student loan debt (31%) As newlyweds face a blending of finances for a promising tomorrow, lenders can help by providing personalized credit education to start building strong relationships with these potentially loyal, creditworthy customers. Survey Results: Newlyweds and Credit

This article first appeared in Baseline Magazine Since it is possible for cyber-criminals to create a synthetic person, businesses must be able to differentiate between synthetic and true-party identities. Children often make up imaginary friends and have a way of making them come to life. They may come over to play, go on vacation with you and have sleepover parties. As a parent, you know they don’t really exist, but you play along anyway. Think of synthetic identities like imaginary friends. Unfortunately, some criminals create imaginary identities for nefarious reasons, so the innocence associated with imaginary friends is quickly lost. Fraudsters combine and manipulate real consumer data with fictitious demographic information to create a “new” or “synthetic” individual. Once the synthetic person is “born,” fraudsters create a financial life and social history that mirrors true-party behaviors. The similarities in financial activities make it difficult to detect good from bad and real from synthetic. There really is no difference in the world of automated transaction processing between you and a synthetic identity. Often the synthetic “person” is viewed as a thin or shallow file consumer— perhaps a millennial. I have a hard time remembering all of my own passwords, so how do organized “synthetic schemes” keep all the information usable and together across hundreds of accounts? Our data scientists have found that information is often shared from identity to identity and account to account. For instance, perhaps synthetic criminals are using the same or similar passwords or email addresses across products and accounts in your portfolio. Or, perhaps physical address and phone records have cross-functional similarities. The algorithms and sciences are much more complex, but this simplifies how we are able to link data, analytics, strategies and scores. Identifying the Business Impact of Synthetic-Identity Fraud Most industry professionals look at synthetic-identity fraud as a relatively new fraud threat. The real risk runs much deeper in an organization than just operational expense and fraud loss dollars. Does your fraud strategy include looking at all types of risk, compliance reporting, and how processes affect the customer experience? To identify the overall impact synthetic identities can have on your institution, you should start asking: Are you truly complying with "Know Your Customer" (KYC) regulations when a synthetic account exists in your active portfolio? Does your written "Customer Identification Program" (CIP) include or exclude synthetic identities? Should you be reporting this suspicious activity to the compliance officer (or department) and submitting a suspicious activity report (SAR)? Should you charge off synthetic accounts as credit or fraud losses? Which department should be the owner of suspected synthetic accounts: Credit Risk, Collections or Fraud? Do you have run any anti-money laundering (AML) risk when participating in money movements and transfers? Depending on your answers to the above questions, you may be incurring potential risks in the policies and procedures of synthetic identity treatment, operational readiness and training practices. Since it is possible to create a synthetic person, businesses must be able to differentiate between synthetic and true-party identities, just as parents need to differentiate between their child's real and imaginary friends.

Experian’s 2016 Digital Marketer Report reveals the key issues impacting marketers today. 38% of marketers rank knowing customer needs, wants and attitudes as their top challenge. Other key challenges include: Increasing visibility over competitors (35%) Staying ahead of new marketing trends (33%) Integrating multiple marketing technologies and platforms (32%) Making messages relevant/contextual (27%) Companies can increase engagement by leveraging data and technology to understand customers and provide exceptional experiences through every channel, every time. >> Download The 2016 Digital Marketer Report

As new vehicle prices continue to rise, more consumers are turning to leasing as a cost-effective auto financing option. Findings from the most recent State of the Automotive Finance Market report show that the average lease payment for Q4 2015 was $412 (versus the average loan payment of $493). Not surprisingly, due to the fact that most consumers tend to finance vehicles based on monthly prices, leasing reached a record high, accounting for 33.6% of all new financing during the quarter. Lenders can design more effective strategies by using analytics to gain insight into the latest trends and to target the right customers for automotive leases and loans. >> Video: Auto Acquisition Strategies

What difference does $4.40 make? It can’t buy you much on its own, but it can make a world of difference when you’re handling the aftermath of a data breach or other cyberattack. That’s how much cyber insurance protection reduces the per-record cost of a data breach, according to the Ponemon Institute’s 2015 Cost of a Data Breach report. Whether you’re a small business owner with just a few hundred customers or a global corporation with records in the millions, the cost of being without cyber insurance in the wake of an incident can be extreme. When you consider the sheer number of records involved in recent mega-breaches — more than 78 million in the Anthem breach alone — the cost reduction can easily soar into hundreds of million dollars saved. And while smaller businesses may have fewer records to be breached, the impact of an attack can be even more devastating to them than to global entities when they experience a mega-breach. Yet less than one-third (32 percent) of businesses surveyed for Ponemon’s study reported having cyber insurance. The percentage was a bit better when the Risk Management Society (RIMS) asked 284 of its members about cyber insurance; 51 percent reported having stand-alone cyber insurance policies. Even fewer small businesses report having cyber insurance. Just 5 percent of small business owners surveyed by Endurance International Group said they carried cyber insurance, despite 81 percent believing cybersecurity is a concern for small business. Those who have cyber insurance clearly understand its value. RIMS members said they bought policies to: Reduce the risk of an incident damaging their company’s reputation (79 percent). Minimize the potential impact of business interruption (78 percent). Aid in data breach response and notification (73 percent). What’s more, of the RIMS members who didn’t have cyber insurance, 74 percent said they were considering buying it within the next 12–24 months. While small business owners also appear aware of the risk, they seem less cognizant of the benefits of cyber insurance and other cybersecurity measures. Endurance found that although 94 percent of small business owners said they do think about cybersecurity issues, and nearly a third have experienced an attack or an attempt, just 42 percent have invested in cybersecurity in the past year. A widely reported study by the National Cyber Security Alliance asserts that 60 percent of small businesses that experience a data breach go out of business within six months. Cyber insurance premiums vary widely and are largely tied to a company’s revenues and exposure. Policies typically aim to address risks commonly associated with a cyberattack, including: Liability for loss of confidential information that occurs through unauthorized access to a company’s computer systems. Data breach costs including notification of affected consumers, customer support and providing credit monitoring to affected customers. The costs of restoring, improving or replacing compromised technologies. Regulatory compliance costs. Business interruption expenses. Of course, like virtually any other type of insurance, cyber insurance policies can be customized to address the risks facing the individual policy holder. Many in the insurance industry feel that cyber insurance products have matured, evolving into a type of protection that businesses both large and small simply can’t afford to do without. When you consider the devastating risk of facing a cyberattack without insurance, that simple per-record cost savings of just $4.40 takes on a much deeper meaning. While more large companies are seeing the value of cyber insurance, small business owners need to begin incorporating this valuable type of protection into their overall cyber security plans. Learn more about our Data Breach solutions

Whether its new regulations and enforcement actions from the Consumer Financial Protection Bureau or emerging legislation in Congress, the public policy environment for consumer and commercial credit is dynamic and increasingly complex. If you are interested to learn more about how to navigate an increasingly choppy regulatory environment, consider joining a breakout session at Experian’s Vision 2016 Conference that I will be moderating. I’ll be joined by several experts and practitioners, including: John Bottega, Enterprise Data Management Conor French, Funding Circle Troy Dennis, TD Bank Don Taylor, President, Automated Collection Services During our session, you’ll learn about some of the most trying regulatory issues confronting the consumer and commercial credit ecosystem. Most importantly, the session will look at how to turn potential challenges into opportunities. This includes learning how to incorporate new alternative data sets into credit scoring models while still ensuring compliance with existing fair lending laws. We’ll also take a deep dive into some of the coming changes to debt collection practices as a result of the CFPB’s highly anticipated rulemaking. Finally, the panel will take a close look at the challenges of online marketplace lenders and some of the mounting regulations facing small business lenders. Learn more about Vision 2016 and how to register for the May conference.

A recent Experian study reveals that tax filing, document collection and refund processing are done online more often, yet only 6% of consumers file taxes on a computer with up-to-date antivirus software. 79% filed their most recent tax return online, up from 73% in 2011 18% scan and save their tax documents electronically, up from 6% in 2011 More than 75% of respondents have used EFT for tax refunds As electronic filing continues to grow, identity theft is likely to increase. While consumers should take steps to protect themselves, businesses also need to employ identity theft protection solutions to safeguard consumer information. >> Identify and prevent fraud

Device emulators — wolves in sheep’s clothing Despite all the fraud prevention systems and resources in the public and private sectors, online fraud continues to grow at an alarming rate, offering a low-risk, high-reward proposition for fraudsters. Unfortunately, the Web houses a number of easily accessible tools that criminals can use to perpetrate fraud and avoid detection. The device emulator is one of these tools. Simply put, a device emulator is one device that pretends to be another. What began as innovative technology to enable easy site testing for Web developers quickly evolved into a universally available tool that attackers can exploit to wreak havoc across all industry verticals. While it’s not new technology, there has been a significant increase in its use by criminals to deceive simple device identification and automated risk-management solutions to carry out fraudulent activities. Suspected device emulation (or spoofing) traffic historically has been difficult to identify because fraud solutions rely heavily on reputation databases or negative lists. Detecting and defeating these criminals in sheep’s clothing is possible, however. Leveraging Experian’s collective fraud intelligence and data modeling expertise, our fraud research team has isolated several device attributes that can identify the presence of an emulator being used to submit multiple transactions. Thanks to these latest FraudNet rule sets, financial institutions, ecommerce merchants, airlines, insurers and government entities alike now can uncloak and protect against many of these cybercriminals. Unfortunately, device emulators are just one of many tools available to criminals on the Dark Web. Join me at Vision 2016, where U.S. Secret Service and I will share more tales from the Dark Web. We will explore the scale of the global cybercrime problem, walk through the anatomy of a typical hack, explain how hackers exploit browser plug-ins, and describe how enhanced device intelligence and visibility across all channels can stop fraudsters in their tracks. Listen to Mike Gross as he shares a short overview of his Vision 2016 breakout session in this short video. Don’t miss this innovative Vision 2016 session! See you there.

In today’s interconnected world, reaching consumers should be as simple as sending a text or calling their cell phone. However, complying with the Telephone Consumer Protection Act (TCPA) can create an almost insurmountable mountain. While the law has been in place since 1991, TCPA litigation continues to be a considerable source of potential legal and compliance risk for companies communicating with consumers.  There were 1,908 TCPA lawsuits in 2014, an increase of 30 percent over the previous year, and a 231 percent increase in the last four years. Is your business facing challenges in complying with TCPA? Do you want to learn more about the changing and challenging TCPA legal and regulatory framework? Are you looking for best practices on how to win the battle of right party contact? Then you should join us for a breakout session solely focused on TCPA at Experian’s Vision 2016 Conference. The panel features a number of subject matter experts who will be able to provide attendees with a look at this law and some of the best practices to manage risk and ensure compliance. Panelists include: Mary Anne Gorman, Experian Tony Hadley, Experian Tom Gilbertson, Venable LLC   To learn more more about TCPA best practices, check out Experian’s annual Vision Conference in May.

According to Experian’s State of the Automotive Finance Market report, the average amount financed for a new vehicle in Q4 2015 was $29,551 — up $1,170 from 2014 and the highest amount on record since Experian began tracking auto loan amounts in 2008.

According to a recent Experian study, women handle money, debt and financial decisions better than men.

Whether it is an online marketplace lender offering to refinance the student loan debt of a recent college graduate or an online small-business lender providing an entrepreneur with a loan when no one else will, there is no doubt innovation in the online lending sector is changing how Americans gain access to credit. This expanding market segment takes great pride in using “next-generation” underwriting and credit scoring risk models. In particular, many online lenders are incorporating noncredit information such as income, education history (i.e., type of degree and college), professional licenses and consumer-supplied information in an effort to strike the right balance between properly assessing credit risk and serving consumers typically shunned by traditional lenders because of a thin credit history. Regulatory concerns The exponential growth of the online lending sector has caught the attention of regulators — such as the U.S. Treasury Department, the Federal Deposit Insurance Corporation, Congress and the California Business Development Office — who are interested in learning more about how online marketplace lenders are assessing the credit risk of consumers and small businesses. At least one official, Antonio Weiss, a counselor to the Treasury secretary, has publicly raised concerns about the use of so-called nontraditional data in the underwriting process, particularly data gleaned from social media accounts. Weiss said that “just because a credit decision is made by an algorithm, doesn’t mean it is fair,” citing the need for lenders to be aware of compliance with fair lending obligations when integrating nontraditional credit data. Innovative and “tried and true” are not mutually exclusive Some have suggested the only way to assuage regulatory concerns and control risk is by using tried-and-true legacy credit risk models. The fact is, however, online marketplace lenders can — and should — continue to push the envelope on innovative underwriting and business models, so long as these models properly gauge credit risk and ensure compliance with fair lending rules. It’s not a simple either-or scenario. Lenders always must ensure their scoring analytics are based upon predictive and accurate data. That’s why lenders historically have relied on credit history, which is based upon data consumers can dispute using their rights under the Fair Credit Reporting Act. Statistically sound and validated scores protect consumers from discrimination and lenders from disparate impact claims under the Equal Credit Opportunity Act. The Office of the Comptroller of the Currency guidance on model risk management is an example of regulators’ focus on holding responsible the entities they oversee for the validation, testing and accuracy of their models. Marketplace lenders who want to push the limit can look to credit scoring models now being used in the marketplace without negatively impacting credit quality or raising fair lending risk. For example, VantageScore® allows for the scoring of 30 million to 35 million more people who currently are unscoreable under legacy credit score models. The VantageScore® credit score does this by using a broader, deeper set of credit file data and more advanced modeling techniques. This allows the VantageScore® credit score model to capture unique consumer behaviors more accurately. In conclusion, online marketplace lenders should continue innovating with their own “secret sauce” and custom decisioning systems that may include a mix of noncredit factors. But they also can stay ahead of the curve by relying on innovative “tried-and-true” credit score models like the VantageScore® credit score model. These models incorporate the best of both worlds by leaning on innovative scoring analytics that are more inclusive, while providing marketplace lenders with assurances the decisioning is both statistically sound and compliant with fair lending laws. VantageScore® is a registered trademark of VantageScore Solutions, LLC.