All posts by Guest Contributor

Data breach notification letters serve multiple purposes. They ensure a breached company is compliant with data breach notification laws, they alert consumers to the breach and their involvement in it, they can warn customers of potential identity theft risks and educate them on how to cope with those risks. The one thing no company wants its notification letter to do, however, is make the recipients any more upset than they already are. Yet that’s the reaction many consumers reported upon having received data breach notification letters, according to the study “The Aftermath of a Mega Data Breach: Consumer Sentiment.” Conducted by the Ponemon Institute on behalf of Experian Data Breach Resolution, the study provides some eye-opening insights into how consumers feel and what they do after receiving a breach notification letter. To put consumer sentiment in perspective, consider these revelations from the study: Among those polled, 63% said they felt the breached company should offer consumers identity theft protection by way of compensation, yet just 25% of people who had received a notification letter said were offered identity theft protection in that letter. The financial impact of the data breach was less significant for consumers than the emotional aspects. 81% of data breach victims said they had not out-of-pocket costs because of the breach. Conversely, 76% said they experienced stress as a result of the breach. Consumers ranked a data breach as the third-most damaging event for a company’s reputation. Only poor customer service and an environmental incident (e.g. an oil spill or pollution) were seen as more damaging. Other than getting stressed, what, then, do consumers do after they’ve received a data breach notification letter? Most do little or nothing at all, which should be just as concerning to companies as the customers who end their business relationship with a company in the wake of a data breach. More than half (55%) said they did nothing to protect their identities after receiving a notification letter, and 32% ignored the notifications and did nothing at all. This may seem counter-intuitive considering that the majority (77%) were at least somewhat to very concerned about becoming an identity theft victim because of the breach. Perhaps if these customers had been offered free identity theft protection in the notification letter, they would have accepted the offer. These survey results underscore the need for companies to send strong, informative and compassionate data breach notification letters – and to offer consumers identity theft protection as part of the company’s data breach response. Learn more about our Data Breach solutions

A recent Experian Consumer Services survey focusing on the most important attributes in a prospective spouse found that married adults value financial responsibility more than physical attractiveness.

It’s no secret that e-commerce merchants, retailers, and financial institutions are prime targets for these digital ghosts as they look to quickly monetize their recent data heist. Unfortunately, many organizations are still scrambling to deploy proper defenses. So how do you defend against an unregulated, networked enemy intent on inciting chaos and filling their bank accounts? Following any data breach, it is essential that organizations gain complete visibility of their customers and transactions across channels. Once a breach has occurred, it is critical for organizations to perform a forensic review of the attack to identify and understand all of the potential points of vulnerability, what data was stolen and how that data was transmitted back to the attackers. What can be more concerning is that the initial scope may quickly expand into something much larger. This makes it essential that retailers and financial institutions rapidly gain complete visibility of their customer data and transactions across channels and keep drilling-down until the root cause can be identified and protected against a repeat attack. Unfortunately, that type of consolidated view does not exist in most companies. Organizations need to ask themselves some serious questions. Do you really know who is logging into your customers’ accounts? Without realizing their data has been compromised, consumers can fall prey to personalized phishing attacks and “give away the keys” to their accounts. How can you be certain a VIP customer is really behind a high-dollar transaction being rushed to an overseas address? No one wants to decline legitimate orders from loyal customers; but with revenue, reputation and brand equity at stake, no one can afford to ignore the potential risk. What controls are in-place to ensure that a fraudster in Malaysia isn’t using legitimate identity data and an anonymous proxy to submit credit card applications that are a perfect match to credit bureau data? Or to alert when a long-standing offline banking relationship suddenly enrolls online? Once access is established, address and other data can be updated and sold to the highest bidder in underground forums. All of these questions can be addressed through the combination of complex device intelligence, a powerful risk engine and support from industry-leading experts in fraud and risk management. Even after a breach has occurred, the risk can be managed. First, consumers need to be informed on how to protect themselves from sophisticated use of their data. Second, arm your organization with a layered security strategy that includes device intelligence. This will prepare you for the onslaught of compromised card usage, fraudulent enrollments, phishing attacks and attempted account takeovers that follow in the wake of a data breach.

With the cost of new vehicles continuing to increase, consumers are opting for longer loan terms.

There are some definite misunderstandings about the lifecycle of fraud. The very first phase is infection – and regardless of HOW it happens, the victim’s machine has been compromised. You may have no knowledge of this fact and no control. All of that compromised data is off in the ether and has been sold. The next phase is to make sure that the next set of fraudsters can validate those compromised accounts and make sure they got their money’s worth. It’s only at the last phase – theft – that any money movement occurs. We call this out because there are a lot of organizations out there who have built their entire solution on this last phase. We would say you are about two weeks too late as the crime actually began much earlier. So how can you protect your organization? Here are five take-aways to consider: User / device trust. Do this user and device share a history? Has this user seen of been associated with this device historically? It may not be fraud but it is something we watch for. User / device compatibility. Does the user align with devices they’ve used in the past? What are the attributes of the device with respect to user preferences, profile and so on. Device hostility. Look at its behavior across your ecosystem. How many identities has it been associating with? Is it associated with a number of personal attributes or focused on risky activities? Malware. Does this device configuration suggest malware? Because we have information about the device itself, we can show that it’s been infected. Device reputation. Has this device been associated with previous crimes? There are some organizations who have built their entire solution around device reputation. We believe this is interesting to include but it’s more important to look at everything in the context across your entire ecosystem rather that focus on just one area. Want to learn more? Listen to this on-demand webinar “Where the WWW..wild things are – when good data is exploited for fraudulent gain”.

FICO, a leading predictive analytics and decision management software company, has partnered with 41st Parameter®, a part of Experian® and a leader in securing online relationships, to fight fraud on card-not-present (CNP) transactions, the top source of payment card fraud today, while letting more genuine transactions proceed in real time. FICO is integrating 41st Parameter’s TrustInsight™ with the FICO® Falcon® Platform, which protects 2.5 billion card accounts and is used by more than 9,000 financial institutions worldwide. Authenticating the device being used in a transaction provides yet another layer of detection to the Falcon Platform, which includes proprietary analytics based on more than 30 patents. 41st Parameter’s TrustInsight™ solution provides a real-time analysis of a transaction, crowd-sourced from a network of merchants, that produces a TrustScore™ indicating whether the transaction is likely to be genuine and should be approved. TrustInsight helps reduce the number of “false positives,” or good transactions that are declined or investigated by the card issuer. The TrustScore, integrated with the FICO Falcon Fraud Manager Platform, provides a link between data the merchant knows and data the issuer knows to enable issuers to utilize additional information that is not currently available in their fraud detection process, including the identification of a cardholder’s “trusted devices.” Read the entire release here.

During last week’s live webinar, David Britton, online fraud industry expert and vice president, industry solutions at 41st Parameter said this: “At 41st Parameter, we begin our days somewhat differently. We believe that the internet was never built for security in mind. We also assume that all user data has been stolen. Every bit of consumer data has been compromised. Why? It puts us on a much more heightened state of awareness to help mitigate the type of environment we work in. We also believe that we are not just fighting against naturally evolving organisms. Rather, we are combating a very sophisticated and powerfully-motivated individuals who are highly creative.” During the 45-minute live webinar, Britton also provided five distinct actions that businesses can take to help protect their organizations as well as real-world strategies for preventing and detecting fraud online AND maintaining a positive online experience for valued customers. Want to learn more? Link to the on demand webinar here and stay tuned for next month’s panel where we will focus on the surveillance and validation of data prior to theft. Viewers will be armed with tactics that they can leverage in their own organizations.

By: Mike Horrocks Living just outside of Indianapolis, I can tell you that the month of May is all about "The Greatest Spectacle in Racing", the Indy 500.  The four horsemen of the apocalypse could be in town, but if those horses are not sponsored by Andretti Racing or Pennzoil – forget about it.  This year the race was a close one, with three-time Indy 500 winner, Helio Castroneves, losing by .06 of a second.  It doesn’t get much closer. So looking back, there are some great lessons from Helio that I want to share with auto lenders: You have to come out strong and with a well-oiled machine.  Castroneves lead the race with no contest for 38 laps.  You cannot do that without a great car and team.   So ask yourself - are you handling your auto lending with the solution that has the ability to lead the market or are you having to go to the pits often, just to keep pace? You need to stay ahead of the pack until the end.  Castroneves will be the first to admit that his car was not giving him all the power he wanted in the 196th lap.  Now remember there are only 200 laps in the race, so with only four laps to go, that is not a good time to have a hiccup.  If your lending strategy hasn't changed "since the first lap", you could have the same problem getting across the the finish line?  Take time to make sure your automated scoring approach is valid, question your existing processes, and consider getting an outside look from leaders in the industry to make sure your are still firing on all cylinders. Time kills.  Castroneves lost by .06 seconds.   That .06 of a second means he was denied access into a very select club of four time winners.  That .06 of a second means he does not get to drink that coveted glass of milk.  If your solution is not providing your customers with the fastest and best credit offers, how many deals are you losing?  What exclusive club of top auto lenders are you being denied access to? Second place is no fun. If you're Castroneves, there's no substitute for finishing first at the Indianapolis Motor Speedway.  Likewise, in today’s market, there is more need than ever to be the Winner’s Circle.  Take a pit stop and check out your lending process and see how you're performing against your competitors and in the spirit of the race – “Ladies and gentlemen, start your engines!”  

According to the latest Experian-Oliver Wyman Market Intelligence Report, mortgage originations for Q1 2014 decreased by 53 percent over Q1 2013 - $235 billion versus $515 billion, respectively.

Although 60-day automotive loan delinquencies fell 1.7 percent at a national level when comparing Q1 2014 to Q1 2013, twenty-two states actually experienced a delinquency increase.

Experian's most recent Credit Trends study analyzing current debt levels and credit scores in the top 20 major U.S. metropolitan areas found that Detroit, Michigan, residents have the lowest average debt ($23,604) and Dallas, Texas, residents have the highest average debt ($28,240).1

Surag Patel, vice president of global product management for 41st Parameter, led a panel discussion on Digital Consumer Trust with experts from the merchant community and financial services industry at this week’s CNP Expo. During the hour-long session, the expert panel – which included Patel, Jeff Muschick of MasterCard and TJ Horan from FICO – discussed primary research explaining the $40 billion in revenue lost each year to unwarranted CNP credit-card declines and what businesses can do to avoid it. Patel began the Thursday morning session by asking the audience how many have bought something online—of course, everyone raised their hands. He then asked how many had been declined—about half the hands stayed up. “Of those with your hands still up,” he said, “how many of you are fraudsters?” The audience chuckled, but the reality of false positives and unnecessary declines is no laughing matter. Unnecessary declines cause lost revenue and damage the customer relationship with merchants, banks and card issuers. The panel cited a 41st Parameter survey of 1,000 consumers and described their responses to the question, what do you do after you get declined? While many would call the card issuer or try a different payment method, one in six would actually skip the purchase altogether, one in ten would purchase from a different online merchant, and one in twelve would go buy the item at a brick-and-mortar store. So regardless of who the customer blames, ultimately, when a good purchase is declined, everybody loses. Jeff Muschick, who works in fraud solutions for MasterCard, spoke about the need for a solid rules engine, and recommended embracing new tools as they emerge to enhance their fraud prevention strategy. He acknowledged that for smaller merchants, keeping up with fraudsters can be incredibly taxing, and often even at larger organizations, fraud departments are understaffed. For that reason, he highlighted a tool that many fraud prevention strategies are leaving on the table, and that’s cooperation: “We talk about collaboration, but it’s not as gregarious as we’d like it to be.” TJ Horan, who is responsible for fraud solutions at FICO, encouraged merchants, banks, and card issuers to mitigate the damage of good declines through customer education. He observed that “if there was a positive thing to come out of the Target breach (and that’s a big ‘if’), it is an increase in general consumer awareness of credit-card fraud and data protection.” This helps inform customers’ attitudes when they are declined, because they realize it is probably a measure being taken for their own protection, and they are likely to be more forgiving. Click here for more information about TrustInsight and how online merchants can increase sales by approving more trusted transactions.

Today, our TrustInsight division announced a major milestone at this year’s CNP Expo (CardNotPresent). TrustInsight provides reliable TrustScores for a significant portion of US digital consumers leveraging insights from150 of the top online retailers in the US. Now retailers, banks and credit card companies can confidently approve more legitimate CNP transactions. As Surag Patel, vice president, global product management, put it, “We have been working with some of the largest online merchants to help them determine the trustworthiness of a customer during a transaction to help let more good transactions through. The result has been a sharp increase in top-line revenue that can be measured in the tens of millions of dollars.” Patel is leading a panel discussion on Digital Consumer Trust at CNP Expo 2014 on Thursday, May 22 with experts from the merchant community and financial services industry. During the hour-long session, the expert panel will discuss primary research explaining the $40 billion in revenue lost each year to unwarranted CNP credit-card declines and what businesses can do to avoid it. Read the full release here.

Following a full year of steady improvement, small-business credit conditions stumbled during the first quarter of 2014.

As part of its guidance, the Office of the Comptroller of the Currency recommends that lenders perform regular validations of their credit score models in order to assess model performance.