Digital Technology

With the recent switch to EMV and more than 4.2 billion records exposed by data breaches last year*, attackers are migrating their fraud attempts to the card-not-present channel. Our recent analysis found the following states to be the riskiest for e-commerce fraud in 2016. Delaware Oregon Florida New York Nevada Attackers are extremely creative, motivated, and often connected. Prevent e-commerce fraud by protecting all of your customer contact points. Fraud Heat Map>  

Turns out, Americans still don’t know much about CyberSecurity. That’s according to new research from the Pew Data Center, which conducted a cybersecurity knowledge quiz. The 13 question quiz was designed to test American’s knowledge on a number of cybersecurity issues and terms. A majority of online adults can identify a strong password and recognize the dangers of using public Wi-Fi. However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or determine if a webpage they are using is encrypted. As we in the industry know, cybersecurity is a complicated and diverse subject, but given the pervasiveness of news around cybersecurity, I was still a little surprised by the lack of knowledge. The typical (median) respondent answered only five of the 13 questions correctly (with a mean of 5.5 correct answers). 20% answered more than eight questions accurately, and just 1% received a “perfect score” by correctly answering all 13 questions. The study showed that public knowledge of cybersecurity is low on some relatively technical issues, like identifying the correct example of multi-factor authentication, understanding how VPNs minimize risk and knowing what a botnet is. On the flip side, the two questions that the majority of respondents answered correctly included identifying the strongest password from a list of four options and understanding that public Wi-Fi networks have risk even when they are password protected. Given the median scores, I was proud of missing only one question – guess I have more reading to do on Botnets. As an industry, it is our duty to not only create systems and securities to improve the tactical effectiveness of fraud prevention, but to educate consumers on many of these topics as well. They often are the first line of defense in stopping fraud and reducing the threat of breaches.

The adoption of EMV terminals has pressured attackers to migrate their fraud attempts to the card-not-present channel. This is a major driver to the increase in e-commerce fraud attacks – more than 30% over last year. Here’s how this fraud victimization has increased across the country: 16% in North Central states. 25% in Northeastern states. 32% in Southern states. 25% in Western states. Attackers are extremely creative, motivated, and often connected. Protect all points of connection with your customers to prevent e-commerce fraud with a comprehensive, multilayered approach. Where does your state rank?

Experian recently acquired a minority stake in Finicity, a leading financial data aggregator enabling innovation in the FinTech industry through its modern RESTful API and Finicity Aggregation Platform. Steve Smith—chairman, CEO and co-founder of Finicity—has a passion and experience in developing innovative and disruptive technology, products and services that leads to efficiency for markets and, ultimately, improvements for consumers. Here he shares his thoughts about disruptive technology in the lending space and its benefits to lenders and consumers. Q: Finicity has said its objective is to take a loan application approval from weeks to minutes using its technology. That sounds pretty great, but how is that possible? How does this play out behind the scenes? A: Well, we’re living in a world where we, as consumers, expect very user-friendly experiences and we expect things to happen at digital speeds. The loan process is no exception. To deliver the experience consumers are expecting requires us to leverage the technology trends of digitization, mobility and big data. Finicity plays a foundational role by leveraging thousands of digital connections across financial institutions to aggregate consumer-permissioned account data. Once we have this data, we’re able to deliver real-time insights into an individual's financial health. This financial health assessment includes income and assets, two critical components to the loan approval process. All that’s required is the borrower to permission use of the data. Once that’s done, we’re able to gather all appropriate data across multiple accounts, rapidly analyze it and send a verification report to the lender. No papers. No multiple requests. No questions on the validity of the data. All done in minutes, not weeks. Q: This is very disruptive technology. What are the benefits for lenders? Consumers? A: Well, as we discussed, one of the major benefits is the speed to a loan. Furthermore, this reduces cost for the lender by maximizing loan officer’s time, while also freeing up loan capital as they can move through loans more quickly with a higher quality assessment. Another benefit for lenders is reduced fraud. Our information on income and assets is coming from real-time bank validated information. This eliminates the possibility of altered data. For consumers, it’s a dramatically simplified process. No need to chase down multiple documents. There are virtually no second requests for information, which we often see in the process. And they’re always in control of their information. All in all, it’s a dramatically better experience for both the lender and the borrower. Q: What sets this solution apart from others in the market? A: A few things set Finicity apart in delivering the quality of insights required. First, we are an industry leader in the number of financial institutions we connect with, ensuring broader access for more customers. Second, 95 percent of our integrations provide access to formatted data, something that’s critical to credit decisioning solutions. In these cases, we’re not screen scraping. This enhances our ability to collect bank validated transactions; we provide the financial institution transaction ID. This provides assurance of data quality. Finally, is our ability to categorize and analyze the transactions. This allows us to identify income streams and assets. Through this process, we’re also able to flag unusual transactions, like large deposits, that may skew actual assets. Q: The future of financial technology is still evolving. What lies ahead? A: We’re very excited about the future of financial technology and the impact that aggregation will have. Whether it’s financial management, digital payments or credit decisioning, real-time data will improve the experiences and the outcomes. As we’re talking about lending, this is one of the spaces that could see significant disruption. Our ability to generate a richer view of an individual’s or organization’s financial health will more accurately determine their ability to repay a loan. This will be a great benefit for those that have thin file or no credit history. We see a world where suitability for a loan will be driven by their actual financial life independent of their use of credit. One of the largest markets in the US is millennials. However, for consumers under 30, two-thirds have subprime or non-prime credit scores and one-third of millennials don't have any credit history. This is just one group underserved because legacy models don’t leverage the full extent of data available. Q: Is there anything else you can tell us about Finicity and its role changing customer experiences across financial service? A: For us, it all comes down to one thing: enabling individuals and organizations to have the information and insights they need to make smarter financial decisions. The data is there. We’re helping to unlock the potential of that data by working with innovative partners like Experian. To learn more about Experian and Finicity's account aggregation solutions, visit www.experian.com/finicity

Legitimate address discrepancies are common, which surprises most people. And handling every address discrepancy as a high fraud risk is operationally expensive and inhibits the customer experience. You can avoid this type of fraud by employing these best practices: Use a distinct Know Your Customer and underlying Customer Identification Program process. Avoid verifications based on self-reported data. Maintain hotlist addresses. Fraud always will find the path of least resistance, and organized criminals will test you daily to isolate the weakest link. Be sure to regularly revisit your own policies and procedures for handling this type of fraud. Address manipulation fraud  

Fraud and address manipulation (Part 1) Identifying an address as incorrect seems simple enough. But in reality, address mismatches between an application and credit bureau data aren’t uncommon. Here are several legitimate reasons why this may occur: Change of residence. Credit bureau’s unique logic for determining which address is the "best." New/Emerging consumers often have fluctuating address data. Issuers that employ risk-based approaches allowing incorrect addresses to pass and those that use self-reported data for verification face the highest level of risk for this type of fraud. Next week, we’ll let you know how you can avoid these types of losses. Or you can get ahead and read our latest paper. Address manipulation fraud>

As lenders seek to enhance their credit marketing strategies this year, they are increasingly questioning how to split their budgets between digital, direct mail and beyond. What is the ideal media mix to reach consumers in 2017? And is the solution different in the financial services space? Scott Gordon, Experian's senior director of digital credit marketing, recently tackled some of the tough questions financial services marketers are posing. Here are his responses: Q: We live in a world where consumers are receiving hundreds of messages and offers on a daily basis. How can financial services companies stand out and capture the attention of the customers they wish to engage with relevant offers? A: When it comes to the optimal marketing media mix, there is no “silver bullet.”  It varies from product to product. The current post-campaign analysis is showing us that consumers react positively to coordinated multi-channel messaging. We’ve seen studies showing that marketers can see up to a 30% lift in sales by combining email with social media, for example.  This makes sense, when you look at how consumers engage through devices. We are no longer a single channel culture; we check Facebook while watching TV, listen to podcasts while checking our email, etc. Consequently, marketers have had to adapt their campaign strategies accordingly – and this starts with the organizational structure. Far too often we see silo’ed groups responsible for disparate media verticals. For example, a company may have a direct mail group and a digital marketing team, and then (in extreme cases) outsource television to one agency group and social media to another. Aligning these groups and breaking down the barriers between the groups is a critical first step toward building a true multi-channel campaign strategy. This includes addressing budget concerns that are inherent with a culture where the size of a budget is tied to job security and corporate status. Aligning campaigns and finding the perfect cross channel market mix is much easier once you’ve broken down internal barriers and encouraged marketing collaboration. Q: What are some of the new best practices financial companies must embrace in 2017 in order to improve their marketing efforts? A: Thanks to tremendous efforts from industry leaders,  we can now utilize regulated data with the same proficiency that they’ve been executing campaigns using non-regulated data. This presents unique challenges, as the industry races to get up-to-speed on new capabilities,  take best-in-breed practices and apply them to the world of regulated campaigns. We’re seeing tremendous demand to combine programmatic advertising with people-based advertising, with cross-channel campaigns spanning mobile, video, social, and addressable TV. Measurement and analytics must play a large part in these strategies. While the industry hasn’t achieved true cross-channel measurement to identify a consumer’s path to purchase across multiple devices,  it’s getting closer, thanks to technology advances. Q: Is direct mail dead? How should financial marketers be using direct mail in 2017? How can it best be combined with digital? A: Direct mail is certainly not dead. It has its place among a media mix that continues to grow as new advertising technologies come to market and are adopted by consumers. Will direct mail’s influence diminish in the future? Possibly. At Experian, we are focused on making sure that our advertisers can reach consumers where they spend time, when they are most receptive to receiving messages, and most importantly in a cost-effective manner. So no matter where consumers shift their focus in the future, we’ll be able to support comprehensive targeted advertising campaigns. How can digital be best combined with direct mail?  We’ve seen encouraging results in retargeting direct mail with digital credit marketing like email and display. With that said, we haven’t seen a silver bullet solution, and we’re still advising our clients to put a heavy focus toward “test and learn” in concert with comprehensive campaign measurement and analytics protocols. Q: What are the advantages to serving up a firm offer of credit to a consumer in a digital format? Are consumers ready to embrace this type of delivery in the financial services space? A: The advantages of serving up a firm offer of credit to a consumer in a digital format are similar to those benefits for “traditional” digital marketing. Lower cost, more measurement capabilities, and greater flexibility to optimize campaigns are just some of the benefits. Early indications show that consumers are very receptive to digital credit marketing offers. It provides them with offers in the channels in which they spend time, in a  consumer friendly manner which offers them numerous paths in which they can have a voice in the messages that they receive. Q: Some say digital credit marketing should largely be directed to Millennials? Do you think other generations are ready to embrace this type of digital messaging? A: We don’t view digital credit marketing as an exclusive offering just for Millennials. It is a holistic consumer offering – applicable to all generations as our parents and grandparents make the move to new channels such as addressable TV and social media. Need more info on Digital Credit Marketing? Learn More

As we enter 2017, it’s no surprise people are buying and selling online and using their mobile devices more than ever. At the close of November, Adobe released its online shopping data from Black Friday, Cyber Monday, and the overall holiday season. According to the data, the major November holiday shopping season was driving close to $40 billion in online and mobile revenue alone — a 7.4% increase year-over-year! Every year, we see tremendous growth in spending through online and mobile channels. Interestingly, this pattern is not just indicative of consumer spending and overall market confidence. The consumer pattern also illustrates a clear change in communication preferences — with the ever-present shift toward digital. In general, consumers are interacting more and more through both online and mobile channels for all of their personal needs, including banking and financial services; and the lending community is anxious to continue connecting to consumers where they need them most. No longer is digital communication the “cool thing to do,” but rather it is essential. While Experian’s lending customers still find tremendous success in direct mail prospecting, many financial institutions are preparing to implement an enhanced acquisition strategy in 2017. This strategy includes multi-channel prospecting initiatives to present consumers with preapproved credit offers. In addition to direct mail, our customers are evaluating digital channels such as email, mobile, and other online channels to improve the overall consumer experience and responsiveness. In the latest Digital Banking Report, published in July 2016, email is the top channel financial marketers are turning to for cross-channel marketing after the initial onboarding process (as illustrated in chart 49), but you can see social media and retargeting are rising in the ranks. In Sept., 2016, Experian was named one of the top 100 most innovative companies for a third year by Forbes magazine. A key part of that success was driven by investments in Experian’s Data Lab and Experian Marketing Service’s Audience Engine, which is an audience management platform that changes the way the advertising industry buys and measures media. We are focused on meeting our customers and the consumer where they need us most. Bottom line? As you refine your goals for 2017, the financial services sector should dig deeper when making connections. They must reach consumers where they want to connect – and that means a successful credit marketing strategy will be one that includes both direct mail and digital communications. A new year is the perfect time to re-evaluate those same-old, same-old marketing and acquisition tactics. We're not saying you need to abandon direct mail, but it is certainly time for lenders to complement their direct mail efforts with a savvy digital plan as well. Resolve to do it better in 2017.

Internet-connected devices provide endless possibilities, but they rely on technology and collected data to deliver on their promises. This can compromise your network security. Follow these tips to enjoy the conveniences provided by Internet of Things devices while keeping your network safe. Look for devices that use end-to-end encryption. Change default passwords before connecting devices to your network. Enable two-factor authentication, when available. Leverage all security options, such as passwords, encryption, firewalls and firmware. The Internet of Things is only as strong as its weakest link. That's why it’s so important to understand and treat each connected device as part of a broader network. More security tips

Using digital technology like a big bank How was your holiday? Are the chargebacks rolling in yet? It’s no secret - digital technology like mobile device usage has increased significantly over the years, making it a breeding ground for fraudsters. As credit unions continue to grow their membership, their fraud security treatments need to grow as well. Bigger banks are constantly updating their fraud tools and strategies to fight against cybercrime and, therefore, fraudsters are setting their eyes on credit unions. Even as I write this, fraudsters are searching and targeting credit unions that don’t have their mobile channel secured. They attempt to capitalize on any weakness or opportunity: Registering stolen cards to mobile wallets Taking over an account via mobile banking apps Using a retailers’ mobile app to make fraudulent payments Disabling the SIM card in the victim’s phone and diverting the one-time password sent through text message to their own phones These are clever ways to commit fraud. But credit unions are becoming wise to these new threats and are serious about protecting their members. They are incorporating device intelligence with a solid identity authentication service. This multi-layered approach is essential to securing mobile channels, and protecting your Credit Union from chargebacks. To learn more about our fraud solutions, click here.

Fraud and cybersecurity are two of the biggest risks challenging organizations and the economy today. Fraud has become its own industry, to the tune of $500 billion in estimated losses annually. To strengthen your fraud risk strategies, you need: A multilayered authentication and risk-based approach to prevent fraud. A comprehensive approach to identity with true customer intelligence. To avoid silos and recognize the value of combining your solutions into one platform. The rapid growth of fraud-related activity only reinforces the need for aggressive fraud prevention strategies and the adoption of new technology to prepare for the latest emerging cybersecurity threats. Want to know more?

You know what I love getting in the mail? Holiday cards, magazines, the occasional picturesque catalog. What I don’t open? Credit card offers, invitations to apply for loans and other financial advertisements. Sorry lenders, but these generally go straight into my shredder. Your well-intentioned efforts were a waste in postage, printing and fulfillment costs, and I’m guessing my mail consumption habits are likely shared by millions of other Americans. I’m a cusper, straddling the X and Millennial generations, and it’s no secret people like me have grown accustomed to living on our mobile devices, shopping online and managing our financial lives digitally. While many retailers have wised up to the trends and shifted marketing dollars heavily into the digital space, the financial services industry has been slow to follow. I’m hoping 2017 will be the year they adapt, because solutions are emerging to help lenders deliver firm offers of credit via email, display, retargeting and even social media platforms. There are multiple reasons to make the shift to digital credit marketing. It’s trackable. The beauty of digital marketing is that it can be tracked much more efficiently over direct mail efforts. You can see if offer emails are opened, if banners are clicked, if forms are completed and how quickly all of this takes place. In short, there are more touchpoints to measure and track, and more insights made available to help with marketing and offer optimization. It’s efficient. A solid digital campaign means you now have more flexibility. And once those assets start to deploy and you begin tracking the results, you can additionally optimize on the fly. Subject line not getting the open rate you want? Test a new one. Banners not getting clicked? Change the creative. A portion of your target audience not responding? Capture that feedback sooner rather than later, and strategize again. With direct mail, the lag time is long. With digital, the intelligence gathering begins immediately. It’s what many consumers want. They are spending 25% of their time on mobile devices. Research has found they check their phones and average 46 times per day. They are bouncing from screen to screen, engaging on desktops, tablets, smartphones, wearables and smart TVs. If you want to capture the eyeballs and mindshare of consumers, financial marketers must embrace the delivery of digital offers. Consumer behaviors have evolved, so must lenders. Sure, there is still a place for direct mail efforts, but it would be wasteful to not embrace the world of digital credit marketing and find the right balance between offline and online. It’s a digital world. It’s time financial institutions join the masses and communicate accordingly.

Happy holidays! It’s the holiday season and a festive time of year. Colorful lights, comfort food and holiday songs – all of these things contribute to the celebratory atmosphere which causes many people to let their guards down and many businesses to focus more on service than on risk. Unfortunately, fraudsters and other criminals can make one of the busiest shopping times of the year, a miserable one for their victims. The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign-up for a credit monitoring service to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. The good news is, in addition to the credit bureau, many banks and auto clubs now offer this as a service to their customers. For organizations, the focus should be on two fronts: data protection and fraud prevention. Not just to prevent financial theft, but to preserve trust — trust between organizations and consumers, as well as widespread consumer trust.  Organizations must strive to evolve data protection controls and fraud prevention skills to minimize the damage caused by stolen identity data. There are dozens of tools in the industry for identifying that a consumer is who they say they are – and these products are an important part of any anti-fraud strategy.  These options may tell you that the combination of elements is the consumer, but do you know that it is the REAL consumer presenting them? The smart solution is to use a broad data set for not only identity verification, but also to check linkage and velocity of use.  For example: Is the name linking to other addresses being presented in the past week? Is the phone number showing up to other addresses and names over the past 30 days? Has the SSN matched to other names over the past 90 days? Since yesterday the address matches to four phone numbers and two names – is this a problem? And it must be done in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate criminals.  Click here to learn more about Experian’s products and services that can help. As we go walking in the winter wonderland, remember, the holiday season is a time for cheer… and vigilance!

2017 data breach landscape Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast report with five key predictions What will the 2017 data breach landscape look like? While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution released its fourth annual Data Breach Industry Forecast white paper. The industry predictions in the report are rooted in Experian's history helping companies navigate more than 17,000 breaches over the last decade and almost 4,000 breaches in 2016 alone. The anticipated issues include nation-state cyberattacks possibly moving from espionage to full-scale cyber conflicts and new attacks targeting the healthcare industry. "Preparing for a data breach has become much more complex over the last few years," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans. Our report sheds a light on a few areas that could be troublesome in 2017 and beyond." "Experian's annual Data Breach Forecast has proven to be great insight for cyber and risk management professionals, particularly in the healthcare sector as the industry adopts emerging technology at a record pace, creating an ever wider cyber-attack surface, adds Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA). "The consequences of a medical data breach are wide-ranging, with devastating effects across the board - from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital." "The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. "The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations' incident response plans should certainly be updated to account for these new laws set to go in effect in 2017." Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added "Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks." Download Whitepaper: Fourth Annual 2017 Data Breach Industry Forecast Learn more about the five industry predictions, and issues such as ransomware and international breach notice laws in our the complimentary white paper. Click here to learn more about our fraud products, find additional data breach resources, including webinars, white papers and videos.

Reinventing Identity for the Digital Age Electronic Signature & Records Association (ESRA) conference I recently had the opportunity to speak at the Electronic Signature & Records Association (ESRA) conference in Washington D.C.  I was part of a fantastic panel delving into the topic, ‘Reinventing Identity for the Digital Age.’  While certainly hard to do in just an hour, we gave it a go and the dialogue was engaging, healthy in debate, and a conversation that will continue on for years to come.  The entirety of the discussion could be summarized as: An attempt to directionally define a digital identity today The future of ownership and potential monetization of trusted identities And the management of identities as they reside behind credentials or the foundations of block chain Again, big questions deserving of big answers. What I will suggest, however, is a definition of a digital identity to debate, embrace, or even deride.  Digital identities, at a minimum, should now be considered as a triad of 1) verified personally identifiable information, 2) the collective set of devices through which that identity transacts, and 3) the transactional (monetary or non-monetary) history of that identity. Understanding all three components of an identity can allow institutions to engage with their customers with a more holistic view that will enable the establishment of omni-channel communications and accounts, trusted access credentials, and customer vs. account-level risk assessment and decisioning. In tandem with advances in credentialing and transactional authorization such as biometrics, block chain, and e-signatures, focus should also remain on what we at Experian consider the three pillars of identity relationship management: Identity proofing (verification that the person is who they claim to be at a specific point in time) Authentication (ongoing verification of a person’s identity) Identity management (ongoing monitoring of a person’s identity) As stronger credentialing facilitates more trust and open functionality in non-face-to-face transactions, more risk is inherently added to those credentials.  Therefore, it becomes vital that a single snapshot approach to traditionally transaction-based authentication is replaced with a notion of identity relationship management that drives more contextual authentication.  The context thus expands to triangulate previous identity proofing results, current transactional characteristics (risk and reward), and any updated risk attributes associated with the identity that can be gleaned. The bottom line is that identity risk changes over time.  Some identities become more trustworthy … some become less so.  Better credentials and more secure transactional rails improve our experiences as consumers and better protect our personal information.  They cannot, however, replace the need to know what’s going on with the real person who owns those credentials or transacts on those rails.  Consumers will continue to become more owners of their digital identity as they grant access to it across multiple applications.  Institutions are already engaged in strategies to monetize trusted and shareable identities across markets.  Realizing the dynamic nature of identity risk, and implementing methods to measure that risk over time, will better enable those two initiatives. Click here to read more about Identity Relationship Management.