Fraud & Identity Management

Experian’s ID Fraud Tracker, a quarterly analysis of fraud rates across consumer financial products, found that British families who are struggling financially — about 4 million people — are increasingly becoming prime targets of financial fraud. The research performed on data from 2014 to 2016 in the United Kingdom also revealed: There has been a 203% increase in the total number of fraudulent credit applications over the past two years. Current account, credit card and loan fraud were the most common types of credit products fraudsters applied for in other people’s names, making up 94% of the total. 35% of all third-party fraud came from households with high salaries and large disposable incomes. Fraud’s increasing around the world. We all have a responsibility to be vigilant and take measures to protect our business and customers, online and offline. Protect your customers >

So many insights and learnings to report after the first full day of 2017 Vision sessions. From the musings shared by tech engineer and pioneer Steve Wozniak, to a panel of technology thought leaders, to countless breakout sessions on a wide array of business topics … here’s a look at our top 10 from the day. A mortgage process for the digital age. At last. In his opening remarks, Experian President of Credit Services Alex Lintner asked the audience to imagine a world when applying for a mortgage simply required a few clicks or swipes. Instead of being sent home to collect a hundred pieces of paper to verify employment, income and assets, a consumer could click on a link and provide a few credentials to verify everything digitally. Finally, lenders can make this a reality, and soon it will be the only way consumers expect to go through the mortgage process. The global and U.S. economies are stable. In fact, they are strong. As Experian Vice President of Analytics Michele Raneri notes, “the fundamentals and technicals look really solid across the countries.” While many were worried a year ago that Brexit would turn the economy upside down, it appears everything is good. Consumer confidence is high. The Dow Jones Index is high. The U.S. unemployment rate is at 4.7%. Home prices are up year-over-year. While there has been a great deal of change in the world – politically and beyond – the economy is holding strong. The rise of the micropreneur. This term is not officially in the dictionary … but it will be. What is it? A micropreneur is a business with 0 to 4 employees bringing in no more than $200k in annual revenue. But the real story is that numbers show microbusiness are improving on many fronts when it comes to contribution to the economy and overall performance compared to other small businesses. Keep an eye on these budding business people. Fraud is running fierce. Synthetic identity losses are estimated in the hundreds of millions annually, with 50% year-over year growth. Criminals are now trying to use credit cleaners to get tradelines removed from used Synthetic IDs. Oh, and it is essential for businesses to ready themselves for “Dark Web” threats. Experts advise to harden your defenses (and play offense) to keep pace with the criminal underground. As soon as you think you’ve protected everything, the criminals will find a gap. The cloud is cool and so are APIs. A panel of thought leaders took to the main stage to discuss the latest trends in tech. Experian Global CIO Barry Libenson said, “The cloud has changed the way we deliver services to our customers and clients, making it seamless and elastic.” Combine that with API, and the goal is to ultimately make all Experian data available to its customers. Experian President of Decision Analytics Steve Platt added, “We are enabling you to tap into what you need, when you need it.” No need to “rip and replace” all your tech. Expect more regulation – and less. A panel of regulatory experts addressed the fast-changing regulatory environment. With the new Trump administration settling in, and calls for change to Dodd-Frank and the Consumer Financial Protection Bureau (CFPB), it’s too soon to tell what will unfold in 2017. CFPB Director Richard Cordray may be making a run for governor of Ohio, so he could be transitioning out sooner than the scheduled close of his July 2018 term. The auto market continues to cruise. Experian’s auto expert, Malinda Zabritski, revealed the latest and greatest stats pertaining to the auto market. A few numbers to blow your mind … U.S. passenger cars and light trucks surpassed 17 million units for the second consecutive year Most new vehicle buyers in the U.S. are 45 years of age or older Crossover and sport utility vehicles remain popular, accounting for 40% of the market in 2016 – this is also driving up finance payments since these vehicles are more expensive. There are signs the auto market is beginning to soften, but interest rates are still low, and leasing is hot. Defining alternative data. As more in the industry discuss the need for alternative data to decision, it often gets labeled as something radical. But in reality, alternative data should be simple. Experian Sr. Director of Government Affairs Liz Oesterle defined it as “getting more financial data in the system that is predicted, validated and can be disputed.” #DeathtoPasswords – could it be a reality? It’s no secret we live in a digital world where we are increasingly relying on apps and websites to manage our lives, but let’s throw out some numbers to quantify the shift. In 2013, the average U.S. consumer had 26 online accounts. By 2015, that number increased to 118 online accounts. By 2020, the average person will have 207 online accounts. When you think about this number, and the passwords associated with these accounts, it is clear a change needs to be made to managing our lives online. Experian Vice President David Britton addressed his session, introducing the concept of creating an “ultimate consumer identity profile,” where multi-source data will be brought together to identify someone. It’s coming, and all of us managing dozens of passwords can’t wait. “The Woz.” I guess you needed to be there, but let’s just say he was honest, opinionated and notes that while he loves tech, he loves it even more when it enables us to live in the “human world.” Too much wonderful content to share, but more to come tomorrow …

During our recent webinar, Detect and Prevent: The current state of e-commerce fraud, Julie Conroy, Aite Group research director, shared 5 key trends relating to online fraud: Rising account takeover fraud. Targeting of loyalty points. Growing global transactions. Frustrating false declines. Increasingly mobile consumers. Fraud is increasing. Be prepared. Protect your business and customers with a multilayered approach to fraud prevention. For more trends and predictions, watch the webinar recording.

Knowing where e-commerce fraud takes place matters We recently hosted a Webinar with Mike Gross, Risk Strategy Director at Experian and  Julie Conroy, Research Director  at Aite Research Group, looking at the current state of card-not-present fraud, and what to prepare for in the coming year. Our biannual analysis of fraud attacks, served as a backdrop for the trends we’ve been seeing. I wanted to share some observations from the Webinar. Of course, if you prefer to hear it firsthand, you can download the archive recording here. I’ll start with the current landscape of card-not-present fraud. Julie shared 5 key trends her firm has identified regarding e-commerce fraud: Rising account take-over fraud Loyalty points targeted Increasingly global transactions Frustrating false declines Increasingly mobile consumers One particularly interesting note that Julie made was regarding consumer frustration levels towards forgotten passwords. While consumers are more frustrated when they’re locked out of access to their banking accounts (makes sense, it’s their money), forgotten passwords are more detrimental to e-commerce retailers since consumers are likely to go to another site. This equates to a frustrated consumer, and lost revenue for the business. Next, Mike went through the findings from our 2016 e-commerce fraud attack analysis. Fraud attack rates show the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders. Overall, e-commerce attack rates spiked 33% in 2016. The biggest trends we saw included: Increased EMV adoption is driving a shift from counterfeit to card-not-present fraud 2B breached records disclosed in 2016, more than 3x any previous year Consumers reporting credit card fraud jumped from 15% in 2015 to over 32% in 2016 Attackers shifting locations slightly and international orders rely on freight forwarders 10 states saw an increase of over 100% in fraudulent orders Over 70 of the top 100 riskiest postal codes were not in last year’s list So, what will 2017 bring? Be prepared for more attacks, more global rings, more losses for businesses, and the emergence of IoT fraud. Businesses need to anticipate an increase of fraud over time and to be prepared. The value of employing a multi-layered approach to fraud prevention especially when it comes to authenticating consumers to validate transactions cannot be understated. By looking at all the points of the customer journey, businesses can better protect themselves from fraud, while maintaining a good consumer experience. Most importantly, having the right fraud solution in place can help businesses prevent losses both in dollars and reputation.

With the recent switch to EMV and more than 4.2 billion records exposed by data breaches last year*, attackers are migrating their fraud attempts to the card-not-present channel. Our recent analysis found the following states to be the riskiest for e-commerce fraud in 2016. Delaware Oregon Florida New York Nevada Attackers are extremely creative, motivated, and often connected. Prevent e-commerce fraud by protecting all of your customer contact points. Fraud Heat Map>  

Turns out, Americans still don’t know much about CyberSecurity. That’s according to new research from the Pew Data Center, which conducted a cybersecurity knowledge quiz. The 13 question quiz was designed to test American’s knowledge on a number of cybersecurity issues and terms. A majority of online adults can identify a strong password and recognize the dangers of using public Wi-Fi. However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or determine if a webpage they are using is encrypted. As we in the industry know, cybersecurity is a complicated and diverse subject, but given the pervasiveness of news around cybersecurity, I was still a little surprised by the lack of knowledge. The typical (median) respondent answered only five of the 13 questions correctly (with a mean of 5.5 correct answers). 20% answered more than eight questions accurately, and just 1% received a “perfect score” by correctly answering all 13 questions. The study showed that public knowledge of cybersecurity is low on some relatively technical issues, like identifying the correct example of multi-factor authentication, understanding how VPNs minimize risk and knowing what a botnet is. On the flip side, the two questions that the majority of respondents answered correctly included identifying the strongest password from a list of four options and understanding that public Wi-Fi networks have risk even when they are password protected. Given the median scores, I was proud of missing only one question – guess I have more reading to do on Botnets. As an industry, it is our duty to not only create systems and securities to improve the tactical effectiveness of fraud prevention, but to educate consumers on many of these topics as well. They often are the first line of defense in stopping fraud and reducing the threat of breaches.

Newest technology doesn’t mean best when it comes to stopping fraud I recently attended the Merchant Risk Conference in Las Vegas, which brings together online merchants and industry vendors including payment service providers and fraud detection solution providers. The conference continues to grow year to year – similar to the fraud and risk challenges within the industry. In fact, we just released analysis, that we’ve seen fraud rates spike to 33% in the past year. This year, the exhibit hall was full of new names on the scene – evidence that there is a growing market for controlling risk and fraud in the e-commerce space. I heard from a few merchants at the conference that there were some “cool” new technologies out to help combat fraud. Things like machine learning, selfies and other two-factor authentication tools were all discussed as the latest in the fight against fraud. The problem is, many of these “cool” new technologies aren’t yet efficient enough at identifying and stopping fraud. Cool, yes.  Effective, no.  Sure, you can ask your customer to take a selfie and send it to you for facial recognition scanning. But, can you imagine your mother-in-law trying to manage this process? Machine Learning, while very promising, still has some room to grow in truly identifying fraud while minimizing the false positives. Many of these “anomaly detection” systems look for just that – anomalies. The problem is, we’re fighting motivated and creative fraudsters who are experts at avoiding detection and can beat anomaly detection. I do not doubt that you can stop fraud if you introduce some of these new technologies. The problem is, at what cost? The trick is stopping fraud with efficiency – to stop the fraud and not disrupt the customer experience. Companies, now more than ever, are competing based on customer experience. Adding any amount of friction to the buying process puts your revenue at risk. Consider these tips when evaluating and deploying fraud detection solutions for your online business. Evaluate solutions based on all metrics What is the fraud detection rate? What impact will it have on approvals? What is the false positive rate and impact on investigations? Does the attack rate decline after implementing the solution? Is the process detectable by fraudsters? What friction is introduced to the process? Use all available data at your disposal to make a decision Does the consumer exist? Can we validate the person’s identity? Is the web-session and user-entered data consistent with this consumer? Step up authentication but limit customer friction Is the technology appropriate for your audience (i.e. a selfie, text-messaging, document verification, etc...)? Are you using jargon in your process? In the end, any solution can stop 100% of the fraud – but at what cost. It’s a balance - a balance between detection and friction. Think about customer friction and the impact on customer satisfaction and revenue.

Has the EMV liability shift caused e-commerce fraud to increase 33% in 2016? According to Experian data, CNP fraud increased with Florida, Delaware, Oregon and New York ranked as the riskiest states. Miami accounted for the most fraudulent ZIP™ Codes in the US for shipping and billing fraud.

The adoption of EMV terminals has pressured attackers to migrate their fraud attempts to the card-not-present channel. This is a major driver to the increase in e-commerce fraud attacks – more than 30% over last year. Here’s how this fraud victimization has increased across the country: 16% in North Central states. 25% in Northeastern states. 32% in Southern states. 25% in Western states. Attackers are extremely creative, motivated, and often connected. Protect all points of connection with your customers to prevent e-commerce fraud with a comprehensive, multilayered approach. Where does your state rank?

Legitimate address discrepancies are common, which surprises most people. And handling every address discrepancy as a high fraud risk is operationally expensive and inhibits the customer experience. You can avoid this type of fraud by employing these best practices: Use a distinct Know Your Customer and underlying Customer Identification Program process. Avoid verifications based on self-reported data. Maintain hotlist addresses. Fraud always will find the path of least resistance, and organized criminals will test you daily to isolate the weakest link. Be sure to regularly revisit your own policies and procedures for handling this type of fraud. Address manipulation fraud  

Fraud and address manipulation (Part 1) Identifying an address as incorrect seems simple enough. But in reality, address mismatches between an application and credit bureau data aren’t uncommon. Here are several legitimate reasons why this may occur: Change of residence. Credit bureau’s unique logic for determining which address is the "best." New/Emerging consumers often have fluctuating address data. Issuers that employ risk-based approaches allowing incorrect addresses to pass and those that use self-reported data for verification face the highest level of risk for this type of fraud. Next week, we’ll let you know how you can avoid these types of losses. Or you can get ahead and read our latest paper. Address manipulation fraud>

Experian's fraud and identity platform, CrossCore™ won New Security Product or Service and Security Product Management / Development Team of the Year awards at the 13th Annual Info Security Products Guide’s 2017 Global Excellence Awards®.

There has been a lot of discussion around the auto loan market regarding delinquency rates in the past year. It is a topic Experian is asked about frequently from clients in regard to what particular economic market behaviors mean for the overall consumer lending. To understand this issue more clearly, I ran a deeper dive on the data from our Q3 Experian-Oliver Wyman Market Intelligence report. There are some interesting, and perhaps concerning, trends in the data for automotive loans and leases. Want Insights on the latest consumer credit trends? Register for our 2016 year-end review webinar. Register now Auto loan delinquency rates are at their highest mark since 2008 The findings indicate that the performance of the most recent loans opened from Q4 2015 are now performing as poorly as the loans from the credit crisis back in 2008. In fact, you have to go back to 2008, and in some cases, 2007, to see loan default rates as poorly as the Q4 2015 auto loans originated in the last year. Below we have the auto loan vintage performance for loans originated in Q4 of the last 8 years — going back to 2008. The lines on the chart each represent 60 days late or more (60+) delinquency rates over specific time period grades. For these charts, I analyzed the first three, six, and nine months from the loan origination date. As you can see, the rates of delinquency have steadily increased in recent years, with the increase in the Q4 2015 loans opened equaling or even surpassing 2008 levels. The above chart reflects all credit grades, so one might think that this change is a result of the change in the credit origination mix. By digging a little deeper into the data, we can control for the VantageScore® credit score at the loan opening, or origination date, and review performance by looking at two different score segments separately. Is there concern for Superprime and Prime consumers auto loans? In the chart immediately below, the same analysis as above has been conducted, but only for trades originated by Superprime and Prime consumers at the time of origination. You can see that although the trend is not as pronounced as when all grades are considered, even these tiers of consumers are showing significant increases in their 60+ days past due (DPD) rates in recent vintages. Separately, looking at the Subprime and Deep Subprime segments, you can really see the dramatic changes that have occurred in the performance of recent auto vintages. Holding score segments constant, the data indicates a rate of credit deterioration in the Subprime and Deep Subprime segments that we have not observed since at least 2008 — back to when we started tracking this data. What’s concerning here is not only the absolute values of the vintage delinquencies but also the trend, which is moving upward for all three time periods. Where does the risk fall? Now that we see the evidence of the deterioration of credit performance across the credit spectrum, one might ask – who is bearing the risk in these recent vintages? Taking a closer look at the chart below, you can see the significant increase in the volumes of loans across lender type, but particularly interesting to me is the increase in 2016 for the Captive Auto lenders and Credit Unions, who are hitting highs in their lending volumes in recent quarters. If the above trend holds and the trajectory continues, this suggests exposure issues for those lenders with higher volumes in recent months. What does this mean for your business? Speak to Experian's global consulting practice to learn more. Learn more Just to be thorough, let's continue and look at the relative amounts of loans going to the different score segments by each of the lender types. Comparing the lender type and the score segments (below) reveals that finance lenders have a greater than average exposure to the Subprime and Deep Subprime segments. To summarize, although auto lending has recently been viewed as a segment where loan performance is good, relative to historical levels, I believe, the above data signals a striking change in that perspective. Recent loan performance has weakened to a point where comparing the 2008 vintage with 2015 vintage, one might not be able to distinguish between the two. // <![CDATA[ var elems={'winWidth':window.innerWidth,'winTol':600,'rotTol':800,'hgtTol':1500}, updRes=function(){var xAxislabelSize=function(){if(elems.winWidth<elems.winTol){return'12px'}else{return'14px'}},xAxislabelRotation=function(){if(elems.winWidth<elems.rotTol){return-90}else{return 0}},seriesLabelSize=function(){if(elems.winWidth<elems.winTol){return'12px'}else{return'16px'}},legenLabelSize=function(){if(elems.winWidth<elems.winTol){return'12px'}else{return'16px'}},chartHeight=function(){if(elems.winWidth<elems.rotTol){return 600}else{return 400}},labelInside=function(){if(elems.winWidth<elems.rotTol){return false}else{return true}},chartStack=function(){if(elems.winWidth<elems.rotTol){return null}else{return'normal'}};this.sourceRef=function(){return['Source: Experian.com']};this.seriesColor=function(){return['#982881','#0d6eb6','#26478D','#d72b80','#575756','#b02383']};this.chartFontFamily=function(){return'"Roboto",Helvetica,Arial,sans-serif'};this.xAxislabelSize=function(){return xAxislabelSize()};this.xAxislabelOverflow=function(){return'none'};this.xAxislabelRotation=function(){return xAxislabelRotation()};this.seriesLabelSize=function(){return seriesLabelSize()};this.legenLabelSize=function(){return legenLabelSize()};this.chartHeight=function(){return chartHeight()};this.labelInside=function(){return labelInside()};this.chartStack=function(){return chartStack()}}(), updY=function(chart){var points=chart.series[0].points;for(var i=0;i elems.rotTol){if(thisWidth<20){var y=points[i].dataLabel.y;y-=10;points[i].dataLabel.css({color:'#575756'}).attr({y:y-thisWidth})}}}},updX=function(chart){var points=chart.series[0].points;for(var i=0;i elems.rotTol){if(thisWidth

Internet-connected devices provide endless possibilities, but they rely on technology and collected data to deliver on their promises. This can compromise your network security. Follow these tips to enjoy the conveniences provided by Internet of Things devices while keeping your network safe. Look for devices that use end-to-end encryption. Change default passwords before connecting devices to your network. Enable two-factor authentication, when available. Leverage all security options, such as passwords, encryption, firewalls and firmware. The Internet of Things is only as strong as its weakest link. That's why it’s so important to understand and treat each connected device as part of a broader network. More security tips

Using digital technology like a big bank How was your holiday? Are the chargebacks rolling in yet? It’s no secret - digital technology like mobile device usage has increased significantly over the years, making it a breeding ground for fraudsters. As credit unions continue to grow their membership, their fraud security treatments need to grow as well. Bigger banks are constantly updating their fraud tools and strategies to fight against cybercrime and, therefore, fraudsters are setting their eyes on credit unions. Even as I write this, fraudsters are searching and targeting credit unions that don’t have their mobile channel secured. They attempt to capitalize on any weakness or opportunity: Registering stolen cards to mobile wallets Taking over an account via mobile banking apps Using a retailers’ mobile app to make fraudulent payments Disabling the SIM card in the victim’s phone and diverting the one-time password sent through text message to their own phones These are clever ways to commit fraud. But credit unions are becoming wise to these new threats and are serious about protecting their members. They are incorporating device intelligence with a solid identity authentication service. This multi-layered approach is essential to securing mobile channels, and protecting your Credit Union from chargebacks. To learn more about our fraud solutions, click here.