Topics
It is a New Year and a new start. How about a new job? That is what thousands of employees will consider over the next month. It is also a time for employers to attract new talents, but they must be aware of different types of employment fraud. The rise of remote work has significantly increased the prevalence of remote hiring practices, from the initial job application to the onboarding process and beyond. Unfortunately, this shift has also opened the door to a surge in imposter employees, also known as ‘candidate fraud,’ posing a significant concern for organizations. How does employment identity theft happen? Instances of potential job candidates utilizing real-time deepfake video and deepfake audio, along with personally identifiable information (PII), during remote interviews to secure positions within American companies have been on the rise. The Federal Bureau of Investigation (FBI) reports that fraudulent individuals often acquire PII through fake job opening posts, which enable them to gather candidate information and resumes. Surprisingly, the tools necessary for impersonation on live video calls do not require sophisticated or expensive hardware or software. Employment identity theft can occur in several ways. Here are a few examples: Inaccurate credentials: Employers may inadvertently hire someone with false or stolen credentials if they fail to conduct comprehensive background checks. When the employer discovers the deception, it can be challenging to trace the true identity of the person they unknowingly hired. Limited-term job offers: Some industries offer temporary job opportunities in distant locations. Individuals with criminal backgrounds may steal victims' identities to apply for these jobs, hoping that their crimes will go unnoticed until after the job is complete. Perpetrated by colleagues: In rare instances, jealous colleagues or coworkers can commit employment identity theft. They may steal a coworker's information during a data breach and sell it on the dark web or use the victim's credentials to frame them for fraudulent workplace actions. Preventing employment identity theft In addition to the reported cases of imposter employee fraud, it is crucial to acknowledge the potential for other scams that exploit new technologies and the prevalence of remote work. Malicious cyber attackers could secure employment using stolen credentials, enabling them to gain unauthorized access to sensitive data or company systems. A proficient hacker possessing the necessary IT skills may find it relatively easy to leverage social engineering techniques during the hiring process. Consequently, the reliability of traditional methods for employee verification, such as face-to-face interactions and personal recognition, is diminishing in the face of remote work and the technological advancements that enable individuals to manipulate their appearance, voice, and identity. To mitigate risks associated with hiring imposters, it is imperative to incorporate robust measures into the recruitment process. Here are some key considerations: Establish clear policies and employment contracts: Clearly communicate your organization's policies regarding moonlighting in employment contracts, employee handbooks, or other official documents. Confidentiality and non-compete agreements: Implement confidentiality and non-compete agreements to protect your company's sensitive information and intellectual property. Monitoring: Automate employment and income verification of your employees. Provide training on cybersecurity best practices: Educate employees about cyber-attacks and identity scams, such as phishing scams, through seminars and workplace training sessions. Implement robust security measures: Use firewalls, encrypt sensitive employee information, and limit access to personal data. Minimize the number of employees who have access to this information. Thoroughly screen new employees: Verify the accuracy of Social Security numbers and other information during the hiring process. Conduct comprehensive background checks, including checking bank account information and credit reports and fight against synthetic identities. Offer identity theft protection as a benefit: Consider providing identity theft protection services to your employees as part of their benefits package. These services can detect and alert victims of potential identity theft, facilitating a fast response. The new era of remote work necessitates a fresh perspective on the hiring process. It is crucial to reevaluate HR practices and leverage AI fraud detection technologies to ensure that the individuals you hire, and employ are who they claim to be, guarding against the infiltration of imposters. Navigating employment fraud with effective solutions Employment fraud presents significant risks and challenges for employers, including conflicts of interest, reputation damage, and breaches of confidentiality. By taking the right preventative measures, you can safeguard your organization and employees. Streamlining the hiring process is essential to remain competitive. But how do you balance the need for speed and ease of use with essential ID checks? By combining the best data with our automated ID verification processes, Experian helps you protect your business and onboard new talents efficiently. Our best-in-class solutions employ device recognition, behavioral biometrics, machine learning and global fraud databases to spot and block suspicious activity before it becomes a problem. Learn more about preventing employement fraud *This article includes content created by an AI language model and is intended to provide general information.
The threat of data breach is constant in our modern, digital world. And as technology advances, so do the strategies and tactics of malicious actors seeking ways to monetize the vulnerabilities of organizations. It’s not a matter of if, but when, a data breach could impact your organization, and it is important for businesses to understand how to operate in it. What is a Data Breach? For many organizations, a data breach is arguably one of the greatest threats to prevent. What is a data breach? Imagine your organization as a fortress, safeguarding a treasure trove of sensitive information—customer data, financial records, proprietary algorithms. A data breach is the unwelcome intrusion into this fortress, where unauthorized individuals gain access to confidential information, often with malicious intent. This can encompass many types of data, including personal identification information (PII), financial data, and intellectual property. Classifications of breaches can vary from intentional cyberattacks to inadvertent exposure due to system vulnerabilities or human error. To grasp the gravity of data breaches, Businesses face tangible consequences when their defenses are breached, and there are no signs of it slowing down. The frequency and severity of data breaches are alarming. According to recent studies¹, the healthcare sector experienced a 55% increase in data breaches in 2022. No business is immune to the evolving threat landscape especially companies that capture customer data and are also inherently the stewards of this data. Understanding the landscape of data breaches will help you better fortify your business against a breach. In the next sections, we’ll explore the causes, impacts, post-breach response strategies, and preventative tactics businesses can employ to safeguard their data. Causes of Data Breaches Human error Even the most well-intentioned employees can become the weak link in an organization’s security chain. According to the “2023 Verizon Data Breach Investigations Report,” 74% of data breaches involve a human element². Investing in comprehensive training programs is essential to foster a culture of cybersecurity awareness and mitigate the risk of employee-related mistakes. Cybersecurity vulnerabilities The digital landscape is rife with potential vulnerabilities, and cybercriminals are adept at exploiting them. Regular cybersecurity assessments, prompt system updates, and the implementation of robust security protocols are recommended proactive measures to fortify against breaches that capitalize on system vulnerabilities. Insider threats Data breaches can originate from within, whether through disgruntled employees with malicious intent or well-meaning staff who inadvertently compromise security. Gurucul’s “2023 Insider Threat Report” highlights that 60% of organizations experienced insider-related incidents in the past year³. Establishing stringent access controls, closely monitoring user activities, and implementing employee education programs are vital steps to mitigate the risks associated with insider threats. Weak and Stolen Passwords Weak and stolen passwords stand as one of the most common gateways for data breaches. Cybercriminals exploit individuals who use easily guessable passwords or recycle them across multiple platforms. This creates a vulnerability that can be easily exploited through automated attacks. Ensuring robust password policies, employing multi-factor authentication, and regularly updating credentials are necessary measures to thwart these breaches and safeguard sensitive information. Malware The insidious world of malware is a persistent threat to data security. Malicious software, often disguised as innocuous files or links, infiltrates systems, and wreak havoc by compromising data integrity and confidentiality. Malware can then swiftly spread, leading to unauthorized access and data exfiltration. Regularly updating antivirus software, conducting thorough system scans, and educating employees about the dangers of clicking on suspicious links are pivotal defenses against malware-driven breaches. Social Engineering Social engineering has emerged as a cunning and effective tactic in data breaches, such as manipulating individuals to divulge confidential information willingly. Whether through phishing emails, deceptive phone calls, or impersonation, cybercriminals exploit human trust to gain unauthorized access. Raising awareness among employees about the dangers of social engineering, implementing rigorous verification processes, and fostering a culture of skepticism can fortify an organization’s defenses against these subtle yet potent attacks. Physical Attacks While the digital realm often takes center stage, physical attacks on data infrastructure remain a tangible and underestimated risk. Breaches can occur through unauthorized access to servers, theft of physical storage devices, or tampering with network equipment. Implementing stringent access controls, employing surveillance systems, and securing physical infrastructure are crucial steps to mitigate the threat of data breaches stemming from physical incursions. Building digital and physical protective measures can help with your defense against the multifaceted landscape of data breaches. Impacts on Businesses Financial repercussions Data breaches are costly to businesses with immediate and enduring consequences. The “Cost of a Data Breach Report 2023” by IBM reported that the average cost of a data breach was $4.45 million per organization⁴. Long-term financial implications include loss of customers, diminished revenue streams, and increased cybersecurity investments to rebuild trust and fortify defenses against future breaches. Reputational damage The fallout from a data breach extends beyond the balance sheet, leaving an indelible mark on a business’s reputation. According to a 2023 survey by Vercara, 66% of U.S. consumers would not trust a company that falls victim to a data breach with their data. Rebuilding trust with transparent communication, swift remediation, and proactive measures to prevent future breaches is essential, demonstrating a commitment to safeguarding sensitive information. Operational disruptions Data breaches causes disruptions in the operations of daily business activities. It takes an average of 73 days to contain a cyber-attack according to the Cost of a Data Breach Report 2023 from IBM⁴. Swift recovery requires a meticulous balance between addressing the breach’s immediate impact and resuming normal operations to minimize further operational strain. Legal and regulatory implications The legal aftermath of a data breach involves navigating a complex landscape of regulations and compliance standards. In the United States, data breaches may trigger legal consequences under various state laws. For instance, the California Consumer Privacy Act (CCPA) allows for fines ranging from $100 to $750 per consumer per incident⁵. Ensuring adherence to data protection laws, promptly reporting breaches to regulatory authorities, and implementing robust security measures become top priorities in avoiding the legal quagmire that often follows a data breach. Notable data breaches Yahoo! (2014): The personal information of 3 billion people was exposed, including names, birth dates, passwords, and phone numbers. Cause: It is believed that the hack originated through a phishing email sent to a Yahoo! employee. Through this phishing email, it’s believed the hackers were able to access user databases and tools.⁶ Cost: $117.5 million in settlements and $350 million off its sale price to Verizon⁷ Marriott International (2018): Information of approximately 500 million guests was compromised, including names, contact details, passport numbers, and travel details. Cause: A cyber-espionage campaign linked to a state-sponsored actor. Attackers gained access to Marriott’s Starwood guest reservation database due to vulnerabilities in the system.⁸ Cost: Over $100 million for remediation efforts and regulatory fines.⁹ Capital One (2019): 106 million customers’ personal information, including credit card applications and Social Security numbers, was exposed. Cause: A misconfigured web application firewall that allowed a hacker to exploit a server-side request forgery vulnerability, leading to unauthorized access and the theft of sensitive customer data.¹⁰ Cost: Estimated between $100 million and $150 million in 2019 alone.¹¹ SolarWinds (2020): Hackers compromised the software supply chain, affecting numerous government agencies and major corporations globally. Cause: The SolarWinds breach was a sophisticated supply chain attack where malicious actors compromised the software update process, injecting malware into software updates distributed by SolarWinds, allowing them access to numerous government and corporate networks.¹² Cost: At least $18 million¹³ JBS USA (2021): The ransomware attack on the world’s largest meat processor disrupted operations and impacted the company’s IT systems. Cause: A ransomware attack, where cybercriminals exploited vulnerabilities in the company’s IT systems to encrypt data and demand a ransom for its release, causing significant disruptions to operations.¹⁴ Cost: $11 million ransom paid to hackers from JBS to restore their IT systems. Post-breach response Assessment and Damage Control Immediate Action Steps In the event of a data breach, the immediacy of response becomes one factor in determining the outcome. Swift and decisive actions during the initial moments can be instrumental in preventing the situation from escalating. The primary focus at this stage is isolating the affected systems, swiftly disconnecting compromised servers and devices from the network. This can help stop unauthorized access and establishes the foundation for a more concentrated and effective response. Alerting the incident response team, IT personnel, and relevant stakeholders promptly is also worth considering to help gain control over the situation. Forensic Analysis Understanding the who, what, and how of an incident is also an important step following a breach. In this context, involving forensic experts in a meticulous analysis is prudent. These professionals specialize in unraveling the intricacies of the breach, identifying entry points, and tracing the movements of attackers within your systems. The significance of forensic analysis extends beyond mere identification; it serves as the groundwork for prevention. Through a comprehensive study of the employed attack vectors and techniques, organizations can enhance their cybersecurity infrastructure. This process of gathering critical information about the breach contributes to the ability to preempt similar incidents, fostering a more resilient stance against evolving cyber threats. Communication Strategy Internal Communication Effective internal communication plays a pivotal role in building a resilient response framework. In the early stages of a crisis, employees emerge as the initial line of defense. Clearly conveying the severity of the situation provides them with a comprehensive understanding of the impact and the organization’s devised response plan. This also empowers the workforce, fostering a sense of unity within the organization and help the organization navigate challenges ahead cohesively, reinforcing its resilience in the face of adversity. External Communication External communication holds equal importance, reaching beyond the organization to customers, partners, and stakeholders. It’s essential to recognize the significance of constructing messages with transparency, honesty, and a proactive stance. Silence or ambiguity can intensify the repercussions, so prioritizing openness becomes foundational for rebuilding trust. Being timely and forthright in sharing information about the breach and the steps taken to rectify the situation is generally a good strategy when engaging with partners and stakeholders. This approach not only informs but can also mold the perception of the organization’s dedication to security and integrity following the aftermath of a breach with a strategic and forward-thinking mindset. Legal and Regulatory Compliance Notification Requirements Within the regulatory framework, a prompt response is an important post-breach step for organizations. It may first involve comprehensively detailing the legal obligations surrounding breach notifications to both regulatory authorities and affected individuals. It’s essential to recognize the variability in requirements across different regions and industries, underscoring the importance of remaining well-informed about these specific nuances. Timeliness of notifications is also factor for organizations to consider. Numerous jurisdictions impose substantial fines for delays in reporting, making it essential for organizations to adhere to strict timelines. Transparency holds equal weight, necessitating clear communication about the extent of the breach, the nature of compromised information, and the specific measures being implemented to address the situation. This approach can help in being compliant with legal standards and plays a vital role in fostering trust among those directly impacted by the breach. Legal Counsel Engagement Organizations generally seek the support of legal counsel to help navigate the intricate legal aftermath of a data breach. Legal experts can help an organization through potential lawsuits and regulatory fines. Engaging legal experts early allows their insights to guide the overall strategy, shaping everything from the communication plan to the recovery efforts. With early legal counsel support, the organization can be proactive in addressing legal challenges, potentially mitigating the severity of consequences that may arise. Recovery and Remediation IT System Restoration The intricacies of IT system restoration mirror the reconstruction of a fortress following an intrusion. Restoring affected IT systems to normal functionality involves comprehensive measures such as thorough system checks, vulnerability assessments, and the eradication of any residual traces left by a breach. Additionally, organizations generally look to enhance security measures during the recovery phase. Simply reverting to the pre-breach state is not enough; instead, the recovery process serves as an opportunity to accept vulnerabilities in old systems and bolster defenses. This entails updating and patching systems, reassessing access controls, and contemplating the incorporation of advanced threat detection tools. Such measures collectively work to minimize the risk of a recurrence and contribute to an overall fortified cybersecurity posture. Prevention Strategies Best practices for securing sensitive data Securing sensitive data is important in the age of relentless cyber threats. Employing encryption protocols, conducting regular security audits, and limiting access privileges are foundational best practices. These proactive measures help create a robust defense, forming an intricate web that shields critical information from potential breaches. Employee training programs to mitigate human error Human error remains a significant contributor to data breaches. Implementing comprehensive employee training programs can be helpful in cultivating a security-conscious workforce and mitigating human error-caused vulnerabilities. From recognizing phishing attempts to practicing proper password hygiene, a well-informed staff acts as the first line of defense and can significantly reduce the likelihood of unintentional security lapses. Implementing robust cybersecurity measures The cornerstone of any data breach prevention strategy is the implementation of robust cybersecurity measures. This includes advanced intrusion detection systems, firewalls, and regular software updates. Proactively addressing vulnerabilities and staying abreast of the latest cybersecurity advancements help fortify an organization’s digital perimeter, creating an environment that is inherently resistant to malicious infiltrations. Staying abreast of emerging trends Staying ahead of data breach threats requires a keen awareness of emerging trends. From sophisticated phishing techniques to novel forms of malware, businesses should continuously adapt their cybersecurity strategies against evolving tactics employed by cybercriminals. The dynamic nature of the cybersecurity landscape demands constant innovation. Adopting cutting-edge technologies like artificial intelligence for threat detection and investing in predictive analytics allows businesses to stay one step ahead, proactively identifying and neutralizing potential threats before they escalate. Collaboration and information-sharing within industries In the face of evolving cyber threats, collaboration is a powerful defense. Establishing networks for information-sharing within industries enables businesses to benefit from collective intelligence. By sharing best practices and threat intelligence, organizations can collectively strengthen their defenses against the ever-changing data breach landscape. Takeaway Data breaches are a persistent threat for all businesses capturing and storing personal identifiable information. Such businesses are inherently the stewards of this data and must protect that data to avoid bad actors gaining access for malicious intent. Knowing what a data breach is just the first step of protecting that data, and it is key to take action. From securing sensitive data to fostering a cybersecurity-aware workforce, businesses must not merely react to the escalating threat of data breaches but proactively strive to create an impenetrable shield around their valuable information. Visit our website for more information about our offerings and how Experian can help you prepare and respond to data breaches. ¹Hippa Journal, 55% of Healthcare Organizations Suffered a Third-Party Data Breach in the Past Year [2022]²Verizon, 2023 Verizon Data Breach Investigations Report³Gurucul, 2023 Insider Threat Report⁴IBM, Cost of a Data Breach Report 2023⁵Office of the Attorney General, California Consumer Privacy Act (CCPA)⁶CSO, INside the Russian hack of Yahoo: How they did it⁷BPB Online, Yahoo Data Breach: What Actually Happened?⁸CSO, Marriott data breach FAQ: How did it happen and what was the impact?⁹Cybersecurity Dive, Marriott finds financial reprieve in reduced GDPR penalty¹⁰Investopedia, Capital One Data Breach Impacts 106 Million Customers¹¹CNET, Capital One $190 Million Data Breach Settlement: Today Is the Last Day to Claim Money¹²Tech Target, SolarWinds hack explained: Everything you need to know¹³Reuters, SolarWinds says dealing with hack fallout cost at least $18 million¹⁴BBC, Meat giant JBS pays $11m in ransom to resolve cyber-attack
In an era where record-breaking home prices and skyrocketing interest rates define the mortgage landscape, borrowers find themselves sidelined by prohibitive costs. With the purchase market at a standstill, mortgage lenders are grappling with how to sustain and grow their businesses. Navigating these turbulent waters requires innovative solutions that address the current market dynamics and pave the way for a more resilient and adaptive future. Today, I’m sitting down with Ivan Ahmed, Director of Product Management for Experian’s Property Data solutions, to learn more about Experian’s Residential Property Attributes™, a new and exciting dataset that can significantly enhance mortgage marketing and mortgage lead generation strategies and drive business growth for lenders, particularly during these challenging times. Question 1: Ivan, can you provide a brief overview of Residential Property Attributes and its relevance in today’s mortgage lending landscape? Answer 1: Absolutely. Residential Property Attributes is our latest product innovation designed to revolutionize how mortgage lenders approach marketing and growth decisions. It’s a robust dataset containing nearly 300 attributes that seamlessly integrates borrower property and tradeline information, providing a more holistic view of a borrower’s financial situation. This powerful dataset empowers lenders to make well-informed, impactful marketing decisions by refining campaign segmentation and targeting. Our attributes group into five categories: Question 2: As a data-focused company, we frequently discuss the importance of leveraging data and analytics to enhance marketing performance with clients. Considering other data providers that offer property data analytics or credit behavior data, what makes our capabilities distinct? Answer 2: The defining feature of Residential Property Attributes is its integration with borrower tradeline data. Many lenders today focus primarily on credit behavior, but we consider property data analytics, a critical aspect, equally important. By merging these two components, we present lenders with a thorough and accurate understanding of their target borrowers. This combination is revolutionary for marketing leaders looking to boost campaign performance and return on investment (ROI). Consider this scenario: On paper, two borrowers may seem homogenous, with similar credit scores, payment histories, and debt-to-income ratios. However, when you incorporate property-level insights, a striking disparity in their overall financial situations emerges. This level of insight prevents possible misdirection in marketing efforts. Question 3: Could you share more about the practical benefits of Residential Property Attributes, especially regarding enhancing marketing performance? Answer 3: Residential Property Attributes is instrumental in amplifying performance. It enables precise audience segmentation, allowing lenders to tailor marketing campaigns to address specific borrower needs. Here are a few examples: Lenders can identify borrowers with over $100k in tappable equity and high-interest personal loans and credit card debt. These borrowers are ideal for a cash-out refinance campaign aimed at debt consolidation. They can use a similar approach for Home Equity Line of Credit (HELOC) or Reverse Mortgage campaigns. Another instance is the utilization of property listings data. This identifies borrowers who are actively selling their properties and may need a new mortgage loan. This insight, coupled with credit-based 'in the market' propensity scores, enables lenders to pinpoint highly motivated borrowers. Such personalization improves engagement and enhances the borrower experience. The result is a marketing campaign that resonates with the audience, thus yielding higher response rates and conversions. The integrated view provided by Residential Property Attributes is the secret ingredient enabling lenders to maximize ROI by optimizing their marketing journey at every step. Taking action As we traverse today's complex mortgage landscape, it's clear that conventional methods fall short. As we face unprecedented challenges, adopting a holistic view of borrowers via Residential Property Attributes is not an option but a necessity. It's more than a tool; it's a compass guiding lenders towards more informed, resilient, and successful futures in the ever-changing world of mortgage lending. Learn more about Residential Property Attributes
Model explainability has become a hot topic as lenders look for ways to use artificial intelligence (AI) to improve their decision-making. Within credit decisioning, machine learning (ML) models can often outperform traditional models at predicting credit risk. ML models can also be helpful throughout the customer lifecycle, from marketing and fraud detection to collections optimization. However, without explainability, using ML models may result in unethical and illegal business practices. What is model explainability? Broadly defined, model explainability is the ability to understand and explain a model's outputs at either a high level (global explainability) or for a specific output (local explainability).1 Local vs global explanation: Global explanations attempt to explain the main factors that determine a model's outputs, such as what causes a credit score to rise or fall. Local explanations attempt to explain specific outputs, such as what leads to a consumer's credit score being 688. But it's not an either-or decision — you may need to explain both. Model explainability can also have varying definitions depending on who asks you to explain a model and how detailed of a definition they require. For example, a model developer may require a different explanation than a regulator. Model explainability vs interpretability Some people use model explainability and interpretability interchangeably. But when the two terms are distinguished, model interpretability may refer to how easily a person can understand and explain a model's decisions.2 We might call a model interpretable if a person can clearly understand: The features or inputs that the model uses to make a decision. The relative importance of the features in determining the outputs. What conditions can lead to specific outputs. Both explainability and interpretability are important, especially for credit risk models used in credit underwriting. However, we will use model explainability as an overarching term that encompasses an explanation of a model's outputs and interpretability of its internal workings below. ML models highlight the need for explainability in finance Lenders have used credit risk models for decades. Many of these models have a clear set of rules and limited inputs, and they might be described as self-explanatory. These include traditional linear and logistic regression models, scorecards and small decision trees.3 AI analytics solutions, such as ML-powered credit models, have been shown to better predict credit risk. And most financial institutions are increasing their budgets for advanced analytics solutions and see their implementation as a top priority.4 However, ML models can be more complex than traditional models and they introduce the potential of a “black box." In short, even if someone knows what goes into and comes out of the model, it's difficult to explain what's happening without an in-depth analysis. Lenders now have to navigate a necessary trade-off. ML-powered models may be more predictive, but regulatory requirements and fair lending goals require lenders to use explainable models. READ MORE: Explainability: ML and AI in credit decisioning Why is model explainability required? Model explainability is necessary for several reasons: To comply with regulatory requirements: Decisions made using ML models need to comply with lending and credit-related, including the Fair Credit Reporting Act (FCRA) and Equal Credit Opportunity Act (ECOA). Lenders may also need to ensure their ML-driven models comply with newer AI-focused regulations, such as the AI Bill of Rights in the U.S. and the E.U. AI Act. To improve long-term credit risk management: Model developers and risk managers may want to understand why decisions are being made to audit, manage and recalibrate models. To avoid bias: Model explainability is important for ensuring that lenders aren't discriminating against groups of consumers. To build trust: Lenders also want to be able to explain to consumers why a decision was made, which is only possible if they understand how the model comes to its conclusions. There's a real potential for growth if you can create and deploy explainable ML models. In addition to offering a more predictive output, ML models can incorporate alternative credit data* (also known as expanded FCRA-regulated data) and score more consumers than traditional risk models. As a result, the explainable ML models could increase financial inclusion and allow you to expand your lending universe. READ MORE: Raising the AI Bar How can you implement ML model explainability? Navigating the trade-off and worries about explainability can keep financial institutions from deploying ML models. As of early 2023, only 14 percent of banks and 19 percent of credit unions have deployed ML models. Over a third (35 percent) list explainability of machine learning models as one of the main barriers to adopting ML.5 Although a cautious approach is understandable and advisable, there are various ways to tackle the explainability problem. One major differentiator is whether you build explainability into the model or try to explain it post hoc—after it's trained. Using post hoc explainability Complex ML models are, by their nature, not self-explanatory. However, several post hoc explainability techniques are model agnostic (they don't depend on the model being analyzed) and they don't require model developers to add specific constraints during training. Shapley Additive Explanations (SHAP) is one used approach. It can help you understand the average marginal contribution features to an output. For instance, how much each feature (input) affected the resulting credit score. The analysis can be time-consuming and expensive, but it works with black box models even if you only know the inputs and outputs. You can also use the Shapley values for local explanations, and then extrapolate the results for a global explanation. Other post hoc approaches also might help shine a light into a black box model, including partial dependence plots and local interpretable model-agnostic explanations (LIME). READ MORE: Getting AI-driven decisioning right in financial services Build explainability into model development Post hoc explainability techniques have limitations and might not be sufficient to address some regulators' explainability and transparency concerns.6 Alternatively, you can try to build explainability into your models. Although you might give up some predictive power, the approach can be a safer option. For instance, you can identify features that could potentially lead to biased outcomes and limit their influence on the model. You can also compare the explainability of various ML-based models to see which may be more or less inherently explainable. For example, gradient boosting machines (GBMs) may be preferable to neural networks for this reason.7 You can also use ML to blend traditional and alternative credit data, which may provide a significant lift — around 60 to 70 percent compared to traditional scorecards — while maintaining explainability.8 READ MORE: Journey of an ML Model How Experian can help As a leader in machine learning and analytics, Experian partners with financial institutions to create, test, validate, deploy and monitor ML-driven models. Learn how you can build explainable ML-powered models using credit bureau, alternative credit, third-party and proprietary data. And monitor all your ML models with a web-based platform that helps you track performance, improve drift and prepare for compliance and audit requests. *When we refer to “Alternative Credit Data," this refers to the use of alternative data and its appropriate use in consumer credit lending decisions, as regulated by the Fair Credit Reporting Act. Hence, the term “Expanded FCRA Data" may also apply and can be used interchangeably. 1-3. FinRegLab (2021). The Use of Machine Learning for Credit Underwriting 4. Experian (2022). Explainability: ML and AI in credit decisioning 5. Experian (2023). Finding the Lending Diamonds in the Rough 6. FinRegLab (2021). The Use of Machine Learning for Credit Underwriting 7. Experian (2022). Explainability: ML and AI in credit decisioning 8. Experian (2023). Raising the AI Bar
Meeting Know Your Customer (KYC) regulations and staying compliant is paramount to running your business with ensured confidence in who your customers are, the level of risk they pose, and maintained customer trust. What is KYC?KYC is the mandatory process to identify and verify the identity of clients of financial institutions, as required by the Financial Conduct Authority (FCA). KYC services go beyond simply standing up a customer identification program (CIP), though that is a key component. It involves fraud risk assessments in new and existing customer accounts. Financial institutions are required to incorporate risk-based procedures to monitor customer transactions and detect potential financial crimes or fraud risk. KYC policies help determine when suspicious activity reports (SAR) must be filed with the Department of Treasury’s FinCEN organization. According to the Federal Financial Institutions Examinations Council (FFIEC), a comprehensive KYC program should include:• Customer Identification Program (CIP): Identifies processes for verifying identities and establishing a reasonable belief that the identity is valid.• Customer due diligence: Verifying customer identities and assessing the associated risk of doing business.• Enhanced customer due diligence: Significant and comprehensive review of high-risk or high transactions and implementation of a suspicious activity-monitoring system to reduce risk to the institution. The following organizations have KYC oversight: Federal Financial Institutions Examinations Council (FFIEC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), national Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). How to get started on building your Know Your Customer checklist 1. Define your Customer Identification Program (CIP) The CIP outlines the process for gathering necessary information about your customers. To start building your KYC checklist, you need to define your CIP procedure. This may include the documentation you require from customers, the sources of information you may use for verification and the procedures for customer due diligence. Your CIP procedure should align with your organization’s risk appetite and be comply with regulations such as the Patriot Act or Anti-money laundering laws. 2. Identify the customer's information Identifying the information you need to gather on your customer is key in building an effective KYC checklist. Typically, this can include their first and last name, date of birth, address, phone number, email address, Social Security Number or any government-issued identification number. When gathering sensitive information, ensure that you have privacy and security controls such as encryption, and that customer data is not shared with unauthorized personnel. 3. Determine the verification method There are various methods to verify a customer's identity. Some common identity verification methods include document verification, facial recognition, voice recognition, knowledge-based authentication, biometrics or database checks. When selecting an identity verification method, consider the accuracy, speed, cost and reliability. Choose a provider that is highly secure and offers compliance with current regulations. 4. Review your checklist regularly Your KYC checklist is not a one and done process. Instead, it’s an ongoing process that requires periodic review, updates and testing. You need to periodically review your checklist to ensure your processes are up to date with the latest regulations and your business needs. Reviewing your checklist will help your business to identify gaps or outdated practices in your KYC process. Make changes as needed and keep management informed of any changes. 5. Final stage: quality control As a final step, you should perform a quality control assessment of the processes you’ve incorporated to ensure they’ve been carried out effectively. This includes checking if all necessary customer information has been collected, whether the right identity verification method was implemented, if your checklist matches your CIP and whether the results were recorded correctly. KYC is a vital process for your organization in today's digital age. Building an effective KYC checklist is essential to ensure compliance with regulations and mitigate risk factors associated with fraudulent activities. Building a solid checklist requires a clear understanding of your business needs, a comprehensive definition of your CIP, selection of the right verification method, and periodic reviews to ensure that the process is up to date. Remember, your customers' trust and privacy are at stake, so iensuring that your security processes and your KYC checklist are in place is essential. By following these guidelines, you can create a well-designed KYC checklist that reduces risk and satisfies your regulatory needs. Taking the next step Experian offers identity verification solutions as well as fully integrated, digital identity and fraud platforms. Experian’s CrossCore & Precise ID offering enables financial institutions to connect, access and orchestrate decisions that leverage multiple data sources and services. By combining risk-based authentication, identity proofing and fraud detection into a single, cloud-based platform with flexible orchestration and advanced analytics, Precise ID provides flexibility and solves for some of financial institutions’ biggest business challenges, including identity and fraud as it relates to digital onboarding and account take over; transaction monitoring and KYC/AML compliance and more, without adding undue friction. Learn more *This article includes content created by an AI language model and is intended to provide general information.
The online gaming industry has experienced tremendous growth in recent years, with millions of players engaging in immersive virtual worlds and competitive gameplay. Unfortunately, this surge in popularity has also sparked an increase in online gaming fraud. Unscrupulous individuals have sought to exploit the industry through fraudulent activities, leading to financial losses and reputational damage for gaming vendors.According to a recent study conducted by Lloyds Bank, children are spending more time playing online games than ever before – over five million children between the ages of three and 15 are now regularly playing games online, up from approximately 4.6 million in 2019.Fraudsters, always ready to take advantage of opportunities presented by new trends, are now increasingly targeting this rising demographic. Gaming vendors have a responsibility to shield minors from fraud in online gaming by implementing robust safety measures, educating young players and their parents, and actively monitoring and addressing fraudulent activities. A vulnerable target That same study from Lloyds revealed that over a third (36%) of parents are concerned about the possibility of their children falling victim to gaming fraud and losing money. In today's tech-savvy world, the ease of payment authorization has only exacerbated these concerns. All it takes for a child to make a payment is to key in their parents' online store username and password. It is a practice fraught with danger. Parents can only do so much to safeguard their children while gaming, and despite their best efforts, there will always remain a lingering possibility of encountering scammers. Gaming vendors should establish robust age verification processes during account creation to ensure that minors are not exposed to age-inappropriate content. Additionally, they should incorporate comprehensive parental controls that allow parents to regulate their children's online activities, including chat limitations, spending controls, and access to certain features.But contrary to common assumptions, the gaming population is not restricted to teenagers or young adults. With an average age of 35, gamers have significant purchasing power and actively participate in the gaming ecosystem. They spend an average of over six hours per week gaming, dedicating nearly an hour each day to their preferred gaming experiences. This engagement is spread across all age groups and financial profiles, making the gaming community a vast market to attract cybercrime. Types of fraud in online gaming In 2022, the revenue from the worldwide gaming market was estimated at almost 347 billion U.S. dollars, with the mobile gaming market generating an estimated 248 billion U.S. dollars of the total. The gaming market is constantly evolving, and technological advancements are opening new possibilities for game developers to create more immersive and engaging experiences.But alarming reports indicate that scammers have honed in on the younger demographic of gamers, leveraging their innocence to exploit their finances and identities. Identity theft (67%) and hacking (61%) rank as the two most prevalent forms of fraud experienced by young gamers, according to the Lloyds Bank study. Here are some different types of online gaming fraud: Account hacking: Hackers employ various techniques like phishing, keylogging, and credential stuffing to gain unauthorized access to players' accounts. Once compromised, accounts could be used for fraudulent activities, including unauthorized in-game transactions or selling virtual assets for real money. Chargeback fraud: This occurs when players make legitimate purchases within a game using real money and then issue chargebacks, falsely claiming that the transaction was unauthorized or fraudulent. This results in financial losses for gaming vendors as they lose the revenue and virtual goods/services provided to the player. Virtual asset fraud: Virtual assets, such as in-game currency, items, or characters, hold economic value. Fraudsters engage in scams involving fake virtual asset transactions or market manipulation, exploiting players' desires to acquire rare or high-value items. Match-fixing and cheating: Competitive gaming is at the heart of many online games. Fraudsters seek to manipulate matches, exploit glitches, or use cheat software to gain an unfair advantage over others. This undermines the integrity of the gaming experience and discourages fair competition. The game changer for online platforms: fraud prevention strategies Given the anticipated growth of these threats in the foreseeable future, it is imperative that online platforms prioritize the protection of young gamers and their parents. In line with the enhanced safeguards and anti-fraud initiatives observed in banks and financial institutions, it is high time for game companies to elevate their security and consumer protection measures by adopting the following guidelines: Implement strong account security measures: Encourage players to create unique, complex passwords, and consider implementing multifactor authentication solutions. Regularly educate players about common hacking techniques and promote safe browsing habits to prevent phishing attempts. Utilize fraud detection systems: Invest in advanced fraud detection tools that employ machine learning algorithms and biometrics templates to identify suspicious activities and patterns. These systems can flag potentially fraudulent transactions, allowing you to take appropriate measures promptly. Monitor and analyze user behavior: Keep an eye on players' activities and digital identity, such as unusual login patterns, high-value transactions, or frequent chargebacks. Analyze gameplay data, interactions, and purchasing behavior to identify patterns indicative of fraud or cheating. Secure payment processing systems: Choose reputable payment gateways that prioritize security measures. Employ tokenization and encryption technologies to safeguard players' payment information during transactions. Regularly test and update your payment system's security infrastructure. Raise player awareness: Educate your player community about common fraud techniques and the importance of securing their accounts with identity authentication. Share security tips through newsletters, blog posts, and in-game messaging. Foster a culture of vigilance and encourage players to report any suspicious activities. Foster fair gameplay and zero tolerance policy: Implement robust anti-cheat measures and regularly update your game to address vulnerabilities and exploits. Promote fair competition and enforce a zero-tolerance policy against cheating, match-fixing, and other forms of unfair gameplay. Leveling-up Ultimately, the ability to protect players online could be the ultimate gamechanger for gaming platforms. By embracing identity verification mechanisms that rely on secure and privacy-centric facial recognition, online fraud and identity theft can be significantly curtailed. Moreover, the verification and onboarding processes can be streamlined, simplifying the user experience further. Just as bringing top-tier games on board is crucial, game platforms must ensure their customers engage in a secure gaming environment. Streamlining the onboarding and sign-in process is essential to remain competitive. But how do you balance the need for speed and ease of use with essential ID checks? By combining the best data with our automated ID verification checks, Experian helps you safeguard your business and onboard customers efficiently. Using passive, invisible checks when customers sign into their accounts helps to keep fraudsters at bay and protects legitimate players without the need for irritating security challenges. Experian’s best-in-class solutions employ device recognition, behavioral biometrics, machine learning and global fraud databases to spot and block suspicious activity before it becomes a problem. Learn more *This article leverages/includes content created by an AI language model and is intended to provide general information.
While today’s consumers expect a smooth, frictionless digital experience, many financial institutions still rely on outdated technology and manual reviews to acquire new customers. These old processes can prevent lenders from making accurate and timely credit decisions, leading to lost opportunities, revenue, and goodwill. By optimizing their customer acquisition strategies, financial institutions can allocate their resources effectively and say yes to consumers faster. This guide will walk you through the current challenges facing customer acquisition and how robust optimization strategies can help. Current challenges in customer acquisition To stay competitive and engage high-value customers, you’ll need an efficient customer acquisition process that weeds out both fraudulent actors and risky consumers. However, achieving this balancing act comes with a unique set of challenges. Because today’s consumers can access goods and services almost anywhere online at any time, more than 54 percent of customers expect a heightened digital and frictionless experience. Failing to meet this expectation can lead to huge losses for lenders. Some of the most common challenges in customer acquisition include: Although 52 percent of consumers prefer digital banking options over visiting branches in person, many lenders still rely on paper documents, which can add weeks to the onboarding process. Requiring consumers to provide substantial information about themselves during an application process can lead to abandoned applications. 67 percent of consumers will leave an application if they experience complications. Verifying consumer identities is growing increasingly important. In fact, about 35 percent of customers drop out of digital onboarding because their identity can't be confirmed. Poorly defined campaign planning can cause businesses to market to the wrong population segments, resulting in wasted time and resources. What is optimization for customer acquisition? Customer acquisition optimization is the process of implementing new methods and solutions to make acquiring new customers more efficient and cost-effective. For lenders, this means streamlining steps in the credit decisioning process to focus on the right prospects and reduce friction. What types of processes can be optimized for customer acquisition? You might be surprised just how many processes can be optimized for customer acquisition. Here are just a few examples: Having a holistic view of consumers allows you to take the guesswork out of targeting so you can better identify and engage high-potential customers. Utilizing predictive and lifestyle data enables you to pinpoint a more precisely segmented audience for marketing. Digital application solutions that reach across multiple channels, allowing applicants to leave one channel and pick up right where they left off in another. Real-time identity verification and fraud detection during onboarding and after, helping expedite approvals and mitigate risks. Utilizing API integration to leverage multiple metrics beyond credit scores when screening applicants' financial situation. Building custom risk models that pair to your existing data so you can say yes to more customers and better manage portfolio risk. Benefits of customer acquisition optimization Optimization can bring numerous benefits to your business, providing a faster return on investment. Here are some examples. By better pinpointing your marketing through predictive and lifestyle data, you can achieve increased conversions. Faster onboarding with less friction helps retain more customers. Real-time fraud detection and identity verification reduce customer roadblocks, allowing you to realize significant growth. Custom risk models and decisioning platforms can pair your data with additional data elements, providing more than just a credit score rating for your applicants. This can help you say yes to more customers. Using AI and machine learning tools will reduce the need for manual reviews and thus increase booking rates and applications. A real-life example of these benefits can be found with the Michigan State University Federal Credit Union (MSUFCU.) With over $7.2 billion in assets and 330,000 members, the client was manually reviewing all its applications. Experian reviewed the client's risk levels and approvals, comparing their risk and bankruptcy scores to determine which were most predictive. This analysis led Experian to recommend a new decisioning platform (PowerCurve Originations®) for instant credit decisions, an alternative data score tool, and Experian Advisory Services for risk-based pricing. After implementing these optimization solutions, MSUFCU saw a 55 percent increase in average monthly automations, four times improved online application response time and began competing more effectively in the marketplace. How Experian can help Experian offers a number of customer acquisition tools, allowing companies to be more responsive in an increasingly competitive market, while still reducing fraud risk. These tools include: Acquisition optimization marketing Experian offers a web-based platform that lets clients manage their marketing efforts all in the same place. You can upload and enhance client files, identify lookalike prospects, and use firmographic and credit data to get a holistic view of your clients and your prospects. Data-driven acquisition and decisioning engine PowerCurve Originations® is a data-driven decisioning engine that accepts applications from multiple channels, automates data collection and verification and proactively monitors decision results. It's flexible enough to reach across multiple channels, letting customers set aside their application in one digital channel and resume where they left off in another. It also provides businesses with access to comprehensive data assets, proactive monitoring and streamlined development with minimal coding. Enhanced fraud detection and identity verification Experian's Precise ID® is a risk-based fraud detection and prevention platform that provides analytics to accurately verify customers and mitigate fraud loss behind the scenes, ensuring a smoother onboarding process. Robust consumer attributes for better customized models Experian gives clients access to a wider berth of consumer attributes, helping you better screen applicants beyond just looking at credit scores. Trended 3DTM attributes let you uncover unique patterns in consumers' behavior over time, allowing you to manage portfolio risk, build better models and determine the next best actions. Premier AttributesSM aggregates credit data at the most granular and meaningful levels to provide clear insights into consumer credit behavior. It encompasses more than 2,100 attributes across 51 industries to help you develop highly predictive custom models. Enterprise-wide credit decisioning engine Experian's enterprise-wide credit decision platform lets you combine machine learning with proprietary data to return optimized decisions and quickly respond to requests. Robust credit decisioning software lets you convert data into meaningful actions and strategies. With Experian's machine learning decisioning options, companies are realizing a 25 percent reduction in manual reviews, a 25 percent increase in loan and credit applications and a 26 percent increase in booking rates. Highly predictive custom models Experian's Ascend Intelligence ServicesTM can help you create highly predictive custom models that create sophisticated decisioning strategies, allowing you to accurately predict risk and make the best decisions fast. This end-to-end suite of solutions lets you achieve a more granular view of every application and grow portfolios while still minimizing risk. Experian can help optimize your customer acquisition Experian provides a suite of decisioning engines, consumer attributes and customized modeling to help you optimize your customer acquisition process. These tools allow businesses to better target their marketing efforts, streamline their onboarding with less friction and improve their fraud detection and mitigation efforts. The combination can deliver a powerful ROI. Learn more about Experian's customer acquisition solutions. Learn more
Fraud is a serious concern for everyone, including businesses and individuals. In fact, according to our 2023 U.S. Identity and Fraud Report, nearly two-thirds (64%) of consumers are very or somewhat concerned with online security, and over 50% of businesses have a high level of concern about fraud risk. The fraud landscape is constantly evolving, and staying vigilant against the latest trends is critical to safeguarding your organization and consumers. As we reflect on 2023, let’s look at the top fraud trends and their continued potential impact on your business. The evolution of new fraud trends When economic uncertainty reigns, a rise in fraud often follows. To begin with, consumers tend to be financially stressed in such periods and prone to making risky decisions. In addition, fraudsters are keenly aware of the opportunities inherent in unstable times and develop tactics to take advantage of them. For example, as consumers rein in spending and financial institutions struggle to maintain new account volumes, fraudsters might ramp up their new account and loan activities. Fraud is becoming more sophisticated. For instance, thanks to the rapid rise in the availability of artificial intelligence (AI) tools, fraudsters are increasingly able to impersonate companies and individuals with ease, as well as consolidate data from diverse sources and use it more efficiently. The most impactful fraud trends of 2023 The fraud trends that emerged in 2023 were diverse, though they all had one thing in common: fraudsters' keen ability to take advantage of new technologies and opportunities. And businesses are feeling the repercussions, with nearly 70% reporting that fraud losses have increased in recent years. Here are five trends we forecasted in the fraud and identity space that challenged fraud fighters on the front lines this year. Deposit and checking account fraud With everyone focused on fraud in the on-line channels, it is interesting that financial institutions reported more fraud occurring at brick-and-mortar locations. Preying on the good nature of helpful branch employees, criminals are taking risks by showing up in person to open accounts, pass bad deposits and try to work their way into other financial products. The Treasury Department reports complaints doubling YoY, after increasing more than 150% between 2020 and 2021. Synthetic identity fraud Not quite fake, not quite real, so-called synthetic or "Frankenstein" identities mash up real data with false information to create unique customer profiles that can outsmart retailers' or financial institutions' fraud control systems. With synthetic identity (SID) fraud real data is often stolen or purchased on the dark web and combined with other information — even Artificial Intelligence (AI)-created faces — so that fraudsters can build up a synthetic identity's credit score before taking advantage of them to borrow and spend money that will never be paid back. One major risk? As fraud rates rise due to the use of tactics like synthetic identities, it could become more challenging and expensive to access credit. Fake job postings and mule schemes Well-paying remote work was in high demand this year, creating opportunities for fraudsters to create fake jobs to harvest data such as Social Security numbers from unsuspecting applicants. Experian also predicts a continued rise in "mule" jobs, in which workers unknowingly sign on to do illegal work, such as re-shipping stolen goods. According to the Better Business Bureau, an estimated 14 million people get caught in a fake employment scam yearly. Job seekers can protect themselves by being skeptical of jobs that ask them to do work that appears suspicious, requires money, financial details, or personal information upfront. Peer-to-peer payment fraud Peer-to-peer payment tools are increasingly popular with consumers and fraudsters, who appreciate that they're both instant and irreversible. Experian expects to continue to see an increase in fraudulent activity on these payment systems, as fraudsters use social engineering techniques to deceive consumers into paying for nonexistent merchandise or even sharing access credentials. Stay safe while using peer-to-peer payment tools by avoiding common scams like requests to return accidental payments, opting for payment protection whenever possible and choosing other transaction methods like paying with a credit card. Social media shopping fraud Social media platforms are eager to make in-app shopping fun and friction-free for consumers — and many brands and shoppers are keen to get on board. In fact, approximately 58% of users in the U.S. have purchased a product after seeing it on social media. Unfortunately, these tools neglect effective identity resolution and fraud prevention, leaving sellers vulnerable to fraudulent purchases. And while buyers have some recourse when a purchase turns out to be a scam, it's wise to be cautious while shopping on social media platforms by researching sellers, only using credit cards and being cognizant of common scams, like when vendors on Facebook Marketplace ask for payment upfront. Employer text fraud Fraudulent text messages — also known as “smishing,” a mash-up of Short Messaging Service (SMS) and phishing — continues to rise. In fact, according to data security company Lookout, 2022 was the biggest year ever for such mobile phishing attacks, with more than 30 percent of personal and enterprise mobile phone users exposed every quarter. One modern example of these types of schemes? Expect to continue to see a rise in gift card fraud targeting companies. For example, an employee might receive a text from their "boss" asking them to purchase gift cards and relay the numbers. The fraudsters get to shop, and the company is left with the bill. Why fraud prevention and detection solutions matter Nearly two-thirds of consumers say they are "very" or "somewhat concerned" with online security, and more than 85 percent expect businesses to respond to their identity and fraud concerns. Addressing and preventing fraud — and communicating these fraud-prevention actions to customers — is an essential strategy for businesses that want to maintain customer trust, thereby decreasing churn and maximizing conversions on new leads. There's a financial imperative to address fraud as well. Businesses stand to lose a great deal of money without adequate fraud prevention strategies. Account takeover fraud, for example, is an increasing threat to financial institutions, which saw a 90 percent increase in account takeover losses from 2020 to 2021. By making account takeover fraud prevention a priority, financial institutions can alleviate risks and prevent major losses. How to build an effective fraud strategy in 2024 In 2024, fraud management solutions must be even more technically advanced than the fraudulent techniques they're combating. But more than that, they need to be appealing to consumers, who are likely to abandon signup or purchase attempts when they become too onerous. In fact, 37% of consumers have moved their business elsewhere due to a negative account opening experience. Worryingly for businesses, this number was even higher among high-income households and those aged 25 to 39. To succeed, effective fraud strategies must be seamless, low friction, data-driven and customer-focused. That means making use of up-to-date technologies that boost security while prioritizing a positive customer experience. Concerned about fraud? Let Experian help As we look back at the top fraud trends of 2023, it's clear that scammers are becoming increasingly sophisticated in their methods. Fraud can create huge risks for your business — but there are ways to act. Experian's suite of fraud prevention and identity verification tools can help you detect and combat fraud. Find out more about Experian's fraud risk management strategies and how they can help keep you and your customers safe. Learn more
Financial institutions are under increasing pressure to grow deposits and onboard more demand deposit accounts (DDA). But as demand increases, so do fraud attempts from scammers. While a robust mitigation effort is needed to stop fraud, this same effort can also drive away potential clients. In fact, 37 percent of U.S. adults said that they abandoned opening an account online due to experiencing friction. This leaves institutions in a unique quandary: how do they stop DDA fraud without scaring away potential clients? The answer lies in utilizing robust, machine learning tools that can help you navigate fraud attempts without increasing onboarding friction. Chris Ryan, Go to Market Lead for Experian Identity and Fraud, shares his thoughts on demand deposit account fraud and which decisioning tools can best combat it. Q: What is a demand deposit account and how is it used? "Demand deposit is just your basic checking account," Ryan explains." The funds are deposited and held by an institution, which enables you to spend those assets or resources, whether it be through checks, debit cards, person-to-person, Automated Clearing House (ACH) — all the things we do every day as consumers to manage our operating budget." Q: What is demand deposit account fraud? "There are two different ways that demand deposit account fraud works," Ryan says. "One is with existing account holders, and the other is with the account opening process.” When fraud affects existing account holders, it typically involves tricking an account holder into sending money to a scammer or using fraudulent actions, like phishing emails or credit card skimmers, to gain access to their accounts. There is also a resurgence in fraud involving duplication, theft and forgery of paper checks, Ryan explains. Fraud impacting the account opening process occurs when scammers originate new DDAs. This can work in a variety of ways, such as these three examples: A scammer steals your identity and opens an account at the same bank where you have a home equity loan. They link their DDA to your line of credit, transferring your money into their new account and withdrawing the funds. A scammer uses a synthetic identity (SID) to open a fraudulent DDA. They will then use this new DDA to open more lucrative accounts that the institution cross-sells to them. A scammer uses a stolen or SID to open “mule” accounts to receive funds they dupe consumers into sending through fake relationship schemes, bogus merchandise sales and dozens of similar scams. While both types of fraud need to be dealt with, account opening fraud can have especially large repercussions for lenders or financial institutions. Q: What are the consequences of DDA fraud for organizations? "Fraud hurts in a number of ways," Ryan explains. "There are direct losses, which is the money that criminals take from our financial system. Under most circumstances, the financial institution replaces the money, so the consumer doesn’t absorb the loss, but the money is still gone. That takes money away from lending, community engagement and other investments we want banks to make. The direct losses are what most people focus on." But there are even more repercussions for institutions beyond losing money, and this can include the attempts that institutions put into place to stop the fraud. "Preventing fraud requires some friction for the end consumer," Ryan says. "The volume of fraudulent attempts is overwhelmingly large in the DDA space. This forces institutions to apply more friction. The friction is costly, and it often drives would-be-customers away. The results include high costs for the institutions and low booking rates. At the same time, institutions are hungry for deposit money right now. So, it's kind of a perfect storm." Q: What is the impact of DDA fraud on customer experience? Experian’s 2023 Identity and Fraud Report revealed that up to 37 percent of U.S. adults in the survey had abandoned a new account entirely in the previous six months because of the friction they encountered during onboarding. And 51 percent reported considering abandoning the process because of problems they encountered. Unfortunately, fraud mitigation and deposit fraud detection efforts can end up driving customers away. "People can be impatient," Ryan says, "and in the online world, a competing product is a mouse-click away. So, while it is tempting to ask new applicants for more information, or further proof of identity, that conflicts with their need for convenience and can impact their experience.” Companies looking for cheap and fast mitigation can end up impeding customers trying to onboard to sweep out the bad actors, Ryan explains. "How do you get the bad people without interrupting the good people?" Ryan asks. "That's the million-dollar question." Q: What are some other problems with how organizations traditionally combat DDA fraud? Unfortunately, traditional attempts to combat DDA fraud are inefficient due to the fragmentation of technology. Ryan says this was revealed by Liminal, an industry analyst think tank. "Nearly half of institutions use four-or-more-point solutions to manage identity and fraud-related risk," Ryan explains. "But all of those point solutions were meant to work on their own. They weren't developed to work together. So, there's a lot of overlap. And in the case of fraud, there's a high likelihood that the multiple solutions are going to find the same fraud. So, you create a huge inefficiency." To solve this challenge, institutions need to shift to integrated identity platforms, such as Experian CrossCore®. Q: How is Experian trying to change the way organizations approach DDA fraud? Experian is pushing a paradigm shift for institutions that will increase fraud detection efficiency and accuracy, without sacrificing customer experience. "Organizations need to start thinking of identity through a different lens," Ryan says. Experian has developed an identity graph that aggregates consumer information in a manner that reaches far beyond what an institution can create on its own. "Experian is able to bring the entire breadth of every identity presentation we see into an identity graph," Ryan says. "It's a cross-industry view of identity behavior." This is important because people who commit fraud manipulate data, and those manipulations can get lost in a busy marketplace. For example, Ryan explains, if you're newly married, you may have recently presented your identity using two different surnames: one under your maiden name and one under your married name. Traditional data sources may show that your identity was presented twice, but they won’t accurately reflect the underlying details; like the fact that different surnames were used. The same holds true for thousands of other details seen at each presentation but not captured in a way that enables changes over time to be visible, such as information related to IP addresses, email accounts, online devices, or phone numbers. "Our identity graph is unlocking the details behind those identity presentations," Ryan says. "This way, when a customer comes to us with a DDA application, we can say, 'That's Chris's identity, and he's consistently presenting the same information, and all that underlying data remains very stable.'" This identity graph, part of Experian's suite of fraud management solutions — also connects unique identity details to known instances of fraud, helping catch fraudulent attempts much faster than traditional methods. "Let's say you and your spouse share an address, phone numbers, all the identity details that married couples typically share," Ryan explains. "If an identity thief steals your identity and uses it along with a brand-new email and IP address not associated with your spouse, that might be concerning. However, perhaps you started a new job, and the email/IP data is legitimate. Or maybe it’s a personal email using a risky internet service provider that shares a format commonly used by a known ring of identity thieves. Traditional data might flag the email and IP information as new, but our identity graph would go several layers deeper to confirm the possible risks that the new information brings. Q: Why is this approach superior to traditional methods of fraud detection? "Historically, organizations were interested in whether an identity was real,” Ryan says. "The next question was if the provided data (I.e., addresses, date of birth, Social Security numbers, etc.) have been historically associated with the identity. Last, the question would be whether there’s known risk associated with any of the identity components.” The identity graph turns that approach upside down. "The identity graph allows us to pull in insights from past identity presentations, " Ryan says. "Maybe the current presentation doesn’t include a phone number. Our identity graph should still recognize previously provided phone numbers and the risks associated with them. Instead of looking at identity as a small handful of pieces of data that were given at the time of the presentation, we use the data given to us to get to the identity graph and see the whole picture." Q: How are businesses applying this new paradigm? The identity graph is part of Experian's Ascend Fraud Platform™ and a full suite of fraud management solutions. Experian's approach allows companies to clean out fraud that already occurred and stop new fraudulent actors before they're onboarded. "Ideally, you want to start with cleaning up the house, and then figure out how to protect the front door," Ryan says. In other words, institutions can start by applying this view to recently opened accounts to identify problematic identities that they missed. The next step would be to bring these insights into the new account onboarding process. Q: Is this new fraud platform accessible to both small and large businesses? The Ascend Fraud Platform will support several use cases that will bring value to a broad range of businesses, Ryan explains. It can not only enable Experian experts to build and deliver better tools but can enable self-serve analytical development too. "Larger organizations that have robust, internal data science capabilities will find that it’s an ideal environment for them to work in," Ryan says. "They can add their own internal data assets to ours, and then have a better place to develop analytics. Today, organizations spend months assembling data to develop analytics internally. Our Ascend Fraud Platform will reduce the timeline of the data assembly and analytical development process to weeks, and speed to market is critical when confronting continually changing fraud threats. "But for customers who have less robust analytical teams, we're able to do that on their behalf and bring solutions out to the marketplace for them," Ryan explains. Q: What type of return on investment (ROI) are businesses experiencing? "Some customers recover their investment in days," Ryan says. "Part of this is from mitigating fraud risks among recently opened accounts that slipped through existing defenses.” "In addition to reducing losses, institutions we're working with are also seeing potentially millions of dollars a month in additional bookings, as well as significant cost savings in their account opening processes," Ryan says. "We're able to help clients go back and audit the people who had fallen out of their process, to figure out how to fine-tune their tools to keep those people in," Ryan says. “By reducing risks among existing accounts, better protecting the front door against future fraud, and growing more efficiently, we’re helping clients Q: What are Experian's plans for this service? "We're working with top-tier financial institutions on the do-it-yourself techniques," Ryan says. "In parallel, we're launching our first offerings that are created for the broader marketplace. That will start with the portfolio review capability, along with making the most predictive attributes available through our integrated identity resolution platform. And while the Ascend Fraud Platform has a strong use case for DDA fraud, its uses extend beyond that to small business lending and other products. In fact, Experian offers an entire suite of fraud management solutions to help keep your DDA accounts secure and your customers happy. Experian can help optimize your DDA fraud detection Experian is revolutionizing the approach to combating DDA fraud, helping institutions create a faster onboarding process that retains more customers, while also stopping more bad actors from gaining access. It's a win-win for everyone. Experian's full suite of fraud management solutions can optimize your business's DDA fraud detection, from scrubbing your current portfolio to gatekeeping bad actors before they're onboarded. Learn more Speak with a specialist About our expert: Chris Ryan has over 20 years of experience in fraud prevention and uses this knowledge to identify the most critical fraud issues facing individuals and businesses in North America, and he guides Experian’s application of technology to mitigate fraud risk.
Online activity is a routine part of people’s days. Americans spend an average of 4 hours and 25 minutes on their phones every day,[1] and many regularly use multiple devices to access the internet. However, with more time spent in the digital space, the risk of identity theft and fraud also continues to grow. The growing threat of identity fraud This year, the FTC has already received 5.7 million total fraud and identity theft reports, 1.4 million of which were identity theft cases.[2] More consumers are becoming vulnerable to the threat of identity fraud, but many are unsure of how to protect themselves. To avoid monetary loss and significant lifestyle disruption, consumers are looking to their financial institutions to provide resources to help them prevent identity theft and protect their personal information online. Consumers want identity protection from their financial institutions Consumers also expect their banks to carry the responsibility of protecting their private data from the risk of theft. While most of them trust in the security provided by their banks, about 50% of consumers want their banks to offer additional protective measures.[3] This creates an opportunity for financial institutions to fulfill the role of “data protector” for the customers that depend on them. The convenience of a full suite of financial services all in one place is also important to consumers, as 45% would prefer to get all their banking products from the same financial institution.[4] While consumers need identity protection, businesses need new ways to engage their customers and drive more revenue. Fortunately, offering identity protection is an effective way to maintain a sticky relationship with your customers while delivering an enhanced, engaging experience. Protect your customers from fraud with Identity Protection Services With identity protection, your customers can: Check for exposed personal information and lower their risk of identity theft Reduce their exposure and decide who can track their activity and access their personal information online Keep control of their digital identity by reclaiming exposed personal information, increasing their privacy, and avoiding future risk An identity protection solution provides a comprehensive strategy to avoid the risk of identity theft, while delivering exceptional results that your customers need to feel safe and secure. Providing frequent updates and recommendations about their digital identity and credit score allows you to maintain an engaging communication channel with your customers and boost your brand interaction. For example, the average Experian® user had a 60% alert open rate and 12% post-alert login rate.[5] As they continue to receive useful suggestions for strengthening their online security, your customers may interact with your app or website more regularly and consistently. This can create valuable opportunities for you to encourage them to open new accounts, start new credit lines, or borrow more money. In addition, giving your customers an added layer of assurance can drive them to remain loyal, long-standing customers to your business. 96% of active Experian subscribers with a free bundle were still subscribed after 12 months[6] 90% of active Experian subscribers with a paid bundle were still subscribed after 12 months[6] Less than 1% churn rate with fewer than 100 service calls[7] Consumers want protection from thieves who might steal their personal information, and they expect it from a trusted source. By offering an identity protection solution, you can foster stronger relationships with your customers while reducing their vulnerability to fraud. Visit our website to see how Identity Protection Services can help you deliver best-in-class protection for your customers. [1] PC Magazine. Americans Check Their Phones an Alarming Number of Times Per Day. May 2023. [2] IdentityTheft.org. 2023 Identity Theft Facts and Statistics. [3] PYMTS. Half of Consumers Want More Security Measures From Banks, January 2023. [4] PYMTS. 45% of US Consumers Want Banking Bundles. August 2022. [5] Experian Data, average user experience with Digital Identity Manager, May 2023. [6] Experian data, August 2023. [7] Experian Data, average user experience with Digital Identity Manager, May 2023.
In today's fast-paced digital world, the risk of fraud across all industries is a constant threat. The traditional methods of fraud detection are no longer sufficient, as fraudsters become increasingly sophisticated in their attacks. However, with artificial intelligence (AI) and machine learning (ML) solutions, financial institutions can stay one step ahead of fraudsters. AI and machine learning-equipped fraud detection tools have the ability to identify suspicious activity and patterns of fraud that are imperceptible to the human brain. In this blog post, we’ll dive into the significance of AI and machine learning in fraud detection and how these solutions are uniquely equipped to handle the demands of modern-day risk management. Understanding artificial intelligence and machine learning AI and machine learning solutions are transformative technologies that are reshaping the landscape of many industries. AI, at its core, is a field of computer science that simulates human intelligence in machines, enabling them to learn from experience and perform tasks that normally require human intellect. Machine learning, a subset of AI, is the science of getting computers to learn and act like humans do, but with minimal human intervention. They can analyze vast amounts of data within seconds, identifying patterns and trends that would be impossible for a human to recognize. When it comes to fraud detection, this ability is invaluable. Advantages of fraud detection using machine learning AI and machine learning have several benefits that make them valuable in fraud detection. One significant advantage is that these technologies can recognize patterns that are too complex for humans to identify. By running through a vast set of data points, these solutions can pinpoint anomalous behavior, and thereby prevent financial losses. AI analytics tools are adept at monitoring complex networks, detecting the dispersion of attacks that may involve multiple individuals and entities, and correlating activity patterns that would otherwise be hidden. Machine learning algorithms can take these patterns and turn them into mathematical models that help identify instances of fraud before the damage takes place. Secondly, they continuously learn from new data, which allows them to become more efficient in identifying fraud as they process more data. Thirdly, they automate fraud mitigation processes, which significantly reduces the need for manual interventions that may consume valuable time and resources. Another significant benefit of machine learning is its analytics capabilities, which allow organizations to gain valuable insights into customer behavior and fraud patterns. With AI analytics, they can detect and investigate fraudulent activities in real-time, and combine it with other tools to help detect and mitigate fraud risk. For example, in financial services, AI fraud detection can help banks and financial service providers detect and prevent fraud in their systems, add value to their services and improve customer satisfaction. The future of fraud detection and machine learning The rate at which technology is evolving means that machine learning and AI fraud detection will become increasingly important in the future. In the next few years, we can expect a more sophisticated level of fraud detection using unmanned machine systems, robotics process automation, and more. Ultimately, this will improve the efficiency and effectiveness of fraud detection. AI-based fraud management solutions are taking center stage. Organizations must leverage advanced machine learning and AI analytics solutions to prevent and mitigate cyber risks and comply with regulatory mandates. The benefits extend far beyond the financial bottom line to improving the safety and security of customers. AI and machine learning solutions offer accurate, efficient and proactive routes to managing the risk of fraud in an ever-changing environment. How can Experian® help Integrating machine learning for fraud detection represents a significant advancement in cybersecurity. Fraud management solutions detect, prevent and manage fraud across all industries, including financial services, healthcare and telecommunications. With the advancement of technology, fraud management solutions now integrate machine learning to improve their processes. Experian® provides fraud prevention solutions, including machine learning models and AI analytics, which can help more effectively mitigate fraud risk, streamline fraud investigations and create a more secure digital environment for all. With Experian’s AI analytics, risk mitigation tools and fraud management solutions, organizations can stay one step ahead of fraudsters and protect their brand reputation, customer trustworthiness and corporate data. Embracing these solutions can save organizations from significant losses, reputational damage and regulatory scrutiny. To learn more about how to future-proof your business and safeguard your customers from fraud, check out Experian’s robust suite of fraud prevention solutions. Want to hear what our industry experts think? Check out this on-demand webinar on artificial intelligence and machine learning strategies. Learn more Watch webinar *This article includes content created by an AI language model and is intended to provide general information.
Today's lenders use expanded data sources and advanced analytics to predict credit risk more accurately and optimize their lending and operations. The result may be a win-win for lenders and customers. What is credit risk? Credit risk is the possibility that a borrower will not repay a debt as agreed. Credit risk management encompasses the policies, tools and systems that lenders use to understand this risk. These can be important throughout the customer lifecycle, from marketing and sending preapproved offers to underwriting and portfolio management. Poor risk management can lead to unnecessary losses and missed opportunities, especially because risk departments need to manage risk with their organization's budgetary, technical and regulatory constraints in mind. How is it assessed? Credit risk is often assessed with credit risk analytics — statistical modeling that predicts the risk involved with credit lending. Lenders may create and use credit risk models to help drive decisions. Additionally (or alternatively), they rely on generic or custom credit risk scores: Generic scores: Analytics companies create predictive models that rank order consumers based on the likelihood that a person will fall 90 or more days past due on any credit obligation in the next 24 months. Lenders can purchase these risk scores to help them evaluate risk. Custom scores: Custom credit risk modeling solutions help organizations tailor risk scores for particular products, markets, and customers. Custom scores can incorporate generic risk scores, traditional credit data, alternative credit data* (or expanded FCRA-regulated data), and a lender's proprietary data to increase their effectiveness. About 41 percent of consumer lending organizations use a model-first approach, and 55 percent use a score-first approach to credit decisioning.1 However, these aren't entirely exclusive groupings. For example, a credit score may be an input in a lender's credit risk model — almost every lender (99 percent) that uses credit risk models for decisioning also uses credit scores.2 Similarly, lenders that primarily rely on credit scores may also have business policies that affect their decisions. What are the current challenges? Risk departments and teams are facing several overarching challenges today: Staying flexible: Volatile market conditions and changing consumer preferences can lead to unexpected shifts in risk. Organizations need to actively monitor customer accounts and larger economic trends to understand when, if, and how they should adjust their risk policies. Digesting an overwhelming amount of data: More data can be beneficial, but only if it offers real insights and the organization has the resources to understand and use it efficiently. Artificial intelligence (AI) and machine learning (ML) are often important for turning raw data into actionable insights. Retaining IT talent: Many organizations are trying to figure out how to use vast amounts of data and AI/ML effectively. However, 82 percent of lenders have trouble hiring and retaining data scientists and analysts.3 Separating fraud and credit losses: Understanding a portfolio's credit losses can be important for improving credit risk models and performance. But some organizations struggle to properly distinguish between the two, particularly when synthetic identity fraud is involved. Best practices for credit risk management Leading financial institutions have moved on from legacy systems and outdated risk models or scores. And they're looking at the current challenges as an opportunity to pull away from the competition. Here's how they're doing it: Using additional data to gain a holistic picture: Lenders have an opportunity to access more data sources, including credit data from alternative financial services and consumer-permissioned data. When combined with traditional credit data, credit scores, and internal data, the outcome can be a more complete picture of a consumer's credit risk. Implementing AI/ML-driven models: Lenders can leverage AI/ML to analyze large amounts of data to improve organizational efficiency and credit risk assessments. 16 percent of consumer lending organizations expect to solely use ML algorithms for credit decisioning, while two-thirds expect to use both traditional and ML models going forward.4 Increasing model velocity: On average, it takes about 15 months to go from model development to deployment. But some organizations can do it in less than six.5 Increasing model velocity can help organizations quickly respond to changing consumer and economic conditions. Even if rapid model creation and deployment isn't an option, monitoring model health and recalibrating for drift is important. Nearly half (49 percent) of lenders check for model drift monthly or quarterly — one out of ten get automated alerts when their models start to drift.6 WATCH: Accelerating Model Velocity in Financial Institutions Improving automation and customer experience Lenders are using AI to automate their application, underwriting, and approval processes. Often, automation and ML-driven risk models go hand-in-hand. Lenders can use the models to measure the credit risk of consumers who don't qualify for traditional credit scores and automation to expedite the review process, leading to an improved customer experience. Learn more by exploring Experian's credit risk solutions. Learn more * When we refer to “Alternative Credit Data," this refers to the use of alternative data and its appropriate use in consumer credit lending decisions as regulated by the Fair Credit Reporting Act (FCRA). Hence, the term “Expanded FCRA Data" may also apply in this instance and both can be used interchangeably. 1-6. Experian (2023). Accelerating Model Velocity in Financial Institutions
Sometimes logging into an account feels a bit like playing 20 questions. Security is vital for a positive customer experience, and engaging the right identity verification strategies is essential to proactive fraud prevention. For financial institutions and businesses, secure authentication is more important than ever. It is imperative for customer safety – which drives retention and loyalty – and your bottom line – as fraud has determinantal effects on and off the balance sheet. Information sharing has proliferated, as has the number of times consumers are prompted to provide access to sensitive information. While today’s consumer has grown accustomed to providing such information, there’s also a heightened demand for security. According to Experian’s 2023 U.S. Identity and Fraud Report, nearly two-thirds (64%) of consumers say they’re very or somewhat concerned with online safety, listing identity theft, stolen card information and online privacy as top concerns. Customers want to know who they are providing access to and whether that entity will have their safety in mind. From a business perspective, one way to ensure that only the right people can get in is by using (KBA). KBA takes traditional authentication methods, like passwords and Personal Identification Numbers (PINs), one step further by creating an additional layer of security through collecting private facts from each user. In this post, we'll look at how KBA works, what its benefits are as a form of identity verification, and how it can improve customer trust. Introducing Knowledge Based Authentication (KBA): What it is and how it works Knowledge Based Authentication can be part of a multifactor authentication solution and is one way to stay on top of privacy and security for your customers – existing and new. KBA is a feature designed to protect online accounts by verifying the account holder’s identity. It involves answering a series of personal questions, such as mother's maiden name or first pet's name, that only the account holder should know. This system has become increasingly popular due to its effectiveness in preventing fraud and identity theft. With KBA, businesses and individuals can have peace of mind that their information is protected by a reliable authentication system that is difficult for unauthorized users to breach. Benefits of implementing KBA and a multifactor authentication strategy By implementing KBA into your business, customers experience an additional layer of security by verifying the identity of users through personalized questions. This reduces the risk of fraud and enhances customer trust and confidence. Secondly, it improves the customer experience by making the authentication process faster and user-friendly. Lastly, KBA reduces costs by automating the authentication process and reducing the need for manual intervention. However, KBA is just one facet of an ideal strategy. Multifactor authentication provides confidence while reducing friction. Risk-based authentication tools allow organizations to assess risk to apply the appropriate level of security. Factors to consider adding to your authentication processes include: Generating unique one-time passwords (OTPs): By creating a new OTP for each transaction, you can increase the level of security. Confirm device ownership: A multifactored approach applies device intelligence checks to increase confidence that the message is reaching the correct user. Maintain low friction with secondary options: If the OTP fails or can’t be attempted by the user, working with a provider who allows an automatic default to another authentication service, such as a knowledge-based authentication solution, decreases end-user friction. Identifying potential security risks associated with KBA KBA relies on personal information that may easily be discovered via social media and other public records, which makes it vulnerable to fraud and identity theft. This highlights the need for a multilayered fraud and identity solution. The landscape of digital security is constantly changing, leveraging an arsenal of fraud and identity prevention strategies, like document verification, one-time passcode, and various identity authentication and verification measures, is critical for keeping your customers and business safe. Commonly used technologies for enhancing KBA security With the rising need for secure authentication, KBA systems have become increasingly popular. However, cyberthreats evolve at an alarming rate, making it imperative to stay current with the latest fraud schemes and how to enhance and supplement your security. Biometrics, like facial recognition and fingerprint scans, as a tactic is gaining traction, as evidenced by “85% of consumers report physical biometrics as the most trusted and secure authentication method they have recently encountered,” according to Experian’s 2023 U.S. Identity and Fraud Report. Additionally, machine learning algorithms detect patterns and anomalies in user behavior and flag any potential security breaches. Multi-factor authentication is another tool that adds an extra layer of security by requiring users to provide multiple forms of identification before logging in. Keeping up with these and other technological advancements can help ensure your KBA system stays one step ahead of potential cyberattacks. Interestingly, there’s a disconnect between the technologies consumers feel safe with and/or are prepared to use versus the technologies and strategies that organizations implement. According to the U.S. Identity and Fraud Report, biometrics are only currently used by 33% of businesses to detect and protect against fraud. An opportunity for business differentiation and driving customer loyalty through a better customer experience may be tapping into some of these lesser used – but sought after – technologies. Compliance with industry standards regarding KBA Ensuring that your system complies with industry standards regarding KBA is crucial for protecting sensitive information from unauthorized access. By implementing the following tips, you can stay ahead of the game and safeguard your organization's data. Analyze your system's current authentication methods and evaluate if they meet industry standards. Additionally, follow standard guidelines for data storage and encryption, limit access to only authorized personnel, and y current with regulations. Lastly, conduct frequent security audits and perform vulnerability tests to identify and address any potential threats. Knowledge-based authentication offers a robust security solution for businesses of all sizes, and incorporating KBA as part of a multifactor authentication strategy is a winning course of action. It provides an added layer of protection for personal data, encourages user accountability, and safeguards against unauthorized access. By leveraging appropriate KBA technologies and maintaining compliance with industry standards, it is possible to create a secure system for customers that gives you peace of mind for your business and bottom line. Experian can help you with knowledge-based authentication offerings, a multifactor authentication strategy and everything in between to enhance your existing authentication process without causing user fatigue. Increase your pass rates, confirm device ownership and add security to risky or high-value transactions, all while executing identity verification and fraud detection to protect your business from risk. The most important step is getting started. Learn more
Well-designed underwriting strategies are critical to creating more value out of your member relationships and driving growth for your business. But what makes an advanced underwriting strategy? It’s all about the data, analytics, and the people behind it. How a credit union achieved record loan growth Educational Federal Credit Union (EdFed) is a member-owned cooperative dedicated to serving the financial needs of school employees, students, and parents within the education community. After migrating to a new loan origination system, the credit union wanted to design a more profitable underwriting strategy to increase efficiency and grow their business. EdFed partnered with Experian to design an advanced underwriting strategy using our vast data sources, advanced analytics, and recommendations for greater automation. After 30 months of implementing the new loan origination system and underwriting strategies, the credit union increased their loans by 32% and automated approvals by 21%. “The partnership provided by Experian, backed by analytics, makes them the dream resource for our growth as a credit union. It isn’t just the data… it’s the people.” – Michael Aubrey, SVP Lending at Educational Federal Credit Union Learn more about how Experian can help you enhance your underwriting strategy. Learn more
It's that magical time of the year! The holiday season is fast approaching, and folks everywhere are gearing up for festive travels and family reunions. Unfortunately, holiday travel can sometimes lead to unforeseen circumstances, such as fraudulent activities orchestrated by scammers who impersonate property owners on well-known vacation rental platforms. These fraudsters employ schemes designed to deceive unsuspecting travelers into making payments through unsecured channels, resulting in significant financial losses for the gullible victims. Digital identity and hotel fraud Airline and hotel fraud encompasses illicit activities aimed at airlines, hotels, booking platforms, and other travel accommodation services, including car rentals and excursions. These services often utilize loyalty programs to incentivize repeat patronage through point-based rewards. The widespread adoption of such loyalty programs has extended their appeal beyond the travel and hospitality sectors, consequently attracting fraudulent activities. Perpetrators of airline and hospitality fraud employ a range of tactics and different techniques to execute their schemes, leveraging various online forums, marketplaces, shops, and public messaging platforms. Hotels are custodians of valuable guest data, encompassing contact information and payment details. Their operational model involves serving a large pool of potential customers who are making limited visits. Consequently, compromising a hospitality employee's account could grant an identity thief access to millions of consumer records. Moreover, hotel employees are frequent targets of foreign governments aiming to procure confidential travel records to facilitate the tracking of specific individuals and groups. In contrast, restaurants primarily store transaction records with fewer customer details. However, the landscape is evolving as more establishments adopt online ordering capabilities and loyalty programs. At present, cybercriminals typically focus on the high volume of point-of-sale transactions. As travel booms, fraudsters find new paths According to a recent Deloitte survey, Intent to travel between Thanksgiving and mid-January is up across all age and income groups. While reconnecting with friends and family remains paramount to travel during the holidays, fewer Americans are restricting their travel to visiting loved ones. The share of travelers planning to stay in hotels surged to 56%. Fraudsters will always take advantage of current circumstances, and with more people traveling again, they have taken notice — and action. The following techniques have been identified as the most employed by cybercriminals to target customers of airlines, hotels, and hospitality-related organizations: Travel-themed phishing and fraudulent travel agency operations, sales, and advertisements of travel fraud-related tutorials. Sales of compromised networks, user accounts, and databases containing reward/loyalty points and personally identifiable information (PII) that could be utilized for social engineering, money laundering, and other attack vectors. Since the emergence of cyber-enabled crime, services and activities facilitating travel fraud have been extensively promoted and sought after by threat actors. Cybercriminals mainly leverage stolen card-not-present (CNP) data and reward/loyalty points obtained from compromised bank accounts to procure flights, accommodations, and other travel-related services. Furthermore, threat actors persistently refine their strategies for harvesting reward/loyalty points through compromised accounts, deceiving victims into disclosing their travel-related documentation and data and circulating updated guidelines for circumventing hotel and airline reservation services, amongst other activities. Protecting travelers and improving the customer experience Combatting hospitality and hotel fraud requires collaboration between industry stakeholders, government entities, and financial institutions. Travel professionals should focus on: Enhancing data security: Invest in robust cybersecurity measures to protect guest information, payment systems for CNP, and loyalty programs. Implementing identity verification: Utilize advanced technologies, such as biometric authentication and behavioral analytics, to verify guests' identities and prevent account fraud. Educating staff and guests: Provide comprehensive training to employees on recognizing and reporting suspicious activities. Educate guests about potential scams and advise them to book directly through official channels. Sharing information: Establish platforms to share intelligence and best practices to stay ahead of evolving fraud techniques. Acting with the right solution As the travel and hospitality industry continues to thrive, so does the risk of hospitality fraud. Travelers and hoteliers alike must remain vigilant to protect their finances from various fraud schemes prevalent today. By staying informed, taking proactive measures, and fostering collaborative efforts, we can create a safer and more secure environment within the travel industry. Experian’s identity verification solutions power advanced capabilities across the travel lifecycle. With trusted data and advanced analytics, you can gain a complete view of your future guest to improve risk management and offer an enhanced, frictionless customer experience. Learn more *This article leverages/includes content created by an AI language model and is intended to provide general information.