Topics

We all know that first party fraud is a problem. No one can seem to agree on the definitions of first party fraud and who is on the hook to find it, absorb the losses and mitigate the risk going forward. More often than not, first-party fraud cases and associated losses are simply combined with the relatively big “bucket” of credit losses. More importantly, the means of quickly detecting potential first-party fraud, properly segmenting it (as either true credit risk or malicious behavior) and mitigating losses associated with it usually lies within more general credit policies instead of with unique, targeted strategies designed to combat this type of fraud. In order to create a frame of reference, it’s helpful to have some quick — and yes, arguable — definitions: Synthetic identity: the fabrication of an identity with the intention of perpetrating fraudulent applications for, and access to, credit or other financial services Bust-out: the substantive building of positive credit history, followed by the intentional, high-velocity opening of several new accounts with subsequent line utilization and “never payment” Default payment: intentionally allowing credit lines to default to avoid payments Straight-roller: an account opened with immediate utilization followed by default without any attempt to make a payment Never pay: a form of straight-roller that becomes delinquent within the first few months of opening the account So what’s a risk manager to do? In my opinion, the best methods to consider in the fight against first-party fraud include analytical solutions that take multiple data points into consideration and focus on a risk-based approach. For my money, the four most important are: Models and scores developed with the proper set of identity and credit risk attributes derived from current and historic identity and account usage patterns (in other words, ANALYTICS) — Used at both the account opening and account management phases of the Customer Life Cycle, such analytics can be customized for each addressable market and specific first-party fraud threat The monitoring of individual identity elements at a portfolio level and beyond — This type of monitoring and LINK ANALYSIS allows organizations to detect the creation of synthetic identities Reasonable (e.g., one-to-one) identity and device associations over time versus a cluster of devices or coordinated attacks stemming from a single device — Knowing a customer’s device profile and behavioral usage with DEVICE INTELLIGENCE provides assurance that applications and account access are conducted legitimately Leveraging industry experts who have worked with other institutions to design and implement effective first-party fraud detection and loss-mitigation strategies — This kind of OPERATIONAL CONSULTING can save time and money in the long run and afford an opportunity to avoid mistakes By active use of these methods, you are applying a risk-based approach that will allow you to realize substantial savings in the forms of loss reduction and operational efficiencies associated with non-acquisition of high-risk first-party fraud applications, more effective credit line management of potentially high-risk accounts, better segmentation of treatment strategies and associated spend against high-risk identities, and removal of first-party fraud accounts from traditional collections processes that will prove futile. Download our recent White Paper, Data confidence realized: Leveraging customer intelligence in the age of mass data compromise, to understand how data and technology are needed to strengthen fraud risk strategies through comprehensive customer intelligence.

This month, it’s all about parties and gift giving and holiday traditions. Fast forward a month, however, and consumers will be in a different place. Today, they are spending. In a few weeks, the focus will be on paying down bills, or perhaps seeking solutions to consolidate or transfer balances. The good news for the economy is consumers are expected to spend more this holiday season – $830 on average, a huge jump from last year’s $720. Total retail is expected to increase 5.6 percent, while ecommerce (thanks Amazon Prime) should rise 13.9 percent. Credit card originations are also trending up more than 1 percent year-over-year as of the end of the third quarter of 2015. So what does this mean for lenders? Card utilization is peaking, creating the perfect scenario for many consumers to seek balance transfers, consolidate debt and search for competitive rates, especially if they’ve been leveraging high-interest cards. A recent analysis by NerdWallet revealed consumers are more interested in shopping with store credit cards than with traditional cards this season, putting them at particular risk of sky-high rates. A deeper look at utilization revealed super-prime consumers use less than 6 percent of their available credit limits, while consumers in the deep-subprime tier use nearly every dollar allotted. “Consumers spend billions during the holidays on high-interest credit cards,” said Kyle Matthies, Experian product manager. “Many of them have excellent credit, but struggle juggling multiple payments, which can lead to delinquencies. Credit card consolidation can provide relief by lowering interest rates and simplifying repayment.” Card issuers that remain passive during this window may find their portfolios at-risk as customers take advantage of seasonal offers. Competitors who capitalize on this peak season of balance transfers will likely be mailing out offers to acquire and grow their card portfolio, as well as protect their current card base. “As banks and credit unions finish out the calendar year, they might seek one last marketing push, so a balance-transfer campaign might be the ideal play,” said Matthies. “Still, to avoid blowing the budget, it helps to leverage data to know exactly who to target – both within and outside the card portfolio.” Specific models and/or tools can identify who to try to retain, as well as provide insights on whom to conquest from the outside. An index can additionally offer guidance on when to lower APRs, sweeten rewards and increase credit limits for specific consumers. The post-holiday balance-transfer wave is coming. The question is which lenders will be best prepared to protect and grow their respective card portfolios.

Hello from the other side ... While Adele scores big on the Billboard Hot 100 by crooning of coming to terms with a lover from the past, a new Experian “State of Credit” reveals we are officially on the “other side” of the recession – at least if you’re looking at the nation’s credit scores. While the bottom of the Great Recession was reached in the second quarter of 2009, steady job growth was not seen until 2011, and even since, some economists claim it has been a "Tortoise Recovery.” But key findings from Experian’s 6th annual study, ranking top and bottom cities across the nation in regards to credit, suggests the U.S. is strong. “If I were to give a grade to the overall picture of credit in the United States, I would give it an A minus,” said Michele Raneri, Experian’s vice president of analytics and new business development. “I’m optimistic about the state of credit as we are seeing more loans being extended, late payments are decreasing and consumers are continuing to gain more confidence in originating loans. There definitely is growth and momentum — we’re back to prerecession levels in nearly every category, which means lenders are in a prime position to capitalize on this market and foster business growth.” Which states topped the credit charts? As in previous years, Minnesota continues to shine with three of its cities — Mankato, Rochester and Minneapolis — leading with credit scores of 706, 705 and 704, respectively. Greenwood, Miss. and Albany, Ga. ranked the lowest with scores of 612 and 622. While still at the bottom of the list with a score of 612, Greenwood, Miss., residents did improve their score by three points, more than any other city in the bottom 10. Overall, the report reveals the national credit score increased by three points over the last year (and by five points since 2013) and the 10 cities with the highest credit scores in the nation increased their scores by an average of 1.8 points. Additionally, bankcards, retail cards and mortgage lending showed significant growth, making this year’s study an indicator of the nation’s confidence in the credit market. Just in time for the election year, this year’s study includes insight into how residents of these top and bottom metropolitan statistical areas (MSAs) identify politically. The study found that half of the highest-scoring cities have residents whose views skew more middle of the road, while residents of lower-scoring cities are more likely to lean conservative. The full lists of the top 10 and bottom 10 cities are featured (scores are rounded to the nearest whole number). Detailed study highlights include the following changes over the last year: The national VantageScore® credit score is up by three points, from 666 to 669. Bankcard lending continues to increase, with new bankcards up 7.7 percent. The average number of bankcards per consumer is up 2.8 percent to 2.24 cards. Retail card lending also is on the rise, with a 10.8 percent increase in new originations. The average number of retail cards per consumer is up 0.3 percent to 1.55 cards from last year and up by 7 percent since 2013. Instances of late payments (includes bankcard and retail) decreased by 4.4 percent over the last year and by 17.3 percent since the height of the recession in 2010. Average debt2 is up 2.1 percent to $29,093 per consumer. Mortgage originations increased by 42.5 percent. For a more complete look at the above cities as well as the other MSAs studied, visit http://www.livecreditsmart.com to view a fully interactive map and infographic. Purchase The Experian Market Intelligence Brief, a quarterly report that includes more than 70 charts and data trends on loan originations, outstanding loans and delinquency performance metrics spanning three years.

With Black Friday quickly approaching, a recent Experian study shows online Black Friday searches are already tracking ahead of last year. This October, the weekly search share for Black Friday averaged 12% higher than October 2014 and is expected to increase dramatically between now and Thanksgiving week. Top product searches for the week ending October 31, 2015 include: Marketers can design more successful campaigns and maximize rewards for both consumers and brands by staying on top of the latest search trends. >> Holiday Hot Sheet

Profile of an online fraudster I recently read a study about the profile of a cybercriminal. While I appreciate the study itself, one thing it lacks perspective on is an understanding of how identity data is being used to perpetrate fraud in the online channel. One may jump to conclusions about what is a good indicator for catching fraudsters. These very broad-brush observations may result in an overwhelming number of false positives without digging in deeper. Purchase value A single approach for understanding the correlation between purchase value and fraud does not work to best protect all businesses. Back in 2005, we saw that orders under $5 were great indicators of subsequent large-ticket fraud. For merchants that sell large-ticket items, such as electronics, those same rules may not be effective. To simply believe that the low dollar amount is the extent of the crime and not just a precursor to the real, bigger crime indicates a lack of understanding of how fraudsters work to manipulate a system. For some merchants, where fraudsters know they can go to do card testing against their business, low-dollar-amount rules may apply. However, for other businesses a different set of rules must be put into place. Time of day We have been tracking fraud time of day as a rule since 2004, but the critical point is a clear definition of which time of day. For the merchant, 3 a.m. is very different than 3 a.m. for a fraudster who is in Asia or Eastern Europe, where 3 a.m. merchant time is actually the middle of the online fraudster’s day. FraudNet is designed to identify the time from the user’s device and runs its rules from the user’s time. We find that every individual business will have a very specific threat profile. Businesses need to build their individual fraud strategy around their overall attack rate taking into account the strength of the defense and the ability to be flexible to accommodate the nuances for individual consumers. A general approach to fraud mitigation inevitably results in a system that begins to chase broad averages, which leads to excessive false positives and mediocre detection. That’s what drives us to do the job better. The proof of every fraud solution should lie in its ability to catch the most fraud without negatively impacting good customers.  

Understanding the Impact of New Marketplace Lending Regulations The online marketplace lending sector has enjoyed unprecedented growth these past few years. According to a recent Morgan Stanley research report, the volume of loans extended by online marketplace lenders in the United States has doubled every year since 2010, hitting $12 billion last year. Some analysts speculate this growth will continue at a compound annual rate of 47 percent through 2020. The market’s growth, coupled with new, disruptive lending models, is now prompting regulators in Washington to raise questions about the potential opportunities and challenges for consumers, small businesses, and the safety and soundness of our financial system. Last July, the Treasury Department issued a request for information to better understand the benefits and risks associated with new online lending platforms and other “fin-tech” startups. The Treasury’s RFI sought information about how these entities’ business models differ from traditional lenders, their impact on financially underserved consumers, and ultimately whether the regulatory framework should evolve to ensure the safe growth of this emerging marketplace. They were also interested in how online lenders were assessing credit risk of borrowers. Most comments the Treasury Department received from online lenders focused on the positive impact that innovation in financial services could have on consumers and small businesses. For example, in an open letter to the Treasury, Lending Club Founder and CEO Renaud Laplanche stated his company’s role in “bringing more transparency, removing friction, reducing systemic risk by requiring a match between assets and liabilities, and offering traditional banks … the opportunity to participate on our platform and benefit from the same cost reductions from which our other borrowers and investors benefit.” Laplanche emphasized the benefits to consumers by noting that “over 70 percent of borrowers on our platform report using their loan to pay off an existing loan or credit card balance and report that the interest rate on their Lending Club loan was an average of seven percentage points lower than they were paying on their outstanding debt or credit cards.” For small businesses, Laplanche explained how commercial loans less than $250,000 tend to be underserved by traditional lenders. “Bank loans from $100k to $250k have fallen 22 percent since 2007, during a period when bank loans of $1 million or greater increased by 56 percent,” he wrote. “Our platform’s automated processes allow us to provide smaller commercial loans that are less available more economically than traditional banks can.” Meanwhile, some commenters called for regulators to increase oversight of the marketplace to provide more certainty. In a joint comment letter, the American Bankers Association and Consumer Bankers Association argued that all lenders — regardless of medium by which they deliver loans — should operate under the same rules and standards. They highlighted the numerous consumer protections in place to protect borrowers — from transparency in pricing, to fair debt collection methods,  and data protection — and advocate for these protections to apply in all bank-like activities involving lending or servicing. But what about the Consumer Financial Protection Bureau (CFPB)? The CFPB will take a leadership role to ensure marketplace lenders comply with the fair lending and consumer financial protection laws that the CFPB has authority to enforce. The CFPB has not made any direct notice to the online lending marketplace specifically, but it did issue a notice in October 2014 saying it had no intention of bringing enforcement actions against companies that offer innovative financial products — so long as they benefit consumers. Meanwhile, it is also likely the Federal Trade Commission and state attorneys general will increase their focus on the online lending segment, especially as it relates to how products and services are marketed. The FTC held a symposium on Oct. 30 to examine online lead generation and consumer protection in the lending and education industries.  The FTC workshop raised questions about the potential consumer protection challenges of this advertising medium used heavily by online lenders. In particular, there were calls for greater transparency in the use of lead generation, including more information on the ways consumer data is collected through lead-gen websites and how it is used and shared. Online marketplace lenders should expect to stay under the regulatory spotlight – because that’s what success often brings.  The sector can avoid undue burdens by ensuring compliance with existing laws and adopting and following industry best practices. For more information, visit www.experian.com/marketplacelending.

What the EMV Shift means for you I recently facilitated a Webinar looking at myths and truths in the market regarding the EMV liability shift and what it means for both merchants and issuers. I found it to be a very beneficial discussion and wanted to take some time to share some highlights from our panel with all of you. Of course, if you prefer to hear it firsthand, you can download the archive recording here. Myth #1: Oct. 1 will change everything Similar to the hype we heard prior to Y2K, Oct. 1, 2015, came and went without too much fanfare. The date was only the first step in our long and gradual path to EMV adoption. This complex, fragmented U.S. migration includes: More than 1 billion payment cards More than 12 million POS terminals Four credit card networks Eighteen debit networks More than 12,000 financial institutions Unlike the shift in the United Kingdom, the U.S. migration does not have government backing and support. This causes additional fragmentation and complexity that we, as the payments industry, are forced to navigate ourselves. Aite Group predicts that by the end of 2015, 70 percent of U.S. credit cards will have EMV capabilities and 40 percent of debit cards will be upgraded. So while Oct. 1 may not have changed everything, it was the start of a long and gradual migration. Myth #2: Subscription revenues will plummet due to reissuances According to Aite, EMV reissuance is less impactful to merchant revenues than database breaches, since many EMV cards are being reissued with the same pan. The impact of EMV on reoccurring transactions is exaggerated in the market, especially when you look at the Update Issuer provided by the transaction networks. There still will be an impact on merchants, coming right at the start of the holiday shopping season. The need for consumer education will fall primarily on merchants, given longer lines at checkout and unfamiliar processes for consumers. Merchants should be prepared for charge-back amounts on their statements, which they aren’t used to seeing. Lastly, with a disparate credit and debit user experience, training is needed not just for consumers, but also for frontline cashiers. We do expect to see some merchants decide to wait until after the first of the year to avoid impacting the customer experience during the critical holiday shopping season, preferring to absorb the fraud in the interest of maximizing consumer throughout. Myth #3: Card fraud will decline dramatically We can look to countries that already have migrated to see that card fraud will not, as a whole, decline dramatically. While EMV is very effective at bringing down counterfeit card fraud, organized crime rings will not sit idly by while their $3 billion business disappears. With the Canadian shift, we saw a decrease in counterfeit card loss but a substantial increase in Card Not Present (CNP) fraud. In Canada and Australia, we also saw a dramatic, threefold increase in fraudulent applications. When criminals can no longer get counterfeit cards, they use synthetic and stolen identities to gain access to new, legitimate cards. In the United States, we should plan for increased account-takeover attacks, i.e., criminals using compromised credentials for fraudulent CNP purchases. For merchants that don’t require CVV2, compromised data from recent breaches can be used easily in an online environment. According to Aite, issuers already are reporting an increase in CNP fraud. Fraudsters did not wait until the Oct. 1 shift to adjust their practices. Myth #4: All liability moves to the issuer EMV won’t help online merchants at all. Fraud will shift to the CNP channel, and merchants will be completely responsible for the fraud that occurs there. We put together a matrix to illustrate where actual liability shifts and where it does not. Payments liability matrix Note: Because of the cost and complexity of replacing POS machines, gas stations are not liable until October 2017. For more information, or if you’d like to hear the full discussion, click here to view the archive recording, which includes a great panel question-and-answer session.

The Responsible Business Lending Coalition, a group of nonbank small-business lenders, recently announced a regulatory program designed to bring greater clarity to the industry’s pricing and consumer protections, including: The right to transparent pricing and terms The right to non-abusive products The right to responsible underwriting The right to fair treatment from brokers The right to inclusive credit access The right to fair collection practices Industry self-regulation is a good way for market leaders to demonstrate self-discipline and is preferable to legislative or regulatory changes because of its flexibility and ability to accommodate evolving market trends. >> Webinar: Online Marketplace Lending

Using bankcard utilization to forecast holiday spend It’s officially November, and like me, you’ve probably noticed all the holiday promotions in your mailbox and inbox. With only a brief window of holiday shopping available, it’s a retailer’s race to get consumer discretionary dollars. As we near the end of 2015, the U.S. economy continues to improve steadily, and consumers are cautiously optimistic about their financial well-being. National unemployment[i] is down to 5.1 percent, and while the Consumer Confidence Index®[ii] slipped to 97.6 in October, it is still higher than it was at the end of 2014. So will the U.S. consumer spend more this holiday season? One way to measure this behavior is through bankcard utilization rates — i.e., how much of their available credit consumers use. Overall, average bankcard utilization didn’t show much movement in Q3 2015, averaging 20.6 percent, compared with 20.3 percent the year before (a 1.5 percent increase).[iii] However, when we look at utilization rates by VantageScore® credit score tier, we see not only varying year-over-year (YOY) changes among consumer risk segments, but, more importantly, significant disparity in the overall usage of available credit.   Q3 2014 Q3 2015 YOY increase Super Prime (781-850) 5.5% 5.6% 1.8% Prime (661-780) 27.4% 27.8% 1.4% Near Prime (601-660 63.8% 64.5% 1.2% Subprime (501-600) 76.1% 78.4% 3.1% Deep Subprime (300-500) 94.7% 97.6% 3.1% Super-prime consumers use less than 6 percent of their available credit limits, while consumers in the deep-subprime tier use nearly every dollar allotted. So while we can’t yet determine how “black” this holiday season will be, we can predict that the lower a consumer’s credit tier, the more that consumer will rely on bankcards to fund his or her holiday shopping. For more credit and market insights, join Robert Stone and I for a Webinar, Unique insights on consumer credit trends and outlook for the remainder of 2015. [i]Bureau of Labor Statistics [ii]The Conference Board [iii]Experian IntelliView℠ VantageScore® is a registered trademark of VantageScore Solutions, LLC.

While walking through a toy store in search of the perfect gift for a nephew, I noticed the board game Risk, which touts itself as “The Game of Global Domination.” For those who are unaware, the game usually is won by players who focus on four key themes: Strategy — Before you begin the game, you need a strategy to attack new territories while defending your own Attack — While you have the option to sit back and defend your territory, it’s better to attack a weakened opponent Fortify — When you are finished attacking, it’s often best to fortify your position Alliances — While not an official part of the game, creating partnerships is necessary in order to win These themes also are relevant to the world of real-life fraud risk prevention. The difference is that the stakes are real and much higher. Let’s look at how these themes play out in real-life fraud risk prevention:  Strategy — Like in the game, you need a strategy for fraud risk detection and prevention. That strategy must be flexible and adaptable since fraudsters (your enemies) also continuously adapt to changing environments, usually at a much quicker, less bureaucratic pace. For example, your competitors (other countries) may improve their defenses, so fraudsters will mount a more focused attack on you. Fraudsters also may build alliances to attack you from different vectors or channels, resulting in a more sophisticated, comprehensive strike.  Attack — As the game begins, all players have access to all competitors (countries). This means that fraudsters might have the upper hand in a certain area of the business. You can sit back and try to defend the territory you already “own,” where fraudsters have no traction, but it’s best to be aggressive and attack fraudsters by expanding your coverage across all channels. For example, you might have plenty of controls in place to manage your Web orders (occupied territory), but your call center operations (opponents’ territory) aren’t protected, i.e., the fraudsters “own” this space. You need to attack that channel to drive fraudsters out.  Fortify — In the game, you can fortify your position after a successful move — that is, move more troops to your newly conquered territories. In real life, you always have the option to fortify your position, and you should constantly look for ways to improve your controls. You can’t afford to maintain on your current position, because fraudsters constantly are looking for weaknesses.  Alliances — In business, we often are hesitant to share information with our competitors. Fraudsters use this to their advantage. Just as fraudsters act in a coordinated fashion, so must we. Use all available resources and partners to shore up your defenses Leverage the power of consortium data Learn new methods from traditional competitors Always team up with internal and external partners to defend your territory If you apply these themes, you will be positioned for global domination in the fight against fraud risk. You can read more about fraud-prevention strategies in our recent ebook, Protecting the Customer Experience. As a side note, I’m always ready for a game of Risk, so contact me if you’re interested. But be forewarned — I’m competitive.

While marketers typically begin deploying Halloween emails in September, last-minute mailings receive the highest response.

What will the EMV shift really mean for consumers and businesses here in the U.S.? Businesses and consumers across the U.S. are still adjusting to their new EMV credit cards. The new credit cards are outfitted with computer chips in addition to the magnetic strips to help prevent point-of-sale (POS) fraud. The new system, called EMV (which stands for Europay, MasterCard and Visa), requires signatures for all transactions. EMV is a global standard for credit cards. In the wake of the rising flood of large-scale data breaches at major retailers – and higher rates of counterfeit credit card fraud – chip-and-signature, as it is also called, is designed to better authenticate credit card transactions. Chip-and-signature itself is not new. It has been protecting consumers and businesses in Europe for several years and now the U.S. is finally catching up. But what will the EMV system really mean for consumers and businesses here in the U.S.? There is the potential for businesses that sell both offline and online, to see an increase in fraud that takes place online called Card Not Present (CNP) fraud. Will credit card fraud ever really be wiped out? Can we all stop worrying that large-scale point-of-sale breaches will happen again? Will the EMV shift affect holiday shopping and should retailers be concerned? Join us as we explore these questions and more on an upcoming Webinar, Chipping Away at EMV Myths. Our panel of experts includes: David Britton, Vice President, Industry Solutions, Experian Julie Conroy, Research Director, Aite Group Mike Klumpp, Director of Fraud Prevention, Citibank Moderated by: Keir Breitenfeld, Vice President, Product Management, Experian

Small Business Fraud When you hear the word “fraud” it’s unlikely that small business fraud comes to mind. However, in terms of potential losses, business identity theft could be considered as big if not a larger threat than consumer identity theft. Just like consumers, businesses face a broad- range of first- and third-party fraud behaviors, varying significantly in frequency, severity and complexity. Small businesses are especially vulnerable, because they typically do not have the layers of security and oversight, an alert accounting or I.T. department, or the sophisticated security technology that larger businesses may have. Over $8 billion is lost or stolen from small businesses each year and 60% of businesses who suffer business identity fraud close their doors within one year. A first-party, or victim-less, fraud profile is characterized by having some form of material misrepresentation (for example, manipulation or falsification of business filings and records) by the business owner without that owner’s intent or immediate capacity to pay the loan item. Historically, during periods of economic downturn or misfortune, this type of fraud is more common. This intuitively makes sense — individuals under extreme financial pressure are more likely to resort to desperate measures, such as misstating financial information on an application to obtain credit. Third-party commercial fraud occurs when a third party steals the identification details of a known business or business owner in order to open credit in the business victim’s name. With creditors becoming more stringent with credit-granting policies on new accounts, we’re seeing seasoned fraudsters shift their focus on taking over existing business or business owner identities. The rising trend of commercial fraud is illustrated by several key reasons including: One of the most common reasons for this is that commercial fraud doesn’t receive the same amount of attention as consumer fraud. Thus, it’s become easier for fraudsters to slip under the radar by perpetrating their crimes through the commercial channel. Keep in mind that businesses are often not seen as victims in the same way that consumers are. For example, victimized businesses aren’t afforded the protections that consumers receive under identity theft laws, such as access to credit information. Another factor is that most businesses are eager to open a new account for a business, after all businesses spend more than consumers. In some cases, opening a new business account can be even easier than opening a new consumer account. Business also have higher credit limits and the invoicing and payment terms allows identity thieves the opportunity to receive products and services without early detection. Finally, it is much easier to get information on a business versus a consumer. Unlike the protections provided to consumers to protect their identity, their credit information much of a business’s information is public record. Armed with the just a business name, address and EIN (employer identification number) fraudulent accounts can be opened and the game of theft begins. These factors, coupled with the fact that business-to-business fraud is approximately three-to-ten times more “profitable” per occurrence than consumer fraud, play a role in leading fraudsters increasingly toward commercial fraud. To learn more about how to protect your business view our interactive Fraud e-book.

Understanding and managing first party fraud Background/Definitions Wherever merchants, lenders, service providers, government agencies or other organizations offer goods, services or anything of value to the public, they incur risk. These risks include: Credit risk — Loosely defined, credit risk arises when an individual receives goods/services in exchange for a promise of future repayment. If the individual’s circumstances change in a way that prevents him or her from paying as agreed, the provider may not receive full payment and will incur a loss. Fraud risk — Fraud risk arises when the recipient uses deception to obtain goods/services. The type of deception can involve a wide range of tactics. Many involve receiving the goods/services while attributing the responsibility for repayment to someone else. The biggest difference between credit risk and fraud risk is intent. Credit risk usually involves customers who received the goods/services with intent to repay but simply lack the resources to meet their obligation. Fraud risk starts with the intent to receive the goods/services without the intent to repay. Between credit risk and fraud risk lies a hybrid type of risk we refer to as first-party fraud risk. We call this a hybrid form of risk because it includes elements of both credit and fraud risk. Specifically, first party fraud involves an individual who makes a promise of future repayment in exchange for goods/services without the intent to repay. Challenges of first party fraud First party fraud is particularly troublesome for both administrative and operational reasons. It is important for organizations to separate these two sets of challenges and address them independently. The most common administrative challenge is to align first-party fraud within the organization. This can be harder than it sounds. Depending on the type of organization, fraud and credit risk may be subject to different accounting rules, limitations that govern the data used to address risk, different rules for rejecting a customer or a transaction, and a host of other differences. A critical first step for any organization confronting first-party fraud is to understand the options that govern fraud management versus credit risk management within the business. Once the administrative options are understood, an organization can turn its attention to the operational challenges of first-party fraud. There are two common choices for the operational handling of first-party fraud, and both can be problematic. First party fraud is included with credit risk. Credit risk management tends to emphasize a binary decision where a recipient is either qualified or not qualified to receive the goods/services. This type of decision overlooks the recipient’s intent. Some recipients of goods/services will be qualified with the intent to pay. Qualified individuals with bad intentions will be attracted to the offers extended by these providers. Losses will accelerate, and to make matters worse it will be difficult to later isolate, analyze and manage the first party fraud cases if the only decision criteria captured pertained to credit risk decisions. The end result is high credit losses compounded by the additional first party fraud that is indistinguishable from credit risk. First party fraud is included with other fraud types. Just as it’s not advisable to include first party fraud with credit risk, it’s also not a good idea to include it with other types of fraud. Other types of fraud typically are analyzed, detected and investigated based on the identification of a fraud victim. Finding a person whose identity or credentials were misused is central to managing these other types of fraud. The types of investigation used to detect other fraud types simply don’t work for first-party fraud. First party fraudsters always will provide complete and accurate information, and, upon contact, they’ll confirm that the transaction/purchase is legitimate. The result for the organization will be a distorted view of their fraud losses and misconceptions about the effectiveness of their investigative process. Evaluating the operational challenges within the context of the administrative challenges will help organizations better plan to handle first party fraud. Recommendations Best practices for data and analytics suggest that more granular data and details are better. The same holds true with respect to managing first party fraud. First party fraud is best handled (operationally) by a dedicated team that can be laser-focused on this particular issue and the development of best practices to address it. This approach allows organizations to develop their own (administrative) framework with clear rules to govern the management of the risk and its prevention. This approach also brings more transparency to reporting and management functions. Most important, it helps insulate good customers from the impact of the fraud review process. First-party fraudsters are most successful when they are able to blend in with good customers and perpetrate long-running scams undetected. Separating this risk from existing credit risk and fraud processes is critical. Organizations have to understand that even when credit risk is low, there’s an element of intent that can mean the difference between good customers and severe losses. Read here for more around managing first party fraud risk.

Commerce: A conversation between merchants and consumers Last week I joined Sherri Haymond of MasterCard and Bharathi Ramavarjula of Facebook on a panel moderated by Paul Moreton, for a CapitalOne summit on Payments. When asked what was more important for the future of commerce – Sherri spoke of how security and trust is key, and I talked about how messaging has intersected with payments, (and in Wechat’s case) now intersecting with lending – with Bharathi eloquently summing it up as – “Facebook sees Commerce as a conversation”. If Commerce is a conversation between a merchant and a consumer (however loosely defined those terms have now come to be), then it has become contorted and clustered around payments and point of sale. Till not too long ago, there also existed a high barrier for entry to become a merchant, to accept payments, to promote and sell online, and to find cheap capital for growth. All these things are different now – and unsurprisingly, little of this progress can be attributed to banks or other current payment stakeholders. For example: I didn’t know I could be a merchant till Square showed me how easy it is to accept credit cards, and setup a small business. I didn’t know that I could become a driver in my spare time – till Uber showed me how easy it is to become one. I didn’t know that I could become a landlord till AirBnB showed me how easy it is to find people to rent it to. I know I am oversimplifying. These three and others like them chose to use technology and smartphones to exponentially scale the size of existing two-sided markets as well as create new ones. When another billion people on the planet stand to be connected over the next five years – entirely via cheap smartphones – it is hard to view commerce as a zero sum opportunity. Being wired for commerce may come to mean something entirely different for those billion, and messaging apps and social networks will replace point of sale for discovery, acquisition and engagement. This is why I believe changes in payments today are largely incremental and localized to the developed world. The platform driven efforts – such as tokenization – do go beyond any specific modality (card, mobile, connected things) to further the notion and benefit of trust entirely within the network. But that is as far as it goes. Issuers and networks may have little role to play in discovery, consumer loyalty and now more so than ever – identity. Case in point: Through Relay, Stripe enables a retailer to push a button and start selling through new channels while taking comfort in that his pricing and inventory will remain real-time. Through Messenger and Shopping – Facebook will encapsulate product discovery, guide the intent to purchase, host the informed pre-purchase debate and even payment – flattening it and never letting it out of sight. It is no accident that each of the four horsemen of the Internet has heavily invested in voice assistants – (Apple/Siri, Google/Now, Facebook/M, Amazon/Echo, Microsoft/Cortana) – especially as we confront old habits in interaction design that are failing on mobile, to continue to shorten the distance between intent and action through things like 3D Touch, the Amazon Dash button, and intelligent agents. Everything that is interesting in commerce: product discovery, search, interface and interaction design are all being done – with the sole exception of Amazon – by an entity that is neither a retailer nor a bank. Conversational commerce does not end with payments being swallowed up by messaging apps. It is a pre-requisite, but hardly not even a way point in that journey. Originally posted on: Droplabs.co