Topics

In the days following the Target breach, both clarity and objectivity are in short supply. Everything that didn’t already exist became suddenly the cure-all – EMV being one. Retailers bristle, albeit in private – due to the asymmetry in blame they have come to share compared to banks – despite having equal ownership of the mess they have come to call payments. Issuers and Schemes scramble to find an empty deck chair on the Titanic, just to get a better view of the first of the lifeboats capsizing. Analogies aside, we may never fully eliminate breaches. Given an infinite amount of computing power and equal parts human gullibility – whether its via brute forcing encryption systems or through social engineering – a breach is only a matter of time. But we can shorten the half-life of what is stolen. And ensure that we are alerted when breaches occur – as fraudsters take care to leave little trace behind. Yet today our antiquated payments system offer up far too many attack vectors to a fraudster, that the sophistication in attempts of the likes of what we saw at Target, is the exception and not the norm. But are the retailers absolved of any responsibility? Hardly. Questions from a breach: According to Target, malware was found on Target’s PoS – presumably pushed by unauthorized outsiders or via compromised insiders. If so, how is it that unauthorized code managed to find its way to all or most of its PoS terminals? Could this have been uncovered by performing a binary or checksum comparison first, to ensure that files or packages are not tampered with, before they are deployed to the Point-of-Sale? Such a step could have certainly limited the attack vectors to a small group of people with administrative access – who would have the need to handle keys and checksums. Further, depending on the level of privilege accorded to every binary that gets deployed to the point of sale – Target could have prevented an unauthorized or remotely installed program from performing sensitive functions such as reading consumer data – either in transit or in RAM. That said – I am not sure if PoS manufacturers provide for such layered approach towards granting access and execution privileges to code that is deployed to their systems. If not, it should. Where DOES EMV come in? EMV helps to verify the card – indisputably. Beyond that, it offers no protection to either the consumer or the merchant. The risk of EMV, and it’s infallibility in the eyes of its true believers, is that it can lull the general public in to a sense of false security – much like what we have now under Reg E and Reg Z. With EMV, PAN and PIN continues to be passed in the clear, unencrypted. Retailers could deploy EMV terminals and still be riddled like cheese by fraudsters who can siphon off PANs in transit. Fraudsters who may find it nearly impossible to create counterfeit cards, instead will migrate online where inadequate fraud mitigation tools prevail – and those inadequacies will force both banks and retailers to be heavy handed when it comes to determining online fraud. Friction or Fraud should not be the only two choices. Solving Card Not Present Fraud: There are no silver bullets to solve Card Not Present fraud. Even with EMV Chip/Pin, there is an opportunity to put a different 16 digit PAN on the front of the card versus the one that is on the magstripe/chip. (I am told that Amex does this for its Chip/pin cards.) The advantage is that a fraudster using a fraudulently obtained PAN from the chip for an e-commerce purchase will standout to an card issuer compared to the legit customer using a different PAN on the front of the card for all her e-commerce purchases. This maybe one low tech way to address CNP fraud alongside of an EMV rollout. But if asking a consumer to enter his Zipcode or show his ID was enough for retail purchases, there exists equivalent friction-bound processes online. Authentication services like 3-D Secure are fraught with friction, and unfairly penalize the customer and indirectly – the retailer and issuer, for its blind attribution of trust in a user provided password or a token or a smart card reader. Where it may (in some cases) undeniably verifies consumer presence, it also overwhelms – and a customer who is frustrated with a multi-step verification will simply shop somewhere else or use Paypal instead. Ever had to input your Credit Card Verification code (CVV2 or CVC2) on an Amazon purchase? Me neither. Fraud in connected commerce: As connected devices outnumber us, there needs to be an approach that expands the notion of identity to look beyond the consumer and start including the device. At the core, that is what solutions like 41st Parameter – an Experian company, focuses on – which enables device attributes to collectively construct a more sophisticated indicator of fraud in an e-commerce transaction – using 100 or so anonymous device attributes. Further it allows for more nuanced policies for retailers and issuers, to mitigate fraud by not only looking at the consumer or device information in isolation – but in combination with transactional attributes. As a result, retailers and issuers can employ a frictionless, smarter, and more adaptive fraud mitigation strategy that relies less on what could be easily spoofed by a fraudster and more on what can be derived or implied. If you want to know more why this is a more sensible approach to fighting fraud, you should go here to read more about 41st Parameter. Remnants from a breach: Even though the material impact to Target is still being quantified, little doubt remains as to the harm done to its reputation. Target RED card remains largely unaffected, yet it is but a fleeting comfort. Though some, thus had been quick to call decoupled debit a more secure product, those claims choose to ignore the lack of any real consumer protection that is offered alongside of these products. Though Reg E and Reg Z have been largely instrumental in building consumer trust in credit and debit cards, they have also encouraged general public to care less about fraud and credit card security. And this affects more than any other – MCX, whose charter calls for reduction of payment acceptance costs first, and to whom – decoupled debit offered a tantalizing low cost alternative to credit. But when it launches this year, and plans to ask each customer to waive protections offered by Reg E and Reg Z and opt for ACH instead – those consumers will find that choice harder to stomach. Without offering consumers something equivalent, MCX Retailers will find it exceedingly difficult to convince customers to switch. Consumer loyalty to retailer brands was once given as the reason for creating a retailer friendly payment backbone, but with Target’s reputation in tatters – that is hardly something one can bank on these days – pun intended. Where does this leave us? To be completed…   This blog post was originally featured at: http://www.droplabs.co/?p=964

According to Experian Marketing Services’ holiday peak week analysis, social media proved to be a key research tool for holiday shoppers and a crucial driver of traffic to retail Websites.

By: Teri Tassara In my blog last month, I covered the importance of using quality credit attributes to gain greater accuracy in risk models.  Credit attributes are also powerful in strengthening the decision process by providing granular views on consumers based on unique behavior characteristics.  Effective uses include segmentation, overlay to scores and policy definition – across the entire customer lifecycle, from prospecting to collections and recovery. Overlay to scores – Credit attributes can be used to effectively segment generic scores to arrive at refined “Yes” or “No” decisions.  In essence, this is customization without the added time and expense of custom model development.  By overlaying attributes to scores, you can further segment the scored population to achieve appreciable lift over and above the use of a score alone. Segmentation – Once you made your “Yes” or “No” decision based on a specific score or within a score range, credit attributes can be used to tailor your final decision based on the “who”, “what” and “why”.  For instance, you have two consumers with the same score. Credit attributes will tell you that Consumer A has a total credit limit of $25K and a BTL of 8%; Consumer B has a total credit limit of $15K, but a BTL of 25%.   This insight will allow you to determine the best offer for each consumer. Policy definition - Policy rules can be applied first to get the desirable universe.  For example, an auto lender may have a strict policy against giving credit to anyone with a repossession in the past, regardless of the consumer’s current risk score. High quality attributes can play a significant role in the overall decision making process, and its expansive usage across the customer lifecycle adds greater flexibility which translates to faster speed to market.  In today’s dynamic market, credit attributes that are continuously aligned with market trends and purposed across various analytical are essential to delivering better decisions.  

With most lenders focused on growth as the top priority for the new year, having the ability to score more consumers is key.

According to the National Christmas Tree Association, approximately 25 to 30 million real Christmas trees are sold annually in the United States versus 8 to 11 million artificial trees.

By: Maria Moynihan Crime prevention and awareness techniques are changing and data, analytics and use of technology is making a difference. While law enforcement departments continue to face issues related to data - ranging from working with outdated information, inability to share data across departments, and difficulty in collapsing data for analysis -  a new trend is emerging where agencies are leveraging outside data sources and analytic expertise to better report on crimes, collapse information, predict patterns of behavior and ultimately locate criminals. One best practice being implemented by law enforcement agencies is to skip trace an individual much like a debt collector would.   Techniques involve using historic address information and individual connections to better track to a person’s current location. See the full write up from CollectionsandCreditRisk.com to see how this works. Another great example of effective use of data in investigations can be seen in this video, where one Experian client, Intellaegis of El Dorado Hills, CA, recently worked with local law enforcement to follow the digital data footprints of a particular suspect, finding her in in just five minutes of searching. p> And, yet another representation of improved data gathering, handling and sharing of information for crime prevention and awareness can be found on a site I was just made aware of by one of my neighbors - www.crimemapping.com. Information is collapsed across departments for greater insight into the crimes that are happening within a neighborhood, offering a more comprehensive option for the general public to turn to on local area crime activity. Clearly, data, analytics and technology are making a positive impact to law enforcement processes and investigations. What is your public safety organization doing to evolve and better protect and serve the public?     

Experian’s latest annual State of Credit analysis provides insight into the differences in credit habits by generation. While the youngest group, Millennials, appear to be novice credit managers, Generation Xers have the highest amount of average debt, are slowest to make payments on time and tied with Millennials for highest percentage of credit utilized. The results of the study reinforce the importance of lenders providing transparent consumer education on credit scores and responsible credit behavior. Snapshot of generational debt differences Baby Boomers (47 to 65) Generation X (30 to 46) Millennials (19 to 29) VantageScore® credit score 700 653 628 Average debt $29,317 $30,039 $23,332 Average balance of bankcards $5,347 $5,343 $2,682 Average revolving utilization 30% 37% 37% Late payments 0.33 0.61 0.58 Download our recent Webinar: It’s a new reality ... and time for a new risk score Source: Experian’s State of Credit infographic

Data quality should be a priority for retailers at any time of the year, but even more so as the holiday season approaches. According to recent research from Experian, organizations feel that, on average, 25 percent of their data is inaccurate and 12 percent of departmental budgets are wasted due to inaccuracies in contact data. During the 2013 holiday season, consumer spending is expected to increase by at least 11 percent. Retailers need to improve data quality early on in order to ensure that relevant holiday offers reach consumers and to take advantage of the expected increase in consumer spending. View our recent Webinar: Unique insights on consumer credit trends and the impact of consumer behavior on the economic recovery Source: View our data quality infographic: ’Twas the month before the holidays

The credit appetite for small businesses is strong and growing. Total outstanding balances have risen at their fastest rate in two years, and delinquency rates have fallen at a consistent pace. Only 10 percent of outstanding small-business credit balances were past-due in Q3 — the lowest level of delinquency seen since the recovery began. While this is an encouraging sign, it is important to note that these improvements have come at the cost of hiring new employees and investments. Sign up for the Quarterly Business Credit Review Webinar on Dec. 10 Source: Download the full Experian/Moody’s Analytics Small Business Credit Index report.

Credit trends from the most recent Experian–Oliver Wyman Market Intelligence Report point to a steady economic recovery. Bankcard charge-offs decreased 13 percent year over year (4.5 percent versus 3.9 percent) and delinquent dollars for the 90–180 day past due delinquencies decreased 17.5 percent for the same timeframe (1.6 percent to 1.3 percent). These trends are a positive sign for overall economic recovery and evidence that the current growth in bankcard originations is not coming at the expense of increased delinquencies. Sign up to attend our upcoming Webinar on Q3 credit trends and take a closer look at the impact of consumer behavior on the economic recovery. Source: Data for this article was sourced from Experian’s IntelliViewSM, a Web-based data query, analysis and reporting tool.

In the 1970s, it took an average of 18 days before a decision could be made on a credit card application. Credit decisioning has come a long way since then, and today, we have the ability to make decisions faster than it takes to ring up a customer in person at the point of sale. Enabling real-time credit decisions helps retail and online merchants lay a platform for customer loyalty while incentivizing an increased customer basket size.   While the benefits are clear, customers still are required to be at predetermined endpoints, such as: At the receiving end of a prescreened credit offer in the mail At a merchant point of sale applying for retail credit In front of a personal computer The trends clearly show that customers are moving away from these predetermined touch-points where they are finding mailed credit offers antiquated, spending even less time at a retail point of sale versus preferring to shop online and exchanging personal computers for tablets and smartphones. Despite remaining under 6 percent of retail spending, e-commerce sales for Q2 2013 have reportedly been up 18.5 percent from Q2 2012, representing the largest year-over-year increase since Q4 2007, before the 2008 financial crisis. Fueled by a shift from personal computers to connected devices and a continuing growth in maturity of e-commerce and m-commerce platforms, this trend is only expected to grow stronger in the future. To reflect this shift, marketers need to be asking themselves how they should apportion their budgets and energies to digital while executing broader marketing strategies that also may include traditional channels. Generally, traditional card acquisitions methods have failed to respond to these behavioral shifts, and, as a whole, retail banking was unprepared to handle the disintermediation of traditional products in favor of the convenience mobile offers. Now that the world of banking is finding its feet in the mobile space, accessibility to credit must also adapt to be on the customer’s terms, unencumbered by historical notions around customer and credit risk. Download this white paper to learn how credit and retail private-label issuers can provide an optimal customer experience in emerging channels such as mobile without sacrificing risk mitigation strategies — leading to increased conversions and satisfied customers.  It will demonstrate strategies employed by credit and retail private-label issuers who already have made the shift from paper and point of sale to digital, and it provides recommendations that can be used as a business case and/or a road map.  

Credit unions were the only type of lender to have their 30 day plus delinquency rate fall below 2 percent for several key product categories. The table below provides the delinquency rate by lender and product. 30 day plus delinquency rate Q2 2013   Auto* Mortgage Bankcard Credit unions 1.52% 1.36% 1.99% Banks 2.01% 4.91% 2.73% Captive auto 2.40% N/A N/A Sign up to attend our upcoming Webinar on Q3 credit trends and take a closer look at the impact of consumer behavior on the economic recovery. Source : Data for this article was sourced from IntelliViewSM, a Web-based data query, analysis and reporting tool. *Auto delinquency rate includes automotive loans and leases.

Personalized credit education can have a measurable impact on a person’s credit score. Consumers who used a personalized consumer credit-education service that offers one-on-one guidance and score simulation improved their average VantageScore® credit score by 21 points (684 to 705) and decreased their credit utilization by 15 percent. Download our recent Webinar: It's a new reality ... and time for a new risk score VantageScore® is a registered trademark of VantageScore Solutions, LLC.

The growing cost and number of data breaches has spurred more interest in cyber insurance. While companies often increase investments in technology and training programs to reduce the likelihood of a breach, a recent Ponemon Institute survey of risk-management professionals found that 31 percent of companies surveyed have cyber insurance and 39 percent plan to purchase cyber insurance in the future. Learn how to outline your response plan with our data breach response guide. Source: Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

By: Zach Smith On September 13, the Consumer Financial Protection Bureau (CFPB) announced final amendments to the mortgage rules that it issued earlier this year. The CFPB first issued the final mortgage rules in January 2013 and then released subsequent amendments in June. The final amendments also make some additional clarifications and revisions in response to concerns raised by stakeholders.     The final modifications announced by the CFPB in September include: Amending the prohibition on certain servicing activities during the first 120 days of a delinquency to allow the delivery of certain notices required under state law that may provide beneficial information about legal aid, counseling, or other resources. Detailing the procedures that servicers should follow when they fail to identify or inform a borrower about missing information from loss mitigation applications, as well as revisions to simplify the offer of short-term forbearance plans to borrowers suffering temporary hardships. Clarifying best practices for informing borrowers about the address for error resolution documents. Exempting all small creditors, including those not operating predominantly in rural or underserved areas, from the ban on high-cost mortgages featuring balloon payments. This exemption will continue for the next two years while the CFPB re-examines the definitions of “rural” and “underserved.” Explaining the "financing” of credit insurance premiums to make clear that premiums are considered to be “financed” when a lender allows payments to be deferred past the month in which it’s due. Clarifying the circumstances when a bank’s teller or other administrative staff is considered to be a “loan originator” and the instances when manufactured housing employees may be classified as an originator under the rules. Clarifying and revising the definition of points and fees for purposes of the qualified mortgage cap on points and fees and the high-cost mortgage points and fees threshold. Revising effective dates of many loan originator compensation rules from January 10, 2014 to January 1, 2014. While the industry continues to advocate for an extension of the effective date to provide additional time to implement the necessary compliance requirements, the CFPB insists that both lenders and mortgage servicers have had ample time to comply with the rules. Most recently, in testimony before the House Financial Services Committee, CFPB Director Richard Cordray stated that “most of the institutions have told us that they will be in compliance” and he didn’t foresee further delays. Related Research Experian's Global Consulting Practice released a recent white paper, CCAR: Getting to the Real Objective, that suggests how banks, reviewers and examiners can best actively manage CCAR's objectives with a clear dual strategy that includes both short-term and longer-term goals for stress-testing, modeling and system improvements.  Download the paper to understand how CCAR is not a redundant set of regulatory compliance exercices; its effects on risk management include some demanding paradigm shifts from traditional approaches. The paper also reviews the macroeconomic facts around the Great Recession revealing some useful insights for bank extreme-risk scenario development, econometric modeling and stress simulations. Related Posts Where Business Models Worked, and Didn't, and Are Most Needed Now in Mortgages Now That the CFPB Has Arrived, What's First on It's Agenda Can the CFPB Bring Debt Collection Laws into the 21st Centrury