Tag: fraud and identity

While bots have many helpful purposes, they have unfortunately become a tool for malicious actors to gain fraudulent access to financial accounts, personal information and even company-wide systems. Almost every business that has an online presence will have to face and counter bot attacks. In fact, a recent study found that across the internet on a global scale, malicious bots account for 30 percent of automated internet activity.1 And these bots are becoming more sophisticated and harder to detect. What is a bot attack and bot fraud? Bots are automated software applications that carry out repetitive instructions mimicking human behavior.2 They can be either malicious or helpful, depending on their code.  For example, they might be used by companies to collect data analytics, scan websites to help you find the best discounts or chat with website visitors. These "good" bots help companies run more efficiently, freeing up employee resources. But on the flip side, if used maliciously, bots can commit attacks and fraudulent acts on an automated basis. These might even go undetected until significant damage is done. Common types of bot attacks and frauds that you might encounter include: Spam bots and malware bots: Spam bots come in all shapes and sizes. Some might scrape email addresses to entice recipients into clicking on a phishing email. Others operate on social media sites. They might create fake Facebook celebrity profiles to entice people to click on phishing links. Sometimes entire bot "farms" will even interact with each other to make a topic or page appear more legitimate. Often, these spam bots work in conjunction with malware bots that trick people into downloading malicious files so they can gain access to their systems. They may distribute viruses, ransomware, spyware or other malicious files.  Content scraping bots: These bots automatically scrape content from websites. They might do so to steal contact information or product details or scrape entire articles so they can post duplicate stories on spam websites.  DDoS bots and click fraud bots: Distributed denial of service (DDoS) bots interact with a target website or application in such large numbers that the target can't handle all the traffic and is overwhelmed. A similar approach involves using bots to click on ads or sponsored links thousands of times, draining advertisers' budgets.  Credential stealing bots: These bots use stolen usernames and passwords to try to log into accounts and steal personal and financial information. Other bots may try brute force password cracking to find one combination that works so they can gain unauthorized access to the account. Once the bot learns consumer’s legitimate username and password combination on one website, they can oftentimes use it to perform account takeovers on other websites. In fact, 15 percent of all login attempts across industries in 2022 were account takeover attacks.1 AI-generated bots: While AI, like ChatGPT, is vastly improving the technological landscape, it's also providing a new avenue for bots.3 AI can create audio and videos that appear so real that people might think they're a celebrity seeking funds.  What are the impacts of bot attacks? Bot attacks and bot fraud can have a significant negative impact, both at an individual user level and a company level. Individuals might lose money if they're tricked into sending money to a fake account, or they might click on a phishing link and unwittingly give a malicious actor access to their accounts. On a company level, the impact of a bot attack can be even more widespread. Sensitive customer data might get exposed if the company falls victim to a malware attack. This can open the door for the creation of fake accounts that drain a company's money. For example, a phishing email might lead to demand deposit account (DDA) fraud, where a scammer opens a fraudulent account in a customer's name and then links it to new accounts, like new lines of credit. Malware attacks can also cause clients to lose trust in the company and take their business elsewhere.A DDoS attack can take down an entire website or application, leading to a loss of clients and money. A bot that attacks APIs can exploit design flaws to steal sensitive data. In some cases, ransomware attacks can take over entire systems and render them unusable.  How can you stop bot attacks? With so much at risk, stopping bot attacks is vital. But some of the most typical defenses have core flaws. Common methods for stopping bot attacks include:  CAPTCHAs: While CAPTCHAs can protect online systems from bot incursions, they can also create friction with the user process. Firewalls: To stop DDoS attacks, companies might reduce attack points by utilizing firewalls or restricting direct traffic to sensitive infrastructures like databases.4 Blocklists: These can prevent IPs associated with attacks from accessing your system entirely. Multifactor authentication (MFA): MFA requires two forms of identification or more before granting access to an account. Password protection: Password managers can ensure employees use strong passwords that are different for each access point.  While the above methods can help, many simply aren't enough, especially for larger companies with many points of potential attacks. A piecemeal approach can also lead to friction on the user's side that may turn potential clients away. Our 2024 Identity and Fraud Report revealed that up to 38 percent of U.S. adults stopped creating a new account because of the friction they encountered during the onboarding process. And often, this friction is in place to try to stop fraudulent access. Incorporating behavioral analytics to combat attacks Another effective way to enhance bot detection is through the use of behavioral analytics. This technology helps track user activity and identify patterns that may suggest malicious bot behavior. By analyzing aspects such as typing speed, mouse movement and the way users interact with websites, businesses can gain real-time insights into whether a visitor is human or a bot. Behavioral analytics in fraud uses machine learning and advanced algorithms to continuously monitor and refine user behavior patterns. This allows businesses to identify bot attacks more accurately and prevent them before they cause harm. By analyzing real-time behaviors, such as how fast someone enters information or their browsing habits, businesses can flag suspicious activity that traditional methods might miss. Why partner with Experian? What companies need is fraud and bot protection with a positive customer experience. We provide account takeover fraud prevention solutions that can help protect your company from bot attacks, fraudulent accounts and other malicious attempts to access your sensitive data. Experian's approach embodies a paradigm shift where fraud detection increases efficiency and accuracy without sacrificing customer experience. We can help protect your company from bot attacks, fraudulent accounts and other malicious attempts to access your sensitive data.  Learn more This article includes content created by an AI language model and is intended to provide general information. 1"Bad bot traffic accounts for nearly 30% of APAC internet traffic," SMEhorizon, June 13, 2023. https://www.smehorizon.com/bad-bot-traffic-accounts-for-nearly-30-of-apac-internet-traffic/2"What is a bot?" AWS. https://aws.amazon.com/what-is/bot/3Nield, David. "How ChatGPT — and bots like it — can spread malware," Wired, April 19, 2023. https://www.wired.com/story/chatgpt-ai-bots-spread-malware/4"What is a DDoS attack?" AWS. https://aws.amazon.com/shield/ddos-attack-protection/

This article was updated on February 5, 2024. Identity management can refer to how a company creates, verifies, stores, and uses its customers' digital identities. Traditionally, many large organizations relied on a highly segmented and siloed approach. For example, marketing, risk, and support departments might each have a limited view of a customer, and the tools and systems that support their specific purpose. Organizations are now shifting to a more holistic approach to enterprise identity management. By working together, departments help contribute to building a more complete, single view of a customer. Some companies have renewed or increased their focus on the transformation during the pandemic, and the transition to an enterprise-wide identity management strategy can have long-lasting benefits. But it isn't always easy. Challenges of an enterprise-wide identity management strategy Gathering the initial momentum needed to break out of a siloed approach can be particularly challenging for large organizations when each business unit has an ingrained identity system that meets the unit's needs. Smaller organizations might have an easier time gathering consensus, but budget or technological limitations may be serious constraints. Even after a decision is made and the budget gets set aside, organizations need to think through how they'll create and manage a new enterprise-wide identity management system. It's not a one-and-done upgrade. For the strategy to succeed, you'll need to have processes in place to onboard, verify, secure, and activate the new digital identities. READ: What is Effective Multifactor Identity Authentication? Why use an enterprise-wide approach? Motivations and specifics can vary depending on an organization's size and structure, but some companies find a more holistic approach to customer identity management helps them: Improve customer experiences Save money by removing redundancies Boost sales with better-targeted marketing Better understand customers' needs Provide faster and more relevant support Make more informed decisions Detect and prevent fraud These benefits can play out across the entire customer lifecycle, and identity management systems are able to achieve this by pulling in data from various sources to build robust consumer identities and systems. Your internal, first-party data will be the most valuable and insightful, but you can append multidimensional data from third-party sources, such as consumer credit databases, demographic data or device data. And second-party data from partner brands or organizations. READ: Experian 2023 Identity and Fraud Report Consider the regulatory and security challenges An enterprise identity data management approach can also mean re-evaluating the applicable regulations and security challenges. The passage of the E.U.'s General Data Protection Regulation and California Consumer Privacy Act marked an important shift in how companies need to handle consumers' personal information — but that was only the start. Some U.S. states have also passed or are currently considering data privacy laws. Industry-specific regulations can apply as well, particularly in the healthcare and financial services industries. It's not as if a siloed approach lets an organization avoid regulation, but keeping current and upcoming laws in mind can be important during a large digital transformation. Additionally, consider how going beyond the minimum requirements could be beneficial. In a 2023 Experian white paper, we found that 61 percent of consumers want complete control over how companies use their personal data.1 Security also needs to be top of mind for any organization that collects and stores consumers' personal information. An enterprise-wide identity management system may make managing increasing amounts of data easier, which could help decrease fraud risks. And your customers may be willing to help — 67 percent are open to sharing data if it will increase security and help prevent fraud.2 Keeping customers' desires front and center Experian partnered with Aite-Novarica to study enterprise-wide identity management. All but one of the 12 executives interviewed said client experience is a primary or predominant driver in the transformation of their identity management programs.3 Once implemented, a holistic view of customers can increase the experience in many ways: Meaningful engagement: You can deliver relevant and timely offers if you understand when, where and why consumers are interested in your products and services. Similarly, you'll know who isn't a good fit and won't bother them (or waste money) by showing them ads. Verification: Using a single, persistent identity could make the initial and ongoing identity verification an easier process that doesn't disrupt consumers' lives or lead to frustration. Ongoing recognition: Nearly 70 percent of all consumers want businesses to recognize them across multiple visits.3 But you'll need to study your customers to determine how much friction is acceptable. Some people prefer security over convenience and are willing to trade a little time to use extra verification methods. Customer service: Having more insight into a customer's entire history and interactions with your organization can help you quickly respond when an issue arises, or even anticipate and solve potential problems. Security: Nearly two-thirds (64 percent) of consumers say they're very or somewhat concerned with online security.4 Companies that can quickly and accurately identify consumers can also help keep them safe from fraud and identity theft. While these may be some consumers' top concerns today, continue listening to your customers to better understand their wants and needs. WATCH: Webinar: Identity Evolved — Building consumer trust and engagement Implementing an enterprise-wide identity management strategy Identity management can become a daunting task, particularly as new data sources begin to flow. As a result, many organizations turn to outside partners who can help manage part, or all, of the process. For example, an identity management solution may offer identity resolution and help create and host an identity graph (the database that stores the unique digital identities). A more robust offering may also help with other parts of identity management, including ongoing data hygiene and helping you turn your unique customer insights into actionable marketing campaigns. Experience managing vast amounts of data is also important, as is access to additional offline and online data sources. In 2023, Experian found that 85 percent of companies said poor quality customer contact data negatively impacted their operation's processes and efficiency.5 An enterprise-wide system that allows business units to update a single customer profile with the latest contact information might help. But working with a data provider that appends the latest info from outside databases could be a better way to ensure you have customers' latest contact info. When researching potential partners, also consider how their offerings and approach align with your goals. If, like others, improving the customer experience is a priority, make sure the solution provider also has a customer-first approach. In turn, this means security is a top priority — it's what customers want and it's important for protecting you and your reputation. Learn more about Experian's identity management solutions and how you can benefit from working with a company that understands identities are personal. Learn more 1Experian (2023). White paper: Making identities personal 2Ibid. 3Aite-Novarica and Experian (2022). Enterprise Identity Management: Evolving Aspirations and Improved Collaboration Are Transforming the Discipline 4Experian (2023). Identity and Fraud Report 5Experian (2023). White paper: Making identities personal

Online identity verification has become a basic necessity for everyday life. Consumers today might expect to upload a picture of their driver's license or answer security questions before creating a new account. And it's crucial to them — 63% say it's extremely or very important for businesses to be able to recognize them online. While many organizations have a consumer recognition strategy, moving from strategy to action and then getting the desired result isn't easy. That's particularly true when you're working to create seamless experiences for customers while fighting increasingly sophisticated fraudsters. Why is online identity verification challenging? Identity verification in the physical world might be as simple as checking a government-issued ID card — and perhaps an additional form of identification (or two) when the stakes are higher. Verification becomes more complicated as you move into the digital realm, especially when you need to automate decisions. There are many specific challenges to overcome, but some of the main ones fall into four categories. Finding the right friction: In an ideal world, every legitimate user will flow through your verification checks with ease. In reality, you may need to introduce some roadblocks to comply with know your customer (KYC) rules and prevent fraud. Finding the friction-right balance can be tricky. Accessing and using data: Using expanded data sources, such as behavior and device info, can improve outcomes without adding friction. But simply having more data isn’t the goal. You need to be able to organize, process and use the data in a compliant manner to quickly and accurately verify identities. Fighting fraud: You’re up against formidable foes who consistently test your systems for weaknesses and share the results with other fraudsters. You have to be able to spot first-party fraud, identity thieves and synthetic identities. Securing the data: Accessing and storing customer data is vital for a successful identity verification system, but it’s your responsibility to securely protect customers’ data. It also may be a legal requirement, and you need to be mindful of all the applicable regulations. These aren't fixed challenges that you can overcome in a single hurdle. Consumer preferences, fraud tactics and regulations are continually evolving, and your identity verification platform needs to keep up. Potential benefits throughout the customer lifecycle Companies that want to create, manage and continuously identify consumers are starting to take an enterprise-wide approach that relies on creating a single-customer view. The idea is to have a single identity that you can expand as you learn more about a person’s preferences and behavior. Otherwise, business units can wind up with fragmented views that lead to jumbled messaging, errors and missed opportunities. While it can be difficult to implement well, the single-view approach can also be powerful in action: Targeting and onboarding: Marketing, acquisition and onboarding aren’t necessarily handled by the same teams, but a smooth process can create a lasting good impression. There are also recent developments that can provide pre-fill capabilities with their identification verification solutions, which can create a nearly friction-free onboarding process. Prevent fraud: The single-view approach also lets you leverage cross-device and real-time data to detect and prevent fraud, and determine the right-size verification method. Using identity graphs to verify identities in real-time can also help you detect fraud, including account takeovers and first-party fraud. Customer experience: Consistently identifying customers can improve their experience — particularly when different departments can easily access and update the same identification material. In turn, this can lead to brand loyalty and the potential to upsell and cross-sell customers. The need for accurate verification is growing as people spend more time living and shopping online. Only 16% of consumers are confident businesses can consistently recognize them online, which also means there’s an opportunity to surprise and delight the skeptics. What do consumers want? Most people want to be recognized as they move throughout their digital lives. But data breaches and identity theft continuously make headlines, and people aren't ignorant of the dangers of sharing their personal information. In fact, consumers ranked identity theft (80%) as their top online security concern, a sizable +20% jump from the previous year. Finding the right balance of privacy, security and due diligence is important for earning customers' trust. However, the best approach to online identity verification may depend on who your customers are and how they interact with your products and services. Finding a great online identity verification partner Knowing how important online identity verification can be for the success of your business, you need to be sure that the digital identity solutions providers you partner with can meet your current and future needs. A good fit can: Give you access to multidimensional data: You can use online and offline data to support your digital identity verification systems. Some vendors can also help you use internal data,deterministic dataand outputs from probabilistic models to improve your results. Scale to meet future challenges: Many businesses are exploring how to use machine learning and artificial intelligencefor identity resolution and verification. These can be especially powerful when combined with robust data sources and may become more important as additional data sources come online. Protect your business: Identity verification solutions need to help you comply with the regulatory requirements and detect fraud with low false-positive rates to protect your business. First and foremost, you want to work with a partner who knows thatidentity is personal. Your customers are more than data points, and putting their needs and wants first will ultimately help you earn their trust and business. Learn more about Experian’s customer-centric identity verification solutions. Learn more

Financial institutions, merchants, and e-commerce platforms are no strangers to fraud, especially in the realm of payments. With the rise of digital currency, fraudsters are becoming more inventive, making it increasingly difficult to detect and prevent payment fraud. In this blog post, we discuss payment fraud and ways to protect your organization and your customers. What is payment fraud? Payment fraud occurs when someone uses false or stolen payment information to make a purchase or transaction. The most common types of payment fraud include: Phishing: Through emails or text messages, scammers disguise themselves as trustworthy sources to lure recipients into sharing their personal information, such as account passwords and credit card numbers. Card not present fraud: This type of fraud is one of the most challenging forms of payment fraud to detect and prevent. It occurs when a criminal uses a stolen or compromised credit card to make a purchase online, in-person, or by other means where the card is not physically present at the time of the transaction. Account takeover fraud: This type of fraud occurs when fraudsters gain unauthorized access to an individual’s account and carry out fraudulent transactions. They take over accounts by gathering and using personal or financial details to impersonate their victims. The rise of online payment fraud Online payments have become a prime destination for fraudsters as more consumers choose to store card details and make purchases digitally. As a result, consumers believe that it’s the responsibility of businesses to protect them online. If there’s a lack of trust and safety, consumers will have no problem switching providers, leading to declines in customer loyalty and monetary losses for organizations. No matter the type of payment fraud, it can result in devastating consequences for your organization and your customers. According to Experian’s 2024 U.S. Identity and Fraud Report, fraud scams and bank fraud schemes resulted in more than $458 billion in losses globally. On the consumer side, 52 million Americans had fraudulent charges on their credit or debit cards, with unauthorized purchases exceeding $5 billion. Given these findings, it’s more important than ever to implement robust online payment fraud detection and prevention measures. How can payment fraud be detected and prevented? Approaches to payment fraud detection and prevention have evolved over time. Some of the current and emerging trends include: Additional layers of security: Security measures like two-factor authentication, a CVV code, and a billing zip code can help verify a customer’s identity and make it more difficult for fraudsters to complete a transaction. Enhanced identity verification: A credit card owner verification solution, like Experian LinkTM, matches the customer identity with the credit card being presented for payment, allowing businesses to make better decisions, reduce false declines, and protect legitimate customers. Artificial intelligence (AI) and machine learning: AI-powered models and machine learning algorithms can identify patterns consistent with fraudulent activity in real time, resulting in proactive fraud prevention and reduced financial losses. Behavioral analytics: Using behavioral analytics to monitor user behavior, such as how they navigate a website or interact with the payment process, can help identify inconsistencies and potential fraud. Token-based authentication: Tokenization protects card information by replacing sensitive data with a unique identifier (token), which makes data breaches less damaging. How Experian can help As the payments landscape continues to evolve, so do fraudsters. Experian offers a wide range of payment fraud analytics, account takeover fraud prevention and fraud management solutions that allow you to better detect and prevent payment fraud. Your organization’s reputation and your customers’ trust shouldn’t be compromised. To learn more, visit us today. Learn more This article includes content created by an AI language model and is intended to provide general information.

This article was originally published on multifamilyinsiders.com One of the challenges currently facing the rental housing industry is the amount of lease application fraud. An Entrata study found a 111% increase in lease application fraud between 2019 and 2020. In the same study, 55% of surveyed apartment managers and rental operators said their properties experience fraudulent lease application attempts every few months, and 15% said their communities were subjected to multiple attempts each month. One-third of respondents described themselves as "very concerned" about application fraud. Just as alarming as the rise in attempts is the apparent likelihood of success. In the study, 65% of apartment managers said they are not confident in their current fraud prevention efforts. Some applicants can use a range of tools to commit fraud such as fake pay stubs, bank statements, employment records, and other falsified documents. Unfortunately, readily available computer technology makes it all too easy for applicants to produce these falsified documents. Tools to fight against fraud Apartment communities that rely on an overly manual screening process may find themselves at a disadvantage in the current landscape. Relying on associates to manually verify things like income and employment history can increase the risk of a deceitful applicant being successful. In addition, these processes can be extraordinarily time-consuming, which means leasing associates have less bandwidth for their many other important duties and responsibilities. Not to mention, the units stay unoccupied while these time-consuming verifications are being done manually. Among the general screening technologies that operators should consider: Automated verification of income, assets and employment — These solutions eliminate the need for operators to collect this kind of documentation from applicants. Furthermore, it eliminates the opportunity for applicants to supply falsified supporting documentation. Frictionless authentication — A multi-layered identity verification process for those applying for rental housing, frictionless authentication detects the subtle and not-so-subtle signs that an applicant is, to one degree or another, using a false identity. By highlighting discrepancies, the process assigns a “score” to quantify the likelihood that misrepresentation is taking place. Additional confirmation of the applicant’s identity can be completed using a one-time passcode (OTP) or knowledge-based authentication (KBA). This technology also uses device intelligence to recognize the risks associated with the physical devices (such as computers, tablets, and smartphones) that consumers use for online applications to identify potential imposters. In today's landscape, apartment owners and operators need to make sure they're protecting themselves against fraudulent applicants, who may not fulfill their financial obligations as outlined in their leases. By embracing the ever-growing array of advanced screening tools and technologies, owners and operators can achieve that protection and reduce their risk significantly — and save their associates time and energy.

Today’s digital-first world is more interconnected than ever. Financial transactions take place across borders and through various channels, leaving financial institutions and their customers at increasing risk from evolving threats like identity theft, fraud and others from sophisticated crime rings. And consumers are feeling that pressure. A recent Experian study found that over half of consumers feel like they are more of a target for online fraud than a year ago. Likewise, more than 40% of businesses reported increased fraud losses in recent years. It’s not only critical that organizations ensure the security and trustworthiness of digital transactions and online account activity to reduce risk and losses but what consumers expect. In the same Experian study, more than 85% of consumers said they expect businesses to respond to their fraud concerns, an expectation that has increased over the last several years.   Businesses and financial institutions most successful at mitigating fraud and reducing risk have adopted a layered, interconnected approach to identity confirmation and fraud prevention. One vital tool in this process is identity document verification. This crucial step not only safeguards the integrity of financial systems but also protects individuals and organizations from fraud, money laundering and other illicit activities. In this blog, we will delve into the significance of identity document verification in financial services and explore how it strengthens the overall security landscape.  Preventing identity theft and fraud Identity document verification plays a vital role in thwarting identity theft and fraudulent activities. By verifying the authenticity of identification documents, financial institutions can ensure that the individuals accessing their services are who they claim to be. Sophisticated verification processes, including biometric identification and document validation, help detect counterfeit documents, stolen identities and impersonation attempts. By mitigating these risks, financial institutions can protect their customers from unauthorized access to accounts, fraudulent transactions and potential financial ruin. Compliance with regulatory requirements Financial institutions operate in an environment governed by stringent regulatory frameworks designed to combat money laundering, terrorist financing and other financial crimes. Identity document verification is a key component of these regulatory requirements. By conducting thorough verification checks, financial service providers can adhere to Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Compliance safeguards the institution's reputation and helps combat illicit financial activities that can have far-reaching consequences for national security and stability. Mitigating risk and enhancing trust Effective identity document verification mitigates risks associated with financial services. By verifying the identity of customers, financial institutions can reduce the likelihood of fraudulent activities, such as account takeovers, unauthorized transactions and loan fraud. This verification process bolsters the overall security of the financial system and creates a more trustworthy environment for stakeholders. Trust is fundamental in establishing long-lasting customer relationships and attracting new clients to financial institutions.   Facilitating digital onboarding and seamless customer experience As financial services embrace digital transformation, identity document verification becomes essential for smooth onboarding processes. Automated identity verification solutions enable customers to open accounts and access services remotely, eliminating the need for in-person visits or cumbersome paperwork. By streamlining the customer experience and minimizing the time and effort required for account setup, financial institutions can attract tech-savvy individuals and enhance customer satisfaction.  Combating money laundering and terrorist financing Proper document verification is a key component of combating money laundering and terrorist financing activities. By verifying customer identities, financial institutions can establish the source of funds and detect suspicious transactions that may be linked to illicit activities. This proactive approach helps protect the integrity of the financial system, supports national security efforts, and contributes to the global fight against organized crime and terrorism. Identity document verification is a vital component in the layered, interconnected approach to mitigating and preventing fraud in modern financial services. By leveraging advanced technologies and robust verification processes, financial institutions can ensure the authenticity of customer identities, comply with regulatory requirements, mitigate risk and enhance trust.  As financial services continue evolving in an increasingly digital landscape, identity document verification will remain a crucial tool for safeguarding the security and integrity of the global financial system.  For more information on how Experian can help you reduce fraud while delivering a seamless customer experience, visit our fraud management solutions hub.   Learn more

The rise of the digital channel lead to a rise in new types of fraud – like cryptocurrency and buy now, pay later scams.  While the scams themselves are new, they’re based on tried-and-true schemes like account takeover and synthetic identity fraud that organizations have been working to thwart for years, once again driving home the need for a robust fraud solution.   While the digital channel is extremely attractive to many consumers due to convenience, it represents a balancing act for organizations – especially those with outdated fraud programs who are at increased risk for fraud. As organizations look for ways to keep themselves and the consumers they serve safe, many turn to fraud risk mitigation. What are fraud risk management strategies? Fraud risk management is the process of identifying, understanding, and responding to fraud risks. Proper fraud risk management strategies involve creating a program that detects and prevents fraudulent activity and reduces the risks associated with fraud. Many fraud risk management strategies are built on five principles: Fraud Risk AssessmentFraud Risk GovernanceFraud PreventionFraud DetectionMonitoring and Reporting By understanding these principles, you can build an effective strategy that meets consumer expectations and protects your business. Fraud risk assessment Fraud protection begins with an understanding of your organization’s vulnerabilities. Review your top risk areas and consider the potential losses you could face. Then look at what controls you currently have in place and how you can dial those up or down to impact both risk and customer experience. Fraud risk governance Fraud risk governance generally takes the form of a program encompassing the structure of rules, practices, and processes that surround fraud risk management. This program should include the fraud risk assessment, the roles and responsibilities of various departments, procedures for fraud events, and the plan for on-going monitoring. Fraud prevention “An ounce of prevention is worth a pound of cure.” This adage certainly rings true when it comes to fraud risk management. Having the right controls and procedures in place can help organizations stop a multitude of fraud types before they even get a foot in the door. Account takeover fraud prevention is an ideal example of how organizations can keep themselves and consumers safe. Fraud detection The only way to stop 100% of fraud is to stop 100% of interactions. Since that’s not a sustainable way to run a business, it’s important to have tools in place to detect fraud that’s already entered your ecosystem so you can stop it before damage occurs. These tools should monitor your systems to look for anomalies and risky behaviors and have a way to flag and report suspicious activity. Monitoring and reporting Once your fraud detection system is in place, you need active monitoring and reporting set up. Some fraud detection tools may include automatic next steps for suspicious activity such as step-up authentication or another risk mitigation technique. In other cases, you’ll need to get a person involved. In these cases it’s critical to have documented procedure and routing in place to ensure that potential fraud is assessed and addressed in a timely fashion. How to implement fraud risk management By adhering to the principles above, you can gain a holistic view of your current risk level, determine where you want your risk level to be, and what changes you’ll need to make to get there. While you might already have some of the necessary tools in place, the right next step is usually finding a trusted partner who can help you review your current state and help you use the right fraud prevention services that fit your risk tolerance and customer experience goals. To learn more about how Experian can help you leverage fraud prevention solutions, visit us or request a call. Learn more

  Kathleen Peters, Chief Innovation Officer, Decision Analytics for Experian, was recently featured on the Eliances Heroes podcast as part of the new weekly segment, the “Experian Identity Report.” In the introductory show, podcast host David Cogan, spoke with Kathleen about why identity is so important to our society. Listen to the podcast for the full discussion and see the transcript below. Learn more about Experian Identity David Cogan: How critical is it? Well, I’ll tell you. Payment fraud will exceed $206 billion in the next five years and let’s face it. Managing one’s personal identity is very complicated on its own and if the business enterprise managing customer identities in a strategic and secure way and scale across countless interaction is extremely complicated. And it’s only going to get more complex with the future from what I understand and all the technology that’s coming out if not by the day, by the hour. And that’s why we’re bringing this to you. Interviews with the world’s leading experts on the game changing impact of identity and the need to use reliable data to make confident decisions that securely accelerate customer engagement and that’s why we’re honored here today to have with us Kathleen Peters, Chief Innovation Officer, Experian Decision Analytics North America. Kathleen Peters: Thanks so much David, it’s great to be here with you. DC: $206 billion of payment fraud in the next five years? I mean who’s going to want to turn on their computer after this. That is a serious number. What do we do? KP: It’s really important that we get our arms around this both as consumers as well as businesses because we want to engage online. So much of what we’re doing is digital. It especially started in COVID when we were having our groceries delivered and everything else and even our grandparents are having to do their banking transactions online. The world is changing, and fraudsters take notice of that as well. Fraudsters are opportunistic and when they see a bunch of folks doing stuff online that they’ve never done before, they’re seeing that as an opportunity too. DC: You know the days of people horseback riding and overtaking trains are long gone and now it’s all digital. KP: It’s a lot easier these days. DC: Why is identity so important to our daily digital lives and in business? KP: It’s a great question, David. And as a consumer myself, you, and I when we transact online whether that’s to have food delivered, or I’m buying something for my kids or I’m even paying a bill, I want to be able to trust that my information will be safe, that my privacy will be protected and that my experience will be as smooth as possible. I think that’s what we all want. So as consumers and as businesses, how do we enable all the opportunities this new digital world is presenting to us in a way that we are safe and also businesses can transact with us securely and have confidence on who’s engaging with them online. DC: Let’s talk about identity. What really makes identity so challenging to manage at a business enterprise level especially with how complex the business portion is? KP: Absolutely. It really comes down to there are so many elements that comprise our identity. It’s multidimensional. So historically, when we think about identity, we probably think about the things that were on our DL or passport the kind of information that’s pretty static – name, address, SSN, date of birth – those kinds of things. Once we get online, that identity becomes a little more challenging. We’re not necessarily physically in front of the business that we’re engaging with so the business needs to determine if the person is who we say we are. There’s a famous Far Side comic from years ago where a dog is sitting in front of the computer and he says “On the internet, no one knows you’re a dog.” And that still rings true in that you need to be able to ensure that the customer that’s coming to your business online is a real person and not a bot, is a person with good intent and not a fraudster. You need to look no farther than some of the recent controversies around Twitter and Elon Musk’s on-again, off-again, on-again intent to buy the company. A few months ago he had pulled back because he wanted to know definitively how many users on Twitter are humans versus bots and sometimes determining that can be really hard. And that comes down to managing all these new definitions of identity. DC: That’s very important. The thing is businesses and consumers want to know really what to be able to do. So, what kinds of things is Experian able to offer to help with all of that? KP: We’re in a great position as Experian because we have such a depth and breadth of identity data. We have the analytics horsepower and really touchpoints that are really unique when it comes to thinking about identity. So we’ve been talking about these traditional identity elements and digital, online identity. When you think about it, Experian also really understands your financial identity. So when you bring those things together and a consumer is looking to maybe understand what their financial identity means, their credit score or even how to improve their credit score, Experian’s there. We’ve got a robust direct to consumer business, we’ve got offerings like Boost and Go that help people establish and build their credit. We’ve got marketplaces for cards, insurance, etc. And then when consumers want to open a new account at a financial institution, or a fintech, or a retailer, or even maybe buy some crypto or log into a business, Experian can bring that wealth of capability to help our clients, help businesses, separate those good consumers with good intent from the fraudsters and do that very quickly and efficiently so that consumers can have a great experience and build that trust with who they’re engaging with. DC: Kathleen, that’s really amazing. Alright, now with all of that going on, what is Experian doing now with innovating for the identity space? KP: This is a real passion of mine David and this is where I spend a lot of my time. We’re always looking ahead to see what is the new data, new capabilities that can help us improve that consumer experience and engagement, help clients find the right consumers online to engage and target, and really allow our clients to grow their businesses safely. So, we’re building some products in house, where we’re connecting new pieces that might be new to Experian like linking some of that traditional identity data with particular payment instruments. Is this Kathleen’s credit card? Is this my bank account? When I come and try to do transactions online. But we’re also partnering with new companies. There are a number of startups that are being formed that have been in business looking at new ways to stop fraud and new ways to help identify and authenticate users online. So, as we innovate, we’re building some things in house, we’re partnering, we’re investing in young companies, and sometimes we’re even acquiring. So, bringing together that breadth of data, analytics, really trying to think about what will be the next way that we’ll think about identifying ourselves online is some of the ways we’re innovating. DC: Well, we’re very fortunate to have you and your company here to be able to do that because it’s growing by leaps and bounds. I’m amazed by the number $206 billion which is probably going to go higher, so we’re very fortunate that Experian is around and really identifying this issue and trying to do something now. What do you think our audience will learn about these weekly, critical chats about identity with Experian experts? KP: These are going to be great conversations that we’re going to be able to share and talk about how rapidly things are changing and evolving and how this really relates to our daily lives and the things that are going on in this very dynamic economic climate, digital climate, the way things are changing the way we’re engaging. I think people are also going to learn a lot about Experian’s mission around financial inclusion and opportunity creation. We’re a very mission driven company and we’re the consumer’s bureau, so we want to do this journey in partnership with consumers so that you can take an active part in protecting yourself, understanding what’s going on, helping us fight fraud, but also just really be able to take advantage of all of these new opportunities in a safe way.

Reports of romance scams have spiked in the past two years, partly due to the rise in popularity of online dating and social apps while Americans were isolated at home. With more consumers looking for love online, fraudsters have jumped on the chance to build intimate, trusted relationships without the immediate pressure to meet in person. And these shams seemingly paid off: from January 1 to July 31, 2021, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center received over 1,800 complaints related to an online romance scam, resulting in losses of approximately $133 million. These romance scams carry financial and security risks that impact both the targets of the fraud and the businesses with which they interact. Experian predicts that romance scams will continue to rise in 2022, leaving consumers and businesses vulnerable to attacks and theft. What is a romance scam? According to the FBI, a romance scam occurs when “a criminal adopts a fake online identity to gain a victim's affection and trust." Typically, fraudsters seek out their marks in dating or socializing settings, such as online apps, and strive to build intimacy and trust as quickly as possible. To avoid suspicion, they may claim that they travel frequently for work or give other excuses about why they can't meet in person. Their attentions are in the context of love and dating, so it's not uncommon for romance scammers to offer marriage proposals or other commitments to intensify the relationship, but the whole point of this fraud is to get their targets to send money. Sometimes fraudsters simply ask for a “loan" to cover medical expenses, an unforeseen shortfall or even travel costs to see the victim in person. Other times, they might ask for gifts or gift cards. Requests for money ­– whether through direct deposit, gift cards or credit card payments – are all red flags. Increasingly, romance scammers have tried to lure people into investment deals, including cryptocurrency. Romance scams predate the internet by centuries, but the emergence of digital technologies has made them easier to accomplish – and easier to get away with, too. Romance scams are increasing In 2020, there were around 44 million users of online dating services in the United States and this increased to 49 million users in 2021, according to Statista Research Department. By 2022, two years into the COVID-19 pandemic, that number jumped to more than 50 million, and it's projected to rise to 53.3 million by 2025. More users mean more potential targets. According to the Federal Trade Commission (FTC), romance scams hit a record high in 2021, with consumers reporting $547 million in losses that year ­– up 80 percent from 2020. The median individual loss reported to the FTC from romance scams was $2,400. With the help of modern technologies, romance scammers have added new tactics to their grift. For example, in addition to usual requests for money, a target might be asked to participate in bogus investment schemes involving cryptocurrency. In these cases, the median loss was $10,000. According to the FTC, romance scammers have conned Americans out of an estimated $1.3 billion over the past five years. Worryingly, romance scams also present a serious data risk. Damage could spread beyond financial losses into even more hazardous territory if the scammer can gain access to a target's personally identifiable information (PII) or financial data. In these cases, fraudsters might engage in identity theft to create new accounts or take over existing ones. Breaking up with romance scammers Businesses may not be susceptible to the lure of love, but they're still vulnerable when it comes to the fallout from romance scams. Companies must ensure they have a layered solution that seamlessly recognizes returning customers, while monitoring for indicators that the user presenting an identity is not actually the owner of that identity. Some warning signs include logins from a new IP address nowhere near the user's registered physical address; unusual types or frequencies of transactions; and the addition of a suspicious new authorized user to a credit card account. Businesses also have access to fraud prevention help. Using vast data resources, decades of identity and credit risk management, consumer-permissioned data and industry-leading analytics, Experian enables businesses to detect and prevent fraud by identifying credible customers. This empowers businesses to apply the appropriate amount of friction to each interaction to protect their customers, their data and themselves. To learn more about how Experian is assisting businesses with their fraud prevention efforts, visit us or request a call. And keep an eye out for additional in-depth explorations of our Future of Fraud Forecast. Future of Fraud Forecast Fraud Prevention

“As an industry, fintech is known for creating compelling and personalized online journeys. But that experience can suffer if the fraud-prevention routines are perceived as burdensome by consumers,” said Kathleen Peters, Chief Innovation Officer for Experian’s Decision Analytics business, in a recent Q&A article with Finovate.  With the proliferation of the digital world, managing digital identity and “getting it right” is crucial. However, as much as it is an opportunity, leveraging consumer identity data can also create a stumbling block for some organizations. Peters cited Experian’s annual Global Identity and Fraud Report, specifically, the consumer concern around online security and the need for industry players to find the right balance between security and a frictionless experience.  “In short, we need the right fraud-prevention treatment for the right transaction; it is not a one-size-fits-all exercise,” Peters said.  The interview also covered the importance of knowing a customer’s identity for compliance reasons and business use cases, dispelling the myth that banks’ efforts around personalization are considered “creepy” by consumers, and the best ways for banks and fintechs to build trust among their consumers.   According to Experian’s Global Identity and Fraud Report, consumers are willing to give entities they trust more data, particularly if they feel they are receiving value. And it’s undeniable that data is at the heart of personalization and building better relationships.  “It comes down to identifying and understanding consumers and their needs. The best way to do that is with a lot of data,” Peters said.  To read the full article, visit Finovate’s website.  Finovate: Experian CIO on Digital Identity, Personalization and Building Trust with Consumer Data  Learn more about Experian Identity