Tag: risk indicator

Lately, I’ve been surprised by the emphasis that some fraud prevention practitioners still place on manual fraud reviews and treatment. With the market’s intense focus on real-time decisions and customer experience, it seems that fraud processing isn’t always keeping up with the trends. I’ve been involved in several lively discussions on this topic. On one side of the argument sit the analytical experts who are incredibly good at distilling mountains of detailed information into the most accurate fraud risk prediction possible. Their work is intended to relieve users from the burden of scrutinizing all of that data. On the other side of the argument sits the human side of the debate. Their position is that only a human being is able to balance the complexity of judging risk with the sensitivity of handling a potential customer. All of this has led me to consider the pros and cons of manual fraud reviews. The Pros of Manual Review When we consider the requirements for review, it certainly seems that there could be a strong case for using a manual process rather than artificial intelligence. Human beings can bring knowledge and experience that is outside of the data that an analytical decision can see. Knowing what type of product or service the customer is asking for and whether or not it’s attractive to criminals leaps to mind. Or perhaps the customer is part of a small community where they’re known to the institution through other types of relationships—like a credit union with a community- or employer-based field of membership. In cases like these, there are valuable insights that come from the reviewer’s knowledge of the world outside of the data that’s available for analytics. The Cons of Manual Review When we look at the cons of manual fraud review, there’s a lot to consider. First, the costs can be high. This goes beyond the dollars paid to people who handle the review to the good customers that are lost because of delays and friction that occurs as part of the review process. In a past webinar, we asked approximately 150 practitioners how often an application flagged for identity discrepancies resulted in that application being abandoned. Half of the audience indicated that more than 50% of those customers were lost. Another 30% didn’t know what the impact was. Those potentially good customers were lost because the manual review process took too long. Additionally, the results are subjective. Two reviewers with different levels of skill and expertise could look at the same information and choose a different course of action or make a different decision. A single reviewer can be inconsistent, too—especially if they’re expected to meet productivity measures. Finally, manual fraud review doesn’t support policy development. In another webinar earlier this year, a fraud prevention practitioner mentioned that her organization’s past reliance on manual review left them unable to review fraud cases and figure out how the criminals were able to succeed. Her organization simply couldn’t recreate the reviewer’s thought process and find the mistake that lead to a fraud loss. To Review or Not to Review? With compelling arguments on both sides, what is the best practice for manually reviewing cases of fraud risk? Hopefully, the following list will help: DO: Get comfortable with what analytics tell you. Analytics divide events into groups that share a measurable level of fraud risk. Use the analytics to define different tiers of risk and assign each tier to a set of next steps. Start simple, breaking the accounts that need scrutiny into high, medium and low risk groups. Perhaps the high risk group includes one instance of fraud out of every five cases. Have a plan for how these will be handled. You might require additional identity documentation that would be hard for a criminal to falsify or some other action. Another group might include one instance in every 20 cases. A less burdensome treatment can be used here – like a one-time-passcode (OTP) sent to a confirmed mobile number. Any cases that remain unverified might then be asked for the same verification you used on the high-risk group. DON’T: Rely on a single analytical score threshold or risk indicator to create one giant pile of work that has to be sorted out manually. This approach usually results in a poor experience for a large number of customers, and a strong possibility that the next steps are not aligned to the level of risk. DO: Reserve manual review for situations where the reviewer can bring some new information or knowledge to the cases they review. DON’T: Use the same underlying data that generated the analytics as the basis of a review. Consider two simplistic cases that use a new address with no past association to the individual. In one case, there are several other people with different surnames that have recently been using the same address. In the other, there are only two, and they share the same surname. In the best possible case, the reviewer recognizes how the other information affects the risk, and they duplicate what the analytics have already done – flagging the first application as suspicious. In other cases, connections will be missed, resulting in a costly mistake. In real situations, automated reviews are able to compare each piece of information to thousands of others, making it more likely that second-guessing the analytics using the same data will be problematic. DO: Focus your most experienced and talented reviewers on creating fraud strategies. The best way to use their time and skill is to create a cycle where risk groups are defined (using analytics), a verification treatment is prescribed and used consistently, and the results are measured. With this approach, the outcome of every case is the result of deliberate action. When fraud occurs, it’s either because the case was miscategorized and received treatment that was too easy to discourage the criminal—or it was categorized correctly and the treatment wasn’t challenging enough. Gaining Value While there is a middle ground where manual review and skill can be a force-multiplier for strong analytics, my sense is that many organizations aren’t getting the best value from their most talented fraud practitioners. To improve this, businesses can start by understanding how analytics can help group customers based on levels of risk—not just one group but a few—where the number of good vs. fraudulent cases are understood. Decide how you want to handle each of those groups and reserve challenging treatments for the riskiest groups while applying easier treatments when the number of good customers per fraud attempt is very high. Set up a consistent waterfall process where customers either successfully verify, cascade to a more challenging treatment, or abandon the process. Focus your manual efforts on monitoring the process you’ve put in place. Start collecting data that shows you how both good and bad cases flow through the process. Know what types of challenges the bad guys are outsmarting so you can route them to challenges that they won’t beat so easily. Most importantly, have a plan and be consistent. Be sure to keep an eye out for a new post where we’ll talk about how this analytical approach can also help you grow your business. Contact us

With new legislation, including the Coronavirus Aid, Relief, and Economic Security (CARES) Act impacting how data furnishers will report accounts, and government relief programs offering payment flexibility, data reporting under the coronavirus (COVID-19) outbreak can be complicated. Especially when it comes to small businesses, many of which are facing sharp declines in consumer demand and an increased need for capital. As part of our recently launched Q&A perspective series, Greg Carmean, Experian’s Director of Product Management and Matt Shubert, Director of Data Science and Modelling, provided insight on how data furnishers can help support small businesses amidst the pandemic while complying with recent regulations. Check out what they had to say: Q: How can data reporters best respond to the COVID-19 global pandemic? GC: Data reporters should make every effort to continue reporting their trade experiences, as losing visibility into account performance could lead to unintended consequences. For small businesses that have been negatively affected by the pandemic, we advise that when providing forbearance, deferrals be reported as “current”, meaning they should not adversely impact the credit scores of those small business accounts. We also recommend that our data reporters stay in close contact with their legal counsel to ensure they follow CARES Act guidelines. Q: How can financial institutions help small businesses during this time? GC: The most critical thing financial institutions can do is ensure that small businesses continue to have access to the capital they need. Financial institutions can help small businesses through deferral of payments on existing loans for businesses that have been most heavily impacted by the COVID-19 crisis. Small Business Administration (SBA) lenders can also help small businesses take advantage of government relief programs, like the Payment Protection Program (PPP), available through the CARES Act that provides forgiveness on up to 75% of payroll expenses and 25% of other qualifying expenses. Q: How do financial institutions maintain data accuracy while also protecting consumers and small businesses who may be undergoing financial stress at this time? GC: Following bureau recommendations regarding data reporting will be critical to ensure that businesses are being treated fairly and that the tools lenders depend on continue to provide value. The COVID-19 crisis also provides a great opportunity for lenders to educate their small business customers on their business credit. Experian has made free business credit reports available to every business across the country to help small business owners ensure the information lenders are using in their credit decisioning is up-to-date and accurate. Q: What is the smartest next play for financial institutions? GC: Experian has several resources that lenders can leverage, including Experian’s COVID-19 Business Risk Index which identifies the industries and geographies that have been most impacted by the COVID crisis. We also have scores and alerts that can help financial institutions gain greater insights into how the pandemic may impact their portfolios, especially for accounts with the greatest immediate exposure and need. MS: To help small businesses weather the storm, financial institutions should make it simple and efficient for them to access the loans and credit they need to survive. With cash flow to help bridge the gap or resume normal operations, small businesses can be more effective in their recovery processes and more easily comply with new legislation. Finances offer the support needed to augment currently reduced cash flows and provide the stability needed to be successful when a return to a more normal business environment occurs. At Experian, we’re closely monitoring the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help data furnishers navigate and successfully respond to the current environment. Learn more About Our Experts Greg Carmean, Director of Product Management, Experian Business Information Services, North America Greg has over 20 years of experience in the information industry specializing in commercial risk management services. In his current role, he is responsible for managing multiple product initiatives including Experian’s Small Business Financial Exchange (SBFE), domestic and international commercial reports and Corporate Linkage. Recently, he managed the development and launch of Experian’s Global Data Network product line, a commercial data environment that provides a single source of up to date international credit and firmographic information from Experian commercial bureaus and Tier 1 partners across the globe. Matt Shubert, Director of Data Science and Modelling, Experian Data Analytics, North America Matt leads Experian’s Commercial Data Sciences Team which consists of a combination of data scientists, data engineers and statistical model developers. The Commercial Data Science Team is responsible for the development of attributes and models in support of Experian’s BIS business unit. Matt’s 15+ years of experience leading data science and model development efforts within some of the largest global financial institutions gives our clients access to a wealth of knowledge to discover the hidden ROI within their own data.  

If you’ve been on the dating scene in the last few years, you’re probably familiar with ghosting. For those of you who aren’t, I’ll save you the trip to Urban Dictionary. “Ghosting” is when the person you’re dating disappears. No calls. No texts. No DMs. They just vanish, never to be heard from again. As troublesome as this can be, there’s a much more nefarious type of ghosting to be wary of – credit ghosting. Wait, what’s credit ghosting? Credit ghosting refers to the theft of a deceased person’s identity. According to the IRS, 2.5 million deceased identities are stolen each year. The theft often occurs shortly after someone dies, before the death is widely reported to the necessary agencies and businesses. This is because it can take months after a person dies before the Social Security Administration (SSA) and IRS receive, share, or register death records. Additionally, credit ghosting thefts can go unnoticed for months or even years if the family of the deceased does not check their credit report for activity after death. Opportunistic fraudsters check obituaries and other publicly available death records for information on the deceased. Obituaries often include a person’s birthday, address or hometown, parents’ names, occupation, and other information regularly used in identity verification. With this information fraudsters can use the deceased person’s identity and take advantage of their credit rating rather than taking the time to build it up as they would have to with other types of fraud. Criminals will apply for credit cards, loans, lines of credit, or even sign up for a cell phone plan and rack up charges before disappearing. Where did this type of identity theft come from? Credit ghosting is the result of a few issues. One traces back to a discrepancy noted by the Social Security’s inspector general. In an audit, they found that 6.5 million Social Security numbers for people born before June 16, 1901, did not have a date of death on record in the administration’s Numident (numerical identification) system – an electronic database containing Social Security number records assigned to each citizen since 1936. Without a date of death properly noted in the database, government agencies and other entities inquiring won’t necessarily know an individual is deceased, making it possible for criminals to implement credit ghosting schemes. Additionally, unreported deaths leave further holes in the system, leading to opportunity for fraudsters. When financial institutions run checks on the identity information supplied by a fraudster, it can seem legitimate. If the deceased’s credit is in good standing, the fraudster now appears to be a good customer—much like a synthetic identity—but now with the added twist that all of the information is from the same person instead of stitched together from multiple sources. It can take months before the financial institution discovers that the account has been compromised, giving fraudsters ample time to bust out and make off with the funds they’ve stolen. How can you defend against credit ghosting? Luckily, unlike your dating pipeline, there are ways to guard against ghosting in your business’ pipeline. Frontline Defense: Start by educating your customers. It’s never pleasant to consider your own passing or that of a loved one, but it’s imperative to have a plan in place for both the short and long term. Remind your customers that they should contact lenders and other financial institutions in the event of a death and continue monitoring those accounts into the future. Relatives of the deceased don’t tend to check credit reports after an estate has been settled. If the proper steps aren’t taken by the family to notify the appropriate creditors of the death, the deceased flag may not be added to their credit report before the estate is closed, leaving the deceased’s information vulnerable to fraud. By offering your customers assistance and steps to take, you can help ensure that they’re not dealing with the fallout of credit ghosting—like dealing with calls from creditors following up after the fraudster’s bust-out—on top of grieving. Backend Defense: Ensure you have the correct tools in place to spot credit ghosts when they try to enter your pipeline. Experian’s Fraud Shield includes high risk indicators and provides a deceased indicator flag so you can easily weed them out. Additionally, you can track other risk indicators like previous uses of a particular Social Security number and identify potential credit-boosting schemes. Speak to an Experian associate today about how you can increase your defenses against credit ghosting. Let's talk