Apply DA Tag

Consumer credit card debt has dipped to levels not seen since 2006 and the memory of pre-recession spending habits continues to get hazier with each passing day. In May, revolving credit card balances totaled over $790 billion, down $180 billion from mid-2008 peak levels. Debit and Prepaid volume accounted for 44% or nearly half of all plastic spending, growing substantially from 35% in 2005 and 23% a decade ago. Although month-to-month tracking suggests some noise in the trends as illustrated by the slight uptick in credit card debt from April to May, the changes we are seeing are not at all temporary. What we are experiencing is a combination of many factors including the aftermath impacts of recession tightening, changes in the level of comfort for financing non-essential purchases, the “new boomer” population entering the workforce in greater numbers and the diligent efforts to improve the general household wallet composition by Gen Xers. How do card issuers shift existing strategies? Baby boomers are entering that comfortable stage of life where incomes are higher and expenses are beginning to trail off as the last child is put through college and mortgage payments are predominantly applied toward principle. This group worries more about retirement investments and depressed home values and as such, they demand high value for their spending. Rewards based credit continues to resonate well with this group. Thirty years ago, baby boomers watched as their parents used cash, money orders and teller checks to manage finances but today’s population has access to many more options and are highly educated. As such, this group demands value for their business and a constant review of competitive offerings and development of new, relevant rewards products are needed to sustain market share. The younger generation is focused on technology. Debit and prepaid products accessible through mobile apps are more widely accepted for this group unlike ten to fifteen years ago when multiple credit cards with four figure credit limits each were provided to college students in large scale. Today’s new boomer is educated on the risks of using credit, while at the same time, parents are apt to absorb more of their children’s monthly expenses. Servicing this segment's needs, while helping them to establish a solid credit history, will result in long-term penetration in a growing segment. Recent CARD Act and subsequent amendments have taken a bite out of revenue previously used to offset increased risk and related costs that allowed card issuers to service the near-prime sector. However, we are seeing a trend of new lenders getting in to the credit card game while existing issuers start to slowly evaluate the next tier. After six quarters of consistent credit card delinquency declines, we are seeing slow signs of relief. The average VantageScore for new card originations increased by 8 points from the end of 2008 into early 2010 driven by credit tightening actions and has started to slowly come back down in recent months.   What next? What all of this means is that card issuers have to be more sophisticated with risk management and marketing practices. The ability to define segments through the use of alternate data sources and access channels is critical to ongoing capture of market share and profitable usage. First, the segmentation will need to identify the “who” and the “what.” Who wants what products, how much credit is a consumer eligible for and what rate, terms and rewards structure will be required to achieve desired profit and risk levels, particularly as the economy continues to teeter between further downturn and, at best, slow growth. By incorporating new modeling and data intelligence techniques, we are helping sophisticated lenders cherry pick the non-super prime prospects and offering guidance on aligning products that best balance risk and reward dynamics for each group. If done right, card issuers will continue to service a diverse universe of segments and generate profitable growth.

As I’m sure you are aware, the Federal Financial Institutions Examination Council (FFIEC) recently released its, "Supplement to Authentication in an Internet Banking Environment" guiding financial institutions to mitigate risk using a variety of processes and technologies as part of a multi-layered approach. In light of this updated mandate, businesses need to move beyond simple challenge and response questions to more complex out-of-wallet authentication.  Additionally, those incorporating device identification should look to more sophisticated technologies well beyond traditional IP address verification alone. Recently, I contribute to an article on how these new guidelines might affect your institution.  Check it out here, in full:  http://ffiec.bankinfosecurity.com/articles.php?art_id=3932 For more on what the FFIEC guidelines mean to you, check out these resources - which also gives you access to a recent Webinar.

The following article was originally posted on August 15, 2011 by Mike Myers on the Experian Business Credit Blog. Last time we talked about how credit policies are like a plant grown from a seed. They need regular review and attention just like the plants in your garden to really bloom. A credit policy is simply a consistent guideline to follow when decisioning accounts, reviewing accounts, collecting and setting terms. Opening accounts is just the first step. Here are a couple of key items to consider in reviewing  accounts: How many of your approved accounts are paying you late? What is their average days beyond terms? How much credit have they been extended? What attributes of these late paying accounts can predict future payment behavior? I recently worked with a client to create an automated credit policy that consistently reviews accounts based on predictive credit attributes, public records and exception rules using the batch account review decisioning tools within BusinessIQ. The credit team now feels like they are proactively managing their accounts instead of just reacting to them.   A solid credit policy not only focuses on opening accounts, but also on regular account review which can help you reduce your overall risk.

By: Staci Baker The Durbin Amendment, according to Wikipedia, gave the Federal Reserve the power to regulate debit card interchange fees. The amendment, which will have a profound impact on banks, merchants and anyone who holds a debit card will take effect on October 1, 2011 rather than the originally announced July 21, 2011, which will allow banks additional time to implement the new regulations. The Durbin Amendment states that card networks, such as Visa and Mastercard, will include an interchange fee of 21 cents per transaction, and must allow debit cards to be processed on at least two independent networks. This will cost banks roughly $9.4 billion annually according to CardHub.com. As stipulated in the Amendment, institutions with less than $10 billion in assets are exempt from the cap. In preparation for the Durbin Amendment, several banks have begun to impose new fees on checking accounts, end reward programs, raise minimum balance requirements and have threatened to cap transaction amounts for debit card transactions at $50 to $100 in order to recoup some of the earnings they are expected to lose. These new regulations will be a blow to already hurting consumers as their out of wallet expenses keep increasing. As you can see, The Durbin Amendment, which is meant to help consumers, will instead have the cost from the loss of interchange fees passed along in other forms. And, the loss of revenue will greatly impact the bottom line of banking institutions. Who will be the bigger winner with this new amendment - the consumer, merchants or the banks? Will banks be able to lower the cost of credit to an amount that will entice consumers away from their debit cards and to use their credit cards again? I think it is still far too soon to tell. But, I think over the next few months, we will see consumers use payment methods in a new way as both consumers and banks come to a middle ground that will minimize risk levels for all parties. Consumers will still need to shop and bankers will still need their tools utilized. What are you doing to prepare for The Durbin Amendment?

Lately there has been a lot of press about breaches and hacking of user credentials.  I thought it might be a good time to pause and distinguish between authentication credentials and identity elements. Identity elements are generally those bits of meta data related to an individual.  Things like: name, address, date of birth, Social Security Number, height, eye color, etc.  Identity elements are typically used as one part of the authentication process to verify an individual’s identity.  Credentials are typically the keys to a system that are granted after someone’s identity elements have been authenticated.  Credentials then stand in place of the identity elements and are used to access systems. When credentials are compromised, there is risk of account takeover by fraudsters with mal intent.  That’s why it’s a good idea to layer-in risk based authentication techniques along with credential access for all businesses.  But for financial institutions, the case is clear: a multi-layered approach is a necessity.  You only need to review the FFIEC Guidance of Authentication in an Internet Banking Environment to confirm this fact.  Boiled down to its essence, the latest guidance issued by the FFIEC is rather simple. Essentially it’s asking U.S. financial institutions to mitigate risk using a variety of processes and technologies, employed in a layered approach. More specifically, it asks those businesses to move beyond simple device identification — such as IP address checks, static cookies and challenge questions derived from customer enrollment information — to more complex device intelligence and more complex out-of-wallet identity verification procedures. In the world of online security, experience is critical.  Layered together, Experian’s authentication capabilities (including device intelligence from 41st Parameter, out-of-wallet questions and analytics) offers a more comprehensive approach to meeting and exceeding the FFIEC’s most recent guidance. More importantly, they offer the most effective and efficient means to mitigating risk in online environments, ensuring a positive customer experience and have been market-tested in the most challenging financial services applications.

For communications companies, acquiring new accounts is an ongoing challenge. However, it is critical to remember that managing new and existing accounts – and their respective risks – is of tremendous importance. A holistic view of the entire customer lifecycle is something every communications organization can benefit from. The following article was originally posted by Mike Myers on the Experian Business Credit blog. Most of us are pretty familiar with credit reports and scores, but how many of you are aware of the additional tools available to help you manage the entire credit risk lifecycle? I talk to credit managers everyday and as we’re all trying to do more with less, it’s easy to forget that opening accounts is just the first step. Managing risk on these accounts is as critical, if not more so, than opening them. While others may choose to “ship and chase”, you don’t need to. Proactive alert/monitoring services, regular portfolio scoring and segmentation are key components that a successful credit department needs to employ in the constant battle against “bad” accounts. Use these tools to proactively adjust credit terms and limits, both positively and negatively. Inevitably some accounts will go bad, but using collection research tools for skip tracing and targeting services for debt collection will put you first in line for collections. A journey of 1,000 miles begins with a single step; we have tools that can help you with that journey and all can be accessed online.

While the majority of your customers may be consumers, most telecommunications companies also work with a number of business accounts. Understanding business credit scores — and what attributes have the most impact on them — can go a long way in helping you identify good customers as well as better manage risk. The following article was originally posted by Peter Bolin on the Experian Business Credit blog. There are a number of factors that impact business credit risk scores. Keep in mind that most risk models are built using multivariate statistical methods that not only look at each attribute, but also look for the interaction between the attributes. However, there are three general factors that will impact a business score. Recency: How recently has the business been delinquent? Events that have happened recently tend to be most predictive of business behavior in the near future. For example being days beyond credit terms (DBT) in the past 30, 60, and 90 days will tend to negatively impact, on average, a business’s credit score versus those that are current. Frequency: How frequently is the business delinquent or applying for credit? If a business has multiple beyond terms events then the algorithm will reflect this behavior and will tend to impact the score to the low side. In addition, if a business is frequently applying for credit (called inquires) then this will also negatively impact the score. Monetary/Usage: How large is the debt burden? Businesses that carry large balances in relation to credit limits tend to be more risky than those that carry lower balances in relation to credit limits. This is called the utilization ratio or balance-to-limit ratio. As the debt burden increases interest payments also grow placing more stress on cash flows. This tends to negatively impact a business’ risk score. Please comment on this post to let me know of specific topics you want to hear more about.

The next time a consumer asks about his or her credit score, consider it an opportunity. Recent changes to the Risk-Based Pricing (RBP) rule may provide new opportunities to strengthen relationships by educating consumers about what their credit scores mean, how they’re used, and how they can be improved. For many lenders and other businesses, this could be the first time they’ve had a chance to speak directly and openly with customers about their credit scores. The RBP rule is intended to improve financial literacy As we’ve discussed, the Risk-Based Pricing Rule was instituted in response to policymaker concerns that consumers were not being sufficiently informed of the impact that credit reports can have on their annual percentage rate (APR). Now, when a lender makes a credit decision based on a consumer credit report and does not offer the best possible rate, or denies credit, the RBP Rule requires lenders to notify the customer about the decision – through either an explanation of the rate offered or disclosing a credit score. New requirements take effect on July 21 RBP compliance is changing following recent passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Companies will now be required to provide all customers with a credit score within a Risk Based Pricing Notice, along with educational material. The new requirement is effective July 21, 2011. This is also the date when the new Bureau of Consumer Financial Protection (CFPB) is set to be fully operational. How to prepare for consumer questions about credit scores Experian offers a number of resources to help lenders answer consumer questions. Online resources, including the Ask Experian column and our extensive Credit Education section, provide fundamental information to help consumers better understand credit scores and credit reports. The Experian Credit Score Basics booklet, plus more than 20 other educational documents, are available electronically and formatted for easy printing and distribution. All documents, PowerPoint presentations, virtual seminars and education videos are available on a free mini-disk. Customized training and education is available The Experian Public Education team can also provide customized, live Internet-based training and education for our clients’ employees to help them effectively answer customer questions about credit reports and credit scores. For a free mini-disk or more information about training events, please contact Rod Griffin, Experian’s Director of Public Education, at 1 (972) 390-3528, or email clientcorner@experian.com. Take a moment to check out our Risk-Based Pricing microsite, too. Note: While Experian is happy to provide our observations related to the new Risk-Based Pricing Rule, please work with your own legal counsel to ensure that you comply with your obligations under the rule.

Managing commercial credit in today’s economy can be a real challenge. For telecommunications companies, pulling a report can be helpful in deciding whether or not to offer service to a consumer. But pulling credit reports alone is simply not effective to perform true, proactive portfolio management. The following article was originally posted by Minnie Blanco on the Experian Business Credit blog. If you make decisions just by pulling credit reports, you may want to think about how you can manage your accounts proactively. Pulling a report is helpful in deciding whether you should offer credit to a business. But, consider these basic steps when looking for any negative trends: Develop a policy for how you’d handle accounts that are current, delinquent, bankrupt, etc. Segment your portfolio by those accounts who pay within a particular range of time or who fall within a particular category, i.e. Current 1-30 days, 31-60, 61-90, 91 plus or filed bankruptcy. Review your accounts and apply your company policy to that particular segment.     By applying steps 1 -3, you’ll be able to proactively identify good candidates for increased credit limits, as well as those you’ll need to pay closer attention to because they may be headed for delinquency or collections. BusinessIQ allows you to easily pull reports, segment accounts and submit them for account review. It’s easy-to-use…plus, the Portfolio Module is free! Here’s a demo on the application. Look for future blog posts from me where I’ll write more about managing your portfolio. And, feel free to comment and let me know if there are specific topics you want to hear about.

Well, actually, it isn’t. The better question to ask is when to use knowledge based authentication (KBA). I know I have written before about using it as part of a risk based authentication approach to fraud account management, but I am often asked what I mean by that statement. So, I thought it might be a good idea to provide a few more details and give some examples. Basically, what I mean is this: risk segmentation based on binary verification is unwise. Binary verification can occur based on identity elements, or it can occur based on pass/fail performance from out of wallet questions, but the fact remains that the primary decisioning strategy is relying on a condition with two outcomes – verified or not verified, pass or fail – and that is unwise. When we recommend a risk based authentication approach, the view is more broadly based. We advocate using analytics and weighting many factors, including those identity elements and knowledge based authentication performance as part of an overall decision, rather than an as end-all decision. If you take this kind of approach, when might you want to use this kind of approach? The answer to that is just about any time a transaction contains a level of risk, understanding that each organization will have a unique definition and tolerance for “risk”. It could be an origination or account opening scenario, when you do not yet have a relationship with a consumer. It could be in an account management setting, when you have a relationship with the consumer and know their expected behavior (and therefore anything outside of expected behavior is risk). It could be in transactional settings where there is an exchange of money or information belonging to the consumer. All of these are appropriate uses for KBA as part of a risk based approach.

By: Kristan Frend Imagine you’re on the #1 ranked relay swim team at the World Championships and you’re leading off. You finish your leg of the race with the team in first place. As your third teammate approaches the wall, your team is in first by a full body length. You’re on pace to set a new world record. Yet the anchor of your team is nowhere to be found, ultimately resulting in your team being disqualified.   If only your fourth teammate would have made it to the blocks in time…. When you take a step back and look at your fraud risk management solutions, do you ever feel like you have all of the tools and processes available yet feel like the anchor is missing? Perhaps it’s time to reexamine your internal resources. You may have an assembly of sophisticated and robust online fraud detection tools from vendors, but you may be missing a critical piece if you’re not also effectively leveraging internal data. Through our work with clients, we’re found that it is not uncommon for organizations to manage the customer relationship through different departments or silos within the organization.   All too often there is less than optimal coordination between these functional areas in taking advantage of their own internal negative data to combat application fraud. Additionally some organizations may have negative internal data but do not incorporate the check within their verification or risk based authentication tool, creating multiple steps and operational inefficiencies. One of the ways to overcome some of these issues is by incorporating internal negative data within an automated front-end check.  Once loss data is loaded into a historical database, the next time that name, phone, address, driver’s license or SSN reappears on a new application, the data element is immediately identified as one associated with a previous loss. The negative data is securely stored for only your organization’s use and is not shared with users outside of your organization.

Let’s face it – not all knowledge based authentication (KBA) is created equal. I, too, have read horror stories of consumers forced to answer questions about a deceased relative or ex-spouse, or KBA sessions that went on far too long for anyone’s benefit. I have to attribute this to vendor inexperience and a lack of consulting with clients. An experienced vendor will use a fraud best practice such as a fraud analytics model to determine that some consumers do not even need questions and then a “Progressive Question” feature, which uses consumer performance on an initial question set to determine if it is necessary for the consumer to answer additional questions. This way, the true consumer completes the process quickly, improving the customer experience. The product of choice should also use a question mix that balances three factors: ·         how easily the true consumer can answer the question; ·         the fraud separation of the question (effectively the measured delta over time between how well true consumers answer the question vs. how well fraudsters do); ·         how many consumers overall the question can be generated.  A list of hundreds of possible questions doesn’t mean much if the questions can only be generated for one quarter of one percent of the population, as is the case for something like airplane ownership or pilot’s license. Ultimately, out of wallet questions should be generated for a large part of the population, easily answered by the true consumer but difficult for a fraudster; and not offensive or what a consumer would consider “creepy” (such as their child’s birthday or name). Well designed questions will be personal but not intrusive and mindful of personal relationships that may have changed.  The purpose of a knowledge based authentication session is risk management and/or consumer authentication for fraud prevention and compliance purposes – not to cause the loss of business because the fraud tool crossed the line in the mind of your customer.

Experian Decision Analytics has recorded increased demand from the marketplace for service integrations with interactive voice response (IVR), a phone technology that allows for automated detection of both voice and touch–tones. In the past quarter, there has been a more than 70 percent increase in IVR interest and it continues to grow. Why is there a demand for knowledge based authentication through IVR? Besides consumer acceptance of out of wallet questions, there is a dramatic increase in the need for remote authentication and fraud analytics that are accurate, not a burden to the consumer, cost–effective for organizations and part of an overall risk based authentication approach. Consumers stay connected in a number of ways — phone, online, mobile and short message service (SMS) — and are demanding the means to remain safe without compromising convenience. Knowledge based authentication through IVR provides this safety. Organizations must consider all the tools at their disposal to keep consumer data protected while preserving and promoting a positive customer experience. Given the interactive nature of knowledge based authentication, it is quite adaptable to various customer access channels, such as IVR, and it enables full automation of both inbound and outbound authentication calls. We know from both our own experience and from working with clients that consumers are more connected, more mobile and more networked than ever before - and fraud trends demonstrate this increases risk. As consumers continue to expand online profiles and fraud artists continue to seek out victims, successful fraud prevention will become paramount to financial survival. Leveraging products already in use by combining the technology capitalizes on an existing investment and is good business.

Many compliance regulations such the Red Flags Rule, USA Patriot Act, and ESIGN require specific identity elements to be verified and specific high risk conditions to be detected. However, there is still much variance in how individual institutions reconcile referrals generated from the detection of high risk conditions and/or the absence of identity element verification. With this in mind, risk-based authentication, (defined in this context as the “holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time") offers institutions a viable strategy for balancing the following competing forces and pressures:   Compliance – the need to ensure each transaction is approved only when compliance requirements are met;   Approval rates – the need to meet business goals in the booking of new accounts and the facilitation of existing account transactions;     Risk mitigation – the need to minimize fraud exposure at the account and transaction level. A flexibly-designed risk-based authentication strategy incorporates a robust breadth of data assets, detailed results, granular information, targeted analytics and automated decisioning. This allows an institution to strike a harmonious balance (or at least something close to that) between the needs to remain compliant, while approving the vast majority of applications or customer transactions and, oh yeah, minimizing fraud and credit risk exposure and credit risk modeling. Sole reliance on binary assessment of the presence or absence of high risk conditions and identity element verifications will, more often than not, create an operational process that is overburdened by manual referral queues. There is also an unnecessary proportion of viable consumers unable to be serviced by your business. Use of analytically sound risk assessments and objective and consistent decisioning strategies will provide opportunities to calibrate your process to meet today’s pressures and adjust to tomorrow’s as well.

Many compliance regulations such the Red Flags Rule, USA Patriot Act, and ESIGN require specific identity elements to be verified and specific high risk conditions to be detected. However, there is still much variance in how individual institutions reconcile referrals generated from the detection of high risk conditions and/or the absence of identity element verification. With this in mind, risk-based authentication, (defined in this context as the “holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time") offers institutions a viable strategy for balancing the following competing forces and pressures: Compliance – the need to ensure each transaction is approved only when compliance requirements are met; Approval rates – the need to meet business goals in the booking of new accounts and the facilitation of existing account transactions; Risk mitigation – the need to minimize fraud exposure at the account and transaction level. A flexibly-designed risk-based authentication strategy incorporates a robust breadth of data assets, detailed results, granular information, targeted analytics and automated decisioning. This allows an institution to strike a harmonious balance (or at least something close to that) between the needs to remain compliant, while approving the vast majority of applications or customer transactions and, oh yeah, minimizing fraud and credit risk exposure and credit risk modeling. Sole reliance on binary assessment of the presence or absence of high risk conditions and identity element verifications will, more often than not, create an operational process that is overburdened by manual referral queues. There is also an unnecessary proportion of viable consumers unable to be serviced by your business. Use of analytically sound risk assessments and objective and consistent decisioning strategies will provide opportunities to calibrate your process to meet today’s pressures and adjust to tomorrow’s as well.