Industries

If rumors hold true, Apple Pay will launch in a week. Five of my last six posts had covered Apple’s likely and actual strategy in payments & commerce, and the rich tapestry of control, convenience, user experience, security and applied cryptography that constitutes as the backdrop. What follows is a summation of my views – with a couple of observations from having seen the Apple Pay payment experience up close. About three years ago – I published a similar commentary on Google Wallet that for kicks, you can find here. I hope what follows is a balanced perspective, as I try to cut through some FUD, provide some commentary on the payment experience, and offer up some predictions that are worth the price you pay to read my blog. Source: Bloomua / Shutterstock.com First the criticism. Apple Pay doesn’t go far enough: Fair. But you seem to misunderstand Apple’s intentions here. Apple did not set out to make a mobile wallet. Apple Pay sits within Passbook – which in itself is a wrapper of rewards and loyalty cards issued by third parties. Similarly – Apple Pay is a wrapper of payments cards issued by third parties. Even the branding disappears once you provision your cards – when you are at the point-of-sale and your iPhone6 is in proximity to the reader (or enters the magnetic field created by the reader) – the screen turns on and your default payment card is displayed. One does not need to launch an app or fiddle around with Apple Pay. And for that matter, it’s even more limited than you think. Apple’s choice to leave the Passbook driven Apple Pay experience as threadbare as possible seems an intentional choice to force consumers to interact more with their bank apps vs Passbook for all and any rich interaction. Infact the transaction detail displayed on the back of the payment card you use is limited – but you can launch the bank app to view and do a lot more. Similarly – the bank app can prompt a transaction alert that the consumer can select to view more detail as well. Counter to what has been publicized – Apple can – if they choose to – view transaction detail including consumer info, but only retains anonymized info on their servers. The contrast is apparent with Google – where (during early Google Wallet days) issuers dangled the same anonymized transaction info to appease Google – in return for participation in the wallet. If your tap don’t work – will you blame Apple? Some claim that any transaction failures – such as a non-working reader – will cause consumers to blame Apple. This does not hold water simply because – Apple does not get in between the consumer, his chosen card and the merchant during payment. It provides the framework to trigger and communicate a payment credential – and then quietly gets out of the way. This is where Google stumbled – by wanting to become the perennial fly on the wall. And so if for whatever reason the transaction fails, the consumer sees no Apple branding for them to direct their blame. (I draw a contrast later on below with Samsung and LoopPay) Apple Pay is not secure: Laughable and pure FUD. This article references an UBS note talking how Apple Pay is insecure compared to – a pure cloud based solution such as the yet-to-be-launched MCX. This is due to a total misunderstanding of not just Apple Pay – but the hardware/software platform it sits within (and I am not just talking about the benefits of a TouchID, Network Tokenization, Issuer Cryptogram, Secure Element based approach) including, the full weight of security measures that has been baked in to iOS and the underlying hardware that comes together to offer the best container for payments. And against all that backdrop of applied cryptography, Apple still sought to overlay its payments approach over an existing framework. So that, when it comes to risk – it leans away from the consumer and towards a bank that understands how to manage risk. That’s the biggest disparity between these two approaches – Apple Pay and MCX – that, Apple built a secure wrapper around an existing payments hierarchy and the latter seeks to disrupt that status quo. Let the games begin: Consumers should get ready for an ad blitz from each of the launch partners of Apple Pay over the next few weeks. I expect we will also see these efforts concentrated around pockets of activation – because setting up Apple Pay is the next step to entering your Apple ID during activation. And for that reason – each of those launch partners understand the importance of reminding consumers why their card should be top of mind. There is also a subtle but important difference between top of wallet card (or default card) for payment in Apple Pay and it’s predecessors (Google Wallet for example). Changing your default card was an easy task – and wholly encapsulated – within the Google Wallet app. Where as in Apple Pay – changing your default card – is buried under Settings, and I doubt once you choose your default card – you are more likely to not bother with it. And here’s how quick the payment interaction is within Apple Pay (takes under 3 seconds) :- Bring your phone in to proximity of the reader. Screen turns on. Passbook is triggered and your default card is displayed. You place your finger and authenticate using TouchID. A beep notes the transaction is completed. You can flip the card to view a limited transaction detail. Yes – you could swipe down and choose another card to pay. But unlikely. I remember how LevelUp used very much the same strategy to signup banks – stating that over 90% of it’s customers never change their default card inside LevelUp. This will be a blatant land grab over the next few months – as tens of millions of new iPhones are activated. According to what Apple has told it’s launch partners – they do expect over 95% of activations to add at least one card. What does this mean to banks who won’t be ready in 2014 or haven’t yet signed up? As I said before – there will be a long tail of reduced utility – as we get in to community banks and credit unions. The risk is amplified because Apple Pay is the only way to enable payments in iOS that uses Apple’s secure infrastructure – and using NFC. For those still debating whether it was a shotgun wedding, Apple’s approach had five main highlights that appealed to a Bank – Utilizing an approach that was bank friendly (and to status quo) : NFC Securing the transaction beyond the prerequisites of EMV contactless – via network tokenization & TouchID Apple’s preference to stay entirely as an enabler – facilitating a secure container infrastructure to host bank issued credentials. Compressing the stack: further shortening the payment authorization required of the consumer by removing the need for PIN entry, and not introducing any new parties in to the transaction flow that could have introduced delays, costs or complexity in the roundtrip. Clear description of costs to participate – Free is ambiguous. Free leads to much angst as to what the true cost of participation really is(Remember Google Wallet?). Banks prefer clarity here – even if it means 15bps in credit. As I wrote above, Apple opting to strictly coloring inside the lines – forces the banks to shoulder much of the responsibility in dealing with the ‘before’ and ‘after’ of payment. Most of the bank partners will be updating or activating parts of their mobile app to start interacting with Passbook/Apple Pay. Much of that interaction will use existing hooks in to Passbook – and provide richer transaction detail and context within the app. This is an area of differentiation for the future – because those banks who lack the investment, talent and commitment to build a redeeming mobile services approach will struggle to differentiate on retail footprint alone. And as smarter banks build entirely digital products for an entirely digital audience – the generic approaches will struggle and I expect at some point – that this will drive bank consolidation at the low end. On the other hand – if you are an issuer, the ‘before’ and ‘after’ of payments that you are able to control and the richer story you are able to weave, along with offline incentives – can aid in recapture. The conspicuous and continued absence of Google: So whither Android? Uniformity in payments for Android is as fragmented as the ecosystem itself. Android must now look at Apple for lessons in consistency. For example, how Apple uses the same payment credential that is stored in the Secure Element for both in-person retail transactions as well as in-app payments. It may look trivial – but when you consider that Apple came dangerously close (and justified as well) in its attempt to obtain parity between those two payment scenarios from a rate economics point of view from issuers – Android flailing around without a coherent strategy is inexcusable. I will say this again: Google Wallet requires a reboot. And word from within Google is that a reboot may not imply a singular or even a cohesive approach. Google needs to swallow its pride and look to converge the Android payments and commerce experience across channels similar to iOS. Any delay or inaction risks a growing apathy from merchants who must decide what platform is worth building or focusing for. Risk vs Reward is already skewed in favor of iOS: Even if Apple was not convincing enough in its attempt to ask for Card Present rates for its in-app transactions – it may have managed to shift liability to the issuer similar to 3DS and VBV – that in itself poses an imbalance in favor of iOS. For a retail app in iOS – there is now an incentive to utilize Apple Pay and iOS instead of all the other competing payment providers (Paypal for example, or Google Wallet) because transactional risk shifts to the issuer if my consumer authenticates via TouchID and uses a card stored in Apple Pay. I have now both an incentive to prefer iOS over Android as well as an opportunity to compress my funnel – much of my imperative to collect data during the purchase was an attempt to quantify for fraud risk – and the need for that goes out of the window if the customer chooses Apple Pay. This is huge and the repercussions go beyond Android – in to CNP fraud, CRM and loyalty. Networks, Tokens and new end-points (e.g. LoopPay): The absence of uniformity in Android has provided a window of opportunity for others – regardless of how fragmented these approaches be. Networks shall parlay the success with tokenization in Apple Pay in to Android as well, soon. Prime example being: Loop Pay. If as rumors go – Samsung goes through with baking in Loop Pay in to its flagship S6, and Visa’s investment translates in to Loop using Visa tokenization – Loop may find the ubiquity it is looking for – on both ends. I don’t necessarily see the value accrued to Samsung for launching a risky play here: specifically because of the impact of putting Loop’s circuitry within S6. Any transaction failure in this case – will be attributed to Samsung, not to Loop, or the merchant, or the bank. That’s a risky move – and I hope – a well thought out one. I have some thoughts on how the Visa tokenization approach may solve for some of the challenges that Loop Pay face on merchant EMV terminals – and I will share those later. The return of the comeback: Reliance on networks for tokenization does allay some of the challenges faced by payment wrappers like Loop, Coin etc – but they all focus on the last mile and tokenization does little more for them than kicking the can down the road and delaying the inevitable a little while more. The ones that benefit most are the networks themselves – who now has wide acceptance of their tokenization service – with themselves firmly entrenched in the middle. Even though the EMVCo tokenization standard made no assumptions regarding the role of a Token Service Provider – and in fact Issuers or 3rd parties could each pay the role sufficiently well – networks have left no room for ambiguity here. With their role as a TSP – networks have more to gain from legitimizing more end points than ever before – because these translate to more token traffic and subsequently incremental revenue – transactional and additional managed services costs (OBO – On behalf of service costs incurred by a card issuer or wallet provider). It has never been a better time to be a network. I must say – a whiplash effect for all of us – who called for their demise with the Chase-VisaNet deal. So my predictions for Apple Pay a week before its launch: We will see a substantial take-up and provisioning of cards in to Passbook over the next year. Easy in-app purchases will act as the carrot for consumers. Apple Pay will be a quick affair at the point-of-sale: When I tried it few weeks ago – it took all of 3 seconds. A comparable swipe with a PIN (which is what Apple Pay equates to) took up to 10. A dip with an EMV card took 23 seconds on a good day. I am sure this is not the last time we will be measuring things. The substantial take-up on in-app transactions will drive signups: Consumers will signup because Apple’s array of in-app partners will include the likes of Delta – and any airline that shortens the whole ticket buying experience to a simple TouchID authentication has my money. Apple Pay will cause MCX to fragment: Even though I expect the initial take up to be driven more on the in-app side vs in-store, as more merchants switch to Apple Pay for in-app, consumers will expect a consistency in that approach across those merchants. We will see some high profile desertions – driven partly due to the fact that MCX asks for absolute fealty from its constituents, and in a rapidly changing and converging commerce landscape – that’s just a tall ask. In the near-term, Android will stumble: Question is if Google can reclaim and steady its own strategy. Or will it spin off another costly experiment in chasing commerce and payments. The former will require it to be pragmatic and bring ecosystem capabilities up to par – and that’s a tall ask when you lack the capacity for vertical integration that Apple has. And from the looks of it – Samsung is all over the place at the moment. Again – not confidence inducing. ISIS/SoftCard will get squeezed out of breath: SoftCard and GSMA can’t help but insert themselves in to the Apple Pay narrative by hoping that the existence of a second NFC controller on the iPhone6 validates/favors their SIM based Secure Element approach and indirectly offers Softcard/GSMA constituents a pathway to Apple Pay. If that didn’t make a lick of sense – It’s like saying ‘I’m happy about my neighbor’s Tesla because he plugs it in to my electric socket’. Discover how an Experian business consultant can help you strengthen your credit and risk management strategies and processes: http://ex.pn/DA_GCP This post originally appeared here.

By: Maria Moynihan Mobile devices are everywhere, and landlines and computer desktops are becoming things of the past. A recent American Marketing Association post mentioned that there already are more than 1 billion smartphones and more than 150 million tablets worldwide. As growth in mobile devices continues, so do expectations around convenience, access to mobile-friendly sites and apps, and security. What is your agency doing to get ahead of this trend? Allocating resources toward mobile device access and improved customer service is inevitable, and, arguably, investment and shifts in one of these areas ultimately will affect the other. As ease of information and services improves online or via mobile app, secure logons, identity theft safeguards and authentication measures must all follow suit. Industry best practices in network security call for advancements in: Authenticating users and their devices at the point of entry Detecting new and emerging fraud schemes in processes Developing seamless cross-checks of individuals across channels Click here to see what leading information service providers like Experian are doing to help address fraud across devices. There is a way to confidently authenticate individuals without affecting their overall user experience. Embrace the change.      

In a recent webinar, we addressed how both the growing diversity of technology used for online transactions and the many different types of access can make authentication complicated. Technology is ever-changing and is continually reshaping the way we live. This leaves our industry to question how device intelligence factors into both the problem and solution surrounding diverse technologies in the online transaction space. Industry experts Cherian Abraham from the Experian Decision Analytics team and David Britton from 41st Parameter, a part of Experian, weighed in on the discussion. Putting It All Into Context Britton harkened back to a simpler time of authentication practices. In the early days of the web, user names and passwords were the only tools people had to authenticate online identities. Eventually, this led organizations to begin streamlining the process. “They did things like using cookies or placing files onto a computer so that the computer would be “known” to the business,” said Britton. However, those original methods are now struggling to fit into the modern-day authentication puzzle. “The challenge has been that for both privacy reasons and for the advancements of technology we have actually moved to a more privacy-centric environment where those types of things have fallen away in terms of their efficacy.  For example, cookies are often easily deleted by simply browsing incognito. So as a result there’s been a counter move approach to how to authenticate online,” said Britton. New Technology – A Quick Fix? Don’t be fooled. Newer technologies cannot necessarily provide an easy alternative and incorporate older authentication methods. Britton referenced how the advent of mobile has actually made recognizing the consumer behind the device, the behavior of the machine and the data that the consumer is presenting even more complex. Additionally, rudimentary methods of authentication don’t actually exist well in the mobile environment. On the other hand, newer technologies and the mobile environment force a more layered approach to authentication methods. “There is a better way and the better way is to look at a variety of other inspirations beyond user names and passwords before vindicating the customer. This is all the more evident when you get to newer channels such as mobile where consumer expectations are so different and you cannot rely on the customer having to answer a long stream of characters and letters such as a user name or a password,” said Abraham. Britton weighed in as well on device intelligence and the layered approach. “Our whole philosophy around this has been that if you can recognize aspects of the device in the form of device intelligence – we’re able to actually leverage that information without crossing the boundaries of good privacy management. Furthermore, we are then able to say we recognize the attributes of the device and can recognize the device as that person is attempting to come back into an environment,” said Britton. He emphasized how being able to help companies understand who might be on the other end of the device has made a world of difference. This increasingly points to how authentication will continue to evolve in a in a multi-device, multi-screen and multi-channel environment. For more information and access to the full webinar – Stay tuned for additional #fraudlifecycle posts.

Fraud is not a point-in-time problem and data breaches should not be considered isolated attacks, which break through network defenses to abscond with credentials. In fact, data breaches are just the first stage of a rather complex lifecycle that begins with a vulnerability, advances through several stages of validation and surveillance, and culminates with a fraudulent transaction or monetary theft. Cyber criminals are sophisticated and have a growing arsenal of weapons at their disposal to infect individual and corporate systems and capture account information: phishing, SMSishing and Vishing attacks, malware, and the like are all attempts to thwart security and access-protected information. Criminal tactics have even evolved to include physical-world approaches like infiltrating physical call centers via social engineering attacks aimed at unsuspecting representatives. This, and similar efforts, are all part of the constant quest to identify and exploit weaknesses in order to stage and commit financial crimes. There are some companies that claim malware detection is the silver bullet to preventing fraud. This is simply not the case. The issue is that malware is only one method by which fraudsters may obtain credentials. The seemingly endless supply of pristine identity and account data in the criminal underground means that detecting a user’s system has been compromised is akin to closing the barn door after the hose has bolted. That is, malware can be an indicator that an account has been compromised, but it does not help identify the subsequent usage of the stolen credentials by the criminals, regardless of how the credentials were compromised. Compromised data is first validated by the seller as one of their “value adds” to the criminal underground and typically again by the buyer. Validation usually involves logging into an account to ensure that the credentials work as expected, and allows for a much higher “validated” price point. Once the credentials and/or account have been validated, cyber criminals can turn their attention to surveillance. Remember, by the time one realizes that credential information has been exposed, cyber criminal rings have captured the information they need – such as usernames, passwords, challenge responses and even token or session IDs – and have aded it to their underground data repositories. with traditional online authentication controls, it is nearly impossible to detect the initial fraudulent login that uses ill-gotten credentials. That is why it is critical to operate from the assumption that all account credentials have been compromised when designing an online authentication control scheme.

By: Maria Moynihan As consumers, we expect service, don’t we? When service or convenience lessens or is taken away from us altogether, we struggle to comprehend it. As a recent example, I went to the pharmacy the other day and learned that I couldn’t pick up my prescription since the pharmacists were out to lunch. “Who takes lunch anymore?” I thought, but then I realized that too often organizations limit their much needed services as a cost-saving measure. Government is no different. City governments, for instance, may reduce operating hours or slash services to balance budgets better, especially when collectables are maxed out, with little movement. For many agencies, reducing services is the easiest way to offset costs. Often, municipalities offset revenue deficits by optimizing their current collections processes and engaging in new methods of revenue generation. Why then isn’t revenue optimization and modernization being considered more often as a means to offset costs? Some may simply be unsure of how to approach it or unaware of the tools that exist to help. For agencies challenged with collections, there is an option for revenue assurance. With the right data, analytics and technologies, agencies can maximize collection efforts and take advantage of their past-due fines and fees to: Turn stale debt into a new source of revenue by determining the value of their entire debt portfolio and evaluating options for a stale assets sale Reduce delinquencies by better assessing constituents and businesses at the point of transaction and collecting outstanding debt before new services are rendered Minimize current debt by segmenting and prioritizing collection efforts through finding and contacting debtors and gauging their capacity to pay Improve future accounts receivable streams by identifying the best collectable debt for outsourcing What is your agency doing to offset costs and balance budgets better? See what industry experts suggest as best practices for collections, and generate more revenue to keep services fully in place for your constituents.

By: Mike Horrocks A recent industry survey was published that called out the number one reason that lenders were dissatisfied or willing to go to another financial institution (and take their book of business with them) was not compensation.  While, compensation is often thought of as the number one driver for this kind of change in your bench of lenders, it had much more to do with being able to serve customers efficiently. One of the key reasons that lenders were unhappy was that they were in a workflow and decisioning process where the lender could not close loans on time, putting stress on the loan officer's relationships and destroying borrower confidence.  Thinking of my own experiences as a commercial lender, my interactions with the private bankers, branch managers, and lenders that served every kind of customer, I would absolutely have to agree with this study.  Nothing is more disheartening then working on bringing in a client, and then having the process not give me a response in the time that my clients are expecting or that the completion is achieving. Automation in the process is the key.  While lenders still will need to be engaged in the process and paying attention to the relationship, it can be significantly refocused to other parts of the business.  This leads to benefits such as: Protecting the back office and the consistence of booking and servicing loans. Ensuring that the risk appetite is consistent for the institution for every deal. Growing a portfolio of loans that can and will adhere to sound portfolio management techniques. So how is your process supporting lenders?  Are you automating to help in areas that give you a competitive advantage with robust credit scores, decision strategies or risk management solutions that are helping close deals quickly or are you requiring a process that is keeping them from bringing more customers (and profits) in the door? Henry Ford is credited to say, “Coming together is a beginning. Keeping together is progress. Working together is success.”   Take a closer look at your lending process.  Do you have the tools that help bring your lenders, your customers, and your organization together?  If you don’t you may be losing some of your best talent for loan production at a time when you can least afford it.

Cherian Abraham, our mobile commerce and payments consultant, recently wrote about the future of mobile banking in regards to the Apple Pay news out this week. The below article originally appeared in American Banker and is an edited version of his blog post. Editor's note: A version of this post originally appeared on Drop Labs. Depending on who you ask, the launch of Apple Pay was either exciting or uninspiring. The truth is far more complicated — particularly in terms of how it will impact the dynamics of Apple's relationship with banks. I would venture that most of the financial institutions on stage at the launch of Apple Pay earlier this week have mixed feelings about their partnership. They have had to sacrifice a lot of the room for negotiation that banks have retained with other wallet players such as Google Wallet and Softcard (the company formerly known as Isis). If you are an Apple Pay launch partner, having your credential or token on Apple Pay does not mean that you get to extend that credential into your own mobile banking app or wallet. For example, Bank A, with its credentials stored on Apple Pay, cannot leverage those credentials so that its own mobile banking app can use them to enable direct payments. Banks will have to accept that their credentials will be indefinitely locked to Apple Pay till deletion.  No bank wants its brand to be overshadowed by Apple, nor do banks want smartphone users to close their app and open up a different wallet to make a payment. But this was not up for debate with Apple, which wants to tightly control the payment experience. This should be a cause of concern for Apple Pay partner banks, for whom enabling payments outside of Apple Pay in iOS is now off the table. Banks' only hope of having an integrated payment experience is to focus on Android, which supports host card emulation technology. HCE uses software to emulate a contactless smart card and communicate with near-field communication readers. I would expect a lot of banks to revisit Android and HCE in upcoming months. That goes double for the institutions that were not chosen to partner with Apple, along with retailers who have not rejected contactless payments as a modality in stores. Given that Apple will reportedly collect fees from its partner banks when customers execute transactions on the mobile wallet, all banks should be thinking about ways that they can make their presence on other Apple offerings more lucrative. If I were them, I would begin segmenting customers who hold one of iTunes' 500 million active accounts to see which ones are affluent spenders and which cards have higher interest rates, then implement targeted customer incentive strategies to move Apple users to higher-rate cards. I would use the same tactic to convince customers to replace debit cards on file with iTunes with credit cards. But the big takeaway is that from here on out, banks can only gain incremental value from iOS. If they want to create a unified payment system that customers can use as part of their existing banking relationships, they'll have to focus on Android. Should that happen, I doubt that Apple could prevent such moves from diluting its merchant value proposition. But such moves on the part of issuers are hardly long-term strategies to incentivize frequent usage, merchant participation and overall customer value. Learn more about how Experian can help you with your mobile banking needs please visit: http://ex.pn/1t3zCSJ?INTCMP=DA_Blog_Post091214

By: Maria Moynihan At a time when people are accessing information when, where and how they want to, why aren’t voter rolls more up to date? Too often, voter lists aren’t scrubbed for use in mailing, and information included is inaccurate at the time of outreach. Though addresses and other contact information becomes outdated, new address identification and verification has not typically been a resource focus.  Costs associated with mandated election-related communications between government and citizens can add up, especially if messages never get to their intended recipients and, in turn, Registrar Offices never get a response. To date, the most common pitfalls with poorly maintained lists have been: Deceased records — where contact information for deceased voters has not been removed or flagged for mailing Email and address errors — where those who have moved or recently changed information failed to update their records, or where errors in the information on file make it unlikely for the United States Postal Service® to reach individuals effectively Duplicate records — where repeat records exist due to update errors or lack of information standardization With resources being tighter than ever, Registrar Offices now are placing emphasis on mailing accuracy and reach. Through third-party-verified data and advanced approaches to managing contact information, Registrar Offices can benefit from truly connecting with their citizens while saving on communication outreach efforts. Experian Public Sector recently helped the Orange County Registrar of Voters increase the quality of its voter registration process. Click here to view the write-up, or stay tuned as I share more on progress being made in this area across states.

by John P. Robertson, Senior Business Process Specialist As a Senior Business Process Specialist for the Experian Decision Analytics, John provides guidance to clients in the areas of profitability strategies for risk based pricing and relationship profitability. He assists banks in developing and implementing successful transitions for commercial lending that improve both the financial efficiency of the lending process and the productivity of the lending officers. John has 26 years of experience in the banking industry, with prior background in cash, treasury, and asset /liability management. For quite some time now, the banking industry has experienced a flat funding curve. Very small spreads have existed between the short and long term rates. Slowly, we have begun to see the onset of a normalized curve. At this writing, the five year FHLB Advance rate is about 2.00%. A simplistic view of loan pricing looks something like this: + Interest Income + Non-Interest Income - Cost of Funds - Non-Interest Expense - Risk Expense = Income before Tax The example is pretty simple and straight forward, “back of the napkin” kind of stuff. We back into a spread needed to reach breakeven on a five year fixed rate loan by using the UBPR (Uniform Bank Performance Report) national peer average for Non-Interest Expense of approximately 3.00%. You would need a pre-tax rate requirement of 5.00% before you consider the risk and before you make any money. If you tack on 1.00% for risk and some kind of return expectation, the rate requirement would put you around a 6.00% offering level. From a lender’s perspective, a 6.00% rate on a minimal risk five year fixed rate loan doesn’t exist. They might as well go home. CFO’s have been asking themselves, “What do we do with this excess cash? We get such a paltry spread. How can we put higher yielding loans on our books at today’s competitive rates? We’ve got plenty of capital even with the new regulation requirements so can we repo the securities and use the net spread for our cost of funds?” Leveraging the excess cash and securities in order to meet the pressing rate demands may be a way banks have been funding selective loans at such low rates on highly competitive, quality loan originations of size. But you have to wonder, what about that old adage, “You don’t short fund long term loans.” Won’t you eventually have to deal with compression and “margin squeeze”? Oh and by the way, aren’t you creating a mismatch in the balance sheet which requires explanation. Are they buying a swap to extend the maturity? If so, are they really making their targeted return? If this is what they are doing, why not just accept a lower return but one that is better than the securities? Share your thoughts with me.  

Online crooks are getting more sophisticated by the second. Nowadays, fraudsters have the ability to conduct “clean fraud,” obtaining legitimate identities of users from the black market or data breaches to compromise a victim’s card account. Malware, too, is becoming more sophisticated both in the mobile and non-mobile space. But how can organizations fight such high-level tactics in such a broad, complex space? John Sarreal, Senior Director of Product Management at 41st Parameter, an online fraud prevention player, sat down with PYMNTS after the recent release of the white paper “Surveillance, Staging, and the Fraud Lifecycle” to reveal the inner workings of a cyber criminal’s mind, what should be done before and after data is snatched, and which aspects of account takeover are the most overlooked and dangerous. Interview excerpts Take us through the mind of a cyber-criminal. What are the most sophisticated tactics used today to capture account information from corporate systems? JS: The amount of clean fraud that we see with our customers is unprecedented. By focusing on obtaining legitimate credentials and identities, fraudsters are more easily able to bypass traditional controls. This means that fraud tools need to adapt and gather additional attributes to augment their fraud screening. Although the techniques they’re using now to obtain these credentials are increasingly sophisticated, the MOs are still rooted in basic phishing and social engineering attacks. Fraudsters will use identity information obtained from the black market or data breaches to conduct very convincing phishing attacks to reveal everything that is needed to compromise a victim’s card account. There’s also increasing sophistication in the use of malware to steal sensitive credentials in both the mobile and non-mobile arena. In Android, for example, Google recently passed a vulnerability that allows sophisticated malware to impersonate digital certificate signing authorities. This vulnerability allowed the malware to install itself on a mobile device without any user notification or intervention – obviously, a very dangerous attack. Link to the podcast and transcript here.

Every prospecting list needs to be filtered by your organizations specific credit risk threshold.  Whether you’re developing a campaign targeting super-prime, sub-prime, or consumers who fall somewhere in between, an effective credit risk model needs to do two things: 1) accurately represent a consumer’s risk level and 2) expand the scoreable population. The newly redeveloped VantageScore® credit score does both. With the VantageScore® credit score, you get a scoring model that’s calibrated to post-recession consumer behavior, as well the ability to score nearly 35 million additional consumers - consumers who are typically excluded from most marketing lists because they are invisible to older legacy models. Nearly a third of those newly-scoreable consumers are near-prime and prime. However, if your market is emerging to sub-prime consumers - you’ve found the mother-load! Delinquency isn’t the only risk to contend with. Bankruptcies can mean high losses for your organization at any risk level.  Traditional credit risk models are not calibrated to specifically look for behavior that predicts future bankruptcies. Experian's Bankruptcy PLUS filters out high bankruptcy risk from your list.  Using Bankruptcy PLUS you’re able to bring down your overall risk while removing as few people as possible. My next post looks into ways to identify profitable consumers in your list.   For more see: Four steps to creating the ideal prospecting list.

At Experian, we frequently get asked by clients how they can get bigger mailing list that open new markets and reach more people. But bigger isn’t necessarily better, and it doesn’t always translate to a higher return on your marketing investment. Instead of just increasing volume, let’s consider a different, more focused approach - using the latest in analytic tools and scores.  This approach relies on effective pre-screening to create the ideal prospecting lists based on your business objective. We’ve identified four key steps to building a prescreen list of your ideal prospects: Optimize risk selection Find the most profitable consumers Target customers who need or want your products Design the right offer In the next post, Optimal Risk Selection,  I’ll dig deeper into each step and present some tools and scores that can help meet the objective of each.      

By: Teri Tassara “Do more with less” is a pervasive and familiar mantra nowadays as lenders seek to make smarter and more precise lending decisions while expertly balancing growth objectives and tightened budgets.  And lest we forget, banks must also consider the latest regulations and increased regulatory scrutiny from the industry’s governing bodies - such as OCC and CFPB. Nowadays, with the extensive application of predictive analytics in everyday lending practices, it makes sense to look to analytics to fine tune decision-making and achieve a greater return on investment in three common growth objectives for bankcard acquisitions: Profitable growth - How do I find the most profitable acquisition targets?  How do I know the borrowing characteristic of each consumer?  Are they high spend or high income?  Do they carry a balance but always make timely payments? Universe expansion - How many more consumers are there that meet my lending criteria? How can I effectively reach them? Customer experience - How do I offer the right product to the right customer? How do I communicate to my customers that I understand their lending needs? To that end, growth objectives vary by lender; as such, so should their bankcard acquisitions analytical toolkit. The analytical toolkit arsenal should enable lenders to develop refined bankcard campaign strategies based on their specific objectives. Look for upcoming posts on the essential components of the bankcard acquisitions analytical toolkit.  

By: Mike Horrocks The Wall Street Journal just recently posted an article that mentioned the cost of the financial regulations for some of the largest banks.  Within the article it is staggering to see the cost of the financial crisis and also to see how so much of this could have been minimized by sound banking practices, adoption to technology, etc.  As a former commercial banker and as I talk with associates in the banking industry, I know that there are more causes to point at for the crisis then there are fingers…but that is not the purpose of my blog today. My point is the same thing I ask my teenage boys when they get in trouble, “Now, what are you going to do to fix it?” Here are a couple of ideas that I want to share with the banking industry.  Each bank and market you are going after is a bit unique; however think about these this week and what you could do. It is about the customer – the channel is just how you touch that customer.  Every day you hear the branch office is dead and that mobile is the next wave.  And yes, if I was a betting man, I would clearly say mobile is the way to go. But if you don’t do it right, you will drive customers away just as fast (check out the stats from a Google mobile banking study).    At the end of the day, make sure you are where your customers want to be (and yes for some that could even be a branch). Trust is king.  The Beatles may have said that “All You Need Is Love”, but in banking it is all about trust.  Will my transaction go thru? Will my account be safe? Will I be able to do all that I need to do on this mobile phone and still be safe since it also has Angry Birds on it?  If your customer cannot trust you to do what they feel are simple things, then they will walk.  You have to protect your customers, as they try to do business with you and others. Regulations are here to stay.  It pains me to say it, but this is going to be a truth for a long while.  Banks need to make sure they check the box, stay safe, and then get on to doing what they do best – identify and manage risk.  No bank will win the war for shareholder attention because they internally can answer the regulators better than the competition.  When you are dealing with complicated issues like  CCAR, Basel II or III, or any other item, working with professionals can help you stay on track. This last point represents a huge challenge for banks as the number of regulations imposed on financial institutions has grown significantly over the past five years. On top that the level of complexity behind each regulation is high, requiring in-depth knowledge to implement and comply. Lenders have to understand all the complexity of these regulations so they can find the balance to meet compliance obligations. At the same time they need to identify profitable business opportunities.     Make sure to read our Comply whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.  A little brainstorming and a single action toward each of these in the next 90 days will make a difference.  So now, what are you going to do to fix it?

Are you sure you are making the best consumer credit decisions? Given the constantly evolving market conditions, it is a challenge to keep informed. In order to confidently grow and manage the bottom line, organizations need to avoid these four basic risks of making credit decisions with limited trend visibility. Competitive Risk - With limited visibility to industry trends, organizations cannot understand their position relative to peers. Product Risk - Organizations without access to the latest consumer behaviors cannot identify and capitalize on emerging trends. Market Risk - Decisions suffer when made without considering market trends in the context of the economy. Resource Risk - Extracting useful insights from vast market data requires abundant resources and comprehensive expertise. Get more information on the business risks of navigating credit decisions with limited trend visibility.