Industries

By: Kristan Frend As if business owners need one more thing to worry about — according to the Javelin Strategy & Research’s 2010 Identity Fraud Survey Report, respondents who defined themselves as “self-employed” or “small business owners” were one-and-a-half times more likely to be victims of identity theft. Intuitively this makes sense- business owners exposure would be higher than the average consumer as their information is viewed more often due to the broad array of business service needs. Also consider the fact that until recently, multiple states had public records containing proprietors social security numbers as tax identification numbers readily accessible on-line. What a perfect storm this has all created! Javelin’s report also explained that while the average fraud incidence for business owners was lower than the average consumers, small business owner’s consumer costs were higher.  In other words the small business owner suffered more out of pocket costs for identity theft losses than the average consumer. Experts believe this is due to the fact that commercial accounts often do not receive the same fraud guarantee protections that consumer accounts are afforded. While compliance regulations such as Red Flags Rules will enhance consumer safety, institutions must further develop their prevention and protection methods beyond what is legally required to sufficiently protect their small business customers from future fraud attacks. Small business owner fraud and the challenges organizations face in identifying and mitigating these losses are frequently overlooked and overshadowed by consumer fraud. Simply put, fraud is prevented because fraud is detected- verifying that the business owners is who they say they are using multiple data sources is critical to identifying applicant irregularities and protecting small business owners. A well-executed fraud strategy is more than just good business – it helps reduce small business customer acquisition costs and ultimately allows you to make better business decisions, creating a mutually beneficial relationship between your organization and the small business owner.  

With the news from the Federal Reserve that joblessness is not declining, and in fact is growing, a number of consumers are going to face newly difficult times and be further challenged to meet their credit obligations. Thinking about how this might impact the already struggling mortgage market, I’ve been considering what the impact of joblessness is on the incidence of strategic default and the resulting risk management issues for lenders. Using the definitions from our previous studies on strategic default, I think it’s quite clear that increased joblessness will definitely increase the number of ‘cash-flow managers’ and ‘distressed borrowers’, as newly jobless consumers face reduced income and struggle to pay their bills. But, will a loss of income also mean that people become more likely to strategically default? By definition, the answer is no – a strategic defaulter has the capacity to pay, but chooses not to, mostly due to their equity position in the home. But, I can’t help but consider a consumer who is 20% underwater, but making payments when employed, deciding that the same 20% that used to be acceptable to bear, is now illogical and will simply choose to stop payment? Although only a short-term fix, since they can use far less of their savings by simply ceasing to pay their mortgage, this would free up significant cash (or savings) for paying car loans, credit cards, college loans, etc; and yet, this practice would maintain the profile of a strategic defaulter. While it’s impossible to predict the true impact of joblessness, I would submit that beyond assessing credit risk, lenders need to consider that the definition of strategic default may contain a number of unique, and certainly evolving consumer risk segments. __________________________ http://money.cnn.com/2010/08/19/news/economy/initial_claims/index.htm

With the recent release of first-time unemployment applications by the Labor Department showing weaker than expected results, it comes as no surprise that July foreclosure rates  also reflect the on-going stress being experienced by consumers across the nation. When considering credit score trends and delinquency measures across credit products, it’s interesting to see how these trends appear to be playing out in terms of their impact on consumer score migration patterns. Over the past year or so, it appears that the impact of a struggling economy is the creation of a two-tier consumer credit system. On one hand, for consumers with stronger credit risk scores who are able to successfully manage their financial obligations, we see stability in the composition of the prime and super-prime population. On the other hand, as other consumers face challenging times, especially through joblessness and reductions in real-estate equity, there are consumers who experience significant credit management issues and subsequently, their risk scores decline. The interesting phenomenon is that there seems to be fewer and fewer consumers who remain in between these two segments. Credit score migration patterns suggest the evolution of two distinct consumer populations: a relatively stable, lower-risk segment, and a somewhat bottom-heavy higher-risk population, comprised of consumers with long-term repayment challenges, recent foreclosures, repossessions and higher delinquency rates. Clearly, this type of change in score distribution directly impacts lenders and their acquisition and account management strategies. With few signs of a pending economic recovery, it will be interesting to watch this pattern develop in the long-term to see if the chasm between these groups becomes wider and more measurable, or whether other economic influences will further transform the consumer credit landscape.

Recently, a number of media articles have discussed the task facing financial institutions today – find opportunities growth in a challenging and flat economy. The majority of perspectives discuss the fact that lenders will soon have no choice but to look to the ‘fringe’, by lowering score cut-offs, adjusting acquisition strategies and introducing greater risk into their portfolios in order to grow. Risk and marketing departments are sure to be creating and analyzing credit risk models and assessing credit risk in new, untapped markets in order to achieve these objectives. While it may appear to be oversimplifying the task, many lenders have the opportunity to grow simply by understanding more about two groups of consumers that are already sitting in their offices (or application queues) today: applicants who are approved, but book elsewhere, and applicants that are declined. There are a number of analytic techniques that can be utilized to understand these populations further. Lenders can study the characteristics of other loans originated by these lost consumers, and can also perform analyses of how these consumers performed after booking competitive offers. By understanding the credit characteristics and account delinquency trends of its current applicants, lenders can uncover a wealth of information and insight about the growth opportunities sitting right before them.

There are a number of people within the industry heralding the death of knowledge based authentication. To those people I would say, “In my humble opinion you are as wrong as those recent tweets proclaiming the death of Bill Cosby.” Before anyone’s head spins around, let me explain. When I talk about knowledge based authentication and out of wallet questions, I mean it in the truest sense, a la dynamic questions presented as a pop quiz and not the secret questions you answered when you set-up an account. Dynamic knowledge based authentication presents questions are generated from information known about the consumer, concerning things the true consumer would know and a fraudster wouldn’t. The key to success, and the key to good questions, is the data, which I have said many, many times before. The truth is every tool will let some fraud through; otherwise, you’re keeping too many good customers away. But if knowledge based authentication truly fails, there are two places to look: Data: There are knowledge based authentication providers who rely solely on public record data for their KBA solutions. In my opinion, that data is a higher data risk segment for compromise. Experian’s knowledge based authentication practice is disciplined and includes a mix of data. Our research has shown us that a question set should, ideally, include questions that are proprietary, non-credit, credit and innovative. Yes, it may make sense to include some public record data in a question set, but should it be the basis for the entire question set? Providers who can rely on their own data, or a strategic combination of data sources, rather than purchasing it from one of the large data aggregators are, in my opinion, at an advantage because fraudsters would need to compromise multiple sources in order to “game the system.” Actual KBA use: Knowledge based authentication works best as part of a risk management strategy where risk based authentication is a component within the framework and not the single, determining factor for passing a consumer. Our research has shown that clients who combine fraud analytics and a score with knowledge based authentication can increase authentication performance from 20% - 30% or more, depending on the portfolio and type of fraud (ID Fraud vs. First Party, etc.)… and adding a score has the obvious benefit of increasing fraud detection, but it also allows organizations to prioritize review rates efficiently while protecting the consumer experience. So before we write the obituary of KBA, let’s challenge those who tinker with out of wallet products, building lists of meaningless questions that a 5th grader could answer. Embrace optimized decisions with risk based authentication and employ fraud best practices in your use of KBA.

A few days ago I saw an article about hackers working from Russia, while committing check fraud in the United States. In what those investigating are calling a brilliant operation, the fraudsters compromised companies that archive and store records of check images or checks themselves. They then downloaded those check images and all available information. By printing new checks and using an old Internet “money mule” scheme, the fraudsters were able to send the bogus checks to ”the mule”, often as a payment, and have the check cashed at the mule’s bank to get the balance of the funds wired to an off-shore bank account. That article made me think about new breakthroughs in technology. What if those fraudsters had been a little savvier? What if they had the most recent smart phone application installed and didn’t need a mule to wire the money? They could have simply written checks and uploaded them for deposit to an account to which they had gained access with the hottest application du jour – deposit via photo image uploaded from a smart phone. That application would have allowed the fraudsters to cash the bogus check, gain access to the funds and move them to the next account at will. Or would it? Given the move toward mobile banking, it isn’t really a stretch to see this kind of thing happening. Probably not, but if organizations offering this kind of service use a risk based authentication approach it is more likely they use fraud models and decisioning strategies to minimize fraud and protect consumers while pushing out the latest technology. For those reasons, risk management solutions and enterprise fraud vendors need to not only keep pace with technology but also stay ahead of the curve in order to provide optimized decisions and the most relevant fraud analytics. Considering recent fraud trends and my love affair with mobile everything, I know I want the organizations I do business with to do everything they can to prevent fraud…and I’m positive I want my smart phone to be as smart as possible.

By: Kari Michel What are your acquisition strategies to increase consumer lending and gain market share? This blog will discuss new approaches to create segment-based targeting campaigns and the ability to precisely time the offer delivery with consumer needs. The most aggressive and successful banks are using need and attitudinal segmentation, coupled with models that identify consumers in the market for loan products. The return on marketing investment from these refined marketing efforts often exceed 350%, measured on a net of control basis, after all marketing costs. Here is a case study, using Experian tools, showing how one marketer used segment-based targeting, tailoring and timing to increase their response rate 145% over a competitor’s product. In the highly competitive credit card arena, a new business model is emerging that is dependent on acquiring new accounts from consumers that are grouped into specific behavior segments (Credit Hungry Card Switchers and Case Oriented Skeptics) and looking at consumers that were in the market, as well as had the highest likelihood of opening a bankcard account within the next 1 – 4 months. Test Results Total   Competitor Experian Experian lift Quantity      624,000      623,953 Response Rate % 2.09% 3.03% 145% Actual Responses        13,035 18,902 Booked Rate % 1.64% 2.24% 137% Actual Booked        10,208 13,989 Approval Rate % 78.30% 74.01% 95% In addition to a 145% lift in response rate, over 3,700 more accounts were booked over the competition. These same tools, “In The Market Models” (developed using credit bureau data) and “Financial Personalities®”, can help your organization have a greater return on your direct marketing investment by increasing acquisition rates.  

By: Wendy Greenawalt The final provisions included in The Credit Card Act will go into effect on August 22, 2010. Most lenders began preparing for these changes some time ago, and may have already begun adhering to the guidelines. However, I would like to talk about the provisions included and discuss the implications they will have on credit card lenders. The first provision is the implementation of penalty fee guidelines. This clause prohibits card issuers from charging fees that exceed the consumer’s violation of the account terms. For example, if a consumer’s minimum monthly payment on a credit card account was $15, and the lender charges a $39 late fee, this would be considered excessive as the penalty is greater than the consumers’ obligation on that account. Going forward, the maximum fee a lender could charge in this example would be $15 or equal to the consumers obligation. In addition to late fee limitations, lenders can no longer charge multiple penalty fees based on a single late payment,  other account term violations or fees for account inactivity.  These limitations will have a dramatic impact on portfolio profitability, and lenders will need to account for this with all accounts going forward. The second major provision mandates that if a lender increased a consumer’s annual interest rate after January 1, 2009 due to credit risk, market conditions, or other factors, then the lender must maintain reasonable methodologies and perform account reviews no less than every 6 months. If during the account review, the credit risk, market conditions or other factors that resulted in the interest rate increase have changed, the lender must adjust the interest rate down if warranted. This provision only affects interest rate increases and does not supply specific terms on the amount of the interest rate reduction required; so lenders must assess this independently to determine their individual compliance requirements on covered accounts. The Credit Card Act was a measure to create better policies for consumers related to credit card accounts and overall will provide greater visibility and fair account practices for all consumers. However, The Credit Card Act  places more pressure on lenders to find other revenue streams to make up for revenue that was previously received when accounts were not paid by the due date, fees and additional interest rate income were generated. Over the next few years, lenders will have to find ways to make up this shortcoming and generate revenue through acquisition strategies and/or new business channels in order to maintain a profitable portfolio. http://www.federalreserve.gov/newsevents/press/bcreg/20100303a.htm

In “An ounce of prevention is worth a pound of cure” Kristan Frend touched on the vulnerabilities faced by members of our Armed Services. That post made me think about recent fraud trends.  Over the course of this spring and summer, I attended a few conferences and at one of these events something a bit disturbing occurred – a staff member for one of the exhibitors was victimized during the event. The individual’s wallet, containing cash and credit cards, was stolen along with the person’s passport and the victim didn’t realize it until they received their wake-up call the next morning. The few people who heard about it wondered “How could this happen at an event of industry professionals?” The answer is simple.  Even industry professionals are every-day consumers, vulnerable to attack. As part of our Knowledge Based Authentication practice, Experian engages in blind focus group interviews with “every-day consumers” facilitated by an independent consulting group on Experian’s behalf. What we learn during those sessions informs our best practices for many of the fraud products and guides our process for new question generation in Knowledge Based Authentication. It is also an eye-opening experience. Through our research we have learned that participant consumers are now more aware and accepting of Knowledge Based Authentication than in past years. Knowledge Based Authentication has become a bellwether, consumers expect it. They also expect organizations they deal with to have an Identity Theft Prevention Program – and the ability to recognize when something “just isn’t right” about a situation. However, few participants cited a comprehensive strategy to protect themselves against identity theft, and even fewer actually demonstrated a commitment to follow a strategy, even when they had one. During open and honest conversation in a relaxed setting, participants revealed their true behavior. Many admitted they still use the same password for all their accounts, write their passwords down, and keep copies of their passwords in easily accessible places, such as a purse or a wallet, a desk drawer or an online application. The bottom line is this: Most people will attempt to do what they think they should to protect themselves from identity theft, including shredding or tearing up mail offers, selectively using credit cards and/or monitoring their garbage. However, if the process is too cumbersome or if it requires that they remember too much, they will default to old habits. As Kristan pointed out, thieves may increasingly rely on computer attacks to gather data, but many still resort to low-tech methods like dumpster diving, mail tampering, and purse and wallet theft to obtain privacy sensitive information. When that purse or wallet contains not only personally identifiable information, but also account passwords, the risk levels are significantly higher. Cyber attacks are a threat, but a consumer’s own behavior may be just as risky. As for the victim in this story… a very sharp desk clerk at a neighboring hotel thought it strange that someone was checking-in for a number of days without a reservation at full rate and without luggage, which started the ball rolling and led to the perpetrator being caught and the victim getting everything back except for some cash that had been spent at a coffee merchant. Clearly, this close call didn’t turn-out as badly as it could have.

By: Kristan Frend Last week I came across a news article that said the NYPD arrested 26 people who allegedly took at least $5 million from stealing identities. What I found most disturbing was that criminals allegedly affected more than 200 soldiers, including many of whom were unaware of what was happening, since they were serving overseas. To help reduce the risk of identity theft and minimize fraud losses, all three major credit bureaus provide Active- Duty Alerts, which allow deployed soldiers to have their credit frozen while they are overseas. While these fraud alerts, coupled with financial institutions implementing identity theft programs,  can help prevent identity theft losses, what is being done to reduce the risk of military personnel data being exposed and stolen? As social security numbers play a key role in identity theft, I was surprised and disturbed to learn that government issued military ID cards include the card holder’s social security number in full on the front.  This creates an obvious security vulnerability to the card holder. Especially considering that the military ID card must be shown in a number of situations, such as getting on and off base, medical care, picking up prescriptions, entering a base shopping exchange, mess hall, etc.  There are many situations where the service member encounters people in positions that were once filled by military personnel but are now filled by civilians, who may not have the same code of honor toward others in the military community. While it’s true that thieves are increasingly using computer hacking, phishing, malware, spyware and key stroke loggers to gather SSNs, thieves still resort to low-tech methods like dumpster diving, mail tampering, and purse and wallet theft to obtain privacy sensitive information.  The need to show ID so often and the fact that it contains all of their pertinent data, puts service members at particular risk when they may be in harm’s way, focused more on missions than money missing from their bank account. The good news is that the Department of Defense launched a Social Security Number reduction initiative consisting of a phased removal of SSNs. Phase one, removal of dependent SSNs from ID cards is underway. Phase two, removal of printed SSNs from all cards has been placed on hold indefinitely, and phase three, removal of SSNs embedded in barcodes will begin in 2012. My point is not to be critical of the use of SSNs; I think we all can agree that the use of SSNs have become an integral part of our culture.  However, we should look to see that organizations carefully balance the value of how SSNs are used with the vulnerabilities that its use creates. The old adage “an ounce of prevention is worth a pound of cure” could never be truer than with identity theft. The easiest way to minimize fraud is to avoid it by not giving criminals the opportunity to perpetrate identity theft against individuals.

By: Kennis Wong Several weeks ago, I attended and presented at Experian’s sold-out annual conference, Vision, in Phoenix, Arizona. One of the guest speakers was Malcolm Gladwell, best-selling author of The Tipping Point, Blink, Outliers and What the Dog Saw: And Other Adventures. Since I've read three of his four books, I could be considered a fan. And yes, his hair did look as wild in person as it appears in the pictures on the insides of his book covers. But that was not why I was so impressed by his speech. The real reason was that his topic was so relevant to how Experian Decision Analytics delivers value to our clients. Gladwell spent the whole hour addressing the difference between “puzzle” and “mystery”, providing abundant examples for both. The puzzle-versus-mystery topic was from one of his articles in The New Yorker. To solve a puzzle, one or more pieces of information are needed. The source of the problem is that insufficient data is available to have a conclusive answer to the question. An example would be finding Osama Bin Laden’s whereabouts. We simply do not have enough information to locate him, and we need more intelligence. On the other hand, a mystery is not solved by simply gathering more information. It is a matter of making sense out of a massive amount of data available, using analysis and judgment. Enron’s creative accounting was an example of a mystery. All the information was out in the open. Pages and pages of SEC filings and annual reports were there for anyone who was willing and able to analyze them. All that was needed to solve the mystery was to make sense out of the data. In the Fraud and Identity Solutions team, we satisfy clients’ needs by providing solutions for both puzzles and mysteries to fend off fraudsters. Besides the core credit bureau data, we have demographic data, fraud consortium data, past application data, automotive data and much more. We also have strategic partnerships to deliver demand deposit account, cell phone, and device data. All these data sources ensure that our clients get the data they need to piece the puzzle together. Our consulting and analytics, on the other hand, help clients to solve mysteries. Looking at individual pieces of disparate data is inefficient and provides little or no value. That’s why our numerous scoring solutions combine the available data in a way that is most predictive of various fraud outcomes. For example, our Precise ID Score and Fraud Shield Score Plus predict first- and third-party fraud; our BustOut Score predicts the likelihood of bust outs; our Never Pay score predicts the likelihood of a consumer never making a payment. As more data are available, we incorporate them into existing or new models if it increases the effectiveness of the models. So we have both the puzzle and mystery grounds covered. A note to Malcolm Gladwell: Great job at Vision! If you write a book about this topic, I’ll definitely buy it.  

By: Kari Michel Credit risk models are used by almost every lender, and there are many choices to choose from including custom or generic models.  With so many choices how do you know what is best for your portfolio?  Custom models provide the strongest risk prediction and are developed using an organization’s own data.  For many organizations, custom models may not be an option due to the size of the portfolio (may be too small), lack of data including not enough bads, time constraints, and/or lack of resources. If a custom model is not an option for your organization, generic bureau scoring models are a very powerful alternative for predicting risk.  But how can you understand if your current scoring model is the best option for you? You may be using a generic model today and you hear about a new generic model, for example the VantageScore® credit score.   How do you determine if the new model is more predictive than your current model for your portfolio?  The best way to understand if the new model is more predictive is to do a head-to-head comparison – a validation.  A validation requires a sample of accounts from your portfolio including performance flags.  An archive is pulled from the credit reporting agency and both scores are calculated from the same time period and a performance chart is created to show the comparison. There are two key performance metrics that are used to determine the strength of the model.  The KS (Komogorov-Smirnov) is a statistical term that measures the maximum difference between the bad and good cumulative score distribution.  The KS range is from 0% to 100%, with the higher the KS the stronger the model.  The second measurement uses the bad capture rate in the bottom 5%, 10% or 15% of the score range. A stronger model will provide better risk prediction and allow an organization to make better risk decisions.  Overall, when stronger scoring models are used, organizations will be best prepared to decrease their bad rates and have a more profitable portfolio.  

With the upcoming changes to overdraft fee policies coming to the banking industry July 1st, courtesy of the Federal Reserve, banks and credit unions are re-examining the revenue growth opportunities through their new account opening process. We frequently hear from our fraud risk and operations client partners that when there is a push for revenue growth, fraud detection gets de-prioritized as a trade off to bringing in more new customers.  A DDA-friendly risk based authentication approach may offer some compromise to this seemingly “one for one” exchange.  Here are some quick revenue-friendly, risk-averse practices being seen in the branches, call centers, and online channels of Experian clients: • Drive referrals to knowledge based authentication (KBA), negative record checks (account abuse, fraud records) or both off of an upfront fraud score, such as the Precise ID(SM) for Account Opening score. Segmenting based on risk is cost efficient and promotes an improved customer experience. • Bolster the fraud defenses of your online channel by raising the “pass” or “accept” threshold. The lower acquisition costs for this online account opening are tempting but this is also the venue most exploited by fraudsters.  Some incremental manual reviews should work out as a small price to pay to catch the higher prevalence of fraud. • Cross sell and up sell with confidence based on more comprehensive authentication. By applying appropriate risk based authentication strategies, more products can be offered and exposure is reduced because you know you are dealing with the true consumer.    

By: Staci Baker With the increase in consumer behaviors such as ‘strategic default’, it has become increasingly difficult during the past few years for lenders to determine who the most creditworthy consumers are – defining consumers with the lowest credit risk. If you define risk as ‘the likelihood of [a consumer] becoming 90 days or more past due’, the findings are alarming. From June 2007 to June 2009, Super Prime consumers (those scoring 900 or higher) in the U.S. have gone from an average  VantageScore® credit score* of 945 to 918, which increased their risk level  from approx. 0.12% to 0.62% - an increase of 417% for this highly sought after population!  Prime and near prime risk levels increased by 400% and 96% respectively.  Whereas subprime consumers with few choices (stay subprime or improve their score), saw a slight decrease in risk, 8% - increasing their average VantageScore® credit score from 578 to 599. So how do lenders determine who to lend to, when the risk level for all credit tiers increases, or remain risky?  In today’s dynamic economy, lenders need tools that will give them an edge, and allow them to identify consumer trends quickly.  Incorporating analytic tools, like Premier Attributes, into lender’s origination models, will allow them to pinpoint specific consumer behavior, and provide segmentation through predefined attribute sets that are industry specific and target profitable accounts to improve acquisition strategies. As risk levels change, maintaining profitability becomes more difficult due to shrinking eligible consumer pools.  By adding credit attributes, assessing credit risk both within an organization and for new accounts will be simplified and allow for more targeted prospects, thus maximizing prospecting strategies across the customer lifecycle and helping to increase profitability. * VantageScore®, LLC, May, 2010, “Finding Creditworthy Consumers in a Changing Economic Climate”  

We've blogged about fraud alerts, fraud analytics, fraud models and fraud best practices. Sometimes, though, we delude ourselves into thinking that fraud prevention strategies we put into place today will be equally effective over time.  Unfortunately, when a rat finds a dead-end in a previously-learned maze, it just keeps hunting for an exit.  Fraudsters are no different.  Ideally we want to seal off all the exits, and teach the rats to go and do something productive with their lives, but sadly that is not always the case.  We also don't want to let too many good consumers get stuck either, so we cannot get too trigger-happy with our fraud best practices. Fraud behavior is dynamic, not static.  Fraudsters learn and adapt to the feedback they receive through trial and error.  That means when you plug a hole in your system today, there will be an increased push to seek out other holes tomorrow.  This underscores the importance of keeping a close eye on your fraudsters' behavior trends. But there must be some theoretical breaking point where the fraudsters simply give up trying--at least with your company.  This behavioral extinction may be idealistic in the general sense, but is nonetheless a worthy goal as related to your business.  One of the best things you can do to prevent fraud is to gain a reputation amongst the fraudsters of, "Don't even try, it's not even worth it."  And even if you don't succeed in getting them to stop trying altogether, it's still satisfying to know you are lowering their ROI while improving yours