Fraud & Identity Management

Credit card declines Surag Patel, vice president of global product management for 41st Parameter, led a panel discussion on Digital Consumer Trust with experts from the merchant community and financial services industry at this week’s CNP Expo. During the hour-long session, the expert panel – which included Patel, Jeff Muschick of MasterCard and TJ Horan from FICO – discussed primary research explaining the $40 billion in revenue lost each year to unwarranted CNP credit card declines and what businesses can do to avoid it. Patel began the Thursday morning session by asking the audience how many have bought something online—of course, everyone raised their hands. He then asked how many had been declined—about half the hands stayed up. “Of those with your hands still up,” he said, “how many of you are fraudsters?” The audience chuckled, but the reality of false positives and unnecessary declines is no laughing matter. Unnecessary declines cause lost revenue and damage the customer relationship with merchants, banks and card issuers. The panel cited a 41st Parameter survey of 1,000 consumers and described their responses to the question, what do you do after you get declined? While many would call the card issuer or try a different payment method, one in six would actually skip the purchase altogether, one in ten would purchase from a different online merchant, and one in twelve would go buy the item at a brick-and-mortar store. So regardless of who the customer blames, ultimately, when a good purchase is declined, everybody loses. Jeff Muschick, who works in fraud solutions for MasterCard, spoke about the need for a solid rules engine, and recommended embracing new tools as they emerge to enhance their fraud prevention strategy. He acknowledged that for smaller merchants, keeping up with fraudsters can be incredibly taxing, and often even at larger organizations, fraud departments are understaffed. For that reason, he highlighted a tool that many fraud prevention strategies are leaving on the table, and that’s cooperation: “We talk about collaboration, but it’s not as gregarious as we’d like it to be.” TJ Horan, who is responsible for fraud solutions at FICO, encouraged merchants, banks, and card issuers to mitigate the damage of good declines through customer education. He observed that “if there was a positive thing to come out of the Target breach (and that’s a big ‘if’), it is an increase in general consumer awareness of credit-card fraud and data protection.” This helps inform customers’ attitudes when they are declined, because they realize it is probably a measure being taken for their own protection, and they are likely to be more forgiving. Click here for more information about TrustInsight and how online merchants can increase sales by approving more trusted transactions.

Recently, I sat down to answer three questions for “The Year of Payments - 2015: One Quarter in” for PYMNTS.com on the topic of mobile payments in regards to: How Q1 2015 is different than Q1 2014 What’s the most significant development so far this year? If “Payments 2015” were a brand and had a tagline, what would it be and why? A significant factor in shaping the next frontier in fraud management is the continued rapid growth in online and mobile payments as the preferred methods of doing business for many consumers. With more than a third of customers interacting with a single business in five or more channels and more than 85 percent of consumers using online or mobile to conduct business, the need for omnichannel fraud prevention becomes a requirement. These trends make mobile-device intelligence as important to the authentication process as traditional personally identifiable information. As a result, the need to integrate device intelligence into the authentication process to associate a consumer to a known device is critical. Companies already are beginning to incorporate device intelligence into their authentication strategies. The ability to verify a customer through his or her device is a huge benefit to the overall customer experience and not only makes it easier for the customer to do business with you, but also adds an additional layer of validation. The challenge with any new emerging business or new technology is maintaining a frictionless customer experience foremost because fraudsters are always the early adopters. Make sure to read our perspective paper to see why emerging channels call for advanced fraud identification techniques and what myself and other industry leaders had to say on the topic of mobile payments:

At the start of the Vision 2015 Conference, Experian® announced a new dedicated enterprise Fraud and ID business in North America. This newly established business unit allows Experian, the leading global information services company, to more aggressively address the growing variety of fraud risk and identity management challenges businesses, financial institutions and government agencies face. “The rapid progression of wide-scale fraud and data breaches have led to a significant increase in identity theft related risk, and potential fraud losses on a larger scale than ever anticipated,” said Charles Chung, president of Decision Analytics, Experian North America. “For nearly two decades, we have been helping clients solve the difficult and ever-changing problems of fraud detection and identity management. Our core expertise was further enhanced by the recent acquisition of 41st Parameter which added device identification as another important layer of sophistication to our suite of fraud detection tools. Now the creation of a new fraud business unit brings all components of our Fraud and ID services together to better serve all markets through our innovative authentication techniques, advanced analytics and Big Data insights.” Having one comprehensive operation allows Experian to deliver greater value across its various addressable markets through customized approaches that balance privacy, security and compliance requirements with client reputation, customer experience, convenience and efficiency. The integration brings together a wide set of enterprise services ranging from identity and device risk assessment and anti–money laundering to consumer identity monitoring and alerts, letting Experian continue to proactively meet client needs surrounding the complex risks they face. Dr. Jon Jones has been appointed to lead the new business unit as senior vice president and general manager of Fraud and ID for Experian North America. “Data security and fraud management affect many industries as identity data has become so compromised that authenticating consumers through traditional means is not enough to safeguard against fraud. Modern fraud risks now absolutely require Big Data assets and the proven ability to derive predictive analytical capabilities to meet these challenges,” said Jones. “Today, online and mobile commerce, and customer demands for convenience and speed are intersecting with the increasing sophistication of criminal fraud networks. Experian’s new integrated fraud business delivers next-generation holistic fraud management services, leveraging our vast data landscape to identify customers’ risk for fraud even when no threat has been detected to stay ahead of the growing market demands.” Accounting for the real risk of identity compromise over time continues with the launch of Experian’s Identity Element NetworkSM which identifies real-time fraud volume and velocity linkages across multiple industries to predict when consumers are showing risk of identity compromise. Experian monitors and predicts when seemingly random identity element linkages become meaningful risk clusters, including: When an identity likely has been compromised When an identity is victim of a data breach When a transaction is part of an identity theft scheme, particularly an account takeover When consumers’ identities are exhibiting identity theft, visible by monitoring a broad portfolio of breached or compromised consumers "Cybercriminals continue to rapidly escalate their assault on sensitive data across a variety of industries, with no end in sight," said Julie Conroy, research director at Aite Group.  "This requires fraud prevention capabilities to undergo a similar rapid evolution, with a new, more advanced approach to identity management sitting squarely in the middle of risk mitigation. Simple personally identifiable information is no longer enough to verify identity; the next wave of fraud and cybersecurity services needs to employ robust data and advanced analytical capabilities in order to make faster and more informed identity decisions." Experian’s Identity Element Network service can be utilized through its flagship fraud enterprise platform, Precise ID®, using its data assets and analytics alongside 41st Parameter’s FraudNet to deliver a comprehensive view of the Customer Life Cycle of traditional identity, device confidence and risk assessment. Learn more about Experian’s Big Data fraud service for breach identity compromise detection for your business.

Identity fraud and the utility industry In the utility industry today, gaining enterprise-wide systemic control over credit risk assessment, identity verification and compliance oversight are causing many leading organizations major headaches.   The ability for IT departments to modify their core legacy systems to effectively implement and support these critical functions is ever-challenging.  And for the business, the inability to gain real-time access and control to these functions means slower speed to market with automated risk controls, costing the organization (and therefore rate-paying customers) tens of millions in losses annually and lost productivity in manual reviews and call center costs.   In addition to the obvious financial impact, customer experience invariably suffers, negatively impacting those good paying, low-risk customers and leading to downstream issues with complaints to regulators. The ideal solution provides organizations the ability to quickly identify customers and compliance requirements, while maintaining a strong and transparent security posture for user authentication and strategic control over the complete customer life-cycle.   To minimize barriers to implementation, such a solution requires a flexible, user-friendly hosted platform incorporating all the various credit and alternate data sources with reporting and industry best practice strategies available “out of the box”. While there are several types of fraud perpetrated on utilities, one common form involves the opening of an account in a legitimate consumer’s or business’s name by a fraudulent party with the service address belonging to the fraudulent party (aka the “name game”). Utility fraud may take a long time to discover, as the fraudster may have a history of making some payment, but often times leaves the organization with a significant, unpaid balance.  Even after an account goes to collections for nonpayment, it can take a very long time before the fraud is confirmed.  Even if consumers and businesses periodically check their credit reports, they may not be aware that accounts had been opened in their name because the accounts usually aren’t reported until they reach collections. This means utility fraud through identity theft can lead to eroding customer relationships and losses. Best Practices for Customer Identity Verification An overall compliance or identity checking program will prevent fraud losses and increase customer satisfaction.  The same basic principles that apply to customer centric decisions apply here. gain knowledge of the customer through data, gain insight through specifically developed models and analytics, and make identity decisions using expert strategies. A best practice identity service will employ a customer acquisition platform like PowerCurve OnDemand to automatically acquire critical consumer and business identity authentication data, scores and analytics.  Models such as Precise ID and BizID allow clients to make decisions that are tailored to these specifications.  These results can be incorporated into automated accept or referral decisioning. Clients can customize these decision strategies for results based on the presence and absence of both positive and high-risk conditions. Specifically, the service helps clients to: Positively identify legitimate consumers Preserve positive consumer experiences by limiting or eliminating the need for more manual and arduous authentication processes that require more customer engagement and time Direct more intensive authentication procedures, such as knowledge-based authentication questions, only to the riskiest applicants or transactions Preserve positive customer experiences by preventing fraudulent accounts being opened in their name Detect potential fraud and reduce charge-offs FACTA and Red Flag Compliance Another advantage of using an acquisition platform like PowerCurve OnDemand is if the utility is obtaining consumer credit reports for other purposes, such as to determine a deposit amount, the platform can also perform many of the FACT Act and Red Flag checks that are required under the Fair Credit Reporting Act to limit identity theft as well.  So, at the same time, the platform can help meet compliance due-diligence requirements during application and account management processes. Matching Finally, the software platform may be able to perform a “matching process” on the applicant against existing or former customers.  If there is a match, this may also bring insight into whether or not an identity theft may be occurring. In Conclusion Consider a comprehensive platform that assists in identity verification process for both consumer and business accounts.  Ensure it can bring in world class data, models and analytics to gain insight on the identity of the consumer or business.  If applicable, leverage the platform for compliance related checks as well.  The rewards in lower write offs and increased customer satisfaction should yield great results.

With more than one-third of customers interacting with a single business in five or more channels and more than 85 percent of consumers using online or mobile to conduct business, omnichannel fraud prevention has become a necessity. Implementing a layered approach to authentication and integrating device intelligence into the process to associate a consumer with a known device are critical components of a fraud mitigation strategy. In addition to providing another layer of validation, verifying a customer through his or her device makes it easier for the customer to interact with the business and is a huge benefit to the overall customer experience. Perspective paper: Protecting the customer experience - The impact of fraud on the customer relationship

Gift cards are the most requested gift item and have been for the last eight years. Merchants love gift cards because they take up very little space and the recipient often ends up spending more than the value of the gift card.

Cont. Understanding Gift Card Fraud By: Angie Montoya In part one, we spoke about what an amazing deal gift cards (GCs) are, and why they are incredibly popular among consumers. Today we are going to dive deeper and see why fraudsters love gift cards and how they are taking advantage of them. We previously mentioned that it’s unlikely a fraudster is the actual person that redeems a gift card for merchandise. Although it is true that some fraudsters may occasionally enjoy a latte or new pair of shoes on us, it is much more lucrative for them to turn these forms of currency into cold hard cash. Doing this also shifts the risk onto an unsuspecting victim and off of the fraudster. For the record, it’s also incredibly easy to do. All of the innovation that was used to help streamline the customer experience has also helped to streamline the fraudster experience. The websites that are used to trade unredeemed cards for other cards or cash are the same websites used by fraudsters. Although there are some protections for the customer on the trading sites, the website host is usually left holding the bag when they have paid out for a GC that has been revoked because it was purchased with stolen credit card information. Others sites, like Craigslist and social media yard sale groups, do not offer any sort of consumer protection, so there is no recourse for the purchaser. What seems like a great deal— buying a GC at a discounted rate— could turn out to be a devalued Gift card with no balance, because the merchant caught on to the original scheme. There are ten states in the US that have passed laws surrounding the cashing out of gift cards. * These laws enable consumers to go to a physical store location and receive, in cash, the remaining balance of a gift card. Most states impose a limit of $5, but California has decided to be a little more generous and extend that limit to $10. As a consumer, it’s a great benefit to be able to receive the small remaining balance in cash, a balance that you will likely forget about and might never use, and the laws were passed with this in mind. Unfortunately, fraudsters have zeroed in on this benefit and are fully taking advantage of it. We have seen a host of merchants experiencing a problem with fraudulently obtained GCs being cashed out in California locations, specifically because they have a higher threshold. While five dollars here and ten dollars there does not seem like it is very much, it adds up when you realize that this could be someone’s full time job. Cashing out three ten dollar cards would take on average 15 minutes. Over the course of a 40-hour workweek it can turn into a six-figure salary. At this point, you might be asking yourself how fraudsters obtain these GCs in the first place. That part is also fairly easy. User credentials and account information is widely available for purchase in underground forums, due in part to the recent increase in large-scale data breaches. Once these credentials have been obtained, they can do one of several things: Put card data onto a dummy card and use it in a physical store Use credit card data to purchase on any website Use existing credentials to log in to a site and purchase with stored payment information Use existing credentials to log in to an app and trigger auto-reloading of accounts, then transfer to a GC   With all of these daunting threats, what can a merchant do to protect their business? First, you want to make sure your online business is screening for both the purchase and redemption of gift cards, both electronic and physical. When you screen for the purchase of GCs, you want to look for things like the quantity of cards purchased, the velocity of orders going to a specific shipping address or email, and velocity of devices being used to place multiple orders. You also want to monitor the redemption of loyalty rewards, and any traffic that goes into these accounts. Loyalty fraud is a newer type of fraud that has exploded because these channels are not normally monitored for fraud— there is no actual financial loss, so priority has been placed elsewhere in the business. However, loyalty points can be redeemed for gift cards, or sold on the black market, and the downstream affect is that it can inconvenience your customer and harm your brand’s image. Additionally, if you offer physical GCs, you want to have a scratch off PIN on the back of the card. If a GC is offered with no PIN, fraudsters can walk into a store, take a picture of the different card numbers, and then redeem online once the cards have been activated. Fraudsters will also tumble card numbers once they have figured out the numerical sequence of the cards. Using a PIN prevents both of these problems. The use of GCs is going to continue to increase in the coming years— this is no surprise. Mobile will continue to be incorporated with these offerings, and answering security challenges will be paramount to their success. Although we are in the age of the data breach, there is no reason that the experience of purchasing or redeeming a gift card should be hampered by overly cautious fraud checks. It’s possible to strike the right balance— grow your business securely by implementing a fraud solution that is fraud minded AND customer centric. *The use of GC/eGC is used interchangeably

Apple Pay fraud solution Apple Pay is here and so are increased fraud exposures, confirmed losses, and customer experience challenges among card issuers. The exposure associated with the provisioning of credit and debit cards to the Apple Pay application was in time expected as fraudsters are the first group to find weaknesses. Evidence from issuers and analyst reports points to fraud as the result of established credit/debit cards compromised through data breaches or other means that are being enrolled into Apple Pay accounts – and being used to make large value purchases at large merchants. Keir Breitenfeld, our vice president of Fraud and Identity solutions said as much in a recent PYMNTS.com story where he was quoted about whether the Apple Watch will help grown Apple Pay.    The challenge is that card issuers have no real controls over the provisioning or enrollment process so they currently only have an opportunity to authenticate their cardholder, but not the provisioning device. Fraud exposure can lie within call centers and online existing customer treatment channels due to: Identity theft and account takeover based on breach activity. Use of counterfeit or breached card data. Call center authentication process inadequacies. Capacity and customer experience pressures driving human error or subjectively lax due diligence. Existing customer/account authentication practices not tuned to this emerging scheme and level of risk. The good news is that positive improvements have been proven with bolstering risk-based authentication at the card provisioning process points by comparing the inbound provisioning device to the device that is on file for the cardholder account. This, in combination with traditional identity risk analytics, verifications, knowledge-based authentication, and holistic decisioning policies vastly improve the view afforded to card issuers for layered process point decisioning. Learn more on why emerging channels, like mobile payments,  call for advanced fraud identification techniques.

Gift card fraud Gift cards have risen in popularity over the last few years— National Retail Federation anticipated more than $31B in gift card sales during the 2014 holiday season alone. Gift cards are the most requested gift item, and they have been for eight years in a row. Total gift card sales for 2014 were anticipated to top $100 Billion. Gift cards are a practical gift – the purchaser can let the recipient pick exactly what they want, eliminating the worry of picking something that doesn’t fit right, that is a duplicate, or something that the recipient just might not want. They are also incredibly convenient, quick, and easy to purchase. The stigma behind gift cards is starting to fade, and it no longer seems as though they are an impersonal gifting option. Additionally, the type of gift cards available has expanded greatly in the last few years. If you are of the procrastinating nature, there are eGift Cards or eCertificates, which can be emailed in a matter of minutes to the recipient. If you are truly unsure what to purchase altogether, you can give an open-loop card, which are usually branded by Visa, MasterCard, and American Express, and can be used anywhere their logo appears. It also seems like a quick win for merchants to carry gift cards. The overhead cost to store them is extremely low because a small box of gift cards takes up very little space. When customers come in to redeem their GC, they usually spend more than the original value of the card itself, thus allowing for additional revenue capture. Something else that merchants have started doing in this big data world we live in is tying gift cards to consumer loyalty programs. Reloadable cards are now linked to a specific customer, who can also tie their credit card to the account, which is automatically charged once their account is below a pre-defined threshold. These new consumer loyalty accounts can be used to track spending history, tailor offers to the specific customer, and continue to expand on the immersive brand experience. Recently, a certain Mexican-themed fast food establishment launched their new mobile app; in the app, you could pre-order food, send and redeem eGCs, and find the nearest location. I don’t even eat at this establishment, but the innovation of their app was so enticing that I installed it the morning it came out, purchased an eGC for my husband, and pre-ordered breakfast. It was extremely easy and convenient, and I got a free taco! Now they have my soul. Okay, maybe not my soul, but they have my credit card data, purchasing preferences, device information, and location, which is almost the same thing at this point. After the experience I found myself asking why other merchants haven’t already done this or why it hasn’t taken off yet. This is a great example of how gift cards and emerging technology are being used as a marketing tool to entice consumers to build up a customer base. In the rare instance that a gift recipient does not actually find value in their gift card (the horror!) there’s a multitude of options for trading them in or redeeming for cash. Some well-known websites for trade-in are Giftcard Granny, Card Hub, and raise.com; it’s also incredibly common to find discounted GCs for sale on eBay, Craigslist, and Facebook groups. A couple familiar names that have recently entered into the mix are Wal-Mart and CoinStar. You can now exchange your physical gift card for cash at a specific CoinStar machines, and if you don’t feel like leaving your home, you can exchange your card online with Wal-Mart, and they will provide you with a Wal-Mart gift card that can be redeemed online or in stores. It’s such common practice that you can find articles on this topic on local, national, and 24-hour news websites. This tremendous revenue booster does not come free of risk, however. We know that fraudsters are clever and opportunistic. They will penetrate every weakness possible and take advantage of programs that are being used to enhance the consumer experience. But are they really stealing all these gift cards for personal gain and taking all of their friends out to their favorite local coffee shop for free drinks? Stay tuned for the second part of this blog that talks more about the fraud risks associated with gift cards and what you can do to mitigate them. Please note: *The use of GC/eGC is used interchangeably.

Reputational impact of fraud It’s all over the news. Hackers are compromising personal information and using that to access customer accounts. It’s critical that organizations have technology in place to distinguish valid customers from fraudsters as quickly as possible. The impact of fraud on the customer relationship requires more elaborate and accurate fraud prevention. Customers have a legitimate expectation that the institutions with which they do business will safeguard their identities, accounts and sensitive data. When fraud or a data breach occurs, that trust can be broken. All the work an institution has done to build its brand image can be damaged suddenly. With the right controls in place, even when customer information is compromised organizations can easily tell the difference between good customers and fraudsters. Listen to what Matt Lane, Experian's 41st Parameter vice president of customer management, says about the reputational impact of fraud theft on an organization: Learn more about the reputational impact of fraud thefts on an organization.

The experience of being a victim of data breaches has created a shift in consumer behavior and attitude over the past year. A recent Ponemon Institute study found that more than one-third of consumers ignored data breach notification letters, taking no action to protect themselves against fraud. To combat data breach fatigue, companies should communicate with customers sincerely and avoid treating the notification process as a compliance issue. Notification letters should include an apology, a clear explanation of what happened and why, and steps consumers can take to protect themselves from fraud. 2015 Data Breach Industry Forecast

While marketers typically spend vast amounts of money to increase customer acquisitions, fraud prevention can undercut those efforts. According to a recent 41st Parameter® study, average card-not-present declines represent 15 percent of all transactions; however, one to three percent of those declined transactions turn out to be false positives, equating to 1.2 billion dollars in lost revenue annually. Marketers can avoid unnecessary declines and create a seamless customer experience by communicating campaign plans to the fraud-risk team early on and coordinating marketing and fraud-prevention efforts. Download Experian’s latest fraud prevention report. Report: Holiday Marketing & Fraud

The evolution of identity verification Knowing who you are doing business with isn’t just a sound business practice to protect your bottom line. In many cases, it also is a legal requirement. Identity verification techniques have been evolving over the past few years to meet business priorities beyond fraud prevention, including customer experience, operational costs and regulatory compliance. We recently wrote about the challenges of customer authentication on mobile devices to meeting new business priorities. Fraud prevention tools have responded to these shifting priorities. While extremely fast and very accurate at detecting fraud, they also: Are less invasive to customers Provide a strong return on investment Ensure consistency in compliance and audit Listen to what Matt Ehrlich, Experian fraud and identity director of product management, has to say about how verification techniques have changed: Download our fraud prevention perspective paper to gain more insight on how you can prepare your business.

The news of the latest breach last week reported that tens of millions of customer and employee records were stolen by a sophisticated hacker incursion. The data lost is reported to include names, birth dates, Social Security numbers, and addresses. The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. What’s more, the data likely includes identity data on millions of dependent minors, who are prime targets for identity thieves and whose credit goes frequently unmonitored. According to the Identity Theft Resource Center’s 2014 Data Breach Report, a record 783 breaches, representing 85 million records, occurred from January through September 2014 alone. The breaches have ranged across virtually every industry segment and data type. So where does all this breached data go? It goes into the massive, global underground marketplace for stolen data, where it’s bought and sold, and then used by cybercriminals and fraudsters to defraud organizations and individuals. Like any market, supply and demand determines price, and the massive quantity of recent breaches has made stolen identities more affordable to more fraudsters, exacerbating the overall problem. In fact, stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company. The big question: So what now? The answer: Assume that all data has been breached, and act accordingly. Such a statement sounds a bit trivial, but it’s a significant paradigm shift. It’s a clear-headed recognition of the implications of the ongoing, escalating covert war between cybercriminals and fraudsters, on one side, and organizations and consumers on the other. For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign up for a credit monitoring service that covers all three credit bureaus to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. Many parents do not check their child’s credit regularly, if at all. For organizations, it’s a war on two fronts: data protection and fraud prevention. And the stakes are huge, bigger than many of us recognize. We’re not just fighting to prevent financial theft, we’re fighting to preserve trust — trust between organizations and consumers, at the first level, and ultimately widespread consumer trust in the institutions of finance, commerce, and government. We must collectively strive to win the war on data protection, no doubt, and prevent future data breaches. But what breaches illustrate is that, when fundamental identity data is breached, a terrible burden is placed on the second line of defense — fraud prevention. Simply put, organizations must continually evolve their fraud prevention control and skills, and minimize the damage caused by stolen identity data. And we must do it in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate the criminals. At 41st Parameter, we are at the front lines of fraud prevention every day, and what we see are risks throughout the ecosystem. Account opening is a particular vulnerability, as consumer identity data obtained in the underground will undoubtedly be used to open lines of credit, submit fraudulent tax returns, etc. unbeknownst to the consumer. Since so much data has been breached, many of these new accounts will look “clean,” presenting a major challenge for traditional identity-based fraud and compliance solutions. But it’s more than new accounts — account takeover, transactions, loyalty, every stage is in jeopardy now that so much identity data is on the loose. Even the call center is vulnerable, as the very basis for caller authentication often relies on components of identity. At 41st Parameter and Experian Fraud & Identity solutions, we advocate a comprehensive layered approach that leverages multiple solutions such as FraudNet, Precise ID, KIQ, and credit data to protect all aspects of the customer journey while ensuring a seamless, positive user experience across channels and lines of business. Read our fraud perspective paper to learn more. Now is the time to take action.  http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924

Did you know that privacy policies do not guarantee that your information will be kept private? Most companies use privacy policies to inform customers about how their personal information may be used, i.e. sold, shared, exchanged, not necessarily guaranteeing absolute confidentiality. In today’s increasingly digital world where exchanging personal information – your name, email address, home address, etc. – for access to websites, coupons and the like has become the norm. And, it can be difficult for consumers to understand the value of their personal information. Today is the eighth annual Data Privacy Day, an international awareness effort spearheaded by the National Cyber Security Alliance (NCSA) that encourages all Internet users to consider the privacy implications of their online actions and motivate all companies to make privacy and data protection a greater priority. Since most consumers aren’t fully aware of the implications of sharing personal information, we’re taking a deeper look at what can happen when personal information is shared online. Companies that collect don’t always protect When you share personal information with a company online, that company is responsible for protecting your information. Even data that is seemingly harmless is extremely valuable to cyber criminals, like your email address or your mother’s maiden name for a password reset. When you share this valuable, personal information with a company online be sure to read the company’s privacy policy fine print in order to be certain that your information is not being shared publicly or with outside companies. In some instances, even reading the company’s fine print cannot keep your information safe. Millions were affected last year due to retail and medical data breaches, proving it difficult for companies to protect your data no matter how secure it may seem. Once cyber criminals have their hands on your personal information, you may be surprised at what they can do with it. Cyber criminals patch together your digital profile Bits and pieces of personal information stolen from companies can help cyber criminals patch together a complete picture of your digital identity. They can then use your digital identity to access more important information like your financial records from retail sites that have your credit card information stored. Many consumers leave a trail of personal information on the Internet, leading cyber criminals to steal your identity and your financial information. How to make a difference during Data Privacy Day Here are some tips on how you can increase your privacy online from the NCSA: Think of your personal information like money – value it and protect it. You are often paying for “free” services with your personal information. Before you willingly provide your information to a service, make sure it is a business you trust to handle your information with care. Manage your browser cookies to maximize your privacy and prevent unwanted tracking. Demand that businesses be honest about how they collect, use and share personal information. Be cautious about who you “friend” and communicate with online. Visit our website for more information on identity protection products you can offer your customers.