Loading...

Compliance and the alphabet… F-C-R-A-L-M-N-O-P

Published: September 10, 2010 by Guest Contributor

Working with clients in the financial sector means keeping an eye toward compliance and regulations like the Gramm-Leach-Bliley Act (GLB), the Fair Credit Reporting Act (FCRA) or Fair and Accurate Credit Transactions Act (FACTA). It doesn’t really matter what kind of product it is, if a client is a financial institution (FI) of some kind, one of these three pieces of legislation is probably going to apply. The good part is, these clients know it and typically have staff dedicated to these functions.

In my experience, where most clients need help is in understanding which regulations apply or what might be allowed under each. The truth is, a product designed to minimize fraud, like knowledge based authentication, will function the same whether using FCRA regulated or non-FCRA regulated data. The differences will be in the fraud models used with the product, the decisioning strategies set-up, the questions asked and the data sources of those questions. Under GLB it is acceptable to use fraud analytics for detection purposes, as fraud detection is an approved GLB exception. However, under FCRA rules, fraud detection is not a recognized permissible purpose (for accessing a consumer’s data). Instead, written instructions (of the consumer) may be used as the permissible purpose, or another permissible purpose permitted under FCRA; such as legitimate business need due to risk of financial loss.

Fraud best practices dictate engaging with clients, and their compliance teams, to ensure the correct product has been selected based on client fraud trends and client needs. A risk based authentication approach, using all available data and appropriately decisioning on that data, whether or not it includes out of wallet questions, provides the most efficient management of risk for clients and best experience for consumers.

Related Posts

Fraud rings cause an estimated $5 trillion in financial damages every year, making them one of the most dangerous threats facing today’s businesses. They’re organized, sophisticated and only growing more powerful with the advent of Generative AI (GenAI). Armed with advanced tools and an array of tried-and-true attack strategies, fraud rings have perfected the art of flying under the radar and circumventing traditional fraud detection tools. Their ability to adapt and innovate means they can identify and exploit vulnerabilities in businesses' fraud stacks; if you don’t know how fraud rings work and the right signs to look for, you may not be able to catch a fraud ring attack until it’s too late. What is a fraud ring? A fraud ring is an organized group of cybercriminals who collaborate to execute large-scale, coordinated attacks on one or more targets. These highly sophisticated groups leverage advanced techniques and technologies to breach fraud defenses and exploit vulnerabilities. In the past, they were primarily humans working scripts at scale; but with GenAI they’re increasingly mobilizing highly sophisticated bots as part of (or the entirety of) the attack. Fraud ring attacks are rarely isolated incidents. Typically, these groups will target the same victim multiple times, leveraging insights gained from previous attack attempts to refine and enhance their strategies. This iterative approach enables them to adapt to new controls and increase their impact with each subsequent attack. The impacts of fraud ring attacks far exceed those of an individual fraudster, incurring significant financial losses, interrupting operations and compromising sensitive data. Understanding the keys to spotting fraud rings is crucial for crafting effective defenses to stop them. Uncovering fraud rings There’s no single tell-tale sign of a fraud ring. These groups are too agile and adaptive to be defined by one trait. However, all fraud rings — whether it be an identity fraud ring, coordinated scam effort, or large-scale ATO fraud scheme — share common traits that produce warning signs of imminent attacks. First and foremost, fraud rings are focused on efficiency. They work quickly, aiming to cause as much damage as possible. If the fraud ring’s goal is to open fraudulent accounts, you won’t see a fraud ring member taking their time to input stolen data on an application; instead, they’ll likely copy and paste data from a spreadsheet or rely on fraud bots to execute the task. Typically, the larger the fraud ring attack, the more complex it is. The biggest fraud rings leverage a variety of tools and strategies to keep fraud teams on their heels and bypass traditional fraud defenses. Fraud rings often test strategies before launching a full-scale attack. This can look like a small “probe” preceding a larger attack, or a mass drop-off after fraudsters have gathered the information they needed from their testing phase. Fraud ring detection with behavioral analytics Behavioral analytics in fraud detection uncovers third-party fraud, from large-scale fraud ring operations and sophisticated bot attacks to individualized scams. By analyzing user behavior, organizations can effectively detect and mitigate these threats. With behavioral analytics, businesses have a new layer of fraud ring detection that doesn’t exist elsewhere in their fraud stack. At a crowd level, behavioral analytics reveals spikes in risky behavior, including fraud ring testing probes, that may indicate a forthcoming fraud ring attack, but would typically be hidden by sheer volume or disregarded as normal traffic. Behavioral analytics also identifies the high-efficiency techniques that fraud rings use, including copy/paste or “chunking” behaviors, or the use of advanced fraud bots designed to mimic human behavior. Learn more about our behavioral analytics solutions and their fraud ring detection capabilities. Learn more

Published: February 27, 2025 by Presten Swenson

Fraud never sleeps, and neither do the experts working to stop it. That’s why we’re thrilled to introduce Meet the Maker, our new video series spotlighting the brilliant minds behind Experian’s cutting-edge fraud solutions. In our first episode, Matt Ehrlich, Senior Director of Identity and Fraud Product Management, and Andrea Nighswander, Senior Director of Global Solution Strategy, share how they use data, advanced analytics, and deep industry expertise to stay ahead of fraudsters. With 35+ years of combined experience, these fraud-fighting veterans know exactly what it takes to keep bad actors at bay. Watch now for an exclusive look at the minds shaping the future of fraud prevention.    Stay tuned for more episodes featuring the visionaries driving fraud innovation.

Published: February 21, 2025 by Julie Lee

The days of managing credit risk, fraud prevention, and compliance in silos are over. As fraud threats evolve, regulatory scrutiny increases, and economic uncertainty persists, businesses need a more unified risk strategy to stay ahead. Our latest e-book, Navigating the intersection of credit, fraud, and compliance, explores why 94% of forward-looking companies expect credit, fraud, and compliance to converge within the next three years — and what that means for your business.1 Key insights include: The line between fraud and credit risk is blurring. Many organizations classify first-party fraud losses as credit losses, distorting the true risk picture. Fear of fraud is costing businesses growth. 68% of organizations say they’re denying too many good customers due to fraud concerns. A unified approach is the future. Integrating risk decisioning across credit, fraud, and compliance leads to stronger fraud detection, smarter credit risk assessments, and improved compliance. Read the full e-book to explore how an integrated risk approach can protect your business and fuel growth. Download e-book 1Research conducted by InsightAvenue on behalf of Experian

Published: February 20, 2025 by Julie Lee