By: Mike Horrocks As summer comes to end, so does the summer reading list but if you are still trying to get one in, I just finished reading “Isaac's Storm: A Man, a Time, and the Deadliest Hurricane in History”, which is about Isaac Cline the resident meteorologist  for  U.S. Weather Bureau and the 1900 Hurricane that devastated Galveston, Texas. It is a great read, using actual telegraphs, letters, and reports to show the flaws of an outdated system and how not looking to new sources of information and not seeing the values of nontraditional views, etc., lead to unfathomable destruction for the people of Galveston.  As I read the book, I was challenged to think of what is right in front of me that I am not seeing for what it is, just like Mr. Cline ignored reports that would have clearly saved lives and helped predict the storm.  So, how can this historical storm teach us a thing or two in the financial industry? Clearly one of the most rapidly changing aspects in banking today is the mobile channel.  Many institutions have already adjusted to using it as a service channel, with remote deposit capture, balance, inquiry etc., but what are they doing to take it to the next step? On August 7, 2014, Experian is hosting a webinar by American Banker titled, “What is next for mobile banking?”  The webinar will have a powerful panel with thought leaders such as Dominic Venturo, the Chief Innovation Officer at U.S. Bank, Gordon Baird, the Chief Executive Officer at Independence Bancshares, and Cherian Abraham, Senior Business Consultant with Experian’s Global Consulting Practice. If you are already using mobile or maybe trying to look at what you could change, this is a great session to attend.  Over the next couple of weeks, we are going to go into some of the key topics from this webinar and explore them some more.  Hope to see you at this American Banker webinar.

At Experian, we frequently get asked by clients how they can get bigger mailing list that open new markets and reach more people. But bigger isn’t necessarily better, and it doesn’t always translate to a higher return on your marketing investment. Instead of just increasing volume, let’s consider a different, more focused approach - using the latest in analytic tools and scores.  This approach relies on effective pre-screening to create the ideal prospecting lists based on your business objective. We’ve identified four key steps to building a prescreen list of your ideal prospects: Optimize risk selection Find the most profitable consumers Target customers who need or want your products Design the right offer In the next post, Optimal Risk Selection,  I’ll dig deeper into each step and present some tools and scores that can help meet the objective of each.      

By: Teri Tassara “Do more with less” is a pervasive and familiar mantra nowadays as lenders seek to make smarter and more precise lending decisions while expertly balancing growth objectives and tightened budgets.  And lest we forget, banks must also consider the latest regulations and increased regulatory scrutiny from the industry’s governing bodies - such as OCC and CFPB. Nowadays, with the extensive application of predictive analytics in everyday lending practices, it makes sense to look to analytics to fine tune decision-making and achieve a greater return on investment in three common growth objectives for bankcard acquisitions: Profitable growth - How do I find the most profitable acquisition targets?  How do I know the borrowing characteristic of each consumer?  Are they high spend or high income?  Do they carry a balance but always make timely payments? Universe expansion - How many more consumers are there that meet my lending criteria? How can I effectively reach them? Customer experience - How do I offer the right product to the right customer? How do I communicate to my customers that I understand their lending needs? To that end, growth objectives vary by lender; as such, so should their bankcard acquisitions analytical toolkit. The analytical toolkit arsenal should enable lenders to develop refined bankcard campaign strategies based on their specific objectives. Look for upcoming posts on the essential components of the bankcard acquisitions analytical toolkit.  

According to the latest Experian-Oliver Wyman Market Intelligence Report, home equity line of credit (HELOC) originations warmed up significantly heading into summer.

By: Mike Horrocks The Wall Street Journal just recently posted an article that mentioned the cost of the financial regulations for some of the largest banks.  Within the article it is staggering to see the cost of the financial crisis and also to see how so much of this could have been minimized by sound banking practices, adoption to technology, etc.  As a former commercial banker and as I talk with associates in the banking industry, I know that there are more causes to point at for the crisis then there are fingers…but that is not the purpose of my blog today. My point is the same thing I ask my teenage boys when they get in trouble, “Now, what are you going to do to fix it?” Here are a couple of ideas that I want to share with the banking industry.  Each bank and market you are going after is a bit unique; however think about these this week and what you could do. It is about the customer – the channel is just how you touch that customer.  Every day you hear the branch office is dead and that mobile is the next wave.  And yes, if I was a betting man, I would clearly say mobile is the way to go. But if you don’t do it right, you will drive customers away just as fast (check out the stats from a Google mobile banking study).    At the end of the day, make sure you are where your customers want to be (and yes for some that could even be a branch). Trust is king.  The Beatles may have said that “All You Need Is Love”, but in banking it is all about trust.  Will my transaction go thru? Will my account be safe? Will I be able to do all that I need to do on this mobile phone and still be safe since it also has Angry Birds on it?  If your customer cannot trust you to do what they feel are simple things, then they will walk.  You have to protect your customers, as they try to do business with you and others. Regulations are here to stay.  It pains me to say it, but this is going to be a truth for a long while.  Banks need to make sure they check the box, stay safe, and then get on to doing what they do best – identify and manage risk.  No bank will win the war for shareholder attention because they internally can answer the regulators better than the competition.  When you are dealing with complicated issues like  CCAR, Basel II or III, or any other item, working with professionals can help you stay on track. This last point represents a huge challenge for banks as the number of regulations imposed on financial institutions has grown significantly over the past five years. On top that the level of complexity behind each regulation is high, requiring in-depth knowledge to implement and comply. Lenders have to understand all the complexity of these regulations so they can find the balance to meet compliance obligations. At the same time they need to identify profitable business opportunities.     Make sure to read our Comply whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.  A little brainstorming and a single action toward each of these in the next 90 days will make a difference.  So now, what are you going to do to fix it?

Experian’s fraud prevention and identity management business helps clients combat the global fraud epidemic costing businesses hundreds of billions of dollars every year. Ori Eisen, founder of the 41st Parameter, a part of Experian, and Frank Abagnale Jr. talk to Bloomberg TV about the major new fraud threats emerging and how Experian can help protect organisations and their customers from becoming victims. Account takeover is a mainstream fraud issue as virtually any web site leveraging username and password authentication can be affected. As we wrote about earlier, another cybersecurity concern served as a reminder that managing fraud and protecting customer identities is becoming more complex as we are fighting creative and motivated people - not predictable systems. Watch the interview here:                         Learn more about Experian fraud intelligence products and services from 41st Parameter. 

A recent survey reveals that 30 percent of travelers have experienced identity theft while traveling or know someone who has.

Your password is weak, whether you use 40 random characters or your dog’s name. With so many large data breaches leading to hundreds of millions of compromised credentials and payment cards in the past two years, it's no surprise that e-commerce account takeover attempts have grown dramatically in recent months – to a degree we have never seen before. Previously, account takeover was primarily a banking issue, not something merchants had to deal with. Account takeover fraud is an alarming trend that spans global airline loyalty programs, e-commerce transactions, social networking logins and virtually any web site leveraging username and password authentication. News of the latest cybersecurity concern should serve as yet another reminder that we live in a heightened state of risk where establishing online trust based solely on username and password or identity data is not sufficient. There are a number of factors that are contributing to the evolving fraud landscape namely that the Internet was not designed for security.  This places pressure on organizations to continually adopt new approaches to managing fraud like this growing account takeover threat. In this case, multiple layered controls including device intelligence are essential. As merchants extend more services online and allow customers to store payment information or get more convenient checkout via logged in vs. guest access, we'll continue to see fraud migrating deeper into the e-commerce ecosystem. The account takeover problem will continue as consumers share usernames and passwords across dozens of online profiles and e-commerce logins, opening the door for attackers to access multiple accounts through a single compromised credential. Most of the account portals used by e-commerce merchants and loyalty programs were not built with the same level of security that their online transaction and fraud management systems have in place. So it's a bit of a new risk, but fraudsters are aggressively exploiting the security gaps around things like simple username/password authentication. What can consumers and organizations do to protect themselves? Our recommendation for consumers is that they have unique username and password combinations for every online profile. This protects against attackers compromising one site and leveraging the same credentials to access all of the victim's accounts and online profiles across the web. For businesses, we recommend implementing technology solutions that increase visibility to and recognition of devices for every online interaction so the organization can differentiate attackers from legitimate consumers. Some businesses believe that their products, services and loyalty offerings do not require the same level of protection as online bank accounts, so they leave them exposed to cyber criminals via simple authentication controls. As we’ve seen fraudsters will migrate to the path of least resistance and exploit the fact that most consumers re-use credentials out of convenience. In the digital age where consumers are increasingly represented by their devices the ability to know when there are authentication discrepancies between the data presented by the user and the device presenting those credentials is absolutely important to effectively controlling the threat. The authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. Conversations around the fact that the password is dead or dying have been circulating in the industry recently. What we don’t want is consumers getting tired of constantly changing passwords and giving up trying to protect themselves online. That is the worst case scenario that is becoming more of a reality as the days pass. Educated and aware consumers are still the best way to identify fraudulent attacks, and to keep identity data safe from hackers and devices free of malware. Increased adoption of biometrics, device intelligence and the sharing of authenticated and credentialed identities across industries will become commonplace to help combat account takeovers as they increase. Until then we need to find a password replacement.   Learn more about 41st Parameter: https://www.experian.com/decision-analytics/41st-parameter.html?INTCMP=DA_Blog_Post072414   Related: The World Cup of Fraud  

Your password is weak, whether you use 40 random characters or your dog’s name. With so many large data breaches leading to hundreds of millions of compromised credentials and payment cards in the past two years, it’s no surprise that e-commerce account takeover attempts have grown dramatically in recent months – to a degree we have never seen before. Previously, account takeover was primarily a banking issue, not something merchants had to deal with. Account takeover is an alarming trend that spans global airline loyalty programs, e-commerce transactions, social networking logins and virtually any web site leveraging username and password authentication. News of the latest cybersecurity concern should serve as yet another reminder that we live in a heightened state of risk where establishing online trust based solely on username and password or identity data is not sufficient. There are a number of factors that are contributing to the evolving fraud landscape namely that the Internet was not designed for security.  This places pressure on organizations to continually adopt new approaches to managing fraud like this growing account takeover threat. In this case, multiple layered controls including device intelligence are essential. As merchants extend more services online and allow customers to store payment information or get more convenient checkout via logged in vs. guest access, we’ll continue to see fraud migrating deeper into the e-commerce ecosystem. The account takeover problem will continue as consumers share usernames and passwords across dozens of online profiles and e-commerce logins, opening the door for attackers to access multiple accounts through a single compromised credential. Most of the account portals used by e-commerce merchants and loyalty programs were not built with the same level of security that their online transaction and fraud management systems have in place. So it’s a bit of a new risk, but fraudsters are aggressively exploiting the security gaps around things like simple username/password authentication. What can consumers and organizations do to protect themselves? Our recommendation for consumers is that they have unique username and password combinations for every online profile. This protects against attackers compromising one site and leveraging the same credentials to access all of the victim’s accounts and online profiles across the web. For businesses, we recommend implementing technology solutions that increase visibility to and recognition of devices for every online interaction so the organization can differentiate attackers from legitimate consumers. Some businesses believe that their products, services and loyalty offerings do not require the same level of protection as online bank accounts, so they leave them exposed to cyber criminals via simple authentication controls. As we’ve seen fraudsters will migrate to the path of least resistance and exploit the fact that most consumers re-use credentials out of convenience. In the digital age where consumers are increasingly represented by their devices the ability to know when there are authentication discrepancies between the data presented by the user and the device presenting those credentials is absolutely important to effectively controlling the threat. The authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. Conversations around the fact that the password is dead or dying have been circulating in the industry recently. What we don’t want is consumers getting tired of constantly changing passwords and giving up trying to protect themselves online. That is the worst case scenario that is becoming more of a reality as the days pass. Educated and aware consumers are still the best way to identify fraudulent attacks, and to keep identity data safe from hackers and devices free of malware. Increased adoption of biometrics, device intelligence and the sharing of authenticated and credentialed identities across industries will become commonplace to help combat account takeovers as they increase. Until then we need to find a password replacement. Learn more about 41st Parameter fraud detection and prevention solutions here.

Your password is weak, whether you use 40 random characters or your dog’s name. With so many large data breaches leading to hundreds of millions of compromised credentials and payment cards in the past two years, it’s no surprise that e-commerce account takeover attempts have grown dramatically in recent months – to a degree we have never seen before. Previously, account takeover was primarily a banking issue, not something merchants had to deal with. Account takeover is an alarming trend that spans global airline loyalty programs, e-commerce transactions, social networking logins and virtually any web site leveraging username and password authentication. News of the latest cybersecurity concern should serve as yet another reminder that we live in a heightened state of risk where establishing online trust based solely on username and password or identity data is not sufficient. There are a number of factors that are contributing to the evolving fraud landscape namely that the Internet was not designed for security.  This places pressure on organizations to continually adopt new approaches to managing fraud like this growing account takeover threat. In this case, multiple layered controls including device intelligence are essential. As merchants extend more services online and allow customers to store payment information or get more convenient checkout via logged in vs. guest access, we’ll continue to see fraud migrating deeper into the e-commerce ecosystem. The account takeover problem will continue as consumers share usernames and passwords across dozens of online profiles and e-commerce logins, opening the door for attackers to access multiple accounts through a single compromised credential. Most of the account portals used by e-commerce merchants and loyalty programs were not built with the same level of security that their online transaction and fraud management systems have in place. So it’s a bit of a new risk, but fraudsters are aggressively exploiting the security gaps around things like simple username/password authentication. What can consumers and organizations do to protect themselves? Our recommendation for consumers is that they have unique username and password combinations for every online profile. This protects against attackers compromising one site and leveraging the same credentials to access all of the victim’s accounts and online profiles across the web. For businesses, we recommend implementing technology solutions that increase visibility to and recognition of devices for every online interaction so the organization can differentiate attackers from legitimate consumers. Some businesses believe that their products, services and loyalty offerings do not require the same level of protection as online bank accounts, so they leave them exposed to cyber criminals via simple authentication controls. As we’ve seen fraudsters will migrate to the path of least resistance and exploit the fact that most consumers re-use credentials out of convenience. In the digital age where consumers are increasingly represented by their devices the ability to know when there are authentication discrepancies between the data presented by the user and the device presenting those credentials is absolutely important to effectively controlling the threat. The authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. Conversations around the fact that the password is dead or dying have been circulating in the industry recently. What we don’t want is consumers getting tired of constantly changing passwords and giving up trying to protect themselves online. That is the worst case scenario that is becoming more of a reality as the days pass. Educated and aware consumers are still the best way to identify fraudulent attacks, and to keep identity data safe from hackers and devices free of malware. Increased adoption of biometrics, device intelligence and the sharing of authenticated and credentialed identities across industries will become commonplace to help combat account takeovers as they increase. Until then we need to find a password replacement. Learn more about 41st Parameter fraud detection and prevention solutions here.

While automotive loan originations grew 15 percent year over year in Q1 2014, a recent Experian Automotive study found that more consumers are continuing to drive older-model vehicles.

In our most recent webinar, I had the pleasure of moderating a panel session with four fraud experts spanning across many diverse backgrounds. The consistent theme throughout was that cyber criminals have become quite proficient at stealing data or account credentials. Once a cyber criminal has valid account data, they have incredible access to a broad range of possibilities. How an account is used; a real-time view of deposit and withdrawal patterns and what types of alerts and notification settings are in place. A determined fraudster may observe accounts for long periods to ensure they are able to make their move at the optimal time. One of the biggest issues is being able to tell “friend from foe”, particularly in light of the endless supply of perfect, disposable data. I posed this scenario to our panel and asked what organizations can do now to protect themselves: SCENARIO – Telling friend from foe Credit card companies encourage travellers to alert them in advance of unusual travel to avoid red flags or declines while out of town. This can be a double-edged sword. A fraudster with appropriate credentials can contact a credit card company a few weeks before a “trip” to alert them of planned travel. At the start of the “trip” the distraught fraudster can then contact the credit card company to report a stolen card and request a replacement be expedited to them at their “destination.” The result is a fraudster armed with a completely legitimate card they can use at their leisure and with little risk of detection. There were three key take-aways the expert panel recommended: Enhance your visibility. Without this important tactic, you won’t know what hit you. Fraudsters are armed with pristine identity data so they will look and act more like your best customers. Employee multiple security layers. You may be focused on ensuring that you know your customer, but does the transaction pattern fit normal behavior for the user? Malware could be embedded on the device. Are items such as language and other settings consistent with what you’d expect for your legitimate customers? Protect profile setups / online enrolment and reward programs the way you protect transactions. While the financial risk to your business may be limited, the potential regulatory exposure and brand reputation hit can be significant. It takes years to build your reputation with your best customers – but only seconds to destroy it. Undermining their trust in online or mobile interactions with your business has an immediate and destructive impact on loyalty. What do you think? Let us know.

  Residential real estate lending was the leading component of the Great Recession of 2007-2009.  Could it happen again?  Let’s analyze our Intelliview data  to see where U.S. lending trends are headed with HELOCs. A large portion of Home Equity Lines of Credit (HELOCs) were originated from 2004 to 2007.  The term structure of these HELOCs will soon result in larger monthly payments, which could potentially promote consumer debt burden troubles.  Additionally, with as much as 13% of all first mortgage customers having balances greater than the value of homes, many HELOCs wallow underwater. HELOCs typically have a ten year draw followed by a twenty-year repayment period. However, there are variations in the term structures.  HELOCs can have as little as a five year draw, while others have a fifteen year repayment period.  During the draw period, customers only pay interest on the balance.  In the repayment period, the account functions like a loan, customers pay principal and interest. In 2012, the Office of Comptroller of the Currency (OCC, the primary banking regulator) reported that 58% of all bank HELOC balances would enter the repayment period and begin to amortize between 2014 and 2017 (OCC, Semiannual Risk Perspective, Spring 2012).  This report renewed fears that the increase in payments would lead to higher delinquencies and foreclosures, limit consumer spend and provide a drag on the U.S. economy. Paradoxically, the OCC estimates of the HELOC balances entering the repayment period may be low.  The OCC has accounted only for $392 billion of HELOC balances among banks.  Experian’s review of all HELOC trades shows a significantly higher level of balances.  Additionally, American Banker estimates the top 200 banks and thrifts had more than $477 billion in HELOC outstanding as of the end of 2013, with the top three lenders (Bank of America, Wells Fargo and JP Morgan Chase) comprising nearly $300 billion. Experian examined HELOCs in the four states with the greatest surges in home values and lending prior to the Great Recession.  California comprises nearly 19% of all HELOC balances and lines.  With averaging HELOC balances of 53% above the national mean, Arizona, Florida and Nevada are the three highest utilization rates by state.  Nevada has the highest 30+ day delinquency rate in the country at 2.92%, while the national average is 1.64%.           According to CoreLogic’s most recent home price index report, Nevada, Florida and Arizona home prices remain 30-39% below their peak real estate values.  California’s prices are down 17%, and the national average home value is still 14% below its highest value. Refinancing HELOCs may be difficult due to the significant number of second liens still underwater.  Compounding this difficulty, lending standards also have tightened, with regard to loan-to-value, debt ratios and credit quality. The average HELOC was examined at a 4.5% interest rate and a 20 year repayment period.  The average monthly payment increases almost 69% when the account leaves the draw period and requires paying principal balance as well as interest. This payment increase accounts for approximately 2.6% of the median U.S. household gross annual income. It is estimated that the increase in HELOC payments will comprise $1 billion in additional annual payments during 2014, and an additional $9 billion between 2015 through 2017.   However, it is important to remember that not all HELOCs will reach repayment. HELOCs are priced based on the prime rate.  That rate has been 3.25% for more than five years, a historical low.  When prime rate reached this level in December 2008, the rate was at its lowest in 53 years.  Only 18 months prior to reaching 3.25%, the prime rate had been 8%. If the prime rate increases by 1% to 4.25%, the average payment of accounts in the draw period would increase 22%, affecting just about every HELOC, with a national increase in annual payments of about $5 billion. The volume of HELOCs that are beginning to enter the repayment period may eventually increase delinquency rates.  However, no such increase is yet evident.  As shown below, delinquency rates are steady after a long decline.  In the past three years, 90+ days delinquency has declined 41%.     The Majority of HELOCs are second mortgages.   Successful completion of a foreclosure would involve making the customer’s monthly first mortgage payment in addition to all other expenses incurred in foreclosure and the sale of the property.   Very often foreclosing from a second lien does not make financial sense unless the financial institution also holds the first mortgage on the property. As a large portion of HELOCs enter the repayment period in the next four years, the payments that customers must make will increase considerably.  With interest rates as low as they are, the prime rate will eventually rise, and increase debt service ratios.  These payment increases will have implications on consumers, lenders and the economy.  Having grown 10.5% in the last year,  home values continue to recover from the recession.  It is yet to be determined whether this payment increase will have a broader or more isolated impact. In the meantime, HELOCs will continue to see their resurgence. For more insight like this from Experian Decision Analytics, watch our 2014 Q1 Experian–Oliver Wyman Market Intelligence Report presentation.    

Are you sure you are making the best consumer credit decisions? Given the constantly evolving market conditions, it is a challenge to keep informed. In order to confidently grow and manage the bottom line, organizations need to avoid these four basic risks of making credit decisions with limited trend visibility. Competitive Risk - With limited visibility to industry trends, organizations cannot understand their position relative to peers. Product Risk - Organizations without access to the latest consumer behaviors cannot identify and capitalize on emerging trends. Market Risk - Decisions suffer when made without considering market trends in the context of the economy. Resource Risk - Extracting useful insights from vast market data requires abundant resources and comprehensive expertise. Get more information on the business risks of navigating credit decisions with limited trend visibility.

A recent study conducted by the Ponemon Institute found that a data breach is among the top three occurrences that affect brand reputation, along with poor customer service and an environmental incident.