By: Maria Moynihan A recently-released staff report prepared for the House Oversight and Government Reform Committee revealed that nearly 17,000 efficiency and process improvement recommendations made by agency Inspectors General remain pending as of 2012 and in combination could have saved more than $67 billion in wasteful government spending. At the same time, the 2013 Identity Fraud Report released in February 2013 by Javelin Strategy & Research indicates that in 2012, identity fraud incidents increased by more than one million victims and fraudsters stole more than $21 billion, the highest amount since 2009. Fraudsters know where process inefficiencies lie and government agencies can no longer delay the implementation of much needed system improvements. There are several service providers and integrators in the public sector that offer options and tools to choose from.  Specifically, identity management tools exist that can authenticate a person’s identity online and in real-time, verify an address, validate one’s income and assets, and  provide a full view of a constituent so funds go to those who need them most and stay out of the hands of fraudsters or those who are otherwise not eligible. There is a better way to validate and authenticate individuals or businesses as part of a constituent review processes and time is of the essence. By simply incorporating third-party data and analytics into established infrastructure, agencies can immediately gain improved insight for efficient decision making. Experian recently sponsored the FCW Executive Briefing on Detecting and Preventing Wasteful and Improper Payments.  Click here to view the keynote presentation or stay tuned as I share more on this pressing issue.

Using a more inclusive scoring model such as the new VantageScore® 3.0, lenders can score up to 30 million consumers who are labeled "unscoreable" by traditional models. Nearly 25 percent of these consumers are prime or near-prime credit quality.

By: Maria Moynihan State and Federal agencies are tasked with overseeing the integration of new Health Insurance Exchanges and with that responsibility, comes the effort of managing information updates, ensuring smooth data transfer, and implementing proper security measures. The migration process for HIEs is no simple undertaking, but with these three easy steps, agencies can plan for a smooth transition: Step 1:  Ensure all current contact information is accurate with the aid of a back-end cleansing tool.   Back-end tools clean and enhance existing address records and can help agencies to maintain the validity of records over time. Step 2:  Duplicate identification is a critical component of any successful database migration - by identifying and removing existing duplicate records, and preventing future creation of duplicates, constituents are prevented from opening multiple cases, thereby reducing the probability for fraud. Step 3:  Validate contact data as it is captured. This step is extremely important, especially as information gets captured across multiple touch points and portals. Contact record validation and authentication is a best practice for any database or system gateway. Agencies and those particularly responsible for the successful launches of HIEs are expected to leverage advanced technology, data and sophisticated tools to improve efficiencies, quality of care and patient safety. Without accurate, standard and verified contact information, none of that is possible. Access the full Health Insurance Exchange Toolkit by clicking here.

While the overall average VantageScore® for consumers in Q4 2012 was 748, the average score can vary greatly by specific loan product. For example, the average VantageScore for consumers with a home equity line of credit is 864, which is the highest average score for all products, reflecting tighter lending requirements. Student loans have the lowest average VantageScore of 695.

Spending on debit and prepaid cards in the United States topped $2 trillion in 2011, with 75 percent of this purchase volume being non-ATM transactions. The evolution of marketing knowledge and tactics for the U.S. debit card market can be applied to other countries migrating payment from cash to noncash transactions.

The Experian/Moody's Analytics Small Business Credit Index tumbled in Q4 2012, falling 6.8 points to 97.3 from 104.1 in the previous quarter. This is the second consecutive quarterly decline and is the index's lowest reading since Q3 2011. The drop in the index was driven primarily by a rise in delinquent balances as a slowdown in personal income growth pulled retail sales lower.

  This post is in response to the recent Bankinter story of NFC payments at the point-of-sale without requiring SE – and the lack of any real detail around how it plans to achieve that goal. I am not privy to Bankinter’s plan to dis-intermediate the SE, but as I know a wee bit about how NFC works, I thought a post would help in clearing up any ambiguity as to how Card emulation and Host Card emulation differs, upsides, challenges – the whole lot. Back in December of 2012, Verizon responded to an FCC complaint over its continued blocking of GoogleWallet on Verizon network. The gist of Verizon’s response was that as GoogleWallet is different to PayPal, Square and other wallet aggregators in that its reliance on the phone’s Secure Element – a piece of proprietary hardware, lies behind the reason for Verizon denying GoogleWallet from operating on its devices or network. Verizon continued to write that Google is free to offer a modified version of GoogleWallet that does not require integration with the Secure Element. Now Software Card Emulation was not born out of that gridlock. It had been always supported by both NXP and Broadcom chipsets at the driver level. Among operating systems, BlackberryOS supports it by default. With Android however, application support did not manifest despite interest from the developer community. Google chose to omit exposing this capability via the API from Android 2.3.4 – may have to do with opting to focus its developer efforts elsewhere, or may have been due to carrier intervention. What very few knew is that a startup called SimplyTapp had already been toiling away at turning the switch back on – since late 2011. Host Card What? But first – let’s talk a bit about Card Emulation and how Host Card Emulation (or SE on the Cloud) differs in their approach. In the case of GoogleWallet, Card Emulation represents routing communication from an external contactless terminal reader directly to the embedded secure element, dis-allowing visibility by the operating system completely. Only the secure element and the NFC controller are involved. Card Emulation is supported by all merchant contactless terminals and in this mode, the phone appears to the reader as a contactless smart card. Google Wallet, Isis and other NFC mobile wallets rely on card emulation to transfer payment credentials to the PoS. However the downsides to this are payment apps are limited to the SE capacity (72kb on the original embedded SE on Nexus S), SE access is slower, and provisioning credentials to the SE is a complex, brittle process involving multiple TSM’s, multiple Carriers (in the case of Isis) and multiple SE types and handsets. Host Card Emulation (or Software Card Emulation) differs from this such that instead of routing communications received by the NFC controller to the secure element, it delivers them to the NFC service manager – allowing the commands to be processed by applications installed on the phone. With that, the approach allows to break dependency on the secure element by having credentials stored anywhere – in the application memory, in the trusted execution environment (TEE) or on the cloud. The benefits are apparent and a couple is noted: NFC returns to being a communication standard, enabling any wallet to use it to communicate to a PoS – without having to get mired down in contracts with Issuers, Carriers and TSMs. No more complex SE cards provisioning to worry about Multiple NFC payment wallets can be on the phone without worrying about SE storage size or compartmentalizing. No need to pay the piper – in this case, the Carrier for Over-the-air SE provisioning and lifecycle management. Card Issuers would be ecstatic. However this is no panacea, as software card emulation is not exposed to applications by Android and host card emulation patches that have been submitted (by SimplyTapp) have not yet been merged with the main android branch – and therefore not available to you and I – unless we root our phones. Which is where SimplyTapp comes in. SimplyTapp appealed to an early segment of Android enthusiasts who abhorred having been told as to what functionality they are allowed to enable on their phones – by Google, Carriers or anyone else. And to any who dared to root an NFC phone (supported by CyanogenMod) and install the Cyanogenmod firmware, they were rewarded by being able to use both SimplyTapp as well as GoogleWallet to pay via NFC – the former where credentials were stored on the cloud and the latter – within the embedded SE. So how does this work? SimplyTapp created a Host Card Emulation patch which resolves potential conflicts that could arise from having two competing applications (SimplyTapp and GW) that has registered for the same NFC event from the contactless external reader. It does so by ensuring that upon receiving the event – if the SimplyTapp app is open in the foreground (On-Screen) then the communication is routed to it and if not – it gets routed to GoogleWallet. This allows consumers to use both apps harmoniously on the same phone (take that ISIS and Google Wallet!). SimplyTapp today works on any NFC phone supported by CyanogenMod. Apart from SimplyTapp, InsideSecure is working on a similar initiative as reported here. You get a wallet! And you get a wallet! Everyone gets a wallet! Well not quite. What are the downsides to this approach? Well for one – if you wish to scale beyond the enthusiasts, you need Google, the platform owner to step up and make it available to all without having to root our phones. For that to happen it must update the NFC service manager to expose Host Card emulation for the NXP and Broadcom chipsets. And if Google is not onboard with the idea, then you need to find an OEM, a Handset manufacturer or an Amazon ready to distribute your amended libraries. Further, you can also expect Carriers to fight this move as it finds its investment and control around the secure element threatened. With the marked clout they enjoy with the OEM’s and Handset manufacturers by way of subsidies, they can influence the outcome. Some wonder how is it that BlackberryOS continues to support Host Card Emulation without Carrier intervention. The short answer may be that it is such a marginal player these days that this was overlooked or ignored. The limitations do not stop there. The process of using any cloud based credentials in an EMV or contactless transaction has not been certified yet. There is obviously interest and it probably will happen at some point – but nothing yet. Debit cards may come first – owing to the ease in certification. Further, Closed loop cards may probably be ahead of the curve compared to Open loop cards. More about that later. *Update: Latency is another issue when the credentials are stored on the cloud. Especially when NFC payments were called out last year to be not quick enough for transit.* So for all those who pine for the death of secure elements, but swear fealty to NFC, there is hope. But don’t set your alarm yet. So what will Google do? Let’s consider for a moment that Google is down with this. If so, does that represent a fork in the road for Google Wallet? Will the wallet application leverage HCE on phones with inaccessible Secure Elements, while defaulting to the Secure Element on phones it has? If so, it risks confusing consumers. Further – enabling HCE lets other wallets to adopt the same route. It will break dependency with the secure element, but so shall it open the flood gates to all other wallets who now wants to play. It would seem like a pyrrhic victory for Google. All those who despised proximity payments (I am looking at you Paypal & Square!) will see their road to contactless clear and come calling. As the platform owner – Google will have no choice but to grin and bear it. But on a positive note, this will further level the playing field for all wallets and put the case for contactless back – front and center. Will Google let this happen? Those who look at Google’s history of tight fisted control over the embedded SE are bound to cite precedent and stay cynical. But when it comes down it, I believe Google will do the right thing for the broader android community. Even on the aspect of not relinquishing control over the embedded SE in the devices it issued, Google had put the interests of consumer first. And it felt that, after all things considered it felt it was not ready to allow wanton and unfettered access to the SE. Google had at one point was even talking about allowing developers write their own “card emulation” applets and download them to the SE. Broadcom also has an upcoming quad-combo chip BCM43341 that has managed to wrap NFC, Bluetooth 4.0, Wi-Fi and FM Radio, all on a single die. Further, the BCM43341 also supports multiple Secure Elements. Now, I also hear Broadcom happens to be a major chip supplier to a fruit company. What do you think?   This is content was originally posted to Cherian's personal blog at DropLabs. 

Experian Automotive's Q4 2012 credit trends analysis found that 60-day delinquencies rose from 0.72 percent in Q4 2011 to 0.74 percent in Q4 2012. It was the first time in three years that 60-day delinquencies experienced a year-over-year increase.

  Big news [last week], with Chase entering in to a 10 year expanded partnership with Visa to create a ‘differentiated experience’ for its merchants and consumers. I would warn anyone thinking “offers and deals” when they hear “differentiated experience” – because I believe we are running low on merchants who have a perennial interest in offering endless discounts to its clientele. I cringe every time someone waxes poetic about offers and deals driving mobile payment adoption – because I am yet to meet a merchant who wanted to offer a discount to everyone who shopped. There is an art and a science to discounting and merchants want to identify customers who are price sensitive and develop appropriate strategies to increase stickiness and build incremental value. It’s like everyone everywhere is throwing everything and the kitchen sink at making things stick. On one end, there is the payments worshippers, where the art of payment is the centre piece – the tap, the wave, the scan. We pore over the customer experience at the till, that if we make it easier for customers to redeem coupons, they will choose us over the swipe. But what about the majority of transactions where a coupon is not presented, where we swipe because its simply the easiest, safest and the boring thing to do. Look at the Braintree/Venmo model, where payment is but a necessary evil. Which means, the payment is pushed so far behind the curtain – that the customer spends nary a thought on her funding source of choice. Consumers are issuer agnostic to a fault – a model propounded by Square’s Wallet. Afterall, when the interaction is tokenized, when a name or an image could stand in for a piece of plastic, then what use is there for an issuer’s brand? So what are issuers doing? Those that have a processing and acquiring arm are increasingly looking at creative transaction routing strategies, in transactions where the issuer finds that it has a direct relationship with both the merchant and the consumer. This type of selective routing enables the issuer to conveniently negotiate pricing with the merchant – thereby encouraging the merchant to incent their customers to pay using the card issued by the same issuer. For this strategy to succeed, issuers need to both signup merchants directly, as well as encourage their customers to spend at these merchants using their credit and debit cards. FI’s continue to believe that they can channel customers to their chosen brands, but “transactional data doth not maketh the man” – and I continue to be underwhelmed by issuer efforts in this space. Visa ending its ban on retailer discounts for specific issuer cards this week must be viewed in context with this bit – as it fuels rumors that other issuers are looking at the private payment network option – with merchants preferring their cards over competitors explicitly. The wild wild west, indeed. This drives processors to either cut deals directly with issuers or drives them far deeper in to the merchant hands. This is where the Braintree/Venmo model can come in to play – where the merchant – aided by an innovative processor who can scale – can replicate the same model in the physical world. We have already seen what Chase Paymentech plans to do. There aren’t many that can pull off something similar. Finally, What about Affirm, the new startup by Max Levchin? I have my reservations about the viability of a Klarna type approach in the US – where there is a high level of credit card penetration among the US customers. Since Affirm will require customers to choose that as a payment option, over other funding sources – Paypal, CC and others, there has to be a compelling reason for a customer to choose Affirm. And atleast in the US, where we are card-entrenched, and everyday we make it easier for customers to use their cards (look at Braintree or Stripe) – it’s a tough value proposition for Affirm. Share your opinions below. This is a re-post from Cherian's personal blog at DropLabs.

According to a recent Ponemon Institute study, 65 percent of study participants say their organization has had a data breach in the past two years involving consumer data outsourced to a third party. Most of these are preventable, as employee negligence accounts for 45 percent of data breaches and lost or stolen devices account for 40 percent.

Last January, I published an article in the Credit Union Journal covering the trend among banks to return to portfolio growth. Over the year, the desire to return to portfolio growth and maximize customer relationships continues to be a strong focus, especially in mature credit markets, such as the US and Canada.  Let’s revisit this topic, and start to dive deeper into the challenges we’ve seen, explore the core fundamentals for setting customer lending limits, and share a few best practices for creating successful cross-sell lending strategies. Historically, credit unions and banks have driven portfolio growth with aggressive out-bound marketing offers designed to attract new customers and members through loan acquisitions. These offers were typically aligned to a particular product with no strategy alignment between multiple divisions within the organization.  Further, when existing customers submitted a new request for credit, they were treated the same as incoming new customers with no reference to the overall value of the existing relationship. Today, however, financial institutions are looking to create more value from existing customer relationships to drive sustained portfolio growth by increasing customer retention, loyalty and wallet share. Let’s consider this idea further. By identifying the needs of existing customers and matching them to individual credit risk and affordability, effective cross-sell strategies that link the needs of the individual to risk and affordability can ensure that portfolio growth can be achieved while simultaneously increasing customer satisfaction and promoting loyalty. The need to optimize customer touch-points and provide the best possible customer experience is paramount to future performance, as measured by market share and long-term customer profitability. By also responding rapidly to changing customer credit needs, you can further build trust, increase wallet share and profitably grow your loan portfolios.  In the simplest sense, the more of your products a customer uses, the less likely the customer is to leave you for the competition. With these objectives in mind, financial organizations are turning towards the practice of setting holistic, customer-level credit lending parameters. These parameters often referred to as umbrella, or customer lending, limits. The challenges Although the benefits for enhancing existing relationships are clear, there are a number of challenges that bear to mind some important questions: How do you balance the competing objectives of portfolio loan growth while managing future losses? How do you know how much your customer can afford? How do you ensure that customers have access to the products they need when they need them What is the appropriate communication method to position the offer? Few credit unions or banks have lending strategies that differentiate between new and existing customers.  In the most cases, new credit requests are processed identically for both customer groups. The problem with this approach is that it fails to capture and use the power of existing customer data, which will inevitably lead  to suboptimal decisions.  Similarly, financial institutions frequently provide inconsistent lending messages to their clients. The following scenarios can potentially arise when institutions fail to look across all relationships to support their core lending and collections processes: Customer is refused for additional credit on the facility of their choice, whilst simultaneously offered an increase in their credit line on another. Customer is extended credit on a new facility whilst being seriously delinquent on another. Customer receives marketing solicitation for three different products from the same institution, in the same week, through three different channels. Essentials for customer lending limits and successful cross-selling By evaluating existing customers on a periodic (monthly) basis, financial institutions can holistically assess the customer’s existing exposure, risk and affordability. By setting customer level lending limits in accordance with these parameters, core lending processes can be rendered more efficient, with superior results and enhanced customer satisfaction. This approach can be extended to consider a fast-track application process for existing relationships with high value, low risk customers. Traditionally, business processes have not identified loan applications from such individuals to provide preferential treatment. The core fundamentals of the approach necessary for the setting of holistic customer lending (umbrella) limits include: The accurate evaluation of credit and default rise The calculation of additional lending capacity and affordability Appropriate product offerings for cross-sell Operational deployment Follow my blog series over the next few months as we explore the core fundamentals for setting customer lending limits, and share a few best practices for creating successful cross-sell lending strategies.

The average unscoreable consumer has a good job and a better-than-adequate credit profile. Sixty-one percent of unscoreable consumers hold professional level or skilled labor jobs, 30 percent have credit profiles that fall into the super prime/prime category and 20 percent are considered near-prime.

Each year, more than $1 billion is stolen from accounts at small and mid-sized banks across the U.S. and Europe. Unless the nature of the threat is recognized and addressed, this amount will only continue to grow. This week, we released of our latest webinar, Fraud Moving Downstream: Navigating Through the Rough Waters Ahead. Julie Conroy, research director at Aite Group and I team together to address this growing risk for regional and mid-sized banks, providing an overview of the current threat landscape and explain how the existing conditions are creating the perfect storm for fraudsters. Key topics discussed in this webinar include: How Regional Banks are Enhancing Online Offerings: Regional banks are responding to customer demand for more offerings, especially mobile banking options, which exposes them to new threats. The Rise in Sophisticated Fraud Attacks: Fraud rings and other new attack types (malware, man-in-the-middle, man-in-the-browser, etc.) are occurring at a higher rate than ever and pose serious threats to regional banks that lack strong, multi-layered defenses. Regional Banks’ Lack of Resources: Second and third tier banks have less manpower and less sophisticated solutions in place, which makes reviewing transactions and identifying repeat and cross-channel attacks incredibly difficult. You can access the on-demand webinar here. Also be sure to check out our infographic that illustrates this growing threat of fraud for small and mid-size banks, found here.

In today’s data driven world, information is king. So if you are not armed with the same information as your competitor or worse, experience a data breach, an information imbalance can occur that puts you at a disadvantage. In the public sector, an information imbalance is also known as an “asymmetric threat” and can dramatically threaten a country’s national security.  The most famous recent example of an asymmetric threat experienced by the United States is 9/11.  The 9/11 Commission Report found that the U.S. government had enough intelligence to reveal Al-Qaeda’s plot but due to a deficient process that prevented information to be connected and shared properly between its intelligence and national security departments, the U.S. was unable to stop Al-Qaeda’s horrific acts of terrorism.  These findings prompted the U.S. government to change how it collects, processes and analyzes information resulting in technical and behavioral modifications especially regarding cybersecurity issues.  In addition, in order to address the problems of information imbalances, the U.S. military devised a policy called “Information Superiority,” defined by The Department of Defense (DoD) as “the ability to develop and use information while denying an adversary the same capability.”  Basically, having access to more information than your enemy and possessing the ability to use that information to your advantage. The goal of achieving Information Superiority is to gather intelligence that can then be used to execute in ways that will put you in an advantageous position. The public sector’s adoption of Information Superiority can be duplicated in the private sector especially as businesses recognize the competitive edge of gathering information on their competition. By using the concept of Information Superiority, companies can adopt methods of gathering information and sharing it with the right people at the right time to create a competitive advantage.  Employing Information Superiority policies similar to the ones used in the public sector can also help businesses achieve important goals such as increasing profits and reducing costs because when executives have  access to consumer data and other forms of intellectual property, they can make better informed fiscal decisions.  Information Superiority can also help businesses optimize risk and reduce the impact of cyber-threats.  By identifying where their most sensitive data resides, companies can design data protection and security systems to ward off cybersecurity threats. These are just some examples to illustrate how Information Superiority can benefit the private sector. The bottom line is companies that proactively collect and use information to ward off threats, will ultimately outperform their competitors. Learn more about our Data Breach solutions

According to a recent survey that asked Americans about their understanding of credit scores 83 percent have checked their credit scores and nearly half (42 percent) want to improve credit scores, but don’t know how. Sixty-five percent of respondents indicated they consider their credit score when engaging in credit-related activities such as applying for a new card or skipping a payment. When it comes to gender and credit, women (68 percent) are more likely than men (61 percent) to consider their credit score before making credit usage decisions.