Ecommerce / Retail

Be warned. I’m a Philadelphia sports fan, and even after 13 months, I still relish in the only Super Bowl victory I’ve ever known as a fan. Having spent more than two decades in fraud prevention, I find that Super Bowl LII is coalescing in my mind with fraud prevention and lessons in defense more and more. Let me explain: It’s fourth-down-and-goal from the one-yard line. With less than a minute on the clock in the first half, the Eagles lead, 15 to 12. The easy option is to kick the field goal, take the three points and come back with a six-point advantage. Instead of sending out the kicking squad, the Eagles offense stays on the field to go for a touchdown. Broadcaster Cris Collingsworth memorably says, “Are they really going to go for this? You have to take the three!” On the other side are the New England Patriots, winners of two of the last three Super Bowls. Love them or hate them, the Patriots under coach Bill Belichick are more likely than any team in league history to prevent the Eagles from scoring at this moment. After the offense sets up, quarterback Nick Foles walks away from his position in the backfield to shout instructions to his offensive line. The Patriots are licking their chops. The play starts, and the ball is snapped — not to Foles as everyone expects, but to running back Corey Clement. Clement takes two steps to his left and tosses the ball the tight end Trey Burton, who’s running in the opposite direction. Meanwhile, Foles pauses as if he’s not part of the play, then trots lazily toward the end zone. Burton lobs a pass over pursuing defenders into Foles’ outstretched hands. This is the “Philly Special” — touchdown! Let me break this down: A third-string rookie running back takes the snap, makes a perfect toss — on the run — to an undrafted tight end. The tight end, who hasn’t thrown a pass in a game since college, then throws a touchdown pass to a backup quarterback who hasn’t caught a ball in any athletic event since he played basketball in high school. A play that has never been run by the Eagles, led by a coach who was criticized as the worst in pro football just a year before, is perfectly executed under the biggest spotlight against the most dominant team in NFL history. So what does this have to do with fraud? There’s currently an outbreak of breach-fueled credential stuffing. In the past couple of months, billions of usernames and passwords stolen in various high-profile data breaches have been compiled and made available to criminals in data sets described as “Collections 1 through 5.” Criminals acquire credentials in large numbers and attack websites by attempting to login with each set — effectively “stuffing” the server with login requests. Based on consumer propensity to reuse login credentials, the criminals succeed and get access to a customer account between 1 in 1,000 and 1 in 50 attempts. Using readily available tools, basic information like IP address and browser version are easy enough to alter/conceal making the attack harder to detect. Credential stuffing is like the Philly Special: Credential stuffing doesn’t require a group of elite all-stars. Like the Eagles’ players with relatively little experience executing their roles in the Philly Special, criminals with some computer skills, some initiative and the guts to try credential stuffing can score. The best-prepared defense isn’t always enough. The Patriots surely did their homework. They set up their defense to stop what they expected the Eagles to do based on extensive research. They knew the threats posed by every Eagle on the field. They knew what the Eagles’ coaches had done in similar circumstances throughout their careers. The defense wasn’t guessing. They were as prepared as they could have been. It’s the second point that worries me when I think of credential stuffing. Consumers reuse online credentials with alarming frequency, so a stolen set of credentials is likely to work across multiple organizations, possibly even yours. On top of that, traditional device recognition like cookies can’t identify and stop today’s sophisticated fraudsters. The best-prepared organizations feel great about their ability to stop the threats they’re aware of. Once they’ve seen a scheme, they make investments, improve their defenses, and position their players to recognize a risk and stop it. Sometimes past expertise won’t stop the play you can’t see coming.  

It’s the holiday season — time for jingle bells, lighting candles, shopping sprees and credit card fraud. But we’re prepared. Our risk analyst team constantly monitors our FraudNet solution performance to identify anomalies our clients experience as millions of transactions occur this month. At its core, FraudNet analyzes incoming events to determine the risk level and to allow legitimate events to process without causing frustrating friction for legitimate customers. That ensures our clients can recognize good customers across digital devices and channels while reducing fraud attacks and the need for internal manual reviews. But what happens when things don’t go as planned? Here’s a recent example. One of our banking clients noticed an abnormally high investigation queue after a routine risk engine tuning. Our risk analyst team looked further into the attacks to determine the cause and assess whether it was a tuning issue or a true fraud attack. After an initial analysis, the team learned that the events shared many of the same characteristics: Came from the same geo location that has been seen in previous attacks on clients Showed suspicious device and browser characteristics that were recognized by Experian’s device identification technology Identified suspicious patterns that have been observed in other recent attacks on banks The conclusion was that it wasn’t a mistake. FraudNet had correctly identified these transactions as suspicious. Experian® then worked with our client and recommended a strategy to ensure this attack was appropriately managed. This example highlights the power of device identification technology as a mechanism to detect emerging fraud threats, as well as link analysis tools and the expertise of a highly trained fraud analyst to uncover suspicious events that might otherwise go unnoticed. In addition to proprietary device intelligence capabilities, our clients take advantage of a suite of capabilities that can further enhance a seamless authentication experience for legitimate customers while increasing fraud detection for bad actors. Using advanced analytics, we can detect patterns and anomalies that may indicate a fraudulent identity is being used. Additionally, through our CrossCore® platform businesses can leverage advanced innovation, such as physical and behavioral biometrics (facial recognition, how a person holds a phone, mouse movements, data entry style), email verification (email tenure, reported fraud on email identities), document verification (autofill, liveliness detection) and digital behavior risk indicators (transaction behavior, transaction velocity), to further advance their existing risk mitigation strategies and efficacy.   With expanding partnerships and capabilities offered via Experian’s CrossCore platform, in conjunction with consultative industry expertise, businesses can be more confident during the authentication process to ensure a superb, frictionless customer experience without compromising security.

Your model is only as good as your data, right? Actually, there are many considerations in developing a sound model, one of which is data. Yet if your data is bad or dirty or doesn’t represent the full population, can it be used? This is where sampling can help. When done right, sampling can lower your cost to obtain data needed for model development. When done well, sampling can turn a tainted and underrepresented data set into a sound and viable model development sample. First, define the population to which the model will be applied once it’s finalized and implemented. Determine what data is available and what population segments must be represented within the sampled data. The more variability in internal factors — such as changes in marketing campaigns, risk strategies and product launches — and external factors — such as economic conditions or competitor presence in the marketplace — the larger the sample size needed. A model developer often will need to sample over time to incorporate seasonal fluctuations in the development sample. The most robust samples are pulled from data that best represents the full population to which the model will be applied. It’s important to ensure your data sample includes customers or prospects declined by the prior model and strategy, as well as approved but nonactivated accounts. This ensures full representation of the population to which your model will be applied. Also, consider the number of predictors or independent variables that will be evaluated during model development, and increase your sample size accordingly. When it comes to spotting dirty or unacceptable data, the golden rule is know your data and know your target population. Spend time evaluating your intended population and group profiles across several important business metrics. Don’t underestimate the time needed to complete a thorough evaluation. Next, select the data from the population to aptly represent the population within the sampled data. Determine the best sampling methodology that will support the model development and business objectives. Sampling generates a smaller data set for use in model development, allowing the developer to build models more quickly. Reducing the data set’s size decreases the time needed for model computation and saves storage space without losing predictive performance. Once the data is selected, weights are applied so that each record appropriately represents the full population to which the model will be applied. Several traditional techniques can be used to sample data: Simple random sampling — Each record is chosen by chance, and each record in the population has an equal chance of being selected. Random sampling with replacement — Each record chosen by chance is included in the subsequent selection. Random sampling without replacement — Each record chosen by chance is removed from subsequent selections. Cluster sampling — Records from the population are sampled in groups, such as region, over different time periods. Stratified random sampling — This technique allows you to sample different segments of the population at different proportions. In some situations, stratified random sampling is helpful in selecting segments of the population that aren’t as prevalent as other segments but are equally vital within the model development sample. Learn more about how Experian Decision Analytics can help you with your custom model development needs.

As our society becomes ever more dependent on everything mobile, criminals are continually searching for and exploiting weaknesses in the digital ecosystem, causing significant harm to consumers, businesses and the economy.  In fact, according to our 2018 Global Fraud & Identity Report, 72 percent of business executives are more concerned than ever about the impact of fraud. Yet, despite the awareness and concern, 54 percent of businesses are only “somewhat confident” in their ability to detect fraud. That needs to change, and it needs to change right away.  Our industry has thrived by providing products and services that root out bad transactions and detect fraud with minimal consumer friction. We continue to innovate new ways to authenticate consumers, apply new cloud technologies, machine learning, self-service portals and biometrics. Yet, the fraud issue still exists. It hasn’t gone away. How do we provide effective means to prevent fraud without inconveniencing everyone in the process? That’s the conundrum. Unfortunately, a silver bullet doesn’t exist. As much as we would like to build a system that can detect all fraud, eliminate all consumer friction, we can’t. We’re not there yet. As long as money has changed hands, as long as there are opportunities to steal, criminals will find the weak points – the soft spots.  That said, we are making significant progress. Advances in technology and innovation help us bring new solutions to market more quickly, with more predictive power than ever, and the ability to help clients to turn  these services on in days and weeks. So, what is Experian doing? We’ve been in the business of fraud detection and identity verification for more than 30 years. We’ve seen fraud patterns evolve over time, and our product portfolio evolves in lock-step to counter the newest fraud vectors. Synthetic identity fraud, loan stacking, counterfeit, identity theft; the specific fraud attacks may change but our solution stack counters each of those threats. We are on a continuous innovation path, and we need to be. Our consumer and small business databases are unmatched in the industry for quality and coverage, and that is an invaluable asset in the fight against fraud. It used to be that knowing something about a person was the same as authenticating that same person. That’s just not the case today. But, just because I may not be the only person who knows where I live, doesn’t mean that identity information is obsolete. It is incredibly valuable, just in different ways today. And that’s where our scientists come into their own, providing complex predictive solutions that utilize a plethora of data and insight to create the ultimate in predictive performance. We go beyond traditional fraud detection methods, such as knowledge-based authentication, to offer a custom mix of passive and active authentication solutions that improve security and the customer experience. You want the latest deep learning techniques? We have them. You want custom models scored in milliseconds alongside your existing data requests. We can do that. You want a mix of cloud deployment, dedicated hosted services and on-premise? We can do that too. We have more than 20 partners across the globe, creating the most comprehensive identity management network anywhere. We also have teams of experts across the world with the know how to combine Experian and partner expertise to craft a bespoke solution that is unrivaled in detection performance. The results speak for themselves: Experian analyzes more than a billion credit applications per year for fraud and identity, and we’ve helped our clients save more than $2 billion in annual fraud losses globally. CrossCore™, our fraud prevention and identity management platform, leverages the full breadth of Experian data as well as the data assets of our partners. We execute machine learning models on every decision to help improve the accuracy and speed with which decisions are made. We’ve seen CrossCore machine learning result in a more than 40 percent improvement in fraud detection compared to rules-based systems. Our certified partner community for CrossCore includes only the most reputable leaders in the fraud industry. We also understand the need to expand our data to cover those who may not be credit active. We have the largest and most unique sets of alternative credit data among the credit bureaus, that includes our Clarity Services and RentBureau divisions. This rich data helps our clients verify an individual’s identity, even if they have a thin credit file. The data also helps us determine a credit applicant’s ability to pay, so that consumers are empowered to pursue the opportunities that are right for them. And in the background, our models are constantly checking for signs of fraud, so that consumers and clients feel protected. Fraud prevention and identity management are built upon a foundation of trust, innovation and keeping the consumer at the heart of every decision. This is where I’m proud to say that Experian stands apart. We realize that criminals will continue to look for new ways to commit fraud, and we are continually striving to stay one step ahead of them. Through our unparalleled scale of data, partnerships and commitment to innovation, we will help businesses become more confident in their ability to recognize good people and transactions, provide great experiences, and protect against fraud.

Synthetic identities come from accounts held not by actual individuals, but by fabricated identities created to perpetrate fraud. It often starts with stealing a child’s Social Security number (SSN) and then blending fictitious and factual data, such as a name, a mailing address and a telephone number. What’s interesting is the increase in consumer awareness about synthetic identities. Previously, synthetic identity was a lender concern, often showing itself in delinquent accounts since the individual was fabricated. Consumers are becoming aware of synthetic ID fraud because of who the victims are — children. Based on findings from a recent Experian survey, the average age of child victims is only 12 years old. Children are attractive victims since fraud that uses their personal identifying information can go for years before being detected. I recently was interviewed by Forbes about the increase of synthetic identities being used to open auto loans and how your child’s SSN could be used to get a phony auto loan. The article provides a good overview of this growing concern for parents and lenders. A recent Javelin study found that more than 1 million children were victims of fraud. Most upsetting is that children are often betrayed by people close to them -- while only 7 percent of adults are victimized by someone they know, 60 percent of victims under 18 know the fraudster. Unfortunately, when families are in a tight spot financially they often resort to using their child’s SSN to create a clean credit record. Fraud is an issue we all must deal with — lenders, consumers and even minors — and the best course of action is to protect ourselves and our organizations.

Consumer confidence is nearing an 18-year high. Unemployment figures are at record lows. Retail spend is healthy, and expected to stay that way through the back-to-school and holiday shopping booms. Translation for credit card issuers? The swiping and spending continue. In fact, credit card openings were up 4% in the first quarter of 2018 compared to the same time last year, and card utilization is hovering around 20.5%. Even with the Fed’s gradual 2018 rate hikes, consumers are shopping. In a new Mintel report, outstanding credit card debt is now $1.03 trillion (as of the end of Q1, 2018), and the number of consumers with credit cards is growing fastest among people aged 18 to 34. In the retail card arena specifically, boomers and Gen X’ers are leading the charge, opening 45% and 27% of new retails cards, respectively. “A stronger economy always bodes well for credit cards,” said Kelley Motley, director of analytics for Experian. “Now is the time for card issuers to zero in on their most loyal consumers and ensure they are treating them with the right offers, rewards and premium benefits.” Consumer data reveals the top incentives when selecting a rewards-based card includes cash back, gas rewards and retail cards (including travel rewards and airfare). In fact, for younger consumers, offering rewards has proven to be the most effective way to get them to switch from debit to credit cards. Cash back was the most preferred reward for consumers aged 18 to 44 when asked about their motivation to apply for a new card. For individuals 45 and older, 0% interest was the top motivator. Of course, beyond credit card opens, the ideal is to engage with the consumers who are utilizing the card the most. From a segmentation standpoint, the loyal retail cardholder has an average VantageScore® credit score of 671 with an average total balance of $1,633. They use the card regularly and consistently make payments. Finding more loyalists is the goal and can be achieved with informed segmentation insights and targeted prescreen campaigns. On the flip side, insights can inform card issuers with data, helping them to avoid wasting marketing dollars on consumers who merely want to game a quick credit card offer and then close an account. A batch and blast marketing approach no longer works in the credit card marketing game. “Consumers expect you to know them and their financial needs,” said Paul DeSaulniers, senior director of Experian’s segmentation solutions. “The data exists and tells you exactly who to target and how to structure the offer – you just need to execute.”

Consumers and businesses alike have been hyper-focused on all things data over the past several months. From the headlines surrounding social media privacy, to the flurry of spring emails we’ve all received from numerous brands due to the recent General Data Protection Regulation (GDPR) going into effect in Europe, many are trying to assess the data “sweet spot.” In the financial services space, lenders and businesses are increasingly seeking to leverage enhanced digital marketing channels and methods to deliver offers and invitations to apply. But again, many want to know, what are the data rules and how can they ensure they are playing it safe in such a highly regulated environment. In an Experian-hosted webinar, Credit Marketing in the Digital Age, the company recently featured a team of attorneys from Venable LLP’s award-winning privacy and advertising practice. There’s no question today’s consumers expect hyper-targeted messages and user experiences, but with the number of data breaches on the rise, there is also the concern around data access. Who has my data? Is it safe? Are companies using it in the appropriate way? As financial services companies wrestle with the laws and consumer expectations, the Venable legal team provided a few insights to consider. While the digital delivery channels may be new, the underlying credit product remains the same. A prescreened offer is a prescreened offer, and an application for credit is still an application for credit. The marketing of these and other credit products is governed by an array of pre-existing laws, regulations, and self-regulatory principles that combine to form a unique compliance framework for each of the marketing channels. Adhere to credit regulations, but build in enhanced policies and technological protocols with digital delivery. With digital delivery of the offer, lenders should be thinking about the additional compliance aspects attached to those varying formats. For example, in the case of digital display advertising, you should pay close attention to ensuring delivery of the ad to the correct consumer, with suitable protections in place for sharing data with vendors. Lenders and service providers also should think about using authentication measures to match the correct consumer with a landing page containing the firm offer along with the appropriate disclosures and opt-outs. Strong compliance policies are important for all participants in this process. Working with a trusted vendor that has a commitment to data security, compliance by design, and one that maintains an integrated system of decisioning and delivery, with the ability to scrub for FCRA opt-outs, is essential. Consult your legal, risk and compliance teams. The digital channels raise questions that can and must be addressed by these expert audiences. It is so important to partner with service providers that have thought this through and can demonstrate a compliance framework. Embrace the multitude of delivery methods. Yes, there are additional considerations to think about to ensure compliance, but businesses should seek opportunities to reach their consumers via email, text, digital display and beyond. Also, digital credit offers need not replace mail and phone and traditional channels. Rather, emerging digital channels can supplement a campaign to drive the response rates higher. In Mary Meeker’s annual tech industry report, she touched on a phenomenon called the “privacy paradox” in which companies must balance the need to personalize their products and services, but at the same time remain in good favor with consumers, watchdog groups and regulators. So, while financial services players have much to consider in the regulatory space, the expectation is they embrace the latest technology advancements to interact with their consumers. It can be done and the delivery methods exist today. Just ensure you are working with the right partners to respect the data and consumer privacy laws.  

With delinquencies on the rise, financial institutions are looking for new tools to evaluate and improve the financial lives of customers and members. As the consumer’s bureau, Experian is also committed to improving the financial well-being of consumers. As part of that commitment, Experian supports the mission of the Center for Financial Services Innovation (CFSI), an organization focused on improving the financial health of Americans, especially the underserved, through innovative financial products and services.    Experian recently spoke with CFSI’s Thea Garon, a Director on CFSI’s Program Team to learn more about a new free, open-source tool the organization will be launching in June to help financial institutions drive consumer financial health. Here are some insights she shared about the new tool. Can you provide an overview of the CFSI Financial Health Score™ and how it is calculated? The CFSI Financial Health Score™ is designed to help financial service providers, employers, and other organizations diagnose and measure the financial health of their customers, clients, and employees. The framework provides a holistic, moment-in-time snapshot of an individual’s financial health based on eight multiple-choice questions that align with CFSI’s eight indicators of financial health. It includes one Financial Health Score and four sub-scores (Spend, Save, Borrow, and Plan). A set of nationally representative benchmarks offers comparisons across peer groups. CFSI has designed the framework to be free, open-source, simple, and easy-to-use. It’s intended to be a starting point; a proof point that financial health can be quantified, measured, and ultimately improved. Why did CFSI decide to develop this framework? At CFSI, we believe, and have recently released research to support the concept that financial institutions have a business incentive to help their customers lead financially healthy lives. Financial health comes about when your daily financial systems allow you to be resilient and pursue opportunities over time. As a financial service provider, you can help your customers lead financially healthy lives by helping them spend wisely, build savings, borrow responsibly, and plan for the future. To do this, you need a measurement framework to understand and track your customers’ financial health over time. The CFSI Financial Health Score™ is one way to do this. You can use the methodology to diagnose your customers’ financial needs and use these insights to develop products, programs, and solutions to help them improve their financial health over time. You can also share financial health scores directly with your customers to help them understand the actions they can take to improve their own financial health. Ongoing tracking will allow you to assess whether your company is making a meaningful difference in your customers’ lives over time. Can you provide any early examples of how CFSI Health Network members have adopted and incorporated this framework? Approximately 100 financial service providers have downloaded the framework, representing a diverse range of companies, including banks, credit unions, fintechs, non-profits, payment networks, and B2B technology providers. At least 14 companies are actively using the Financial Health Score to measure and track their customers’ financial health and have committed to sharing data and insights with us through CFSI’s Financial Health Leaders program. Some companies, are using the framework to assess their customers’ financial health for strategic planning purposes. Other companies, such as Wright-Patt Credit Union, are using the financial health score to engage their customers in a dialogue about financial health. The credit union has incorporated the framework into their MoneyMagnifier program, a financial coaching program designed to provide free, one-on-one advice and guidance to members in a judgment-free environment. Financial coaches have been trained to use the framework to start a conversation with members to help them improve their spending, saving, borrowing, and planning behaviors. Coaches help members set goals and develop personalized action plans to achieve those goals toward a better financial future, following up with them after six months to measure improvement and advance the conversation. What have you learned from companies who have started measuring and improving their customers’ financial health with the CFSI Financial Health Score™? While interest in advice is high, uptake can be slow. Making the interaction quick and easy, whether online or in person, is critical. The health check lengthens the interaction, so conducting the health check by appointment rather than with walk-in customers, can help set customer expectations for a lengthier interaction, but may reduce the number of potential participants. Enabling customers to expedite the session by taking the survey online can be helpful, but requires development resources to implement. Many companies are exploring the pros and cons of sharing customers’ scores with them. A single score can help motivate individuals to take action that will improve their financial well-being. However, sharing a low score can also be demoralizing to some, and focusing on the number itself can divert attention from behavioral changes and action steps. Some organizations are choosing to use customers’ response patterns to drive recommendations without sharing the score. Others are opting for a middle ground, sharing an indicator (such as green, yellow, red) instead of a specific number. The most effective measurement and improvement strategies go beyond the CFSI Financial Health Score™. While the framework can help you get started identifying high-level needs, targeted recommendations often require a more nuanced understanding of behaviors and challenges. Combining survey data with account or transaction data can provide a more holistic view into a customer’s full financial life. Each organization must find a balance between the comprehensiveness required to provide meaningful advice and the simplicity required to engage both customers and staff. How can interested companies start using the CFSI Financial Health Score™? We will be publicly releasing the CFSI Financial Health Score™ at the EMERGE: Financial Health Forum (June 6 -8 in Los Angeles). The score will be easy to download and completely free to use. Those who are interested in learning more can also sign up for our newsletter to get an update when the Toolkit is released.

The second full day of Experian Vision 2018 kicked off with an inspirational message from keynote speakers Capt. Mark Kelly and Former Congresswomen Gabby Giffords, rolled into a series of diverse breakout sessions, and concluded with Super Bowl-winning quarterback Aaron Rodgers sharing tales of sports, leadership and winning. Need a recap of some of the headlines from the day? Here you go ... Retail Apocalypse? Not so fast alarmists. Yes, there are media headlines around mergers, closings and consumers adopting new ways to shop, but let me give you three reasons as to why the retail sky is not falling. There were more store openings last year than closings, and that trend is expected to continue this year with an estimated 5,500 openings by December. There continues to be a positive sales trajectory. E-commerce sales are increasing. Big department stores have seen pains, but if brands are focused on connection, relevance and convenience, there is hope. Consumers continue to spend. Subprime auto bubble? Nope. Malinda Zabritski, Sr. Director of Experian Automotive Sales, says the media likes to fixate on the subprime, but subprime financing has been on the decline, reaching record lows. Deep subprime is at .65%. Additionally, delinquency rates have also tapered. The real message? Consumers are relying on auto lenders for financing, largely due to consumer preferences to lease. The market is healthy, and while it has slowed slightly, the market is still at 7% year-over-year growth. Consumer-permissioned data is not just a value-add for thin-file consumers. Take for instance the inclusion of demand deposit accounts (DDAs). David Shellenberger, Sr. Director of Scoring and Predictive Analytics for FICO, says people who have had long relationships with their checking accounts tend to be more stable and generally sport higher credit scores. Consumers with thick, mature files can also benefit with DDA data. Consumer-permissioned data is not just about turning a “no” to a “yes.” It can also take a consumer from near-prime to prime, or from prime to super-prime. Would you want to make a credit decision with less information or more? This was the question Paul DeSaulniers, Experian Sr. Director of Product, posed to the audience as he kicked off the session on alternative data. With an estimated 100 million U.S. consumers falling below “thick-file” credit status, there is a definite need to learn more about these individuals. By leveraging alternative credit data – like short-term lending product use, rental data, public records and consumer-permissioned data – a more holistic view of these consumers is available. A few more facts: While alternative finance users tend to be more subprime, 20% are prime or better. A recent data pull revealed 20% of approved credit card users also had alternative finance data on them as well. About 2/3 of households headed by young adults are rentals. Imagine a world where the mortgage journey takes only seven to 10 days. With data and technology, we are closer than you think. Future products are underway that could master the underwriting phase in just one day, leaving the remaining days dedicated for signing disclosures, documents and wiring funds. Processes need to be firmed up, but a vision has been set. The average 30- to 45-day mortgage journey could soon be a distant memory. 97% of online banking applications that are started are abandoned. Why? Filling out lengthy forms, especially on a mobile device, is not fun. New technology, such as Experian’s Instant Form Fill, is allowing consumers to provide a name, zip and last four numbers of their social security number for an instant form fill of the rest of the application. Additionally, voice assistants are expected to increasingly facilitate research on purchases big and small. A recent study revealed nearly half of consumers perceive voice assistants to be useful. Businesses have more fraud losses than ever before. Not surprising. What is scary? An estimated 54% of businesses said they are not confident in their ability to detect fraud. Another session reported that approximately 20% of credit charge-offs are synthetic IDs, a growing pain point for all businesses. Consumers, on the other hand, say they “want visible signs of security” and “no friction.” Tough to balance, but those are today’s expectations. More Vision 2018 insights can be accessed on #ExperianVision twitter feed. Vision 2019 will be in San Antonio, Texas next May 5-8.

The traditional credit score has ruled the financial services space for decades, but it‘s clear the way in which consumers are managing their money and credit has evolved. Today’s consumers are utilizing different types of credit via various channels. Think fintech. Think short-term loans. Think cash-checking services and payday. So, how do lenders gain more visibility to a consumer’s credit worthiness in 2018? Alternative credit data has surfaced to provide a more holistic view of all consumers – those on the traditional file and those who are credit invisibles and emerging. In an all-new report, Experian dives into “The State of Alternative Credit Data,” providing in-depth coverage on how alternative credit data is defined, regulatory implications, consumer personas attached to the alternative financial services industry, and how this data complements traditional credit data files. “Alternative credit data can take the shape of alternative finance data, rental, utility and telecom payments, and various other data sources,” said Paul DeSaulniers, Experian’s senior director of Risk Scoring and Trended/Alternative Data and attributes. “What we’ve seen is that when this data becomes visible to a lender, suddenly a much more comprehensive consumer profile is formed. In some instances, this helps them offer consumers new credit opportunities, and in other cases it might illuminate risk.” In a national Experian survey, 53% of consumers said they believe some of these alternative sources like utility bill payment history, savings and checking account transactions, and mobile phone payments would have a positive effect on their credit score. Of the lenders surveyed, 80% said they rely on a credit report, plus additional information when making a lending decision. They cited assessing a consumer’s ability to pay, underwriting insights and being able to expand their lending universe as the top three benefits to using alternative credit data. The paper goes on to show how layering in alternative finance data could allow lenders to identify the consumers they would like to target, as well as suppress those that are higher risk. “Additional data fields prove to deliver a more complete view of today’s credit consumer,” said DeSaulniers. “For the credit invisible, the data can show lenders should take a chance on them. They may suddenly see a steady payment behavior that indicates they are worthy of expanded credit opportunities.” An “unscoreable” individual is not necessarily a high credit risk — rather they are an unknown credit risk. Many of these individuals pay rent on time and in full each month and could be great candidates for traditional credit. They just don’t have a credit history yet. The in-depth report also explores the future of alternative credit data. With more than 90 percent of the data in the world having been generated in just the past five years, there is no doubt more data sources will emerge in the coming years. Not all will make sense in assessing credit decisions, but there will definitely be new ways to capture consumer-permissioned data to benefit both consumer and lender. Read Full Report

Experian’s annual Vision Conference kicks off on Sunday to a sold-out crowd in Scottsdale, Ariz., bringing together some of the industry’s top thought leaders in financial services, technology, data science and information security. The conference, now in its 37th year, will run through Tuesday evening and showcase 55-plus breakout sessions and several all-star keynotes. “We take great pride in offering our guests the cutting-edge data and insights they need to keep advancing and evolving their own businesses,” said Reshma Peck, Experian’s senior vice president of marketing. “But what makes Vision really special is the networking and collaboration we witness throughout the conference – leaders connect and leave inspired – ready to make strides in a world that is evolving at breakneck speed.” A few session spotlights include: A look at data visualization tools and the ability to access anonymized credit data on 220 million U.S. credit consumers A deep dive into machine learning and artificial intelligence, showcasing how advancements in technology are improving credit risk scores and fraud detection Multiple breakouts on trends attached to Milliennials, Gen Z, the economy, automotive finance, small business performance and fraud How alternative credit data is providing deeper insights to uncover opportunities with both thin-file and thick-file credit consumers Digital credit advancements in mobile, voice and targeting. Beyond the traditional breakouts, featured speakers will punctuate each day. On Monday, Dr. Janet Yellen, former chair of the Federal Reserve, will deliver one of her first speeches since retiring her influential role in February 2018. On Tuesday, Gabby Giffords and Captain Mark Kelly will take the stage to talk about the importance of community, service and perseverance. Finally, NFL Quarterback Aaron Rodgers will share leadership lessons and sports highlights on Tuesday afternoon. An exclusive Tech Showcase will additionally run throughout the conference, delivering first-hand demos for participants to experience the latest in technology tools associated with fraud, voice and data analytics and access. Stats, insights and event highlights will be shared on multiple social media platforms throughout the three-day conference. Follow along with #ExperianVision.

With 16.7 million reported victims of identity fraud in 2017 (that’s 6.64 percent of the U.S. population), it was another record year for the number of fraud victims. And as online and mobile transaction growth continued to significantly outpace brick-and-mortar growth, criminal attacks also grew rapidly. This past year, we saw an increase of more than 30 percent in e-commerce fraud attacks compared with 2016. As we’ve done over the past three years, Experian® analyzed millions of online transactions to identify fraud attack rates for both shipping and billing locations across the United States. We looked at several data points, including geography and IP address, to help businesses better understand how and where fraud is being perpetrated so they can better protect against it. The 2017 e-commerce fraud attack rate analysis shows: Delaware and Oregon continue to be the riskiest states for both billing and shipping fraud. Delaware; Oregon; Washington, D.C.; Florida; and Georgia are the top five riskiest states for billing fraud. Delaware, Oregon, Florida, New York and California are the top five riskiest states for shipping fraud, accounting for 50 percent of total fraud attacks. South El Monte, Calif., is the riskiest city overall, with an increase in shipping fraud of approximately 230 percent. Shipping fraud most often occurs near major airports and seaports due to reshippers and freight forwarders that receive domestic goods and often send them overseas. When a transaction originates from an international IP address, shipping fraud is 6.7 times likelier than the average, while billing fraud becomes 7.1 times likelier. Where is e-commerce fraud happening? Typically, the highest-risk areas for fraud are in ZIP™ codes and cities near large ports of entry or airports. These are ideal locations to reship fraudulent merchandise, enabling criminals to move stolen goods more effectively. Top 10 riskiest billing ZIP™ codes   Top 10 riskiest shipping ZIP™ codes 97252 Portland, OR 97079 Beaverton, OR 33198 Miami, FL 33122 Miami, FL 33166 Miami, FL 91733 South El Monte, CA 33122 Miami, FL 97251 Portland, OR 77060 Houston, TX 97250 Portland, OR 33195 Miami, FL 33166 Miami, FL 97250 Portland, OR 97252 Portland, OR 97251 Portland, OR 33198 Miami, FL 33191 Miami, FL 33195 Miami, FL 97253 Portland, OR 33192 Miami, FL Source: Experian.com Source: Experian.com     What’s more, many of the riskiest ZIP™ codes and cities experience a high volume of transactions originating from international IP addresses. In fact, the top 10 riskiest ZIP codes overall tend to experience fraudulent activity from numerous countries overseas, including China, Venezuela, Taiwan and Hong Kong, and Argentina. These fraudsters tend to implement complex fraud schemes that can cost businesses millions of dollars in fraud losses. Additionally, the analysis shows that traffic coming from a proxy server — which could originate from domestic and international IP addresses — is 74 times riskier than the average transaction. The problem The increase in e-commerce fraud attacks shouldn’t come as a huge surprise. The uptick in data breaches, merchants’ continued adoption of EMV-enabled terminals to protect against counterfeit card fraud and the abundance of consumer data on the dark web means that information is even more accessible to criminals. This enables them to open fraudulent accounts, take over legitimate accounts and submit fraudulent transactions. Another reason for the increase is automation. In the past, criminals needed a strong understanding of fraud methods and technology, but they can now bring down an entire organization by simply downloading a file and automating the submission of thousands of applications or transactions simultaneously. Since fraudsters need to make these transactions appear as normal as possible, they often leverage the cardholder’s actual billing details with slight differences, such as e-mail address or shipping location. Unfortunately, the mass availability of compromised data and the abundance of fraudsters makes it increasingly challenging to identify and separate legitimate customers from attackers across the country. Because of the widespread prevalence of fraud and data compromises, we don’t see billing fraud concentrated in just one region of the country. In fact, the top five states for billing fraud make up only about 18 percent of overall fraud attacks.   Top 5 riskiest billing fraud states   Top 5 riskiest shipping fraud states State Fraud attack rate State Fraud attack rate Delaware 93.4 Delaware 195.9 Oregon 86.1 Oregon 170.1 Washington, D.C. 46.5 Florida 45.1 Florida 39.2 New York 37.3 Georgia 31.5 California 32.6 Source: Experian.com Source: Experian.com   Prevention and protection need to be the priority As businesses get a better understanding of how and where fraud is perpetrated, they can implement proactive strategies to detect and prevent attacks, as well as protect payment information. While no one single strategy can address the entire scope of fraud, there are advanced data sets and technology — such as device intelligence, behavioral and physical biometrics, document verification and entity resolution — that can help businesses make better fraud decisions.   Fortunately, consumers can also play a major role in safeguarding their information. In addition to regularly checking their credit reports and bank/credit card statements for fraudulent activity, consumers can limit the data they share on social networking sites, where attackers often begin when perpetrating identity fraud.   While we continue to help both organizations and consumers limit their exposure to e-commerce fraud, we anticipate that criminals will attempt more sophisticated fraud schemes. But businesses can stay ahead of the curve. This comes down to having a keen understanding of how fraud is being perpetrated, as well as leveraging data, technology and multiple layered strategies to better recognize legitimate customers and make more precise fraud decisions. View our e-commerce fraud heat map and download the top 100 riskiest ZIP codes in the United States. Experian is a nonexclusive full-service provider licensee of the United States Postal Service®. The following trademark is owned by the United States Postal Service®: ZIP. The price for Experian’s services is not established, controlled or approved by the United States Postal Service.

Managing your customer accounts at the identity level is ambitious and necessary, but possible Identity-related fraud exposure and losses continue to grow. The underlying schemes have elevated in complexity. Because it’s more difficult to perpetrate “card present” fraud in the post–chip-and-signature rollout here in the United States, bad guys are more motivated and getting better at identity theft and synthetic identity attacks. Their organized nefarious response takes the form of alternate attack vectors and methodologies — which means you need to stamp out any detected exposure point in your fraud prevention strategies as soon as it’s detected. Experian’s recently published 2018 Global Fraud and Identity Report suggests two-thirds, or 7 out of every ten, consumers want to see visible security protocols when they transact. But an ever-growing percentage of them, fueled in no small part by those tech-savvy millennials, expect to be recognized with little or no friction. In fact, 42 percent of the surveyed consumers who stated they would do more transactions online if there weren’t so many security hurdles to overcome were — you guessed it — millennials. So how do you implement identity and account management procedures that are effective and, in some cases, even obvious while being passive enough to not add friction to the user experience? In other words, from the consumer’s perspective, “Let me know you know me and are protecting me but not making it too difficult for me when I want to access or manage my account.” Let’s get one thing out of the way first. This isn’t a one-time project or effort. It is, however, a commitment to the continued informing of your account management strategies with updated identity intelligence. You need to make better decisions on when to let a low-risk account transaction (monetary or nonmonetary) pass and when to double down a bit and step up authentication or risk assessment checks. I’d suggest this is most easily accomplished through a single, real-time access point to myriad services that should, at the very least, include: Identity verification and reverification checks for ongoing reaffirmation of your customer identity data quality and accuracy. Know Your Customer program requirements, anyone? Targeted identity risk scores and underlying attributes designed to isolate identity theft, first-party fraud and synthetic identity. Fraud risk comes in many flavors. So must your analytics. Device intelligence and risk assessment. A customer identity is no longer just their name, address, Social Security number and date of birth. It’s their phone number, email address and the various devices they use to access your services as well. Knowing how that combination of elements presents itself over time is critical. Layered passive or more active authentication options such as document verification, biometrics, behavioral metrics, knowledge-based verification and alternative data sources. Ongoing identity monitoring and proactive alerting and segmentation of customers whose identity risk has shifted to the point of required treatment. Orchestration, workflow and decisioning capabilities that allow your team to make sense of the many innovative options available in customer recognition and risk assessment — without a “throw the kitchen sink at this problem” approach that will undoubtedly be way too costly in dollars spent and good customers annoyed. Fraud attacks are dynamic. Your customers’ perceptions and expectations will continue to evolve. The markets you address and the services you provide will vary in risk and reward. An innovative marketplace of identity management services can overwhelm. Make sure your strategic identity management partner has good answers to all of this and enables you to future-proof your investments.

Millions of Americans placed a credit freeze or restricted access to their credit file in recent months to keep identity thieves at bay. Credit freezes keep any new creditors from seeing a consumer’s credit file, which makes it nearly impossible for hackers to open new accounts fraudulently. But a credit freeze can also be problematic for consumers when they are finally ready to consider new credit products and loans.  We’ve heard from credit unions and other lenders about sharing best practices to help streamline the process for consumers who want to permanently or temporarily lift the freeze to apply for a legitimate line of credit. Following are the three ways to help clients with a frozen Experian report quickly and efficiently allow access. Unfreeze account: This will remove the freeze entirely from the consumer’s credit report so that it may be accessed with the consumer’s permission. To do this, the consumer will need to contact Experian online, by phone or mail and provide his unique personal identification number (PIN) code—provided when the consumer froze his account—to un-freeze the report. Thaw account: An action that will temporarily remove the freeze for a timeframe determined by the consumer. The consumer should contact Experian online, by phone, or mail and provide his unique PIN code to thaw the report. Grant a creditor one-time access: A consumer may provide a different/temporary PIN to a lender to access the report just once. The PIN can be emailed to the consumer, presented on screen if the consumer is online, or provided on the phone or by mail. Typically, a consumer’s request to thaw or un-freeze his credit file online or by phone will thaw or un-freeze the file within minutes. Download Checklist Experian can be reached: Online: www.experian.com/freeze Phone: 888-397-3742 Mail: P.O. Box 9554, Allen, Texas 75013 Remember, if a consumer has a frozen credit file with all three credit reporting agencies, he will need to contact each agency to enable access to his report.

June 2018 will mark the one-year anniversary of the National Institute of Standards and Technology (NIST) release of Special Publication 800-63-3, Digital Identity Guidelines. While federal agencies are the most directly impacted, this guidance signals a seismic shift in identity proofing across the entire ecosystem of consumers, private sector businesses and public sector agencies. It’s the clearest claim I’ve seen to date that traditional, and rather basic, personally identifiable information (PII) verification should no longer be trusted for remote user interaction. For those of us in the fraud and identity space, this isn’t a new revelation, but one we as an industry have been dealing with for years. As the data breach floodgates continue to be pushed further open, PII is a commodity for the fraudsters, evident in PII prices on the dark web, which are often lower than your favorite latte. Identity-related schemes have increased due to fraud attacks shifting away from card compromise (due to the U.S. rollout of chip-and-signature cards), double-digit growth in online and mobile consumer channels, and high-profile fraud events within both the public and private sector. It’s no shock that NIST has taken a sledgehammer to previous guidance around identity proofing and replaced it with an aggressive and rather challenging set of requirements seemingly founded in the assumption that all PII (names, addresses, dates of birth, Social Security numbers, etc.) is either compromised or easily can be compromised in the future. So where does this leave us? I applaud the pragmatic approach to the new NIST standards and consider it a signal to all of us in the identity marketplace. It’s aggressive and aspirational in raising the bar in identity proofing and management. I welcome the challenge in serving our public sector clients, as we have done for nearly a decade. Our innovative approach to layered levels of identity verification, validation, risk assessment and monitoring adhere to the recommendations of the new NIST standards. I do, however, recommend that any institution applying these standards to their own processes and applications ensure they place equal focus on comparable alternatives for those addressable populations and users who are likely to either opt out of, or fail, initial verification steps stringently aligned with the new requirements. While too early to accurately forecast, it’s relatively safe to assume that the percentage of the population “falling out of the process” may easily be counted in the double digits. It’s only through advanced analytics and technology reliant on a significant breadth and depth of identity data and observations that we can provide trust and confidence across such a diverse population in age, demographics, expectations and access.