Financial Services

By: Kennis Wong As I said in my last post, when consumers and the media talk about fraud and fraud risk, they are usually referring to third-party frauds. When financial institutions or other organizations talk about fraud and fraud best practices, they usually refer to both first- and third-party frauds. The lesser-known fraud cousin, first-party fraud, does not involve stolen identities. As a result, first-party fraud is sometimes called victimless fraud. However, being victimless can’t be further from the truth. The true victims of these frauds are the financial institutions that lose millions of dollars to people who intentionally defraud the system. First-party frauds happen when someone uses his/her own identity or a fictitious identity to apply for credit without the intention to fulfill their payment obligation. As you can imagine, fraud detection of this type is very difficult. Since fraudsters are mostly who they say they are, you can’t check the inconsistencies of identities in their applications. The third-party fraud models and authentication tools will have no effect on first-party frauds. Moreover, the line between first-party fraud and regular credit risk is very fuzzy. According to Wikipedia, credit risk is the risk of loss due to a debtor's non-payment of a loan or other line of credit. Doesn’t the definition sound similar to first-party fraud? In practice, the distinction is even blurrier. That’s why many financial institutions are putting first-party frauds in the risk bucket. But there is one subtle difference: that is the intent of the debtor.  Are the applicants planning not to pay when they apply or use the credit?  If not, that’s first-party fraud. To effectively detect frauds of this type, fraud models need to look into the intention of the applicants.

Analysis opportunity for vintage analysis Vintage analysis, specifically vintage pools, present numerous useful opportunities for any firm seeking to further understand the risks within specific portfolios. While most lenders have relatively strong reporting and metrics at hand  for their own loan portfolio monitoring...these to understand the specific performance characteristics of their own portfolios -- the ability to observe trends and benchmark against similar industry characteristics can enhance their insights significantly. Assuming that a lender possesses the vintage data and vintage analysis capability necessary to perform benchmarking on its portfolio, the next step is defining the specific metrics upon which any comparisons will be made. As mentioned in a previous posting, three aspects of vintage performance are often used to define these points of comparison: Vintage delinquency including charge-off curves, which allows for an understanding of the repayment trends within each pool. Specifically, standard delinquency measures (such as 30+ Days Past Due (DPD), 60+ DPD, 90+ DPD, and charge-off rates) provide measures of early and late stage delinquencies in each pool. Payoff trends, which reflect the pace at which pools are being repaid. While planning for losses through delinquency benchmarking is a critical aspect of this process, so, too, is the ability to understand pre-repayment tendencies and trends. Pre-payment can significantly impact cash-flow modeling and can add insight to interest income estimates and loan duration calculations. As part of the Experian-Oliver Wyman Market Intelligence Reports, these metrics are delivered each quarter, and provide a consistent, static pool base upon which vintage benchmarks can be conducted. Clearly, this is a rather simplified perspective on what can be a very detailed analysis exercise. A properly conducted vintage analysis needs to consider aspects such as: lender portfolio mix at origination; lender portfolio footprint at origination; lender payoff trends and differences from benchmarked industry data in order to properly balance the benchmarked data against the lender portfolio.

By: Kennis Wong When consumers and the media talk about fraud and fraud risk, nine out of ten times they are referring to third-party frauds. When financial institutions or other organizations talk about fraud, fraud best practices, or their efforts to minimize fraud, they usually refer to both first- and third-party frauds. The difference between the two fraud types is huge. Third-party frauds happen when someone impersonates the genuine identity owner to apply for credit or use existing credit. When it’s discovered, the victim, or the genuine identity owner, may have some financial loss -- and a whole lot of trouble fixing the mess. Third-party frauds get most of the spotlight in newspaper reporting primarily because of large-scale identity data losses. These data losses may not result in frauds per se, but the perception is that these consumers are now more susceptible to third-party frauds. Financial institutions are getting increasingly sophisticated in using fraud models to detect third-party frauds at acquisition. In a nutshell, these fraud models are detecting frauds by looking at the likelihood of applicants being who they say they are. Institutions bounce the applicants’ identity information off of internal and external data sources such as: credit; known fraud; application; IP; device; employment; business relationship; DDA; demographic; auto; property; and public record. The risk-based approach takes into account the intricate similarities and discrepancies of each piece of data element. In my next blog entry, I’ll discuss first-party fraud.

By: Ken Pruett I find it interesting that the media still focuses all of their attention on identity theft when it comes to credit-related fraud.  Don’t get me wrong.  This is still a serious problem and is certainly not going away any time soon.  But, there are other types of financial fraud that are costing all of us money, indirectly, in the long run.  I thought it would be worth mentioning some of these today. Although third party fraud, (which involves someone victimizing a consumer), gets most of the attention, first party fraud (perpetrated by the actual consumer) can be even more costly.  “Never pay” and “bust out” are two fraud scenarios that seem to be on the rise and warrant attention when developing a fraud prevention program. Never Pay A growing fraud problem that occurs during the acquisition stage of the customer life cycle is “never pay”.  This is also classified as first payment default fraud.  Another term we often hear to describe this type of perpetrator is “straight roller”. This type of fraudster is best described as someone who signs up for a product or service -- and never makes a payment. This fraud problem occurs when a consumer makes an application for a loan or credit card. The consumer provides true identification information but changes one or two elements (such as the address or social security number).  He does this so that he can claim later that he did not apply for the credit.  When he’s granted credit, he often makes purchases close to the limit provided on the account.  (Why get the 32 inch flat screen TV when the 60 inch is on the next store shelf -- when you know you are not going to pay for it anyway?) These fraudsters never make any payments at all on these accounts. The accounts usually end up in collections. Because standard credit risk scores look at long term credit, they often are not effective in predicting this type of fraud.  The best approach is to use a fraud model specifically targeted for this issue. Bust Out Fraud Of all the fraud scenarios, bust out fraud is one of the most talked about topics when we meet with credit card companies.  This type of fraud occurs during the account management phase of the customer lifecycle.  It is characterized by a person obtaining credit, typically a loan or credit card, and maintaining a good credit history with the account holder for a reasonable period of time.  Just prior to the bust out point, the fraudster will pay off the majority of the balance, often by using a bad check.  She will then run the card up close to the limit again -- and then disappear. Losses for this type of fraud are higher than average credit card losses.  Losses between 150 to 200 percent of the credit limit are typical.  We’ve seen this pattern at numerous credit card institutions across many of their accounts. This is a very difficult type of fraud to prevent. At the time of application, the customer typically looks good from a credit and fraud standpoint.  Many companies have some account management tools in place to help prevent this type of fraud, but their systems only have a view into the one account tied to the customer.  A best practice for preventing this type of fraud is to use tools that look at all the accounts tied to the consumer -- along with other metrics such as recent inquiries.  When taking all of these factors into consideration, one can better predict this growing fraud type.  

By: Heather Grover In my previous blog, I covered top of mind issues that our clients are challenged with related to their risk based authentication efforts and fraud account management. My goal in this blog is to share many of the specific fraud trends we have seen in recent months, as well as those that you – our clients and the industry as a whole – are experiencing.  Management of risk and strategies to minimize fraud is on your mind. 1. Migration of fraud from Internet to call centers - and back again. Channel specific fraud is nothing new. Criminals prefer non-face-to-face channels because they can preserve anonymity, while increasing their number of attempts. The Internet has been long considered a risky channel, because many organizations have built defenses around transaction velocity checks, IP address matching and other tools. Once fraudsters were unable to pass through this channel, the call center became the new target, and path of least resistance. Not surprisingly, once the industry began to address the call center, fraud began to migrate, yet again. Increasingly we hear that the interception and compromise of online credentials due to keystroke loggers and other malware is on the rise. 2. Small business fraud on the rise. As the industry has built defenses in their consumer business, fraudsters have again migrated -- this time to commercial products. Historically, small business has not been a target for fraud, which is changing. We see and hear that, while similar to consumer fraud in many ways, small business fraud is often more difficult to detect many times due to “shell businesses” that are established. 3. Synthetic ID becoming less of an issue.  As lenders tighten their criteria, not only are they turning down those less likely to pay, but their higher standards are likely affecting Synthetic ID fraud, which many times creates identities with similar characteristics that mirror “thin file” consumers. 4. Family fraud continues. We have seen consumers using the identities of members of their family in an attempt to gain and draw down credit. These occurrences are nothing new, but   sadly this continues in the current economic environment. Desperate parents use their children’s identities to apply for new credit, or other family may use an elderly person’s dormant accounts with a goal of finding a short term lifeline in a bad credit situation. 5. Fraud increasing from specific geographic regions. Some areas are notorious for perpetrating fraud – not too long ago it was Nigeria and Russia. We have seen and are hearing that the new hot spots are Vietnam and other Eastern Europe countries that neighbor Russia. 6. Falsely claiming fraud. There has been an increase of consumers who claim fraud to avoid an account going into delinquency. Given the poor state of many consumers credit status, this pattern is not unexpected. The challenge many clients face is the limited ability to detect this occurrence. As a result, many clients are seeing an increase in fraud rates. This misclassification is masking what should be bad debt.  

-- by Heather Grover I’m often asked in various industry forums to give talks about, or opinions on, the latest fraud trends and fraud best practices. Let’s face it –  fraudsters are students of their craft and continue to study the latest defenses and adapt to controls that may be in place. You may be surprised, then, to learn that our clients’ top-of-mind issues are not only how to fight the latest fraud trends, but how they can do so while maximizing use of automation, managing operational costs, and preserving customer experience -- all while meeting compliance requirements. Many times, clients view these goals as being unique goals that do not affect one another. Not only can these be accomplished simultaneously, but, in my opinion, they can be considered causal. Let me explain. By looking at fraud detection as its own goal, automation is not considered as a potential way to improve this metric. By applying analytics, or basic fraud risk scores, clients can easily incorporate many different potential risk factors into a single calculation without combing through various data elements and reports. This calculation or score can predict multiple fraud types and risks with less effort, than could a human manually, and subjectively reviewing specific results. Through an analytic score, good customers can be positively verified in an automated fashion; while only those with the most risky attributes can be routed for manual review. This allows expensive human resources and expertise to be used for only the most risky consumers. Compliance requirements can also mandate specific procedures, resulting in arduous manual review processes. Many requirements (Patriot Act, Red Flag, eSignature) mandate verification of identity through match results. Automated decisioning based on these results (or analytic score) can automate this process – in turn, reducing operational expense. While the above may seem to be an oversimplification or simple approach, I encourage you to consider how well you are addressing financial risk management.  How are you managing automation, operational costs, and compliance – while addressing fraud?  

By: Kari Michel Bankruptcies continue to rise and are expected to exceed 1.4 million by the end of this year, according to American Bankruptcy Institute Executive Director, Samuel J. Gerdano.  Although, the overall bankruptcy rates for a lender’s portfolio is small (about 1 percent), bankruptcies result in high dollar losses for lenders.  Bankruptcy losses as a percentage of total dollar losses are estimated to range from 45 percent for bankcard portfolios to 82 percent for credit unions.  Additionally, collection activity is restricted because of legislation around bankruptcy.  As a result, many lenders are using a bankruptcy score in conjunction with their new applicant risk score to make better acquisition decisions. This concept is a dual score strategy.  It is key in management of risk, to minimize fraud, and in managing the cost of credit. Traditional risk scores are designed to predict risk (typically predicting 90 days past due or greater).  Although bankruptcies are included within this category, the actual count is relatively small.   For this reason the ability to distinguish characteristics typical of a “bankruptcy” are more difficult.  In addition, often times a consumer who filed bankruptcy was in “good standings” and not necessarily reflective of a typical risky consumer.   By separating out bankrupt consumers, you can more accurately identify characteristics specific to bankruptcy.  As mentioned previously, this is important because they account for a significant portion of the losses. Bankruptcy scores provide added value when used with a risk score. A matrix approach is used to evaluate both scores to determine effective cutoff strategies.   Evaluating applicants with both a risk score and a bankruptcy score can identify more potentially profitable applicants and more high- risk accounts.  

By: Wendy Greenawalt In my last blog post I discussed the value of leveraging optimization within your collections strategy. Next, I would like to discuss in detail the use of optimizing decisions within the account management of an existing portfolio. Account Management decisions vary from determining which consumers to target with cross-sell or up-sell campaigns to line management decisions where an organization is considering line increases or decreases.  Using optimization in your collections work stream is key. Let’s first look at lines of credit and decisions related to credit line management. Uncollectible debt, delinquencies and charge-offs continue to rise across all line of credit products. In response, credit card and home equity lenders have begun aggressively reducing outstanding lines of credit.    One analyst predicts that the credit card industry will reduce credit limits by $2 trillion by 2010. If materialized, that would represent a 45 percent reduction in credit currently available to consumers. This estimate illustrates the immediate reaction many lenders have taken to minimize loss exposure. However, lenders should also consider the long-term impacts to customer retention, brand-loyalty and portfolio profitability before making any account management decision. Optimization is a fundamental tool that can help lenders easily identify accounts that are high risk versus those that are profit drivers. In addition, optimization provides precise action that should be taken at the individual consumer level. For example, optimization (and optimizing decisions) can provide recommendations for: • when to contact a consumer; • how to contact a consumer; and • to what level a credit line could be reduced or increased... …while considering organizational/business objectives such as: • profits/revenue/bad debt; • retention of desirable consumers; and • product limitations (volume/regional). In my next few blogs I will discuss each of these variables in detail and the complexities that optimization can consider.  

By: Kari Michel This blog completes my discussion on monitoring new account decisions with a final focus: scorecard monitoring and performance.  It is imperative to validate acquisitions scorecards regularly to measure how well a model is able to distinguish good accounts from bad accounts. With a sufficient number of aged accounts, performance charts can be used to: • Validate the predictive power of a credit scoring model; • Determine if the model effectively ranks risk; and • Identify the delinquency rate of recently booked accounts at various intervals above and below the primary cutoff score. To summarize, successful lenders maximize their scoring investment by incorporating a number of best practices into their account acquisitions processes: 1. They keep a close watch on their scores, policies, and strategies to improve portfolio strength. 2. They create monthly reports to look at population stability, decision management, scoring models and scorecard performance. 3. They update their strategies to meet their organization’s profitability goals through sound acquisition strategies, scorecard monitoring and scorecard management.

By: Wendy Greenawalt The combined impact of rising unemployment, increasing consumer debt burdens and decreasing home values have caused lenders to shift resources away from prospecting and acquisitions to collection and recovery activities. As delinquencies and charge-off rates continue to increase, the likelihood of collecting on delinquent accounts decreases -- because outstanding debts mount for consumers and their ability to pay declines. Integrating optimized decisions into a collection strategy enables a lenders to assign appropriate collection treatments by assessing the level of risk associated with a consumer while considering a customer’s responsiveness to particular treatment options. Specifically, collections optimization uses mathematical algorithms to maximize organizational goals while applying constraints such as budget and call center capacity  -- providing explicit treatment strategies at the consumer level -- while producing the highest probability of collecting outstanding dollars. Optimization can be integrated into a real-time call center environment by targeting the right consumers for outbound calls and assigning resources to consumers most likely to pay.  It can also be integrated into traditional lettering campaigns to determine the number and frequency of letters, and the tone of each correspondence. The options for account treatment are virtually limitless and, unlike other techniques, optimization will determine the most profitable strategy while meeting operational and business constraints without simplification of the problem. By incorporating optimization into a collection strategy that includes a predictive model or score and advanced segmentation, an organization can maximize collected dollars, minimize the costs of collection efforts, improve collections efficiency, and determine which accounts to sell off – all while maximizing organizational profits.  

By: Kari Michel This blog is a continuation of my previous discussion about monitoring your new account acquisition decisions with a focus on decision management. Decision management reports provide the insight to make more targeted decisions that are sound and profitable. These reports are used to identify: which lending decisions are consistent with scorecard recommendations; the effectiveness of overrides; and/or whether cutoffs should be adjusted. Decision management reports include: • Accept versus decline score distributions • Override rates • Override reason report • Override by loan officer • Decision by loan officer Successful lending organizations review this type of information regularly to make better lending policy decisions.  Proactive monitoring provides feedback on existing strategies and helps evaluate if you are making the most effective use of your score(s). It helps to identify areas of opportunity to improve portfolio profitability. In my next blog, I will discuss the last set of monitoring reports, scorecard performance.  

By: Tracy Bremmer In our last blog (July 30), we covered the first three stages of model development which are necessary whether developing a custom or generic model.  We will now discuss the next three stages, beginning with the “baking” stage:  scorecard development. Scorecard development begins as segmentation analysis is taking place and any reject inference (if needed) is put into place. Considerations for scorecard development are whether the model will be binned (divides predictive attributes into intervals) or continuous (variable is modeled in its entirety), how to account for missing values (or “false zeros”), how to evaluate the validation sample (hold-out sample vs. an out-of-time sample), avoidance of over-fitting the model, and finally what statistics will be used to measure scorecard performance (KS, Gini coefficient, divergence, etc.). Many times lenders assume that once the scorecard is developed, the work is done.   However, the remaining two steps are critical to development and application of a predictive model:  implementation/documentation and scorecard monitoring.   Neglecting these two steps is like baking a cake but never taking a bite to make sure it tastes good. Implementation and documentation is the last stage in developing a model that can be put to use for enhanced decisioning. Where the model will be implemented will determine the timeliness and complexity for when the models can be put into practice. Models can be developed in an in-house system, a third-party processor, a credit reporting agency, etc. Accurate documentation outlining the specifications of the model will be critical for successful implementation and model audits. Scorecard monitoring will need to be put into place once the model is developed, implemented and put into use. Scorecard monitoring evaluates population stability, scorecard performance, and decision management to ensure that the model is performing as expected over the course of time. If at any time there are variations based on initial expectations, then scorecard monitoring allows for immediate modifications to strategies. With all the right ingredients, the right approach, and the checks and balances in place, your model development process has the potential to come out “just right!”  

By: Tracy Bremmer In our last blog, we covered the first three stages of model development which are necessary whether developing a custom or generic model.  We will now discuss the next three stages, beginning with scorecard development. Scorecard development begins as segmentation analysis is taking place and any reject inference (if needed) is put into place. Considerations for scorecard development are whether the model will be binned (divides predictive attributes into intervals) or continuous (variable is modeled in its entirety), how to account for missing values (or “false zeros”), how to evaluate the validation sample (hold-out sample vs. an out-of-time sample), avoidance of over-fitting the model, and finally what statistics will be used to measure scorecard performance (KS, Gini coefficient, divergence, etc.). Many times lenders assume that once the scorecard is developed, the work is done.   However, the remaining two steps are critical to development and application of a predictive model:  implementation/documentation and scorecard monitoring.   Neglecting these two steps is like baking a cake but never taking a bite to make sure it tastes good. Implementation and documentation is the last stage in developing a model that can be put to use for enhanced decisioning. Where the model will be implemented will determine the timeliness and complexity for when the models can be put into practice. Models can be developed in an in-house system, a third-party processor, a credit reporting agency, etc. Accurate documentation outlining the specifications of the model will be critical for successful implementation and model audits. Scorecard monitoring will need to be put into place once the model is developed, implemented and put into use. Scorecard monitoring evaluates population stability, scorecard performance, and decision management to ensure that the model is performing as expected over the course of time. If at any time there are variations based on initial expectations, then scorecard monitoring allows for immediate modifications to strategies. With all the right ingredients, the right approach, and the checks and balances in place, your model development process has the potential to come out “just right!”  

There were always questions around the likelihood that the August 1, 2009 deadline would stick.  Well, the FTC has pushed out the Red Flag Rules compliance deadline to November 1, 2009 (from the previously extended August 1, 2009 deadline). This extension is in response to pressures from Congress – and, likely, "lower risk" businesses questioning their being covered under the Red Flag Rule to begin with (businesses such as those related to healthcare, retailers, small businesses, etc). Keep in mind that the FTC extension on enforcement of Red Flag Guidelines does not apply to address discrepancies on credit profiles, and that those discrepancies are expected to be worked TODAY.  Risk management strategies are key to your success. To view the entire press release, visit: http://www.ftc.gov/opa/2009/07/redflag.shtm

By: Wendy Greenawalt When consulting with lenders, we are frequently asked what credit attributes are most predictive and valuable when developing models and scorecards. Because we receive this request often, we recently decided to perform the arduous analysis required to determine if there are material differences in the attribute make up of a credit risk model based on the portfolio on which it is applied. The process we used to identify the most predictive attributes was a combination of art and sciences -- for which our data experts drew upon their extensive data bureau experience and knowledge obtained through engagements with clients from all types of industries. In addition, they applied an empirical process which provided statistical analysis and validation of the credit attributes included. Next, we built credit risk models for a variety of portfolios including bankcard, mortgage and auto and compared the credit attribute included in each. What we found is that there are some attributes that are inherently predictive regardless for which portfolio the model was being developed. However, when we took the analysis one step further, we identified that there can be significant differences in the account-level data when comparing different portfolio models. This discovery pointed to differences, not just in the behavior captured with the attributes, but in the mix of account designations included in the model. For example, in an auto risk model, we might see a mix of attributes from all trades, auto, installment and personal finance…as compared to a bankcard risk model which may be mainly comprised of bankcard, mortgage, student loan and all trades.  Additionally, the attribute granularity included in the models may be quite different, from specific derogatory and public record data to high level account balance or utilization characteristics. What we concluded is that it is a valuable exercise to carefully analyze available data and consider all the possible credit attribute options in the model-building process – since substantial incremental lift in model performance can be gained from accounts and behavior that may not have been previously considered when assessing credit risk.