US interest rates are at historically low levels, and while many Americans are taking advantage of the low interest rates and refinancing their mortgages, a great deal more are struggling to find jobs,  and unable to take advantage of the rate- friendly lending environment.  This market however, continues to be complex as lenders try to competitively price products while balancing dynamic consumer risk levels, multiple product options and minimize the cost of acquisition. Due to this, lenders need to implement advanced risk-based pricing strategies that will balance the uncertain risk profiles of consumers while closely monitoring long-term profitability as re-pricing may not be an option given recent regulatory guidelines. Risk-based pricing has been a hot topic recently with the Credit Card Act and Risk-Based Pricing Rule regulation and pending deadline. For lenders who have not performed a new applicant scorecard validation or detailed portfolio analysis in the last few years now is the time to review pricing strategies and portfolio mix. This analysis will aid in maintaining an acceptable risk level as the portfolio evolves with new consumers and risk tiers  while ensuring short and long-term profitability and on-going regulatory compliance. At its core, risk-based pricing is a methodology that is used to determine the what interest rate should be charged to a consumer based on the inherent risk and profitability present within a defined pricing tier. By utilizing risk-based pricing, organizations can ensure the overall portfolio is profitable while providing competitive rates to each unique portfolio segment. Consistent review and strategy modification is crucial to success in today’s lending environment. Competition for the lowest risk consumers will continue to increase as qualified candidate pools shrink given the slow economic recovery.  By reviewing your portfolio on a regular basis and monitoring portfolio pricing strategies closely an organization can achieve portfolio growth and revenue objectives while monitoring population stability, portfolio performance and future losses.

By: Kristan Frend Last week I came across a news article that said the NYPD arrested 26 people who allegedly took at least $5 million from stealing identities. What I found most disturbing was that criminals allegedly affected more than 200 soldiers, including many of whom were unaware of what was happening, since they were serving overseas. To help reduce the risk of identity theft and minimize fraud losses, all three major credit bureaus provide Active- Duty Alerts, which allow deployed soldiers to have their credit frozen while they are overseas. While these fraud alerts, coupled with financial institutions implementing identity theft programs,  can help prevent identity theft losses, what is being done to reduce the risk of military personnel data being exposed and stolen? As social security numbers play a key role in identity theft, I was surprised and disturbed to learn that government issued military ID cards include the card holder’s social security number in full on the front.  This creates an obvious security vulnerability to the card holder. Especially considering that the military ID card must be shown in a number of situations, such as getting on and off base, medical care, picking up prescriptions, entering a base shopping exchange, mess hall, etc.  There are many situations where the service member encounters people in positions that were once filled by military personnel but are now filled by civilians, who may not have the same code of honor toward others in the military community. While it’s true that thieves are increasingly using computer hacking, phishing, malware, spyware and key stroke loggers to gather SSNs, thieves still resort to low-tech methods like dumpster diving, mail tampering, and purse and wallet theft to obtain privacy sensitive information.  The need to show ID so often and the fact that it contains all of their pertinent data, puts service members at particular risk when they may be in harm’s way, focused more on missions than money missing from their bank account. The good news is that the Department of Defense launched a Social Security Number reduction initiative consisting of a phased removal of SSNs. Phase one, removal of dependent SSNs from ID cards is underway. Phase two, removal of printed SSNs from all cards has been placed on hold indefinitely, and phase three, removal of SSNs embedded in barcodes will begin in 2012. My point is not to be critical of the use of SSNs; I think we all can agree that the use of SSNs have become an integral part of our culture.  However, we should look to see that organizations carefully balance the value of how SSNs are used with the vulnerabilities that its use creates. The old adage “an ounce of prevention is worth a pound of cure” could never be truer than with identity theft. The easiest way to minimize fraud is to avoid it by not giving criminals the opportunity to perpetrate identity theft against individuals.

By: Kennis Wong Several weeks ago, I attended and presented at Experian’s sold-out annual conference, Vision, in Phoenix, Arizona. One of the guest speakers was Malcolm Gladwell, best-selling author of The Tipping Point, Blink, Outliers and What the Dog Saw: And Other Adventures. Since I've read three of his four books, I could be considered a fan. And yes, his hair did look as wild in person as it appears in the pictures on the insides of his book covers. But that was not why I was so impressed by his speech. The real reason was that his topic was so relevant to how Experian Decision Analytics delivers value to our clients. Gladwell spent the whole hour addressing the difference between “puzzle” and “mystery”, providing abundant examples for both. The puzzle-versus-mystery topic was from one of his articles in The New Yorker. To solve a puzzle, one or more pieces of information are needed. The source of the problem is that insufficient data is available to have a conclusive answer to the question. An example would be finding Osama Bin Laden’s whereabouts. We simply do not have enough information to locate him, and we need more intelligence. On the other hand, a mystery is not solved by simply gathering more information. It is a matter of making sense out of a massive amount of data available, using analysis and judgment. Enron’s creative accounting was an example of a mystery. All the information was out in the open. Pages and pages of SEC filings and annual reports were there for anyone who was willing and able to analyze them. All that was needed to solve the mystery was to make sense out of the data. In the Fraud and Identity Solutions team, we satisfy clients’ needs by providing solutions for both puzzles and mysteries to fend off fraudsters. Besides the core credit bureau data, we have demographic data, fraud consortium data, past application data, automotive data and much more. We also have strategic partnerships to deliver demand deposit account, cell phone, and device data. All these data sources ensure that our clients get the data they need to piece the puzzle together. Our consulting and analytics, on the other hand, help clients to solve mysteries. Looking at individual pieces of disparate data is inefficient and provides little or no value. That’s why our numerous scoring solutions combine the available data in a way that is most predictive of various fraud outcomes. For example, our Precise ID Score and Fraud Shield Score Plus predict first- and third-party fraud; our BustOut Score predicts the likelihood of bust outs; our Never Pay score predicts the likelihood of a consumer never making a payment. As more data are available, we incorporate them into existing or new models if it increases the effectiveness of the models. So we have both the puzzle and mystery grounds covered. A note to Malcolm Gladwell: Great job at Vision! If you write a book about this topic, I’ll definitely buy it.  

By: Kari Michel Credit risk models are used by almost every lender, and there are many choices to choose from including custom or generic models.  With so many choices how do you know what is best for your portfolio?  Custom models provide the strongest risk prediction and are developed using an organization’s own data.  For many organizations, custom models may not be an option due to the size of the portfolio (may be too small), lack of data including not enough bads, time constraints, and/or lack of resources. If a custom model is not an option for your organization, generic bureau scoring models are a very powerful alternative for predicting risk.  But how can you understand if your current scoring model is the best option for you? You may be using a generic model today and you hear about a new generic model, for example the VantageScore® credit score.   How do you determine if the new model is more predictive than your current model for your portfolio?  The best way to understand if the new model is more predictive is to do a head-to-head comparison – a validation.  A validation requires a sample of accounts from your portfolio including performance flags.  An archive is pulled from the credit reporting agency and both scores are calculated from the same time period and a performance chart is created to show the comparison. There are two key performance metrics that are used to determine the strength of the model.  The KS (Komogorov-Smirnov) is a statistical term that measures the maximum difference between the bad and good cumulative score distribution.  The KS range is from 0% to 100%, with the higher the KS the stronger the model.  The second measurement uses the bad capture rate in the bottom 5%, 10% or 15% of the score range. A stronger model will provide better risk prediction and allow an organization to make better risk decisions.  Overall, when stronger scoring models are used, organizations will be best prepared to decrease their bad rates and have a more profitable portfolio.  

With the upcoming changes to overdraft fee policies coming to the banking industry July 1st, courtesy of the Federal Reserve, banks and credit unions are re-examining the revenue growth opportunities through their new account opening process. We frequently hear from our fraud risk and operations client partners that when there is a push for revenue growth, fraud detection gets de-prioritized as a trade off to bringing in more new customers.  A DDA-friendly risk based authentication approach may offer some compromise to this seemingly “one for one” exchange.  Here are some quick revenue-friendly, risk-averse practices being seen in the branches, call centers, and online channels of Experian clients: • Drive referrals to knowledge based authentication (KBA), negative record checks (account abuse, fraud records) or both off of an upfront fraud score, such as the Precise ID(SM) for Account Opening score. Segmenting based on risk is cost efficient and promotes an improved customer experience. • Bolster the fraud defenses of your online channel by raising the “pass” or “accept” threshold. The lower acquisition costs for this online account opening are tempting but this is also the venue most exploited by fraudsters.  Some incremental manual reviews should work out as a small price to pay to catch the higher prevalence of fraud. • Cross sell and up sell with confidence based on more comprehensive authentication. By applying appropriate risk based authentication strategies, more products can be offered and exposure is reduced because you know you are dealing with the true consumer.    

I often provide fraud analyses to clients, whereby they identify fraudsters that have somehow gotten through the system.  We then go in and see what kinds of conditions exist in the fraudulent population that exist to a much lesser degree in the overall population.  We typically do this with indicators, flags, match codes, and other conditions that we have available on the Experian end of things. But that is not to say there aren't things on your side of the fence that could be effective indicators of fraud risk as well! One simple example could be geography.  If 50% of your known frauds are coming from a state that only sees 5% of your overall population, then that state sounds like a great indicator of fraud risk!  What action you take based on this knowledge is up to you (and, I suppose, government regulation).  One option would be to route the risky customers through a more onerous authentication procedure.  For example, they might have to come into a branch in person to validate their identity. Geography is certainly not the only potential indicator of fraud risk.  Be creative!  There might be previously untapped indicators of fraud risk lurking in your customer databases.   Do not limit yourself to intuition either.  Oftentimes the best indicators of fraud risk that I find are counterintuitive.  Just compare the percentage of time a condition occurs in your fraud population to the percentage of time it occurs in the overall population.  It might be that you have a fraud ring that is leaving some telltale fingerprint on their behavior--one that is actionable in ways that will jumpstart your fraud prevention practices and minimize fraud losses!

In case you’ve never heard of it, a Babel fish is a small translator; that allows a carrier to understand anything said in any form of language.  Alta Vista popularized the name but I believe Douglas Adams, author of The Hitchhiker’s Guide to the Galaxy, should be given credit for coining the term.  So, what does a Babel fish have to do with Knowledge Based Authentication? Knowledge Based Authentication is always about the data – I have said this before.  There is one universal truth: data doesn’t lie.  However, that doesn’t mean it is easy to understand what the data is saying.  It is a bit like a foreign language.  You may have taken classes, and you can read the language or carry on a passable conversation, but that doesn’t mean it’s a good idea to enter into a contract – at least, not without an attorney who speaks the language, or your very own Babel fish. Setting up the best Knowledge Based Authentication configuration for risk management of your line of business can sometimes seem like that contract in a foreign language. There are many decisions to be made and the number of questions to present and which questions to ask is often the easy part.  To truly get the most out of fraud models, it is necessary to consider where the score cuts that will be used with your Knowledge Based Authentication session will be set and what methodology will be used to invoke the Knowledge Based Authentication session: objective score performance, manual review and decision, etc.  It is also important to consider the “kind of fraud” you might be seeing. This is where it is helpful to have your very own Babel fish – one designed specifically for fraud trends, fraud data, fraud models and Knowledge Based Authentication.  If your vendor doesn’t offer you a Babel fish, ask for one.  Yours could have one of many titles, but you will know this person when you speak with them, for their level of understanding of not only your business but, more importantly, your data and what it means.  Sometimes the Babel fish will work in Consulting, sometimes in Product Management, sometimes in Analytics – the important thing is that there are fraud-specific experts available to you. Think about that for a minute.  Business today is a delicate balance between customer experience/relationship management and risk management.  If your vendor can’t offer you a Babel fish, tell them you have fish to fry – elsewhere.  

By: Staci Baker With the increase in consumer behaviors such as ‘strategic default’, it has become increasingly difficult during the past few years for lenders to determine who the most creditworthy consumers are – defining consumers with the lowest credit risk. If you define risk as ‘the likelihood of [a consumer] becoming 90 days or more past due’, the findings are alarming. From June 2007 to June 2009, Super Prime consumers (those scoring 900 or higher) in the U.S. have gone from an average  VantageScore® credit score* of 945 to 918, which increased their risk level  from approx. 0.12% to 0.62% - an increase of 417% for this highly sought after population!  Prime and near prime risk levels increased by 400% and 96% respectively.  Whereas subprime consumers with few choices (stay subprime or improve their score), saw a slight decrease in risk, 8% - increasing their average VantageScore® credit score from 578 to 599. So how do lenders determine who to lend to, when the risk level for all credit tiers increases, or remain risky?  In today’s dynamic economy, lenders need tools that will give them an edge, and allow them to identify consumer trends quickly.  Incorporating analytic tools, like Premier Attributes, into lender’s origination models, will allow them to pinpoint specific consumer behavior, and provide segmentation through predefined attribute sets that are industry specific and target profitable accounts to improve acquisition strategies. As risk levels change, maintaining profitability becomes more difficult due to shrinking eligible consumer pools.  By adding credit attributes, assessing credit risk both within an organization and for new accounts will be simplified and allow for more targeted prospects, thus maximizing prospecting strategies across the customer lifecycle and helping to increase profitability. * VantageScore®, LLC, May, 2010, “Finding Creditworthy Consumers in a Changing Economic Climate”  

We've blogged about fraud alerts, fraud analytics, fraud models and fraud best practices. Sometimes, though, we delude ourselves into thinking that fraud prevention strategies we put into place today will be equally effective over time.  Unfortunately, when a rat finds a dead-end in a previously-learned maze, it just keeps hunting for an exit.  Fraudsters are no different.  Ideally we want to seal off all the exits, and teach the rats to go and do something productive with their lives, but sadly that is not always the case.  We also don't want to let too many good consumers get stuck either, so we cannot get too trigger-happy with our fraud best practices. Fraud behavior is dynamic, not static.  Fraudsters learn and adapt to the feedback they receive through trial and error.  That means when you plug a hole in your system today, there will be an increased push to seek out other holes tomorrow.  This underscores the importance of keeping a close eye on your fraudsters' behavior trends. But there must be some theoretical breaking point where the fraudsters simply give up trying--at least with your company.  This behavioral extinction may be idealistic in the general sense, but is nonetheless a worthy goal as related to your business.  One of the best things you can do to prevent fraud is to gain a reputation amongst the fraudsters of, "Don't even try, it's not even worth it."  And even if you don't succeed in getting them to stop trying altogether, it's still satisfying to know you are lowering their ROI while improving yours  

I recently attended a conference where Credit Union managers spoke of the many changes facing their industry in the wake of the real estate crisis and economic decline that has impacted the US economy over the past couple of years.  As these managers weighed in on the issues facing their businesses today, several themes began to emerge – tighter lending standards & risk management practices, increased regulatory scrutiny, and increased competition resulting in tighter margins for their portfolios. Across these issues, another major development was discussed – increased Credit Union mergers and acquisitions. As I considered the challenges facing these lenders, and the increase in M&A activity, it occurred to me that these lenders might have a common bond with an unexpected group –American family farms.  Overall, Credit Unions are facing the challenge of adding significant fixed costs (more sophisticated lending platforms & risk management processes) all the while dealing with increased competition from lenders like large banks and captive automotive lenders.  This challenge is not unlike the challenges faced by the family farm over the past few decades – small volume operators having to absorb significant fixed costs from innovation & increased corporate competition, without the benefit of scale to spread these costs over to maintain healthy lending margins. Without the benefit of scale, the family farm basically disappeared as large commercial operators acquired less-efficient (and less profitable) operators. Are Credit Unions entering into a similar period of competitive disadvantage? It appears that the Credit Union model will have to adjust in the very near future to remain viable. With high infrastructure expectations, many credit unions will have to develop improved decisioning strategies, become more proficient in assessing credit risk –implementing risk-based pricing models, and executing more efficient operational processes in order to sustain themselves when the challenges of regulation and infrastructure favor economies of scale. Otherwise, they are facing an uphill challenge, just as the family farm did (and does); to compete and survive in a market that favors the high-volume lender.

Well, in my last blog, I was half right and half wrong.  I said that individual trade associations and advocacy groups would continue to seek relief from Red Flag Rules ‘coverage’ and resultant FTC enforcement.  That was right.  I also said that I thought the June 1 enforcement date would ‘stick’.  That was wrong. Said FTC Chairman Jon Leibowitz, “Congress needs to fix the unintended consequences of the legislation establishing the Red Flag Rule – and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift.  As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.” I think the key words here are ‘unintended consequences’.  It seems to me that the unintended consequences of the Red Flag Rules reach far beyond just which industries are covered or not covered (healthcare, legal firms, retailers, etc).  Certainly, the fight was always going to be brought on by non-financial institutions that generally may not have had a robust identity authentication practice in place as a general baseline practice.  What continues to be lost on the FTC is the fact that here we are a few years down the road, and I still hear so much confusion from our clients as to what they have to do when a Red Flag compliance condition is detected.  It’s easy to be critical in hindsight, yes, but I must argue that if a bit more collaboration with large institutions and authentication service providers in all markets had occurred, creating a more detailed and unambiguous Rule, we may have seen the original enforcement date (or at least one of the first or second postponement dates) ‘stick’. At the end of the day, the idea of mandating effective and market defined identity theft protection programs makes a lot of sense.  A bit more intelligence gathering on the front end of drafting the Rule may, however, have saved time and energy in the long run.  Here’s hoping that December 31st ‘sticks’…I’m done predicting.  

By: Kristan Frend I recently gave a presentation on small business fraud at the annual National Association of Credit Managers (NACM) Credit Congress.  Following the session, several B2B credit professionals shared recent fraud issues   The attendees confirmed what we’ve been hearing from our customers: fraudsters are shifting from consumer to business/commercial fraud and they’re stepping up their game. One of the schemes mentioned by an attendee included fraudsters obtaining parcel provider’s tracking numbers to reroute shipments meant for their B2B customer.  The perpetrator calls the business’s call center, impersonates the legitimate business customer to place an order, obtains the tracking number, and then calls back with the tracking number to request that the shipment be rerouted. Often the new shipping location is a residential address where an individual has been recruited for a work-at-home employment opportunity.   The individual is instructed to sign for deliveries and then reship merchandise to a freight company within the country or directly to destinations outside the United States.  The fraud is uncovered once the legitimate B2B customer receives an invoice for goods which they never ordered or received. I encourage you to take a look at your business’s policies and procedures on handling change of address shipment  requests.  What tools do you employ to verify the individual making the request? Are you verifying who the new address belongs to?  You may also want to ask your parcel provider about account setting options available for when your employees submit reroute requests.  While a shipping reroute request isn’t always indicative of fraud, I recommend you assess your fraud risk and consider whether your fraud-related business processes need refining. Keep an eye out here for postings on these topics: known fraud, bust out fraud, and how best to minimize fraud loss.        

By: Staci Baker As more people have become underwater on their mortgage, the decision to stay or not stay in their home has evolved to consider a number of influences that impact consumer credit decisions.  Research is revealing that much of an individual’s decision to meet his credit obligations is based on his trust in the economy, moral obligation, and his attitude about delinquency and the effect it will have on his credit score. Recent findings suggest that moral obligation keeps the majority of homeowners from walking away from their homes.  According to the 2009 Fannie Mae National Housing Survey (i) – “Nearly nine in ten Americans (88%), including seven in ten who are delinquent on their own mortgages, do not believe it is acceptable for people to stop making payments on an underwater mortgage, while 8% believe it is acceptable.”  It appears that there is a sense of owning up to one’s responsibilities; having signed a contract and the presumed stigma of walking away from that obligation. Maintaining strong creditworthiness by continuing to make payments on an underwater mortgage is motivation to sustain mortgage payments.  “Approximately 74% of homeowners believe it is very important to maintain good credit and this can be a factor in encouraging them not to walk away (ii).”  Once a homeowner defaults on their mortgage, their credit score can drop 150 to 250 points (iii), and the cost of credit in the future becomes much higher via increased interest rates once credit scores trend down. Although consumers expect to keep investing in the housing market (70% said buying a home continues to be one of the safest investments available (iv)) they will surely continue optimizing decisions that consider both the moral and credit implications of their decisions. i     December, 2009, Fannie Mae National Housing Survey ii  4/30/10, Financial Trust Index at 23% While Strategic Defaults Continue to Rise, The Chicago Booth/Kellogg School Financial Trust Index iii  http://www.creditcards.com/credit-card-news/mortgage-default-credit-scores-1270.php iv  December, 2009, Fannie Mae National Housing Survey    

By: Kari Michel The Federal Reserve’s decision to permit card issuers to use income estimation models to meet the Accountability, Responsibility, and Disclosure (CARD) Act requirements to assess a borrower’s ability to repay a loan makes good sense. But are income estimation models useful for anything other than supporting compliance with this new regulation? Yes; in fact these types of models offer many advantages and uses for the financial industry. They provide a range of benefits including better fraud mitigation, stronger risk management, and responsible provision of credit. Using income estimation models to understand your customers’ complete financial picture is valuable in all phases of the customer lifecycle, including: • Loan Origination – use as a best practice for determining income capacity • Prospecting – target customers within a specific income range • Acquisitions – set line assignments for approved customers • Account Management – assess repayment ability before approving line increases • Collections – optimize valuation and recovery efforts One of the key benefits of income estimation models is they validate consumer income in real time and can be easily integrated into current processes to reduce expensive manual verification procedures and increase your ROI. But not all scoring models are created equal. When considering an income estimation model, it’s important to consider the source of the income data upon which the model was developed. The best models rely on verified income data and cover all income sources, including wages, rent, alimony, and Social Security. To lean more about how income estimation models can help with risk management strategies, please join the following webinar: Ability to pay:  Going beyond the Credit CARD on June 8, 2010. http://www.bulldogsolutions.net/ExperianConsumerInfo/EXC1001/frmRegistration.aspx?bdls=24143    

Well, here we are about two weeks from the Federal Trade Commission’s June 1, 2010 Red Flags Rule enforcement date.  While this date has been a bit of a moving target for the past year or so, I believe this one will stick.  It appears that the new reality is one in which individual trade associations and advocacy groups will, one by one, seek relief from enforcement and related penalties post-June 1.  Here’s why I say that: The American Bar Association has already file suit against the FTC, and in October, 2009, The U.S. District Court for the District of Columbia ruled that the Red Flags Rule is not applicable to attorneys engaged in the practice of law.  While an appeal of this case is still pending, in mid-March, the U.S. District Court for the District of Columbia issued another order declaring that the FTC should postpone enforcement of the Red Flags Rule “with respect to members of the American Institute of Certified Public Accountants” engaged in practice for 90 days after the U.S. Court of Appeals for the District of Columbia renders an opinion in the American Bar Association’s case against the FTC.” Slippery slope here.  Is this what we can expect for the foreseeable future? A rather ambiguous guideline that leaves openings for specific categories of “covered entities” to seek exemption?  The seemingly innocuous element to the definition of “creditor” that includes “businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later” is causing havoc among peripheral industries like healthcare and other professional services. Those of you in banking are locked in for sure, but it ought to be an interesting year as the outliers fight to make sense of it all while they figure out what their identity theft prevention programs should or shouldn’t be.