While bankcard originations increased 26 percent year over year to $85.3 billion in Q2 2014, delinquencies continued their downward trend, reaching 0.47 percent of balances — an 8 percent decline year over year.

Online crooks are getting more sophisticated by the second. Nowadays, fraudsters have the ability to conduct “clean fraud,” obtaining legitimate identities of users from the black market or data breaches to compromise a victim’s card account. Malware, too, is becoming more sophisticated both in the mobile and non-mobile space. But how can organizations fight such high-level tactics in such a broad, complex space? John Sarreal, Senior Director of Product Management at 41st Parameter, an online fraud prevention player, sat down with PYMNTS after the recent release of the white paper “Surveillance, Staging, and the Fraud Lifecycle” to reveal the inner workings of a cyber criminal’s mind, what should be done before and after data is snatched, and which aspects of account takeover are the most overlooked and dangerous. Interview excerpts Take us through the mind of a cyber-criminal. What are the most sophisticated tactics used today to capture account information from corporate systems? JS: The amount of clean fraud that we see with our customers is unprecedented. By focusing on obtaining legitimate credentials and identities, fraudsters are more easily able to bypass traditional controls. This means that fraud tools need to adapt and gather additional attributes to augment their fraud screening. Although the techniques they’re using now to obtain these credentials are increasingly sophisticated, the MOs are still rooted in basic phishing and social engineering attacks. Fraudsters will use identity information obtained from the black market or data breaches to conduct very convincing phishing attacks to reveal everything that is needed to compromise a victim’s card account. There’s also increasing sophistication in the use of malware to steal sensitive credentials in both the mobile and non-mobile arena. In Android, for example, Google recently passed a vulnerability that allows sophisticated malware to impersonate digital certificate signing authorities. This vulnerability allowed the malware to install itself on a mobile device without any user notification or intervention – obviously, a very dangerous attack. Link to the podcast and transcript here.

Every prospecting list needs to be filtered by your organizations specific credit risk threshold.  Whether you’re developing a campaign targeting super-prime, sub-prime, or consumers who fall somewhere in between, an effective credit risk model needs to do two things: 1) accurately represent a consumer’s risk level and 2) expand the scoreable population. The newly redeveloped VantageScore® credit score does both. With the VantageScore® credit score, you get a scoring model that’s calibrated to post-recession consumer behavior, as well the ability to score nearly 35 million additional consumers - consumers who are typically excluded from most marketing lists because they are invisible to older legacy models. Nearly a third of those newly-scoreable consumers are near-prime and prime. However, if your market is emerging to sub-prime consumers - you’ve found the mother-load! Delinquency isn’t the only risk to contend with. Bankruptcies can mean high losses for your organization at any risk level.  Traditional credit risk models are not calibrated to specifically look for behavior that predicts future bankruptcies. Experian's Bankruptcy PLUS filters out high bankruptcy risk from your list.  Using Bankruptcy PLUS you’re able to bring down your overall risk while removing as few people as possible. My next post looks into ways to identify profitable consumers in your list.   For more see: Four steps to creating the ideal prospecting list.

Companies are facing incredible difficulties identifying fraud risks at the point of origination. Setting up accurate fraud detection processes has become more and more challenging as mobile and online channels have become widely used by consumers. At the same time, fraudsters’ techniques are becoming increasingly sophisticated. To compensate, organizations have had the choice of either: a) Implementing very tough identity-proofing standards — risking turning away legitimate customers. b) Lessening their criteria and opening themselves to increased risk. Any business that functions in a web connected environment that has a need to recognize new or returning consumers must look beyond the simple credentials that have been provided by the user such as usernames, passwords, email addresses, phone numbers, handles, secret questions or secret answers. To increase assurance businesses need to start need to start looking at authenticating users through their devices that are being used to present those credentials. The underground is awash in legitimate but stolen credentials and should be treated with a great deal of skepticism by the businesses attempting to authenticate their customers. There will always be a pendulum swaying in the echoes of this kind of news – with businesses locking down access with more stringent policies and in doing so they begin to undo all the work that has been done to create a frictionless consumer experience.  The industry may now begin to realize the ultimate dream of the consumer: completely effortless access. Rather than requiring consumers to type in credentials that may have been compromised why not leverage the various technologies that exist to simply recognize the consumer when they access the site in question? Digital consumers interact with businesses via their digital proxies – their devices – which must come in digital contact with the web servers in order to gain access. The industry should require the machines to do heavy lifting (rather than consumers) when it comes to “recognizing” them when they return. The right technology offers a more robust, privacy-compliant and transparent way for businesses to recognize their digital consumers. As we’ve discussed previously the authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. This is done through technology that has been tested over the years and protects millions of customer accounts today with incredible results in terms of both fraud detection and frictionless consumer experience. The time has come to embrace the realities and the possibilities of the new digital environment in which we operate. Learn more about how your business can authenticate consumers confidently.  

By: Mike Horrocks As summer comes to end, so does the summer reading list but if you are still trying to get one in, I just finished reading “Isaac's Storm: A Man, a Time, and the Deadliest Hurricane in History”, which is about Isaac Cline the resident meteorologist  for  U.S. Weather Bureau and the 1900 Hurricane that devastated Galveston, Texas. It is a great read, using actual telegraphs, letters, and reports to show the flaws of an outdated system and how not looking to new sources of information and not seeing the values of nontraditional views, etc., lead to unfathomable destruction for the people of Galveston.  As I read the book, I was challenged to think of what is right in front of me that I am not seeing for what it is, just like Mr. Cline ignored reports that would have clearly saved lives and helped predict the storm.  So, how can this historical storm teach us a thing or two in the financial industry? Clearly one of the most rapidly changing aspects in banking today is the mobile channel.  Many institutions have already adjusted to using it as a service channel, with remote deposit capture, balance, inquiry etc., but what are they doing to take it to the next step? On August 7, 2014, Experian is hosting a webinar by American Banker titled, “What is next for mobile banking?”  The webinar will have a powerful panel with thought leaders such as Dominic Venturo, the Chief Innovation Officer at U.S. Bank, Gordon Baird, the Chief Executive Officer at Independence Bancshares, and Cherian Abraham, Senior Business Consultant with Experian’s Global Consulting Practice. If you are already using mobile or maybe trying to look at what you could change, this is a great session to attend.  Over the next couple of weeks, we are going to go into some of the key topics from this webinar and explore them some more.  Hope to see you at this American Banker webinar.

At Experian, we frequently get asked by clients how they can get bigger mailing list that open new markets and reach more people. But bigger isn’t necessarily better, and it doesn’t always translate to a higher return on your marketing investment. Instead of just increasing volume, let’s consider a different, more focused approach - using the latest in analytic tools and scores.  This approach relies on effective pre-screening to create the ideal prospecting lists based on your business objective. We’ve identified four key steps to building a prescreen list of your ideal prospects: Optimize risk selection Find the most profitable consumers Target customers who need or want your products Design the right offer In the next post, Optimal Risk Selection,  I’ll dig deeper into each step and present some tools and scores that can help meet the objective of each.      

By: Teri Tassara “Do more with less” is a pervasive and familiar mantra nowadays as lenders seek to make smarter and more precise lending decisions while expertly balancing growth objectives and tightened budgets.  And lest we forget, banks must also consider the latest regulations and increased regulatory scrutiny from the industry’s governing bodies - such as OCC and CFPB. Nowadays, with the extensive application of predictive analytics in everyday lending practices, it makes sense to look to analytics to fine tune decision-making and achieve a greater return on investment in three common growth objectives for bankcard acquisitions: Profitable growth - How do I find the most profitable acquisition targets?  How do I know the borrowing characteristic of each consumer?  Are they high spend or high income?  Do they carry a balance but always make timely payments? Universe expansion - How many more consumers are there that meet my lending criteria? How can I effectively reach them? Customer experience - How do I offer the right product to the right customer? How do I communicate to my customers that I understand their lending needs? To that end, growth objectives vary by lender; as such, so should their bankcard acquisitions analytical toolkit. The analytical toolkit arsenal should enable lenders to develop refined bankcard campaign strategies based on their specific objectives. Look for upcoming posts on the essential components of the bankcard acquisitions analytical toolkit.  

According to the latest Experian-Oliver Wyman Market Intelligence Report, home equity line of credit (HELOC) originations warmed up significantly heading into summer.

By: Mike Horrocks The Wall Street Journal just recently posted an article that mentioned the cost of the financial regulations for some of the largest banks.  Within the article it is staggering to see the cost of the financial crisis and also to see how so much of this could have been minimized by sound banking practices, adoption to technology, etc.  As a former commercial banker and as I talk with associates in the banking industry, I know that there are more causes to point at for the crisis then there are fingers…but that is not the purpose of my blog today. My point is the same thing I ask my teenage boys when they get in trouble, “Now, what are you going to do to fix it?” Here are a couple of ideas that I want to share with the banking industry.  Each bank and market you are going after is a bit unique; however think about these this week and what you could do. It is about the customer – the channel is just how you touch that customer.  Every day you hear the branch office is dead and that mobile is the next wave.  And yes, if I was a betting man, I would clearly say mobile is the way to go. But if you don’t do it right, you will drive customers away just as fast (check out the stats from a Google mobile banking study).    At the end of the day, make sure you are where your customers want to be (and yes for some that could even be a branch). Trust is king.  The Beatles may have said that “All You Need Is Love”, but in banking it is all about trust.  Will my transaction go thru? Will my account be safe? Will I be able to do all that I need to do on this mobile phone and still be safe since it also has Angry Birds on it?  If your customer cannot trust you to do what they feel are simple things, then they will walk.  You have to protect your customers, as they try to do business with you and others. Regulations are here to stay.  It pains me to say it, but this is going to be a truth for a long while.  Banks need to make sure they check the box, stay safe, and then get on to doing what they do best – identify and manage risk.  No bank will win the war for shareholder attention because they internally can answer the regulators better than the competition.  When you are dealing with complicated issues like  CCAR, Basel II or III, or any other item, working with professionals can help you stay on track. This last point represents a huge challenge for banks as the number of regulations imposed on financial institutions has grown significantly over the past five years. On top that the level of complexity behind each regulation is high, requiring in-depth knowledge to implement and comply. Lenders have to understand all the complexity of these regulations so they can find the balance to meet compliance obligations. At the same time they need to identify profitable business opportunities.     Make sure to read our Comply whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.  A little brainstorming and a single action toward each of these in the next 90 days will make a difference.  So now, what are you going to do to fix it?

Experian’s fraud prevention and identity management business helps clients combat the global fraud epidemic costing businesses hundreds of billions of dollars every year. Ori Eisen, founder of the 41st Parameter, a part of Experian, and Frank Abagnale Jr. talk to Bloomberg TV about the major new fraud threats emerging and how Experian can help protect organisations and their customers from becoming victims. Account takeover is a mainstream fraud issue as virtually any web site leveraging username and password authentication can be affected. As we wrote about earlier, another cybersecurity concern served as a reminder that managing fraud and protecting customer identities is becoming more complex as we are fighting creative and motivated people - not predictable systems. Watch the interview here:                         Learn more about Experian fraud intelligence products and services from 41st Parameter. 

A recent survey reveals that 30 percent of travelers have experienced identity theft while traveling or know someone who has.

Your password is weak, whether you use 40 random characters or your dog’s name. With so many large data breaches leading to hundreds of millions of compromised credentials and payment cards in the past two years, it's no surprise that e-commerce account takeover attempts have grown dramatically in recent months – to a degree we have never seen before. Previously, account takeover was primarily a banking issue, not something merchants had to deal with. Account takeover fraud is an alarming trend that spans global airline loyalty programs, e-commerce transactions, social networking logins and virtually any web site leveraging username and password authentication. News of the latest cybersecurity concern should serve as yet another reminder that we live in a heightened state of risk where establishing online trust based solely on username and password or identity data is not sufficient. There are a number of factors that are contributing to the evolving fraud landscape namely that the Internet was not designed for security.  This places pressure on organizations to continually adopt new approaches to managing fraud like this growing account takeover threat. In this case, multiple layered controls including device intelligence are essential. As merchants extend more services online and allow customers to store payment information or get more convenient checkout via logged in vs. guest access, we'll continue to see fraud migrating deeper into the e-commerce ecosystem. The account takeover problem will continue as consumers share usernames and passwords across dozens of online profiles and e-commerce logins, opening the door for attackers to access multiple accounts through a single compromised credential. Most of the account portals used by e-commerce merchants and loyalty programs were not built with the same level of security that their online transaction and fraud management systems have in place. So it's a bit of a new risk, but fraudsters are aggressively exploiting the security gaps around things like simple username/password authentication. What can consumers and organizations do to protect themselves? Our recommendation for consumers is that they have unique username and password combinations for every online profile. This protects against attackers compromising one site and leveraging the same credentials to access all of the victim's accounts and online profiles across the web. For businesses, we recommend implementing technology solutions that increase visibility to and recognition of devices for every online interaction so the organization can differentiate attackers from legitimate consumers. Some businesses believe that their products, services and loyalty offerings do not require the same level of protection as online bank accounts, so they leave them exposed to cyber criminals via simple authentication controls. As we’ve seen fraudsters will migrate to the path of least resistance and exploit the fact that most consumers re-use credentials out of convenience. In the digital age where consumers are increasingly represented by their devices the ability to know when there are authentication discrepancies between the data presented by the user and the device presenting those credentials is absolutely important to effectively controlling the threat. The authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. Conversations around the fact that the password is dead or dying have been circulating in the industry recently. What we don’t want is consumers getting tired of constantly changing passwords and giving up trying to protect themselves online. That is the worst case scenario that is becoming more of a reality as the days pass. Educated and aware consumers are still the best way to identify fraudulent attacks, and to keep identity data safe from hackers and devices free of malware. Increased adoption of biometrics, device intelligence and the sharing of authenticated and credentialed identities across industries will become commonplace to help combat account takeovers as they increase. Until then we need to find a password replacement.   Learn more about 41st Parameter: https://www.experian.com/decision-analytics/41st-parameter.html?INTCMP=DA_Blog_Post072414   Related: The World Cup of Fraud  

Your password is weak, whether you use 40 random characters or your dog’s name. With so many large data breaches leading to hundreds of millions of compromised credentials and payment cards in the past two years, it’s no surprise that e-commerce account takeover attempts have grown dramatically in recent months – to a degree we have never seen before. Previously, account takeover was primarily a banking issue, not something merchants had to deal with. Account takeover is an alarming trend that spans global airline loyalty programs, e-commerce transactions, social networking logins and virtually any web site leveraging username and password authentication. News of the latest cybersecurity concern should serve as yet another reminder that we live in a heightened state of risk where establishing online trust based solely on username and password or identity data is not sufficient. There are a number of factors that are contributing to the evolving fraud landscape namely that the Internet was not designed for security.  This places pressure on organizations to continually adopt new approaches to managing fraud like this growing account takeover threat. In this case, multiple layered controls including device intelligence are essential. As merchants extend more services online and allow customers to store payment information or get more convenient checkout via logged in vs. guest access, we’ll continue to see fraud migrating deeper into the e-commerce ecosystem. The account takeover problem will continue as consumers share usernames and passwords across dozens of online profiles and e-commerce logins, opening the door for attackers to access multiple accounts through a single compromised credential. Most of the account portals used by e-commerce merchants and loyalty programs were not built with the same level of security that their online transaction and fraud management systems have in place. So it’s a bit of a new risk, but fraudsters are aggressively exploiting the security gaps around things like simple username/password authentication. What can consumers and organizations do to protect themselves? Our recommendation for consumers is that they have unique username and password combinations for every online profile. This protects against attackers compromising one site and leveraging the same credentials to access all of the victim’s accounts and online profiles across the web. For businesses, we recommend implementing technology solutions that increase visibility to and recognition of devices for every online interaction so the organization can differentiate attackers from legitimate consumers. Some businesses believe that their products, services and loyalty offerings do not require the same level of protection as online bank accounts, so they leave them exposed to cyber criminals via simple authentication controls. As we’ve seen fraudsters will migrate to the path of least resistance and exploit the fact that most consumers re-use credentials out of convenience. In the digital age where consumers are increasingly represented by their devices the ability to know when there are authentication discrepancies between the data presented by the user and the device presenting those credentials is absolutely important to effectively controlling the threat. The authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. Conversations around the fact that the password is dead or dying have been circulating in the industry recently. What we don’t want is consumers getting tired of constantly changing passwords and giving up trying to protect themselves online. That is the worst case scenario that is becoming more of a reality as the days pass. Educated and aware consumers are still the best way to identify fraudulent attacks, and to keep identity data safe from hackers and devices free of malware. Increased adoption of biometrics, device intelligence and the sharing of authenticated and credentialed identities across industries will become commonplace to help combat account takeovers as they increase. Until then we need to find a password replacement. Learn more about 41st Parameter fraud detection and prevention solutions here.

Your password is weak, whether you use 40 random characters or your dog’s name. With so many large data breaches leading to hundreds of millions of compromised credentials and payment cards in the past two years, it’s no surprise that e-commerce account takeover attempts have grown dramatically in recent months – to a degree we have never seen before. Previously, account takeover was primarily a banking issue, not something merchants had to deal with. Account takeover is an alarming trend that spans global airline loyalty programs, e-commerce transactions, social networking logins and virtually any web site leveraging username and password authentication. News of the latest cybersecurity concern should serve as yet another reminder that we live in a heightened state of risk where establishing online trust based solely on username and password or identity data is not sufficient. There are a number of factors that are contributing to the evolving fraud landscape namely that the Internet was not designed for security.  This places pressure on organizations to continually adopt new approaches to managing fraud like this growing account takeover threat. In this case, multiple layered controls including device intelligence are essential. As merchants extend more services online and allow customers to store payment information or get more convenient checkout via logged in vs. guest access, we’ll continue to see fraud migrating deeper into the e-commerce ecosystem. The account takeover problem will continue as consumers share usernames and passwords across dozens of online profiles and e-commerce logins, opening the door for attackers to access multiple accounts through a single compromised credential. Most of the account portals used by e-commerce merchants and loyalty programs were not built with the same level of security that their online transaction and fraud management systems have in place. So it’s a bit of a new risk, but fraudsters are aggressively exploiting the security gaps around things like simple username/password authentication. What can consumers and organizations do to protect themselves? Our recommendation for consumers is that they have unique username and password combinations for every online profile. This protects against attackers compromising one site and leveraging the same credentials to access all of the victim’s accounts and online profiles across the web. For businesses, we recommend implementing technology solutions that increase visibility to and recognition of devices for every online interaction so the organization can differentiate attackers from legitimate consumers. Some businesses believe that their products, services and loyalty offerings do not require the same level of protection as online bank accounts, so they leave them exposed to cyber criminals via simple authentication controls. As we’ve seen fraudsters will migrate to the path of least resistance and exploit the fact that most consumers re-use credentials out of convenience. In the digital age where consumers are increasingly represented by their devices the ability to know when there are authentication discrepancies between the data presented by the user and the device presenting those credentials is absolutely important to effectively controlling the threat. The authentication process will shift from a single view to a layered, risk-based authentication approach that will include comprehensive and real-time updates of consumer information. Conversations around the fact that the password is dead or dying have been circulating in the industry recently. What we don’t want is consumers getting tired of constantly changing passwords and giving up trying to protect themselves online. That is the worst case scenario that is becoming more of a reality as the days pass. Educated and aware consumers are still the best way to identify fraudulent attacks, and to keep identity data safe from hackers and devices free of malware. Increased adoption of biometrics, device intelligence and the sharing of authenticated and credentialed identities across industries will become commonplace to help combat account takeovers as they increase. Until then we need to find a password replacement. Learn more about 41st Parameter fraud detection and prevention solutions here.

While automotive loan originations grew 15 percent year over year in Q1 2014, a recent Experian Automotive study found that more consumers are continuing to drive older-model vehicles.