Preventing Credit Fraud

March 21, 2006

Recently I had a chance to interview Joellyn Sargent, marketing vice president for Alerts and Notifications Solutions at Premiere Global Services. Premiere Global provides business communications and data solutions, including conferencing, document management and marketing automation, as well as the alerts and notifications service line.

I got in touch with Joellyn because I heard she was speaking on the topic of "The Fight Against Fraud" at the National Collections and Credit Risk conference last week. I thought it would be interesting to get her to speak to some top-of-mind issues around the mitigation of data vulnerabilities. In addition, I was curious to find out how Premiere Global's alerts and notifications services tie in with companies' efforts to fight fraud.

Q: How has the information technology boom contributed to an increase in credit fraud?
��
A. The information technology boom created advances in business processes never seen before, but at the same time the wealth of information available to anyone with Internet access provided opportunity for negative uses.� For instance, greater access to online credit information, as well as better technology to hack into systems and steal information has greatly increased credit fraud. A simple customer list with email addresses even provides thieves with enough information to “phish” for personal information.� These “spoofed” emails ask for financial data and personal background, sufficient to supply the means necessary to steal identities.� And fraud victims feel comfortable in giving out their information because these emails hyperlink them to similar sites operated by legitimate companies.

More importantly, geography is not an issue with the Internet. According to a 2005 Dove Consulting study, “Fraudsters in foreign countries can send fake e-mails, collect card (and debit PIN) information, produce counterfeit cards and then use these cards to make unauthorized purchases or ATM cash withdrawals in their home countries.”

But the Internet is not the only outlet for credit fraud.� Criminals are using all means available to them.� Even cell phone cameras are used by fraudsters to photograph credit cards at the point of sale, and then use those card numbers for phone and/or Internet purchases.

Finally, an explosion of websites in an attempt to remain as secure as possible for their customers has contributed to a proliferation of password requirements.� This has made people lazy in selecting difficult and varied passwords for each site.� Therefore stealing one password is usually all a culprit needs to access other sites visited by a victim, creating another viable method for fraud.

Q: What are the biggest vulnerabilities, from the point of view of a company in the business of granting credit or collections?

A. Probably dealing with customers who are victims of fraud or identity theft, determining if a debt is real or the result of fraud, as well as dealing with increasingly sophisticated technologies used to perpetrate fraud. Companies need to be aggressive about combating fraud, but they need to balance increased security with customer-friendly methods so that customers feel protected. If fraud prevention technologies and policies are not implemented appropriately, customers can be frustrated – or worse yet, feel they are being treated like criminals themselves. Finding the balance between security and customer satisfaction is a real challenge.

Q: What are the best strategies for safeguarding and authenticating data?
��
A. Employee screening and monitoring their access to and use of data.� A 2000 CSI/FBI Computer Crime and Security Survey states that “insiders pose as significant a threat as outsiders. It is common to think of security in terms of protecting network perimeters from hostile outsiders attempting to gain access. But inappropriate insider behavior can be a bigger threat, both more common and often causing greater financial losses than outsider attacks.”

Data security policies and good standard procedures that are mandated throughout the organization are instrumental in putting safeguards in place for a company to protect itself against employee theft.�

Q: What is it that brings Premiere Global Services into this discussion? (How do your services touch on these issues?)
��
A. Communicating with customers – proactively to stop potential fraud and reactively to let them know what the company is doing about it.

A great example is a personal one for me – my checking account number was stolen, and if I had not discovered it myself through my online banking tool, it could have gone on for more than a month before my paper statement came. If my credit union had detected unusual patterns in my account (in this case, the check numbers were in a different sequence) they could have alerted me to come in to verify some transactions. I’ve also had my credit card company do this, but they did it with a live person, which is time consuming and expensive. We provide our customers with an automated process, which authenticates recipients and provides updates – such as “the money has been returned to your account!”

Q: Anything else you think we need to know about this topic?
��
A. The way a company deals with fraud can make or break a customer relationship. Having solid communications and crisis plans in place are essential to demonstrating a company’s commitment to integrity, transparency and quick resolution to fraud.�

Financial Institutions are required by laws in 23 states to inform customers on the violation of their privacy rights in the event a breach occurs.� Whether or not these notifications are required by law, being proactive in issuing fraud alerts gives customers the sense of being protected and cared for, which goes miles towards creating loyalty. Not only customers but employees, business partners, suppliers and regulators should be notified as well of breaches to an organization’s security.

Premiere Global Services sends these proactive communications via an alerts and notifications system, providing all parties with the necessary information through a variety of delivery options such as SMS, voice, fax or email.� The rapid response system results in maintaining positive relations with our customers.

The Alerts and Notifications process includes:

• Augmenting existing incident response process with customized notification processes utilizing company templates in line with regulations.
• Ongoing maintenance and assessment of templates, process improvement, and handling of Personally Identifiable Information.
• If an event occurs, process actual notifications based on usage and chosen communication method.

AB -- 3/21/06