As have gotten further and further into the FACT Act Red Flag compliance world - an interesting dilemma is surfacing. Whether it is FACT Act, Bank Secrecy Act or the USA Patriot Act - when considering the Know Your Customer provisions, there is this over-arching theme that your process needs to be "reasonable". That is, you process to confirm the identity of a customer must be reasonable.
The dilemma is what is reasonable to one may not be reasonable to another. For example - most everyone would agree that verifying the consumer's credentials through a 3rd party data source would constitute "reasonable". Likewise - most would probably agree that a consumer providing documentary evidence such a valid driver's license would be a reasonable measure to ensure compliance.
Unfortunately - it is not that easy. Through repeated data studies - we have seen that verification of information through 3rd party data still routinely ends up being a fraud. Likewise - accounts that are opened with a valid driver's license end up being fraud?? When you step back and think about this for a minute - it shouldn't be a great surprise. The determined fraud artist will many times first set up a valid phone number in the victim's name. Thus - they end being "verified". Similarly - one of the easiest things to feign is a fake driver's license.
To prove a point - we took it one step further and simply analyzed the zip code for the applicant. Using nothing more than zip code level demographic information - we were able to provide a model that was more correlated with fraud than "Name Verified at the Address". This also shouldn't come as a total surprise - as we know that certain areas and geographies are much higher risk than others.
I would argue based on the empirical evidence that use of a zip code model would be more reasonable than verification. This isn't to suggest that your compliance solution only relies on zip code level of information - rather it is information that can help make an assessment and add to your overall verification and confirmation processes. In fact, doing so is more "reasonable" than not doing it.
After all - it is all information. Verification or documentary evidence is not the "truth". It is simply a measure of the truth, as is the area, household or other information that can be garnered. By putting it all together - we now have a much better measure of the overall truth - and a much more "reasonable" Know Your Customer program.
Tuesday, September 30, 2008
Friday, September 12, 2008
Consumer Driven Security
With all of the news and communication around identity theft - consumers are becoming keenly aware of the potential impacts to them. This is evidenced by the 30 plus million U.S. consumers buying a credit monitoring solution of some sort. In addition - with the new legislation, barely a day goes by when we don't hear about the latest data breach.
Consumers are concerned about security and safeguards put in place by their financial institution. Unfortunately - the average consumer really doesn't have a means in which to accurately identify if Bank A is more secure than Bank. While they can read the papers to make sure their institution has not been breached - there hasn't been a centralized report that rates institutions on their level of protection.
It appears to me that this is where we are heading. Much like we can go out to Consumer Reports and check out our next washing machine purchase, I see us being able to go out and check on our institutions security rating.
While the average consumer can go check out rates and products fairly easily, there is nothing out there in terms of how secure the institution is. Yet - if this were the case, I think there would be a monumental shift in consumer behavior. If Bank A and Bank B had similar rates and products yet Bank A had a great security rating and Bank B did not - which bank do you think the consumer would choose? This would prompt change immediately and might even provide the means for self-regulation, as opposed to more legislation.
Consumers are concerned about security and safeguards put in place by their financial institution. Unfortunately - the average consumer really doesn't have a means in which to accurately identify if Bank A is more secure than Bank. While they can read the papers to make sure their institution has not been breached - there hasn't been a centralized report that rates institutions on their level of protection.
It appears to me that this is where we are heading. Much like we can go out to Consumer Reports and check out our next washing machine purchase, I see us being able to go out and check on our institutions security rating.
While the average consumer can go check out rates and products fairly easily, there is nothing out there in terms of how secure the institution is. Yet - if this were the case, I think there would be a monumental shift in consumer behavior. If Bank A and Bank B had similar rates and products yet Bank A had a great security rating and Bank B did not - which bank do you think the consumer would choose? This would prompt change immediately and might even provide the means for self-regulation, as opposed to more legislation.
Wednesday, September 10, 2008
Turning Red Flags Into Green Trees
Everywhere we look these days - there are articles and advertisements about how the whole financial services industry is Going Green! There are webinars, conferences and even mass marketing on TV. Recently, I have been seeing the Region's Bank new Green Account commericals, discussing their new account that is completely paperless.
As we jump into Red Flags, however, we are still finding that the majority of banks are planning on sending letters to consumers when an address change is made. If you consider that there are roughly 400 million retail bank accounts in the United States, this amounts to the potential for 60-120 million needless letters going out the door. Bring in the 800 million credit card accounts - and it keeps getting worse.
That's a few thousand trees, not to mention the landfills. By going "paperless" with Red Flags and using an automated technology based approach - we can achieve the Green agenda.
A.E>>>
As we jump into Red Flags, however, we are still finding that the majority of banks are planning on sending letters to consumers when an address change is made. If you consider that there are roughly 400 million retail bank accounts in the United States, this amounts to the potential for 60-120 million needless letters going out the door. Bring in the 800 million credit card accounts - and it keeps getting worse.
That's a few thousand trees, not to mention the landfills. By going "paperless" with Red Flags and using an automated technology based approach - we can achieve the Green agenda.
A.E>>>
Subscribe to:
Posts (Atom)