November 28, 2018
Fraud Arms Race Bonus Episode
When Bad Things Happen to Good People
In this bonus episode, Eric speaks with an individual living in the Atlanta area who was a victim of identity theft. Their conversation explores how financial fraud gives companies the chance to deliver excellent customer experiences – or terrible ones. Listen and learn what financial institutions, retailers, and the rest of us need to do to get it right.




Welcome back to the Finance Frontier, I’m your host Eric Hathaway. Today’s episode is going to be a little bit different. If you’ve been listening to our show you’ll know that for the past five episodes we’ve taken a deep dive into the issue of fraud. We’ve heard from fraud solution provider Kevin King about where the industry is headed. We’ve talked with Gary Fan about the implications of block chain technology, and the ability to build fraud-resistant payment platforms. We’ve heard from researcher Garrett Stevens on the state of the fraud marketplace and we’ve spoken with Jared Dirkschneider about how he went about building a fraud strategy at Worlds Foremost Bank. We even had the opportunity to speak with a woman who committed financial fraud from within the institution.



While we’ve by no means exhausted the topic of fraud, we’re ready to wrap up the fraud series, at least for how. However, I recently had a casual conversation with someone, a woman named Cindy, who lives in the Atlanta Area, who had just been a victim of identity fraud. She spoke about how frustrated she was and how much this experience disrupted her life, and she also spoke about her bank and how it protected her without her even knowing it. It was a perfect case study for the customer experience side of the fraud equation and I asked her to share it with us on the show so that we could include it as sort of a bonus episode in the series.
Cindy: So just knowing that this person who apparently had just my Social Security number was able to set up this account. It’s a little scary knowing that just having one piece of information can cause such detriment.


Her experience wasn’t just a fraud experience. It was a customer experience situation, and it’s one that she has talked about dozens of times since the experience happened just a few weeks ago. If you listen to episode two with Kevin King you heard us talk about some of the stats around breaches, 2.6 billion records breached in the year 2017 or 82 records per second.1
[00:02:00] Of course, the other side of the coin is all the consumers that are impacted by these breaches. In 2017 that number was 16.7 million consumers, that’s almost 17 million individuals who had to sort out all the pieces of the puzzle and contact their institutions and muddle through the process of cleaning up the mess. That’s up from 13 million in 2016, and the 2018 number is expected to rise even further.2
Cindy was kind enough to share her story and I asked her if she wouldn’t mind giving us a little insight into how she found out that she was affected by this theft and what that cleanup process looked like for her.



So it happened on October 8th. I will never forget it. I had a great weekend out of town visiting family and when I came back home I checked the mail, so this was on a Monday. I checked the mail and I received a letter from Target and I opened the letter and the letter said, “Thank you for your recent Red Card application. We reviewed your files and due to a fraud alert that you had on your account we are unable to approve this application.” And I believe that was a blessing because I actually didn’t recall setting up some sort of alert, I just assumed my bank, which is USAA, had some sort of extra protection since they’d been such a good bank that I’ve been a customer with for years, I just assumed I had some sort of extra layer of protection.


Now, Cindy doesn’t know how her information was compromised or who was to blame. That said, I find it interesting that her reaction was not to blame her bank but actually to feel gratitude to them for setting up these fraud alerts. This was not a decision that she made, but one that she was grateful to have been made for her.


Immediately called Target’s customer support line that evening on Monday and let them know that I was a victim of identity theft, that was not me that created that and then that’s when they told me this has been processed, and they did let me know to please take the steps in checking with TransUnion, Experian, and Equifax. They actually provided me next steps around what to do and showed sincere concern about how I would need to set up things like credit freezes and fraud alerts, which truly, like I had mentioned, I had never thought about doing to begin with.


What was important to Cindy were these three things: Protection, bedside manner, and expertise. There were protections in place that she did not have to worry about or be part of, which kept her safe from this thief, who was trying to use her information. When she discovered what had happened she was in a vulnerable state and needed to be treated with respect and care, and as to expertise Cindy had never considered what she would do in the event that her identity was stolen, so she needed her bank and retailer to provide guidance to her in terms of next steps. These three things are a solid framework to think about when addressing the customer experience side of fraud.


The experience with them was very helpful in realizing, it set aside from me panicking and feeling very vulnerable that I had a sense of direction that I can take due to their expertise. I hadn’t taken any action yet, but I did know what I needed to do.


So this is a case of an institution and a retailer getting it right from a customer experience perspective, and getting a nice shout out over this podcast as a result. It doesn’t always turn out that way. ACI Worldwide and Aite Group did a survey recently and found that 22% of fraud victims will close a bank account after an incident involving fraud.3  Millennials reacted even more strongly to fraud with 29% saying they would close all accounts with the bank, and that’s from a FICO study, and 14% of fraud victims have complained on social media about a fraud incident, with the number rising to 25% if you look at just millennials.4  I’ll let Cindy continue her story.



So Tuesday October 9th I started to make these outreaches and setting up accounts, well in the meantime on October 9th I had received four more other pieces in the mail that had taken place, obviously, in the midst of me not knowing this was even occurring. This person that had my identity was clearly trying to get access to as many credit cards and create as many applications as possible while they had the time, so I received a letter from Verizon with a $400 bill, they had created three phone lines, cellphone lines, on behalf with all these protections and insurance coverages, so I had a bill of $400.


I had letters from JCPenney, Walmart and Kay Jewelers, all saying, “Thank you for your application,” again, “Due to the review unfortunately since we weren’t able to confirm additional information this application has been declined.” So when I called Verizon, sent me over to the Fraud Department and because, and I never really thought about this, but because Fraud also wants to protect me they’re also looking in the lens of, well maybe this person who’s calling in is actually the person who stole this person’s identity,” so they’re instructions for me with the Fraud Department, were not very helpful. They were very short. You know I was asking them what can I do to prevent this, and they weren’t really giving me much. So I felt like I had been just another person.


So the point here is that no matter what fraud vendors you choose and how robust your fraud strategy is, if you are a financial institution or a retailer or a customer-facing organization of any kind, you are going to have to face these kinds of fraud conversations with your customers. And you need to put yourself in the shoes of that customer, and ask yourself what kind of customer experience you want to create for these people who are in a vulnerable state. Those who do win loyalty and positive word of mouth from the very customers who are most apt to talk about them, because we all know that no one talks about their bank or retailer unless something goes wrong.


Come to think of it when I spoke back with the person at Verizon, they said, “Well if you think about it they want to protect you as a victim. They wouldn’t want to give any other information to someone who’s trying to commit fraud if it’s not actually the victim calling in.” Which definitely made sense, but just with Verizon alone before I could even solve the issue and have these transactions that were apparently something I owed removed, was to file a police report, and so just for the Verizon I had to file a police report, I had to complete all this information with my personal information including pictures of my driver’s license, proof of insurance, proof of receiving electricity, utility bills for my apartment, etc., just to have this taken out of my responsibility with Verizon. So that was just kind of a hassle in itself having to jump through all these hoops, let alone when I asked Verizon how can I prevent this, all they said to do was go back and work with TransUnion.


So just knowing that this person who apparently had just my Social Security number was able to set up this account and set up all these charges against my name when I in fact didn’t do that, so it’s a little scary knowing that just having one piece of information can cause such detriment and such a time-consuming process for me. That was the really scary part. I wasn’t sure what I else I would be getting in the mail, what other notifications of things that were owed or bills that needed to be paid. I just had no idea what would be next.


So Cindy’s Verizon experience did not meet the three customer experience criteria. First they did not protect her against the fraud. I actually asked where she places the blame, of if she was mad about the fact that Verizon wasn’t able to catch the fraud? She said she placed the blame primarily on the individual fraudster but was also very frustrated with Verizon for making it easy for that fraudster to take advantage of the data.


For Verizon, for example, just the fact that all they would need is a Social Security number, they don’t really have any other way to identify if that is actually me requesting all of these numbers and especially the fact that my name is already under a different account, how they couldn’t have traced that back, I just feel like there could’ve been a little bit more work on their end. Also knowing that they don’t trace those phone numbers that were created and figure out where these phones are located, you know take some sort of action to eliminate this from happening again, I feel like, is something that they could definitely take into consideration.


Even as a consumer with no fraud experience, there is a level of savviness and expectation around what a company can do to protect her. Cindy expects that since she is already a Verizon customer and that this person is calling in with a different number, that Verizon should have brought this up as a red flag when someone pretending to be her tried to open a new account. We all know it’s possible and what good customer experience should look like, Cindy’s no different.


Going back to Cindy’s criteria, they didn’t meet the second one either. The bedside manner left something to be desired. Cindy was pretty gracious actually in that she understood some of the brusqueness was for her own protection, but definitely not a good experience as she said herself, and when she asked what she could do to make the situation better they did provide guidance, but it wasn’t pretty. No one wants to file a police report. Verizon wasn’t the only company to completely flunk the user experience test.


Cindy mentioned that Walmart was another retailer who had sent her an application denial, but when she called them back to follow up they were not only unhelpful, but left her feeling completely disheartened.


And it was an experience I had with a representative where she basically said this happens all day, every day, this is completely out of our control, it’s because of the government, if you don’t recall the issue with the credit bureau releasing millions of Social Security numbers, you know just making me feel as if oh no big deal, just the fact that my identity has been stolen.
Eric: I asked her, if she was looking to go back to one of these big box retailers in the future, and had to choose between Walmart and Target would the experience that she had affect her choice between the two?


Definitely, I think that most all of us want to partner or buy from a company that cares in some sort of way, so just the way that I was treated essentially during that call has definitely given me a little bit of a bitter feeling around not just the customer service but the organization as a whole.


Whether or not her data was leaked as part of these major breaches, I think we can all agree that this is not an appropriate response from a customer service rep. So Cindy provides a great illustration of exactly what consumer demands are right now, especially as they relate to fraud. Those responses will impact customer decisions in the future, so companies need to get it right to keep customers around.
Of course, the other side of the fraud experience angle is the friction that is sometimes caused by fraud prevention. Several of our other guests commented about this and it is something that always needs to be top of mind in any fraud strategy. Here’s Jared Dirkschneider from Episode five:
Jared D:


Yeah we definitely monitor that very closely. We have a metric we call a false-positive ratio where it’s just the number of good transactions that were declining to the number of bad or fraudulent transactions, so we try to keep that in the 4-5:1 range so it’s still a 20-25% fraud rate, I guess you could call it. I think that’s been a fairly good balance for us. Of course we always get customer complaints and we’re always monitoring those, and we evaluate every single rule we have in place on a weekly basis, just to make sure that they’re still being effective.


On the eCommerce side, Javelin says the false-positive ratio is higher, to the tune of one in three. They also estimate that eCommerce companies are losing 118 billion dollars in sales, or roughly 17 times the losses from chargebacks due to actual fraud. In addition, Forrester Research approximated that the segment is losing 31 billion dollars in potential revenue from customers who abandon loaded shopping carts. With cumbersome security checks sited as the top reason for abandoning thosecarts.5
[00:15:00] As we wrap up I think if there’s anything that I hope those of you who are listening will take away from the series, is that fraud is not a Fraud Team problem, it’s not a Risk Team problem, it’s not a credit problem or a digital problem, it’s an everyone problem. It’s a problem that every business unit needs to be thinking about and I think it’s a problem that we in our consumer lives need to think about as well.
And I’ll leave you on this note from Kevin King, who we spoke with in Episode two.
Kevin King:




When I would speak to an audience in 2014, 2015 and I would say something that I intended to be provocative, I’d tell the room, “Two-thirds of you have been breached. Your information is somewhere on the dark web,” and you know 2015 I might say 75%. Today when I give a talk I say, “Everybody in this room at least once,” that high probability that 95% of that room was compromised in the Equifax breach, ’cause if we look at the number of adult consumers and you remove from that number the 45 million or so that don’t have a file at any bureau, but if you possess a credit score you’re overwhelmingly likely to have been in that Equifax breach. The question really is, how often have you been breached and what besides your name and social have people gotten? Have they gotten your authentication questions, like what your favorite singer is or what the mascot of your high school was? Have they gotten your passwords? You know that kind of a thing.


So we hope you’ve enjoyed this podcast series. We’ll be back in the New Year with a new series where we’ll focus on the role of data and access to that data creating opportunities for financial inclusion. From new-to-country immigrants to folks with thin credit files or no credit history there is an opportunity worth hundreds of billions of dollars for companies willing to look at new and emerging data.6 We’re going to explore how and why financial institutions should be tapping into this market. Here’s a sneak peak.


When we look at addressing alternatives to payday and short-term lenders that are out there, there’s a few things that are really crucial about making that work. Research has been done across the industry that price is not the end-all be-all driver of whether a consumer makes a decision to go to a payday loan shop or some other kind of alternative lender. Really what’s important to them at that point is kind of how quickly and how easily they can get that money. There’s some profitability out there and there’s also just a great story to be told.



One of the things I’ve heard from a lot of the folks that we’ve been talking to is, “You know, Patrick this isn’t fair. We’re young, we’re agile companies, we’re very, very small. It’s not fair to say that we have to have all of the same security apparatus let’s say a traditional financial institution would have. If you put that burden on us we simply wouldn’t have the money and we’d fail. I think what the report shows is that we see a pretty widespread set of configurations and security standings, and some of them are actually downright dangerous.
Eric: Thanks for listening to the Finance Frontier. I’m your host Eric Hathaway, and until next time subscribe on your favorite podcast app.

  1. Gemalto, & Breach Level Index. (2018). 2017 The Year of Internal Threats and Accidental Data Breaches (p. 2, Rep.).
  2. Pascual, A., Marchini, K., & Miller, S. (2018). 2018 Identity Fraud: Fraud Enters a New Era of Complexity (Rep.). Javelin Strategy & Research.
  3. Knieff, B. (2016). 2016 Global Consumer Card Fraud: Where Card Fraud is Coming From (Rep.). Aite Group.
  4. Fico. (2016, June 01). FICO Survey: One in Three US Millennials Have Closed All Bank Accounts After a Fraud Incident. Retrieved October 27, 2018, from https://www.fico.com/en/newsroom/fico-survey-one-in-three-us-millennials-have-closed-all-bank-accounts-after-a-fraud-incident-06-01-2016
  5. Goldstein, G. (2018, September 28). Reduce Costs While Keeping Your E-commerce Store Protected [Web blog post]. TransUnion. Retrieved October 29, 2018, from https://www.transunion.com/blog/reduce-costs-while-keeping-your-e-commerce-store-protected
  6. Lala World. (2017, October 24). Banking the Unbanked: A Risky Proposition or a Market Opportunity? Techburst. Retrieved September 03, 2018, from https://techburst.io/bank-ing-the-unbanked-a-risky-proposition-or-a-market-opportunity-28a8c5436ece

Love the show? Want to be featured as a guest? We’d love to hear your questions and comments and welcome guest recommendations. Our producer Sara Tatnall can be reached at sara.tatnall [at] zootweb.com.

Share This