Top 6 Things We Learned at the Prepaid Expo

Posted on March 15, 2012 by Marc

The Prepaid Expo wrapped up yesterday and what a show!  From the sound of it, everyone we talked to this week is hopefully going home a winner – at least when it comes to industry knowledge.  While what happens in Vegas usually stays in Vegas, I couldn’t help but share the Top 6 Things We Learned:

6. Prepaid is still rapidly growing.  People are expanding their offerings and new programs are being launched every day.  There are more new uses for prepaid cards every day.

5.  Fraud is still a big concern.  Identity verification is helping to meet compliance but it’s also a good tool for preventing fraud.

4. Mobile is hot. Even though mobile is emerging, it’s already gaining a lot of interest as evident in the Google Wallet program winning in the category of Best Innovation.

3.  Commercial Banks are going to have to figure out how to get a piece of the prepaid revenue pie.

2.  There is still a lot of interest and anxiety about regulations.

1.  TxVia and Visa really know how to throw a great party!

Posted in Know Identity
Tagged , ,

Leave a comment

Highlights for Day 2 at the Prepaid Expo

Posted on March 13, 2012 by Marc

As promised, we have more big news related to the Prepaid Expo #ppexpo going on this week.  Today we made a formal announcement about our work with UniRush, the marketing company behind Russell Simmon’s Prepaid Visa Rush Card.   And the timing was even more perfect with  PYMNTS.com featuring Rush Card and why payments players ought to pay attention to UniRush.

Today is sure to be slammed packed but if you are there and have a chance, here are some places you can catch up with us:

  • Test Drive an Expert–3:45-4:45 p.m. – Our CEO John Dancu has been selected to be a part of the PrePaid Expo’s Test Drive an Expert series.  You can meet with John today and find out everything you need to know about identity and compliance.
  • Innovation Showcase – 4:35 -4:50 p.m.Compliance & Revenue: Bridging the Divide How much do you know about the different CIP rules issuing banks have and the impact to your programs? Catch this 15 minute presentation with Chris Luttrell, IDology’s VP of Product & Customer Service in the Expo Hall to see how IDology’s identity verification solutions are helping program manager’s bridge the divide between CIP compliance and revenue.
Posted in Know Identity
Tagged , , , , ,

Leave a comment

Compliance March Madness: PrePaid Card Expo Hits Vegas

Posted on March 12, 2012 by Marc

The 7th annual prepaid card exposition opens up today.  Let the understanding compliance regulations madness begin.  With all the new regulations for both stored value card and prepaid cards, compliance is definitely a hot topic this year.   Just a few weeks ago, we made an announcement about our partnership with Card Compliant so I suspect there will be more interest from stored value card players, especially in light of the new CIP compliance regulations they must follow.

We kicked off the show today with some more prepaid related news.  In case you missed it, we announced why Plastyc, which provides affordable deposit, payment and saving financial services for people with limited access to, or distrust in large banks, is using IDology.

And we have more news to come tomorrow!   If, like me, you aren’t in Vegas and want to follow what’s happening, you can.  I plan on watching the latest news from the show at the prepaid media room and will track the live updates using hashtag #ppexpo on twitter.

Posted in Know Identity
Tagged , , , , , ,

Leave a comment

Seeing REDfin in Action

Posted on February 14, 2012 by Marc

One common misconception about identity verification is that only retailers need it.  I guess this misconception comes from people mostly associating fraud with stolen credit cards and stolen goods.  Yes, online commerce does have a need for identity verification related to high end purchases.  But there are many other use cases and industries that need it.

Just today we announced a use case that is really unique.  Redfin, the first online brokerage, is using identity verification to improve the process of buying and selling a home.  This is a great example of an industry traditionally tied to the bricks and mortar identity verification process evolving to a virtual world.

Here is a little bit about what Redfin is doing:

Redfin is the only major search site to feature listings direct from broker databases as well as for-sale-by-owner and foreclosure properties from across the Internet. Before using IDology, Redfin’s process of verifying the identity of potential customers was cumbersome both for clients and agents. Because Redfin agents handle every facet of a transaction, including tours, pricing analyses, negotiations, inspections and closings, the company wanted to find an easy way for customers to validate who they said they were that would help streamline the process for their agents while also eliminating fraud.

“Our previous identity verification method required customers to upload, email or fax their driver’s license, passport, or military ID. This caused many people to bail out and not go through the next step of meeting with an agent. We were looking for a more efficient and less time-consuming way for our customers to verify their identity,” said Bryan Selner, Vice President of Products at Redfin.

Now, instead of submitting proof of identity via email or fax when scheduling a home tour, clients are presented with a brief multiple-choice quiz that is dynamically generated in real-time by IDology’s ExpectID IQ product. IDology’s ExpectID IQ solution delivers out-of-wallet questions based on a person’s history which are designed so that only the actual person of the claimed identity will know the answer. This new process protects Redfin agents and ensures home tours are being scheduled with real, legitimate people.

“An important aspect of our business is when our agents meet with clients in-person and onsite to tour a home. It was really important for us to find an authentication solution like IDology’s. To help keep our agents safe, we need to know that they are meeting with people who are who they say they are. Automating this process needed to happen in a way that wasn’t difficult for our clients, or off-putting.”

Pretty cool out-of-the-box thinking.  What about your business?  How does it need to evolve?

Posted in Know Identity
Tagged , , ,

Leave a comment

Tic-Tax-Dough

Posted on February 10, 2012 by Marc

By now, the W2s and 1099 reports for 2011 are all out.   With April 15th just shy of 2 months away, tax payers are in full swing preparing their taxes and filing for refunds.

How are you getting your refund? If you are one of the many Americans who use a tax preparation services company (Liberty Tax, HR Block etc.) you might have the option to walk away with your expected refund on a prepaid card and not wait for your return.  Despite some of the bad press surrounding prepaid cards, this payment instrument has grown faster than any prior new payment method.  This year alone prepaid card sales are expected to top $522 billion according to Mercator Advisory Group in Boston.

Getting tax refunds on a prepaid card seems like a great alternative for tax payers who want instant “cash in hand” so to speak and don’t want to wait on the IRS to mail (or electronically deposit) a check.  Better yet, this method is a good way to reduce the chances of falling victim to identity theft from stolen tax refund checks.  In late January, the IRS and Justice Department conducted a national sweep; arresting 105 people in 23 states involved in identity theft and taxpayer refunds.

It’s not just check stealers and local identity thieves taking advantage of tax season; business owners are being targeted too in phishing attempts.  Case in point:

So beware.  The Government is not the only target for Tax fraud.  It’s prevalent everywhere.

Posted in Know Fraud
Tagged , ,

Leave a comment

Age Verification Front & Center in 2012

Posted on January 12, 2012 by Marc

It’s been some time since we’ve talked about age verification, but I assure you it’s still a hot topic in the market, especially for social networks and gaming (as in lotteries and sports betting) industries.

Let’s take a look at what is going on.

Social Networks are waiting to see how the rules and regulations for COPPA will play out.  This past September, the FTC proposed amendments to COPPA to help “create a safer, more secure online experience for children” as a response to technological changes in the market, including mobile technologies.  The FTC was soliciting public comment on their proposed changes through November.  So one might conclude that at some point this year the FTC will announce amendments to the COPPA rule that will affect any website or social network dealing with minors.

How does this impact age verification vendors?  Well, that depends on the verification tool you are using.  As for IDology’s age verification solution – the ruling has no direct impact on our solution per se, since we’ve been pitching using age and identity verification to verify parents from way back when MySpace was a synonym for social networking (see our member statement response to the Internet Safety Technical Task Force.)  But it will drive more interest from Internet properties who want to find a way to obtain verifiable parental consent.

The other hot area related to age verification is the gaming industry.  In late December, the US Department of Justice released a new opinion on the Wire Act clarifying that the law refers to only prohibiting online gambling on sporting events or contests, and not the ability to sell online lottery tickets to adults.  This ruling also opens the doors for intrastate poker to become a reality in the United States because the new opinion is that Wire Act only focuses on sports betting, not poker or casino games.  The new ruling also helps to further support the District of Columbia’s efforts to offer online poker to its residents, which has been delayed since September.  (See more information on this gaming topic)

Clearly age verification plays a big part in what is happening in these industries.   Although really the underlying issue is more about identity because you have to know who someone is before you can verify their age.  This is why I often use the words “identity and age verification” together.  While you can have identity verification without an age component, you cannot have an age component without identity.  Think about it.  How often do we hear people incorporating age as a part of describing someone’s identity?  Just a quick glance at any news article, biography, or obituary will prove my point….

Posted in Hot Topics, Know Age
Tagged , , , ,

Leave a comment

APPy Holidays

Posted on December 6, 2011 by Marc

The numbers are out around 2011’s Cyber Monday sales.  We spent a record $1.2 Billion which is up 33 percent from last year.   And thanks to all the smartphone’s and tablets Santa left under the tree last year, mobile traffic and mobile sales saw dramatic increases this year.  According to this article:

Purchases made from gadgets accounted for more than seven percent of sales, according to John Squire, chief strategy officer of IBM’s Smarter Commerce.

With the recent launch of Google Wallet gaining some traction with retailers and with the marketing around the super ease of using your google wallet to shop online, I’m already curious to see what Cyber Monday sales will be in 2012!

The 1-2 Punch of How Google Wallet Works

And if you need further proof that the mobile market is booming, just yesterday mobile apps marketplace analysis firm Mobilewalla, released a report indicating that the entire apps ecosystem, counting all the rival factions, will soon have 1 million apps to offer.  The company says that an average of 2,000 mobile apps enter the mobile app marketplace every day.

With 1,000,000 apps, keeping track of all the different “must haves” might be difficult …but I’m sure there will be an app for that too someday, if not already.  Meanwhile, here’s one marketer’s list of the top 5 Best Holiday Shopping Apps and Sites you might want to check out this season.

Posted in Hot Topics, Know More
Tagged , , , ,

Leave a comment

Data Privacy Everywhere…

Posted on November 18, 2011 by Marc

If there are 2 words that have permeated every online business in every industry, they’d probably be “data privacy.”   No surprise really, since a look at today’s Chronology Breach Report shows 542,590,837 data records have been reported as being breached since 2005 when the Privacy Rights Clearinghouse started tracking this information.

As consumer’s we want to keep all of our data locked up tight and can be reluctant to share it with anyone.  But how does this translate into our business lives where there is a real need to know more about consumers?  Not only so we can deliver better value to our customers, but also to protect our businesses from fraud and financial loss.

Data is a big factor in the identity verification industry and very top of mind for the security and compliance professionals we work with every day.  Which is why it’s the focus of the latest IDentity Matters podcast.

Take 10 minutes and listen to An Inside Look at Identity Data: A conversation with data expert Chris Luttrell and learn a little more about data as it relates to identity.

Posted in Know Privacy
Tagged , , ,

Leave a comment

How to prevent a data breach and save your organization more than $156B

Posted on September 21, 2011 by Marc

A recent study of data breaches during the last six years shows some staggering figures associated with this crime, especially as it relates to costs for a business.

Conducted by Digital Forensics Association, the Leaking Vault Report is the largest study of its kind and presents data gathered from studying 3,765 publicly disclosed data breach incidents occurring in 33 countries during 2005-2010.  The incidents included over 806.2 million known records being disclosed– averaging more than 388,000 records per day/15,000 records per hour every single day for the past six years.

The estimated costs to the organizations experiencing these incidents is more than $156 billion.   (The study clearly points out that this cost does not include costs incurred by any organizations up or downstream from those organizations considered victims, nor does it include costs a data breach subject may have experienced)

That’s a lot of money.  I think we can safely assume these figures are actually higher now since we are approaching the end of 2011.  Just today the Boston Globe is reporting that 2.1 million Massachusetts’s residents were affected by data breach incidents since January 2010, with 480 breach incidents occurring between January and August of this year out of a total of 1166.

Other interesting tidbits from the Leaking Vault Report include:

  • Nearly half of all of the reported breaches came from a stolen laptop, which is the case 95 percent of the time. But actual hacks accounted for the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report, even though hacks accounted for 16 percent of the data breaches.
  • In 65% of the cases, the data disclosed included the data subject’s name, address and Social Security Number.
  • From 2005 to 2010, there were 584 incidents disclosing over 17 million records with Medical data. The median records disclosed for medical data was 2,000. There were 27% of incidents reporting “unknown” loss figures. These incidents are now required to be reported under the HIPAA/Hitech regulations.

The report concludes with a summary of the recommendations included throughout the report:

1.     Know where your data is from inception to disposal. If you do not know where it comes into the organization, where it is transformed, stored, shared with outside parties, archived, and finally how it is disposed of—you cannot hope to keep it secure.

2.     Trace each sensitive data type from when it is created, to when it is disposed of, and all the places it is used in between. Without making these types of data flow maps, organizations are operating on an incomplete risk picture.

3.     When a laptop is issued to an individual, it should be accompanied by a set of rules for the custodian of the device to follow. This should include direction for maintaining physical control offsite and onsite, as well as fallback controls for when these rules either are insufficient to keep the asset safe.

a. Information Security professionals who can influence the contents of their organization’s awareness training should be lobbying to have something included about laptops.

b. In no case should the laptop be left overnight in the vehicle—particularly at the employee’s residence.

c. Do not neglect physical controls to protect electronic data. The number of laptops stolen from offices illustrates the need for locking mechanisms for the laptops when unattended at work.

4.     Organizations should either put controls in place that notify when a device is tampered with, or have regular inspections of point of sale devices, gas pumps and ATMs to mitigate this risk.

5.     Attention should also be given to the use of production data in test and development environments, since those environments typically have less stringent security controls in place.

6.     Organizations must “bake” security controls into contracts with third party partners. This means the Information Security personnel should be involved early in the selection and vetting of potential business partners where sensitive data is concerned.

7.     While prevention of malicious activity is ideal, detection is critical to minimize the damage of an incident, regardless of actor.

8.     If organizations are still using SSNs as their unique identifier, they should be taking steps to eliminate them wherever possible. Reducing the locations where this highly sought after data element is stored will only help to reduce the risk of their disclosure. Data masking and encryption should be considered in cases where they must be stored and used.

Adding to these recommendations, here are some pointers from IDology to help reduce your risks as it relates to your identity verification processes:

1.       Limit the data input requirements from your consumers to the minimum requirement of your business need – if you don’t need a full SSN for audit purposes, don’t ask for it!

2.       Don’t add to the data overexposure problem by feeding more data into your organization.  Use a solution provider, not a data provider to verify your customers-not- present.

3.       Eliminate shared secrets from your authentication process – with social networking and data breaches, shared secrets are no longer effective.

4.       Leverage your internal data in the verification process without sharing any of your data with a third party.

5.       Educate your employees – fraudsters are switching tactics. Instead of going for the big attack they are finding quick and easy ways to infiltrate a system making it harder to detect and stop.

Posted in Hot Topics, Know Privacy
Tagged , , , ,

Leave a comment

A Primer on Out-of-Wallet Questions Podcast

Posted on August 5, 2011 by Marc

A few weeks ago I blogged about all the confusing terms associated with out-of-wallet questions.  This week, I want to point you to IDology’s podcast on out-of-wallet questions.  This 12-minute interview is with yours truly and is intended to give an overview on out-of-wallet questions including what they are and why they are better than shared secrets.

Listen in if you get a moment to learn a little bit more about this effective authentication technology.

Posted in Know Security
Tagged , ,

Leave a comment