Too much white noise

You need more than just a bigger „to do‟ list!

SMART Data, not „Big Data‟

Beware of “I am Spartacus”!

Common „noise‟

Process & the “Retreat of Reason”

„Fraud savings‟ & targets

“Police aren’t interested in fraud”

If a claim was a relay baton?...

Continual innovation required to address „hot spots‟

Continual innovation required to address „hot spots‟

thirdeye® Casualty

Screening = swift decisions

Fast. Effective. Evolving…

Are they who they say?

Were they where they said?

Did they do what they said?

How do they live?

Stay in or out of Portal?

Add genuine value

or get out of the way!

Get excited about what you do

or get out of the way!

Keep challenging oneself

– it‟s how we improve

Increasingly important to...

Reduce the noise!

DATE

FRONT LINE

• As an online company we require the maximum amount of information on our clients, besides the usual

personal data. The information that we obtain via our front line IP provider helps us build a better

understanding of the potential client, in addition to the personal information submitted by the client.

Another benefit is the unique device number provided; this device is recorded within their vast database

allowing subscribers to view this database to observe the device history.

• The unique information presented to us from our provider is: Device type, Real IP address, Country,

Region, City and Service Provider. Other information is evidence placed on the device by other

Subscribers as well as ourselves; this can include True ID Theft and Credit Card Fraud among many

other types.

10

DATE

THE BREAKDOWN

• We are also able to set our own rules, with varying output responses e.g. Allow, Review and Deny

depending on a company’s appetite for risk. The below table show some of rules present, evidence

placed by us or other subscribers is shown below including the ratio seen within the applications sent for

Review:

11

Rules Aug-14

Country List 21%

Device ID is Unique 5%

Risky Device 4%

High Risk ISP 3%

High Risk IP 5%

MYJAR Evidence Exists 4%

Mobile Emulator Detected 1%

Potential Financial Difficulties 2%

Proxy in Use 1%

Subscriber Evidence 19%

Timezone vs Geolocation Mismatch 32%

Risky Transactions A 3%

Risky Transactions B 2%

DATE

THE FURTHER BREAKDOWN • In addition to the above IP database we also use rules within our own database, this mainly looks at

velocity, related clients history and defined known risks. All accounts that fail any of our rule sets are

sent for review by our validation team and our fraud manager.

• There are varying types of fraud seen by us; however, the majority of the fraud seen can be broken

down into different standards of fraud and analysed. A breakdown of this for 2013 and YTD can be seen

below:

12

Fraud Definitions 2013 YTD

Application Fraud 11.50% 2.50%

Account Take-Over/Hijacking 0.50% 0.20%

Fraud Other 1.10% 0.70%

Identity Fraud 50.00% 34.30%

Misuse of Facility Fraud 11.60% 15.00%

Subscriber Evidence Fraud 20.30% 37.70%

Returned as Fraud from DC 5.10% 9.60%

DATE

FRAUD GANGS MO

• Crime gangs like to operate using stolen identities which can be obtained from the ‘dark web’, in tandem

with cloned/stolen cards. Their favoured MO as observed by us is using a dynamic IP or open public

network fraudulently applying for loans using a windows pc. As their patterns are usually consistent we

are usually able to have some impact on their operation however some naturally slip through.

13

Group Head of Collections, Recoveries and Fraud

STUART SYKES

14