2. Fraud Mobility
Ken Meiser
VP- Identity Solutions

3. LifeLock: Layers Of Protection
DETECT
Stopping Fraud Before Financial Harm to Consumer or Company
ALERT
Providing Consumers with visibility into how and where their identity is being used
RESTORE
Trained experts to assist you when compromise occurs
Education
Security
Technology

4. Two Critical Areas of Focus for ID Analytics1
Enable better fraud, identity and risk decisions for leading U.S. organizations
300+ Companies, including most
Top Credit Card Issuers, Banks and Wireless Carriers 2
Protect consumers from fraud by generating unique alerts, innovations and insights
As part of LifeLock, ID Analytics is heavily focused on protecting consumers from fraud and identity theft. We approach this in two distinct and critical ways.
We work with leading financial institutions, lenders, and businesses to stop fraud attempts before new accounts are booked.
We send new account opening alerts directly to consumers through LifeLock.
This combined approach enables ID Analytics to stop some fraud before it happens and empower consumers to protect themselves if it gets through.

5. An ecosystem to protect consumers & enterprises1 2 3
Name
SSN
Date of Birth
Address Phone
Application
ID Analytics’ Client
ID Analytics sends
back risk assessment
Alert 5 4
Consumer Alert
To help our clients control fraud, they send application data to ID Analytics for evaluation nearly a million times a day. We return a risk assessment of the application to the client. Consumers cannot be declined credit based on fraud risk, but the lenders are able to investigate the application more carefully to ensure it is legitimate. This is critical to protecting at risk populations, such as the elderly.
In addition, clients ask us to notify LifeLock members of all applications matching their identity.

6. Study Goals and MethodologyQ:
Do fraudsters follow a pattern within and across industries?
What behavior does a victim’s identity exhibit before and after a fraudulent event?
What are the long-term implications for a consumer with a compromised identity?
Extract from four industries:
Telecom
Bank Card
Retail Card
Auto &
Consumer
Seen at least twice between:
SSNs
68M
2.9M
Fraudulent Events
Extract from telecom, Credit Card, Retail Card, Auto Consumer lending
68million SSNs seen AT LEAST twice between July 2010 and July 2015
2.9M fraudulent events

7. Normal Application Cadence
Non-Compromised Identity
Retail
Retail
Retail
Telco
Bankcard
2004
2006
2008
2010
2012
2014
2016
- Tony has been seen in the ID Network five times over eleven years with an overall application rate of roughly one application every two years
Tony’s SSN was never associated with a client-confirmed fraud
The event of Tony’s non-compromised application (randomly chosen from all the non-compromised applications) was seen in December 2008 on a retail credit-card application
Prior to this event, Tony was seen submitting two applications, approximately one every two and a half years (both seen in the retail credit card industry)
After the 2008 event, Tony’s behavior remained consistent, submitting two more applications over the next six years at an average rate one new application every three years. These subsequent applications crossed multiple industries (e.g., one telecommunications, one bankcard)

8. Fraudulent Application Cadence
Compromised Identity
Bankcard
Telco
Retail
March 12, 2006
July 7, 2011
February 21, 2014
February 22, 2014
October 18, 2014
- Applications with Fred’s SSN were seen in the ID Network without any associations to fraud for 11 years averaging roughly one new application every five years. During this time Fred was seen applying to two bankcard enterprises
In February 2014, Fred’s SSN was first reported by a telecommunications client as being associated with a fraudulent application Later that same day, Fred’s SSN was seen in a new account application that went on to be confirmed as a fraudulent event in the retail credit card industry and there were three additional new-account applications with three different telecommunication enterprises (one of which resulted in a third instance of confirmed fraud)
The following day, Fred’s SSN was seen on an application for a retail credit card
October 2014, two new applications with Fred’s SSN are submitted to retail card issuers and later confirmed as associated with fraud by the enterprises

9. Aggregated Cadence Comparison
Once a SSN has been compromised, it remains at risk
Pre and Post Application Velocity for a Compromised Application vs a Non-Compromised Application
Compromised identity 6xs higher within
the first day
Compromised identity 5xs higher after 360 days
Compromised SSN
Non-Compromised SSN
Compromised SSN
Non-Compromised SSN
Similar behavior seen until 10 days prior to the event
Blue line before and after as examples of a pretty symmetrical line
Increase in traffic toward the end is partially explained by growth of the network
In general, transactions cluster
Orange line higher than blue because fraud behavior begets a higher overall volume over the entire window
Blue l
Compromised identities are seen 7xs 10 days after the event
46% of the 0-10 day events happen in the first 24 hours
A second spike in the non-compromised identities is seen after 180 days

10. Market concentration patterns suggest fraud specialization
Victims Remain Vulnerable within Specific Markets in the Short-Term
Probability of Crossing Industry 0%
10%
20%
30%
40%
50%
60%
70%
0-10
10-30
30-90
90-180
360+
Days
21%
48%
53%
55%
57%
62%
63%
Compromised SSN
Non-Compromised SSN
Compromised SSN
23% 7%
13%
16%
Non-Compromised SSN
During the first 10 days, 93% of multiple fraud occurrences took place within the same industry