Fixing Security Holes in the Consumer Debt Market

Uploaded on 2015-06-08 in FREE TO VIEW, BUSINESS-Services-Financial

DebtRecovery.png

Opinion By Charles Moore, Chief Commercial Officer, Global Debt Registry 

To many, the debt collection industry is a shadowy world where companies with faceless “collectors” call from unknown companies demanding payment on a debt that too often is not theirs, has inaccurate information, or not even a real debt.  As a result, the consumer is increasingly losing confidence in the integrity and fairness of the debt collection process.  This lack of industry transparency provides cover to those bad actors who steal, sell or obtain consumer data – and then use it to cause consumer harm. 

It also impacts those players within the industry – especially those that work diligently to provide legal and necessary collection services. The lack of transparency and the impact of bad actors actually makes it more difficult to collect on legitimate debts, increases their cost of collection, exposes collectors to increased regulatory scrutiny, increases compliance expense and leaves much less room for honest mistakes (mistakes that can cost them thousands of dollars).

In this shadowy world, consumer information is regularly exchanged between industry players, which includes credit grantors, debt buyers, collection agencies, debt brokers, legal collection firms and service providers.  And, far too often, this consumer data is leaked, stolen, or sold to entities which use the information for identity theft and collection scams such as phantom debt collection;  an area of focus for government enforcement agencies such as the FCA (UK), CFPB (USA), Department of Education and the Treasury Department.     
 
Foundation: 
The warning signs are not hard to miss, it’s all in the numbers. Data and information is spread out among various entities and individuals who manage or own the debt title, with over 100 billion dollars of new (non mortgage) charged off debt in the US alone every year.  Adding to the already massive amount of credit card debt information being stored in various locations, in late December 2014, the Consumer Financial Protection Bureau (CFPB) highlighted that there are over 43 million Americans that have delinquent medical debt on their credit reports. In Britain, The Guardian reported that in April of 2012 the total number of debts in collection equaled the total number of households in Britain.  The Wall Street Journal reported that in 2012, private debt in Brazil represented 220% of GDP which is an impediment to economic growth.  These huge figures are presenting major tracking and organization challenges for the industry and consumers - worldwide. This massive industry is still managed on a “case by case” basis, without any uniformity like other asset classes. The lack of overall transparency and a central repository to provide digital governance to help maintain account integrity will continue to create issues when attempting to manage debt, making it vulnerable to security threats for the debt owner, collectors and consumers. 

The “Security Breach” Potential: 
As regulators focus on wrangling in phantom debt and phony debt collectors, are they missing the major potential for a security breach? While most countries have a set of data privacy laws, regulations or requirements, there are lapses which are best illustrated by the effectiveness and increasing volume of phantom debt collection.  And, that is because phantom debt collection is most effective when it starts with some basic account information such as the consumer name, last 4 digits of an id number, spouse’s name, and a few other identifiers which helps to legitimize the caller to the consumer.  The data vulnerabilities only increase as information is sold and passed on to debt collectors who each use their own individual techniques to manage information and track down consumers. 

The Solution: 
The overall security threat for the debt industry stems from the originally stated, “shadowy” and unregulated history. Global Debt Registry believe that strong digital governance will reduce the occurrence of rogue collectors and phantom debt, which will enhance consumer confidence in the integrity of the collection process and industry players, and help to stem the ever increasing costs of collections. Creating an accurate and central reporting structure will not only provide transparency for managing debt information, but it greatly reduces the risk of a security breach by providing a more secure mechanism to exchange confidential information between and industry participants and consumers. 
As the industry adopts a digital governance platform, the result will be an ever increasingly consistent set of collection practices which are based on readily available electronic account documentation, consistent data standards, continuity of account servicing, and reduction in complaints and disputes.  Securing this platform , secure network design, secure application development practices, limiting access to information based on real business need, 24/7/365 security monitoring, and implementing secure management and operational practices which protect the individual and the organization at every step . 
Global Debt Registry provides a secure digital governance platform for the debt collection eco-system which captures, tracks, stores and enable the secure sharing of account data and documents for the account lifecycle – with integrity and accuracy.  GDR works with all broad cross section of industry players to tailor its digital governance solutions to improve consumer outcomes and reduce industry risk. GDR is PCI DSS compliant. Our multi-layered security model protects data and documents consistent with US state and federal requirements including GLBA, HIPAA and the FACT Act and participates in the U.S.-EU Safe Harbor Framework. GDR’s multi-layered security framework is designed to protect consumer information consistent with applicably US and international security requirements.  The multi layered security model is designed to protect day through the use of network architectures, best practice secure application development, best practice system management, tokenization, encryption, 24/7/365 monitoring and more.
 
Increased attention to the integrity and security of account data throughout the whole lifecycle of the account by the entire collection ecosystem is needed.  And, digital governance offered by a debt registry is the first and most important step in achieving this goal.  Otherwise, all attempts are simply trying the same thing over and over again and expecting different results.  

https://globaldebtregistry.com

« Russia Faked MH17 Images
How to Stalk Someone’s Location on Facebook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

National Security Services Group (NSSG)

National Security Services Group (NSSG)

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Credo AI

Credo AI

Credo have pioneered a Responsible AI platform that enables context driven, comprehensive and continuous governance, oversight and accountability of AI.

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures is an early-stage investment vehicle focused on cybersecurity, data analytics and automation startups.