Fixing Security Holes in the Consumer Debt Market

Uploaded on 2015-06-08 in FREE TO VIEW, BUSINESS-Services-Financial

DebtRecovery.png

Opinion By Charles Moore, Chief Commercial Officer, Global Debt Registry 

To many, the debt collection industry is a shadowy world where companies with faceless “collectors” call from unknown companies demanding payment on a debt that too often is not theirs, has inaccurate information, or not even a real debt.  As a result, the consumer is increasingly losing confidence in the integrity and fairness of the debt collection process.  This lack of industry transparency provides cover to those bad actors who steal, sell or obtain consumer data – and then use it to cause consumer harm. 

It also impacts those players within the industry – especially those that work diligently to provide legal and necessary collection services. The lack of transparency and the impact of bad actors actually makes it more difficult to collect on legitimate debts, increases their cost of collection, exposes collectors to increased regulatory scrutiny, increases compliance expense and leaves much less room for honest mistakes (mistakes that can cost them thousands of dollars).

In this shadowy world, consumer information is regularly exchanged between industry players, which includes credit grantors, debt buyers, collection agencies, debt brokers, legal collection firms and service providers.  And, far too often, this consumer data is leaked, stolen, or sold to entities which use the information for identity theft and collection scams such as phantom debt collection;  an area of focus for government enforcement agencies such as the FCA (UK), CFPB (USA), Department of Education and the Treasury Department.     
 
Foundation: 
The warning signs are not hard to miss, it’s all in the numbers. Data and information is spread out among various entities and individuals who manage or own the debt title, with over 100 billion dollars of new (non mortgage) charged off debt in the US alone every year.  Adding to the already massive amount of credit card debt information being stored in various locations, in late December 2014, the Consumer Financial Protection Bureau (CFPB) highlighted that there are over 43 million Americans that have delinquent medical debt on their credit reports. In Britain, The Guardian reported that in April of 2012 the total number of debts in collection equaled the total number of households in Britain.  The Wall Street Journal reported that in 2012, private debt in Brazil represented 220% of GDP which is an impediment to economic growth.  These huge figures are presenting major tracking and organization challenges for the industry and consumers - worldwide. This massive industry is still managed on a “case by case” basis, without any uniformity like other asset classes. The lack of overall transparency and a central repository to provide digital governance to help maintain account integrity will continue to create issues when attempting to manage debt, making it vulnerable to security threats for the debt owner, collectors and consumers. 

The “Security Breach” Potential: 
As regulators focus on wrangling in phantom debt and phony debt collectors, are they missing the major potential for a security breach? While most countries have a set of data privacy laws, regulations or requirements, there are lapses which are best illustrated by the effectiveness and increasing volume of phantom debt collection.  And, that is because phantom debt collection is most effective when it starts with some basic account information such as the consumer name, last 4 digits of an id number, spouse’s name, and a few other identifiers which helps to legitimize the caller to the consumer.  The data vulnerabilities only increase as information is sold and passed on to debt collectors who each use their own individual techniques to manage information and track down consumers. 

The Solution: 
The overall security threat for the debt industry stems from the originally stated, “shadowy” and unregulated history. Global Debt Registry believe that strong digital governance will reduce the occurrence of rogue collectors and phantom debt, which will enhance consumer confidence in the integrity of the collection process and industry players, and help to stem the ever increasing costs of collections. Creating an accurate and central reporting structure will not only provide transparency for managing debt information, but it greatly reduces the risk of a security breach by providing a more secure mechanism to exchange confidential information between and industry participants and consumers. 
As the industry adopts a digital governance platform, the result will be an ever increasingly consistent set of collection practices which are based on readily available electronic account documentation, consistent data standards, continuity of account servicing, and reduction in complaints and disputes.  Securing this platform , secure network design, secure application development practices, limiting access to information based on real business need, 24/7/365 security monitoring, and implementing secure management and operational practices which protect the individual and the organization at every step . 
Global Debt Registry provides a secure digital governance platform for the debt collection eco-system which captures, tracks, stores and enable the secure sharing of account data and documents for the account lifecycle – with integrity and accuracy.  GDR works with all broad cross section of industry players to tailor its digital governance solutions to improve consumer outcomes and reduce industry risk. GDR is PCI DSS compliant. Our multi-layered security model protects data and documents consistent with US state and federal requirements including GLBA, HIPAA and the FACT Act and participates in the U.S.-EU Safe Harbor Framework. GDR’s multi-layered security framework is designed to protect consumer information consistent with applicably US and international security requirements.  The multi layered security model is designed to protect day through the use of network architectures, best practice secure application development, best practice system management, tokenization, encryption, 24/7/365 monitoring and more.
 
Increased attention to the integrity and security of account data throughout the whole lifecycle of the account by the entire collection ecosystem is needed.  And, digital governance offered by a debt registry is the first and most important step in achieving this goal.  Otherwise, all attempts are simply trying the same thing over and over again and expecting different results.  

https://globaldebtregistry.com

« Russia Faked MH17 Images
How to Stalk Someone’s Location on Facebook »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

Kernelios

Kernelios

Kernelios is a simulator-based training center and an incubator for cyber experts worldwide.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

ThreatGen

ThreatGen

ThreatGEN™ works with your team to improve your resiliency and industrial cybersecurity capabilities through an innovative and modernized approach to training and services.

Touchstone Security

Touchstone Security

Touchstone Security is a company with a passion for technology, a hyper-focus on cybersecurity, and a special affinity for cloud technology.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.