Fixing Security Holes in the Consumer Debt Market

Uploaded on 2015-06-08 in FREE TO VIEW, BUSINESS-Services-Financial

DebtRecovery.png

Opinion By Charles Moore, Chief Commercial Officer, Global Debt Registry 

To many, the debt collection industry is a shadowy world where companies with faceless “collectors” call from unknown companies demanding payment on a debt that too often is not theirs, has inaccurate information, or not even a real debt.  As a result, the consumer is increasingly losing confidence in the integrity and fairness of the debt collection process.  This lack of industry transparency provides cover to those bad actors who steal, sell or obtain consumer data – and then use it to cause consumer harm. 

It also impacts those players within the industry – especially those that work diligently to provide legal and necessary collection services. The lack of transparency and the impact of bad actors actually makes it more difficult to collect on legitimate debts, increases their cost of collection, exposes collectors to increased regulatory scrutiny, increases compliance expense and leaves much less room for honest mistakes (mistakes that can cost them thousands of dollars).

In this shadowy world, consumer information is regularly exchanged between industry players, which includes credit grantors, debt buyers, collection agencies, debt brokers, legal collection firms and service providers.  And, far too often, this consumer data is leaked, stolen, or sold to entities which use the information for identity theft and collection scams such as phantom debt collection;  an area of focus for government enforcement agencies such as the FCA (UK), CFPB (USA), Department of Education and the Treasury Department.     
 
Foundation: 
The warning signs are not hard to miss, it’s all in the numbers. Data and information is spread out among various entities and individuals who manage or own the debt title, with over 100 billion dollars of new (non mortgage) charged off debt in the US alone every year.  Adding to the already massive amount of credit card debt information being stored in various locations, in late December 2014, the Consumer Financial Protection Bureau (CFPB) highlighted that there are over 43 million Americans that have delinquent medical debt on their credit reports. In Britain, The Guardian reported that in April of 2012 the total number of debts in collection equaled the total number of households in Britain.  The Wall Street Journal reported that in 2012, private debt in Brazil represented 220% of GDP which is an impediment to economic growth.  These huge figures are presenting major tracking and organization challenges for the industry and consumers - worldwide. This massive industry is still managed on a “case by case” basis, without any uniformity like other asset classes. The lack of overall transparency and a central repository to provide digital governance to help maintain account integrity will continue to create issues when attempting to manage debt, making it vulnerable to security threats for the debt owner, collectors and consumers. 

The “Security Breach” Potential: 
As regulators focus on wrangling in phantom debt and phony debt collectors, are they missing the major potential for a security breach? While most countries have a set of data privacy laws, regulations or requirements, there are lapses which are best illustrated by the effectiveness and increasing volume of phantom debt collection.  And, that is because phantom debt collection is most effective when it starts with some basic account information such as the consumer name, last 4 digits of an id number, spouse’s name, and a few other identifiers which helps to legitimize the caller to the consumer.  The data vulnerabilities only increase as information is sold and passed on to debt collectors who each use their own individual techniques to manage information and track down consumers. 

The Solution: 
The overall security threat for the debt industry stems from the originally stated, “shadowy” and unregulated history. Global Debt Registry believe that strong digital governance will reduce the occurrence of rogue collectors and phantom debt, which will enhance consumer confidence in the integrity of the collection process and industry players, and help to stem the ever increasing costs of collections. Creating an accurate and central reporting structure will not only provide transparency for managing debt information, but it greatly reduces the risk of a security breach by providing a more secure mechanism to exchange confidential information between and industry participants and consumers. 
As the industry adopts a digital governance platform, the result will be an ever increasingly consistent set of collection practices which are based on readily available electronic account documentation, consistent data standards, continuity of account servicing, and reduction in complaints and disputes.  Securing this platform , secure network design, secure application development practices, limiting access to information based on real business need, 24/7/365 security monitoring, and implementing secure management and operational practices which protect the individual and the organization at every step . 
Global Debt Registry provides a secure digital governance platform for the debt collection eco-system which captures, tracks, stores and enable the secure sharing of account data and documents for the account lifecycle – with integrity and accuracy.  GDR works with all broad cross section of industry players to tailor its digital governance solutions to improve consumer outcomes and reduce industry risk. GDR is PCI DSS compliant. Our multi-layered security model protects data and documents consistent with US state and federal requirements including GLBA, HIPAA and the FACT Act and participates in the U.S.-EU Safe Harbor Framework. GDR’s multi-layered security framework is designed to protect consumer information consistent with applicably US and international security requirements.  The multi layered security model is designed to protect day through the use of network architectures, best practice secure application development, best practice system management, tokenization, encryption, 24/7/365 monitoring and more.
 
Increased attention to the integrity and security of account data throughout the whole lifecycle of the account by the entire collection ecosystem is needed.  And, digital governance offered by a debt registry is the first and most important step in achieving this goal.  Otherwise, all attempts are simply trying the same thing over and over again and expecting different results.  

https://globaldebtregistry.com

« Russia Faked MH17 Images
How to Stalk Someone’s Location on Facebook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Two99

Two99

Two99 provide tailored excellence in the areas of E-Commerce, Marketing, Consulting, and Cyber Security.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.