Fixing Security Holes in the Consumer Debt Market

Uploaded on 2015-06-08 in FREE TO VIEW, BUSINESS-Services-Financial

DebtRecovery.png

Opinion By Charles Moore, Chief Commercial Officer, Global Debt Registry 

To many, the debt collection industry is a shadowy world where companies with faceless “collectors” call from unknown companies demanding payment on a debt that too often is not theirs, has inaccurate information, or not even a real debt.  As a result, the consumer is increasingly losing confidence in the integrity and fairness of the debt collection process.  This lack of industry transparency provides cover to those bad actors who steal, sell or obtain consumer data – and then use it to cause consumer harm. 

It also impacts those players within the industry – especially those that work diligently to provide legal and necessary collection services. The lack of transparency and the impact of bad actors actually makes it more difficult to collect on legitimate debts, increases their cost of collection, exposes collectors to increased regulatory scrutiny, increases compliance expense and leaves much less room for honest mistakes (mistakes that can cost them thousands of dollars).

In this shadowy world, consumer information is regularly exchanged between industry players, which includes credit grantors, debt buyers, collection agencies, debt brokers, legal collection firms and service providers.  And, far too often, this consumer data is leaked, stolen, or sold to entities which use the information for identity theft and collection scams such as phantom debt collection;  an area of focus for government enforcement agencies such as the FCA (UK), CFPB (USA), Department of Education and the Treasury Department.     
 
Foundation: 
The warning signs are not hard to miss, it’s all in the numbers. Data and information is spread out among various entities and individuals who manage or own the debt title, with over 100 billion dollars of new (non mortgage) charged off debt in the US alone every year.  Adding to the already massive amount of credit card debt information being stored in various locations, in late December 2014, the Consumer Financial Protection Bureau (CFPB) highlighted that there are over 43 million Americans that have delinquent medical debt on their credit reports. In Britain, The Guardian reported that in April of 2012 the total number of debts in collection equaled the total number of households in Britain.  The Wall Street Journal reported that in 2012, private debt in Brazil represented 220% of GDP which is an impediment to economic growth.  These huge figures are presenting major tracking and organization challenges for the industry and consumers - worldwide. This massive industry is still managed on a “case by case” basis, without any uniformity like other asset classes. The lack of overall transparency and a central repository to provide digital governance to help maintain account integrity will continue to create issues when attempting to manage debt, making it vulnerable to security threats for the debt owner, collectors and consumers. 

The “Security Breach” Potential: 
As regulators focus on wrangling in phantom debt and phony debt collectors, are they missing the major potential for a security breach? While most countries have a set of data privacy laws, regulations or requirements, there are lapses which are best illustrated by the effectiveness and increasing volume of phantom debt collection.  And, that is because phantom debt collection is most effective when it starts with some basic account information such as the consumer name, last 4 digits of an id number, spouse’s name, and a few other identifiers which helps to legitimize the caller to the consumer.  The data vulnerabilities only increase as information is sold and passed on to debt collectors who each use their own individual techniques to manage information and track down consumers. 

The Solution: 
The overall security threat for the debt industry stems from the originally stated, “shadowy” and unregulated history. Global Debt Registry believe that strong digital governance will reduce the occurrence of rogue collectors and phantom debt, which will enhance consumer confidence in the integrity of the collection process and industry players, and help to stem the ever increasing costs of collections. Creating an accurate and central reporting structure will not only provide transparency for managing debt information, but it greatly reduces the risk of a security breach by providing a more secure mechanism to exchange confidential information between and industry participants and consumers. 
As the industry adopts a digital governance platform, the result will be an ever increasingly consistent set of collection practices which are based on readily available electronic account documentation, consistent data standards, continuity of account servicing, and reduction in complaints and disputes.  Securing this platform , secure network design, secure application development practices, limiting access to information based on real business need, 24/7/365 security monitoring, and implementing secure management and operational practices which protect the individual and the organization at every step . 
Global Debt Registry provides a secure digital governance platform for the debt collection eco-system which captures, tracks, stores and enable the secure sharing of account data and documents for the account lifecycle – with integrity and accuracy.  GDR works with all broad cross section of industry players to tailor its digital governance solutions to improve consumer outcomes and reduce industry risk. GDR is PCI DSS compliant. Our multi-layered security model protects data and documents consistent with US state and federal requirements including GLBA, HIPAA and the FACT Act and participates in the U.S.-EU Safe Harbor Framework. GDR’s multi-layered security framework is designed to protect consumer information consistent with applicably US and international security requirements.  The multi layered security model is designed to protect day through the use of network architectures, best practice secure application development, best practice system management, tokenization, encryption, 24/7/365 monitoring and more.
 
Increased attention to the integrity and security of account data throughout the whole lifecycle of the account by the entire collection ecosystem is needed.  And, digital governance offered by a debt registry is the first and most important step in achieving this goal.  Otherwise, all attempts are simply trying the same thing over and over again and expecting different results.  

https://globaldebtregistry.com

« Russia Faked MH17 Images
How to Stalk Someone’s Location on Facebook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

Rentalworks

Rentalworks

Rentalworks is a leading provider of Internet-of-Things (IoT) Asset Lifecycle Management Services including secure data erasure and disposal.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

TechDemocracy

TechDemocracy

TechDemocracy are a trusted, global cyber risk assurance solutions provider whose DNA is rooted in cyber advisory, managed and implementation services.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.

Astreya

Astreya

Astreya is the leading IT solutions provider for some of the world's most recognizable and innovative organizations.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.