Posts Tagged ‘identity fraud’

All banking channels need to be prepared for customer impersonators

Posted on: March 19th, 2013 by art 1 Comment

I’ve often spoke about the many dangers of depending on personally identifiable information (PII) for customer authentication. As we recently learned from the high-profiled credit report celebrity hacking, relying on accessible personal information such as date of birth, mother’s maiden name and Social Security number can put a company’s customers and corporate data at serious risk.

In the article, “FBI Investigating Hackers Who Posted ‘Secret Files’ Of Celebrities, Politicians,” the consumer credit reporting agency, Equifax, released a statement last week confirming that the sensitive financial data that hackers posted on celebrities and political figures was the result of a security breach to the credit reporting agency’s annualcreditreport.com channel, not a break-in to their computer system.

Using PII that could have been accessed through any number of online social networks or public information websites, the perpetrators had enough personal identifying details to correctly answer the challenge questions required to access their intended victims’ private financial files, said Equifax spokesperson, Timothy Klein.

“Our initial investigation shows the perpetrators had the PII of the individuals whose files were accessed and were therefore able to pass the required authentication measures in place. We have launched a full investigation into this matter and we are also working closely with law enforcement authorities on this matter.”

In recent years, cybercriminals impersonating genuine customers or conducting similar social engineering schemes across other sales channels have been responsible for the illegal exposure of tens of thousands of credit reports. These compromises can all lead to identity fraud, account hijacking and other identity-related crimes.

Because customer-impersonating scams are conducted remotely, they can easily be performed over the telephone channel, as well. Social engineering against call center agents is a threat that all financial institutions should not only be concerned with, but adequately prepared for. If we are to learn from incidents like what occurred last week, it’s that relying on knowledge-based authentication (KBA) is not an effective defense against such criminal tactics.

Bank contact centers, which handle billions of calls each year, need an authentication method that goes beyond telephone interrogations such as defeatable security questions. What they need is a security tool that allows them to proactively identify callers before the phone is picked up.

A security tool like the TRUSTID® Physical Caller Authentication solution identifies high-risk calls before the phone conversation begins. Through TRUSTID’s real-time telephone network forensics, banks are able to invisibly identify the physical location of the landline or mobile phone while it is still ringing.

This automated process uses the Caller ID and ANI as trusted sources for validating customers over the telephone. By restoring the usability of calling party numbers to authenticate customers over the phone channel, financial institutions can identify high-risk calls faster, as well as instantly confirm legitimate calls so bank representatives can begin serving customers at the start of each call, without relying on non-predictive and risky PII methods.

Criminals Still Turning to the Telephone to Perpetrate Bank Fraud

Posted on: May 15th, 2012 by art

When it comes to bank fraud, criminals may be leveraging technology to outsmart the latest online security tools, but they haven’t forgotten about the telephone. In fact, some studies suggest that crooks are finding more ways to use the phone to commit bank fraud.

In the UK Cards Association report, the payment card information resource found that telephone banking fraud losses increased 32% in 2011, from £12.7 million in 2010 to £16.7 million last year. In my experiences, these numbers are particularly relevant because the UK fraud experience is similar to that in the US, outside of counterfeit fraud where the UK has chip and PIN built into the cards.

To defraud financial institutions and banking customers, criminals need to collect personal security details. This data is seen by thieves as the keys to the vault, and they will do anything they can to get their hands on the information they need to access bank accounts.

Aside from mining social media websites like Facebook to gather data and build personal profiles on unsuspecting victims, criminals are turning to the telephone to dupe customers into divulging their personal information. Spoofing their Caller ID, crooks socially engineer customers by pretending to be bank representatives asking them to provide their account details such as passwords. This is the identity theft portion of the crime. Once they’ve collected enough details on a person, the next step is identity fraud.

There are many ways criminals can perpetrate identity fraud, both online and over the telephone channel. With banks offering more ways than ever for customers to bank online, in recent years financial institutions have invested heavily in security tools to protect online channels. While this has helped reduce online banking fraud losses (which fell 24% in the UK from 2010 to 2011), banking institutions need to consider solutions that help banks identify and stop fraud over low-tech channels, as well.

The TrustID® network-based Physical Caller Authentication is one solution that stops criminals that are spoofing their Caller ID from social engineering call center agents. By automatically validating the physical location of the incoming call before the phone is answered, TrustID instantly lets bank representatives know when the Caller ID or ANI is spoofed. This level of real-time telephone forensics allows financial institutions to determine whether the call is from a legitimate customer or a criminal who has manipulated their Caller ID to commit fraud. Doing so helps banks on several levels — from reducing telephone fraud losses and call center operating costs by eliminating the time to handle bad calls to achieving regulatory compliance through multi-factor authentication required by the new FFIEC Authentication Guidance.

How data breaches make the telephone channel vulnerable to fraud

Posted on: February 1st, 2012 by art

A bank’s interactive voice response (IVR) system and contact center representatives both play an essential role in servicing customers over the telephone channel. While banking customer’s need only a few key pieces of personal information to access their bank accounts, if that data lands in the wrong hands, banks and their customer accounts can become vulnerable to phone fraud and other social engineering schemes.

A recent data breach with online shoe and apparel retailer, Zappos, illustrates the impact data compromises can have on businesses and their customers. In the article, “Zappos Sued Over Data Breach,” Zappos and its parent company, Amazon.com, face a class-action lawsuit after hackers gained unauthorized access to personal information on more than 24 million customer accounts. The suit alleges that the retailer, who was entrusted in safeguarding the plaintiff’s and class members’ personal customer account information, failed to adopt and maintain adequate procedures to protect information and limit its dissemination only for the permissible purposes set forth in the Fair Credit Reporting Act.

While protecting customers over the Internet is beyond the scope of what we do at TrustID, what I found most interesting about this particular story is the information the criminals reportedly compromised. When crooks get their hands on a customer’s name, address, email, the last four digits of their account number and telephone number, that’s when it becomes our business. You see, this is most of the data needed to access many of the top bank’s IVR systems and socially engineer call center agents. With this information in hand, criminals now have the data they need to illegally gain access to legitimate customer accounts or deceive call center reps into divulging more personal information.

While the bank plans to tag the compromised accounts, the truth is much of the damage has already been done. Even if the accounts are tagged, without authenticating every call coming into the call center, those accounts — not to mention all other calls — will remain high risk.

The fact is, until each incoming phone call can be validated, businesses and financial institutions are susceptible to advanced Caller ID spoofing threats because they make unvalidated Caller ID and ANI merely claims, not trusted credentials for identifying customers. This is the primary tool that allows criminals to perpetrate financial theft and identity fraud over the telephone. To stop this growing threat, banking institutions need an authentication solution that actually restores trust to telephone commerce by validating Caller ID and ANI.

The TrustID® network-based Physical Caller Authentication tool does this by validating the physical location of the caller before the phone is answered. That’s something that customer identity solutions like knowledge-based authentication (KBA) cannot provide. By knowing the exact location of the landline or mobile phone used to place the call, TrustID enables businesses to answer each call with the confidence of knowing it’s a trustworthy credentialized customer. Having advanced insight to each call also allows organizations to proactively investigate potentially fraudulent calls with fewer resources, deliver faster, more cost-efficient calls, and improve the customer experience, all of which builds stronger brands and drives revenue.

As we continue to see fraud-related class-action lawsuits like Zappos and the News Group Newspapers (NGN), which recently settled to pay $1 million to dozens of individuals as a result of the News of the World phone-hacking scandal, having an effective authentication solution that provides a valid credential for callers as part of a multi-factor authentication strategy is becoming essential for mitigating risks and reducing financial losses caused by data breaches and social engineering schemes.

A new approach to customer care

Posted on: August 18th, 2011 by art

In a previous post, I concluded that financial institutions who can significantly improve the consumer experience while simultaneously ensuring the safety of their customers’ money and personal information will win the hearts, minds, trust and, ultimately, business of their competitors’ customers.

While I believe this to be true, still, financial institutions are no longer the sole determinant of their brand. Today, customers are a prime driver of brand. If they are dissatisfied, they will walk, and follow up by posting their opinions on Google, Facebook, and everywhere else your prospective customers will see it. Because of social media, the consumer’s voice is louder than ever… and it’s about to get louder.

We are on the cusp of a major transformation in the financial services industry, where the success of the entire enterprise is dependent on the customer experience and its ability to service its customers’ needs. Over the next several years, we will see a market shift where financial institutions are no longer able to define their own brands. Instead, the consumer will define them. Banks that understand this shift, and alter their business processes to invisibly and non-intrusively improve the customer experience and ensure consumer safety, will gain a competitive advantage that will significantly improve top and bottom-line performance for their shareholders.

For example, take a look at some of the top reasons for customer dissatisfaction. If you eliminate product factors such as line assignment, fees or interest rates, one of the main reasons for customer dissatisfaction is poor customer service due to a lack of trust and respect for the customer’s time. This is often caused by highly disruptive “customer interrogation,” or knowledge-based authentication (KBA). Yet, banks and financial institutions continue to rely on this outdated, costly and time-consuming method to identify customers over the telephone. In an industry where seconds count for average handle time (AHT), it is a huge frustration for the customer. This is why it’s no surprise that KBA is having a negative impact on financial institutions and their brands.

How a customer feels during and after phone interactions is a significant differentiator, yet too many banks have lost sight of what consumers really want. Current fraud prevention strategies – many of which are still focused on KBA – are at odds with both customer care and the bottom line. KBA is no longer a viable and sustainable method for validating caller identity and is creating an even bigger disconnect between fraud prevention strategies and customer care goals. Instead of endless customer questioning, imagine your IVR picking up every call by saying:

“Thank you for calling (Company Name). For your security, we have validated your phone number. How may we assist you today?”

This streamlined telephone interaction can be a reality with the telephone firewall. The TrustID® Telephone FirewallTM solution provides financial institutions with a competitive differentiator that enhances the customer relationship while simultaneously improving fraud prevention.

By eliminating interrogation at the start of each inbound call and giving the customer more perceived control over the bank/customer relationship, TrustID is paving the way for financial institutions to transform the customer experience. Customers want to be trusted and respected, and demand both safety and convenience. The TrustID telephone firewall is paramount to a mutually trusting relationship between customers and their banks, and proves that the bottom line and customer service do not have to be at odds with each other.

Telephone Spoofing: Have we only hit the tip of the iceberg?

Posted on: August 10th, 2011 by art

Last week, AT&T announced plans to make voicemail passwords opt-out in order to guard against telephone spoofing. In a recent blog, Bob Quinn, AT&T’s chief privacy officer, wrote:

“However, given the advent and, unfortunately, the wide availability of sophisticated telephone number spoofing technology that allows people to “fake” the telephone number they are calling from, we are moving in a new direction.”

My strong suspicion is AT&T is reacting to the recent, UK phone hacking scandal, which has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a high-profiled event like this to enlighten the rest of the world about the dangers and impact phone spoofing can have on its victims. More so, AT&T must react in order to safeguard the integrity of its systems, and also safeguard customers’ personal data, which is core in developing the trust of its customers and to bottom line profitability.

Unfortunately, AT&T’s decision to require passwords won’t stop telephone voicemail spoofing. AT&T will be subject to social engineering and spoofing of its own call centers. They will need to become aware of evolving tactics that criminals use to trick call center agents into updating or generating new passwords. AT&T will deploy some form of knowledge-based questions (KBA), which will add significant expense, frustrate good customers, and can still be beat by crooks. In my previous post, The death of knowledge-based authentication, it’s a vicious cycle; one in which erodes the confidence of customers.

The News of the World phone hacking scandal and AT&T’s response is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID® Telephone FirewallTM solution is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant KBA and telephone identity interrogation

While they don’t specifically mention the NoTW debacle that brought telephone spoofing into focus, AT&T’s change in direction is being driven by the risk to its brand if they do nothing. Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their bank’s ability to protect their money and personal information. Protecting customers’ money and data is core to developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The recent phone hacking event should put every organization on notice to question whether they have the right strategy around spoofing. I’m sure AT&T has known for years that voicemail spoofing over its network is occurring. It may just be prudent to get ahead of any potential backlash. But like financial institutions and other industries, they cannot quantify it and probably felt the customer convenience or the cost to deploy passwords far outweighed the risk. Like many other businesses, AT&T is reacting to the potential brand risks of doing nothing, and they also need to maintain both the integrity of its system and the trust of its customers.

Why trust and customer care is critical to every bank’s bottom line

Posted on: August 2nd, 2011 by art

Over the past few years, the business landscape for financial institutions has changed dramatically, making the road to profitability much more challenging. As a result, financial institutions are competing harder than ever for customers. They are working diligently to find the balance between managing costs while complying with a multitude of new regulations.

Perhaps the defining factor for acquiring new customers and retaining existing ones, and one that plays heavily in the road to profitability, is trust. In the simplest terms, trust is defined as the reliance on the integrity, strength, capability and surety of someone, or the confident expectation of something.

Today, every financial institution is in jeopardy of losing customers who are generally dissatisfied with their customer service experience and distrustful of their banker’s ability to protect their money and personal information. Protecting and safeguarding their customers’ money and data is core in developing trust. As IT departments try to pinpoint what areas to focus on to ensure their systems are protected, many are overlooking one of the primary vectors for identity theft — the call center.

The telephone remains the most intimate form of communication. No other industry knows this better than the financial services industry. In 2011 alone, banks will take over nine billion inbound phone calls from customers. Unfortunately, financial institutions continue to place the onerous task of authentication clearly on the shoulders of their customers. The knowledge-based security questions designed to validate the identity of the person calling a bank’s call center are doing great harm to the goodwill of their customers and the critical bank/customer relationship by making the telephone channel an unpleasant experience. Financial institutions that grill callers with personal questions at the onset of a call — before a customer can clarify their needs — are setting the wrong example with current customers and prospects.

The stark reality of customer care is financial institutions are wasting significant time and money, as well as losing their customers’ trust and goodwill.

By validating the Caller ID and ANI (and removing the customer from this arduous process) before the call is answered, the TrustID® Telephone FirewallTM solution eliminates the need to bombard customers with a bunch of questions at the start of each call. By addressing a customer’s needs right out of the gate, financial institutions can enhance the trust and the larger, more profitable bank/customer relationship. Banks and financial institutions that can simultaneously improve the overall customer experience and ensure the safety of their customers’ money and personal information will win the trust of the customers, and in doing so, earn the right to service them.

Phone hacking scandal exemplifies stark reality of Caller ID spoofing

Posted on: July 26th, 2011 by Pat

The recent UK phone hacking scandal has completely blown the lid off of how easy it is to spoof telephones. While this is something we’ve been educating our readers about for awhile now, oftentimes it takes a single, high-profiled event like this to enlighten the rest of the world about the true dangers and significant impact phone spoofing can have on its intended Phone Hackervictims.

While the loss of privacy has been one of the biggest prices paid by the individual victims in the Murdoch case, businesses that leave their telecommunications networks open to hackers can feel the impact in other ways. With today’s more sophisticated criminals targeting customers’ personal information and company secrets, business losses can range anywhere from financial to brand integrity, which can lead to a whole subset of intangible costs.

What’s unfortunate about incidents like the News Corp./News of the World scandal is they could have been averted had the phone carriers been using the TrustID® Telephone FirewallTM solution. That’s right. By validating the physical location of a caller whether they are using the phone or a cellular device, the TrustID solution secures telephone systems against the threat of the Caller ID spoofing that led to the hacking of more than 4,000 phone numbers.

The NoTW phone hacking scandal is a prime example of a problem many businesses face today. Whether they know it or not, the truth is we’ve really only hit the tip of the iceberg. Criminals are using the telephone channel to commit different types of spoofing, pretexting and social engineering schemes to gain access to customer information and other confidential and proprietary business assets. In fact, this type of illicit behavior occurs tens of thousands of times each day against banks and financial institutions, and if they aren’t careful, they too could fall victim to similar security breaches.

Today, the TrustID Telephone Firewall is the only solution available that instantly authenticates inbound phone calls before the call is answered. By validating ANI and Caller ID through non-intrusive, undetectable caller authentication, businesses can proactively identify and stop criminals before they attempt to perpetrate fraud over the telephone channel. In doing so, business institutions can ensure customers are who they say they are without damaging their trust and goodwill through time-consuming, unpleasant knowledge-based authentication (KBA) and telephone identity interrogation.

The death of knowledge-based authentication

Posted on: July 22nd, 2011 by art

Financial institutions are losing money and customers due to the practice of knowledge-based authentication (KBA). Customers do not like to be interrogated, and interrogation is not in line with your bank’s mission and values statement (go ahead – re-read it). Regulatory bodies are calling for more advanced authentication to prevent fraud.  Governmental agencies are now calling for the death of KBA.

In last month’s regulatory developments, the National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) have started to crack down:

In view of the amount of information about people that is readily available on the internet and the information that individuals themselves make available on social networking websites, institutions should no longer consider such basic challenge questions (like mother’s maiden name) as a primary control, to be an effective risk mitigation technique.” [Source: Federal Financial Institutions Examination Council, June 22, 2011]

From NIST – SP800-63 Revision 3, June, 2011:

Instant KBA seems particularly problematic, because the combination of the establishment of identity and consummation of a transaction are compressed into a single session, because of the vulnerability of such systems to off-line research and because users get no chance to opt out of these risks…..Instant KBA is not acceptable when transactions result in the release of sensitive or private information related to an individual. Many remote Internet transactions the government provides or would like to provide to its citizens fall into the latter category of transactions.”

With customer satisfaction, profitability and brand at risk, the industry needs to move in a new direction. This major shift in thinking and practice can, however, be turned into competitive differentiator and profit driver.

In the past, KBA interrogation has caused a wide disconnect between fraud prevention strategies and customer care goals. Today’s financial institutions mostly fall into two categories. One, they’re doing too little authentication – e.g. asking only for the last four digits of the credit card and zip code, both of which can easily be found on a discarded credit card statement – and therefore exposing themselves to fraud loss and compliance issues.  Alternatively, they are over-interrogating, which frustrates customers and ticks away precious seconds of potential relationship building, selling and servicing time.

Since KBA is no longer a viable method for validating caller identity, and customers do not like to be interrogated, the ability to undetectably validate customers is a powerful new way to better service customers, minimize the risky handling of PII, and keep fraudsters in check. By non-intrusively identifying customers before a call is answered, the TrustID® Telephone FirewallTM solution simplifies the authentication process without relying on KBA and is paving the way for banks to transform the customer experience while meeting new regulatory scrutiny.

Oh, and by the way, please don’t shoot the messenger, we didn’t kill KBA. If you want to find the real culprits, try social networking, data breaches, contact data sharing, voicemail hacking, geo-tagged photos, internet search engines, smart phones, criminal data exchanges, public records, hackers, university research papers, social engineering, and criminals. They are the ones who killed KBA.

How reducing average call times can make banks millions

Posted on: July 13th, 2011 by art

This week’s blog helps put some numbers behind this fact.

One of the most expensive areas within any large operation is employee costs. As such, the labor dollars spent within customer care centers is a very large, yet very necessary and important expense. With that backdrop, let me ask the question: “What does a 20- or 30-second reduction in agent handling time mean to your bottom line?”

    “Of the 43 billion calls that U.S. contact centers will receive in 2007, 41 percent will involve a contact agent asking identity verification questions. Although this process takes only 20 to 30 seconds, the industry will spend $11.7 billion, and more than 11,000 years of contact center agent time this year, just checking caller identities.”

    - U.S. Contact Center Operational Review 2007, Contact Babel

Because of agent efficiency killing factors such as training, after call wrap-up, hold time, vacation, sick leave, idle time between calls, supervisory costs, recruitment, and lost revenues from inexperience due to staff turnover — every second saved in actual work time is worth 2.5 cents in savings — according to the same Contact Babel report. Simply put, Contact Babel says not spending time using knowledge-based authentication (KBA) to identify customers saves $0.60 on each of these calls.

But I think it gets better than that. By relying on “TrustID ANI” for authentication and not using up a caller’s patience with KBA interrogation, your bank can materially reduce IVR to agent transfers, thereby saving $3.50 on these calls using Contact Babel’s math.

So what is removing KBA interrogation and using TrustID ANI for caller authentication worth to your bank in just savings? My assumption:

Calls per year                Annual savings

10 million                        $2.8 million

25 million                           $7 million

50 million                          $14 million

100 million                        $28 million

500 million                      $141 million

But, even more importantly, in our highly competitive environment, what is it worth to your bank’s shareholders to make your customers happy?

Deploying the TrustID® Telephone FirewallTM solution does the lion’s share of inbound caller authentication by verifying the physical location of the ANI and Caller ID before the call is answered. This is done completely transparent to your customers and undetectable to criminals. By identifying the risk of the call prior to your IVR or agents having to speak with your customers, you can take seconds out of a large percentage of calls that significantly reduces operational expenses and allows your representatives to spend their valuable time servicing and selling, not interrogating your valued customers.

If you’d like to learn more about how our innovative tool can help your call center significantly reduce the time you spend authenticating inbound calls, or would like to see a demo, feel free to contact us today.

Still think ANI cannot be spoofed? Use our ANI spoofing tool yourself…

Posted on: July 5th, 2011 by art

Recently, I’ve talked the talk about how easy it is to spoof ANI. Now, it’s time to walk the walk.

TrustID is now giving you the chance to put these words to the test. To help educate people in our industry about how easy it is, we are making available to our clients, and prospective clients our in-house developed ANI spoofing and penetration testing tool to dispel the myth that ANI cannot be spoofed. Any bank can now see how easy it is by accessing the free spoofing and bank penetration testing tool today.

In our continued discussions with industry experts and leading financial institutions, I’ll admit that many do not fully grasp the gravity of the ease and damage spoofing is causing until we demonstrate (via a WebEx) how we can spoof their organizations. That’s when the light bulb goes off (and a little fear sets in), particularly for organizations whose existing authentication policies rely heavily on ANI, or are utilizing the easily compromised KBA questions for customer authentication.

Even more alarming is the fact that our new spoofing tool was built in less than an hour by one of our “non-telecommunication” experienced employees using information and software downloaded for free from the Internet. It was really that quick and easy.

With access to the very spoofing penetration tool we use in our demonstrations, you can spoof away (within reason) your own call centers, card activation lines or an inbound wire transfer line. If you are really feeling bold, spoof your boss or head of call center technology (at your own risk, of course). Or, conduct your own internal WebEx, and invite all internal interested departments to watch it on the big screen.

While this exercise can be fun and educational, it’s nothing to take lightly. Stopping ANI spoofing and restoring customer confidence is what we do, and we take it extremely seriously. This tool is meant to be used appropriately to show how easy it is to spoof ANI, penetration test your telecommunications services to help better understand the impact it’s causing in fraud losses, increasing operational expenses, and creating irreparable damage to brands across the banking and financial services industry.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TRUSTID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TRUSTID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank