Fixing Security Holes in the Consumer Debt Market

Uploaded on 2015-06-08 in FREE TO VIEW, BUSINESS-Services-Financial

DebtRecovery.png

Opinion By Charles Moore, Chief Commercial Officer, Global Debt Registry 

To many, the debt collection industry is a shadowy world where companies with faceless “collectors” call from unknown companies demanding payment on a debt that too often is not theirs, has inaccurate information, or not even a real debt.  As a result, the consumer is increasingly losing confidence in the integrity and fairness of the debt collection process.  This lack of industry transparency provides cover to those bad actors who steal, sell or obtain consumer data – and then use it to cause consumer harm. 

It also impacts those players within the industry – especially those that work diligently to provide legal and necessary collection services. The lack of transparency and the impact of bad actors actually makes it more difficult to collect on legitimate debts, increases their cost of collection, exposes collectors to increased regulatory scrutiny, increases compliance expense and leaves much less room for honest mistakes (mistakes that can cost them thousands of dollars).

In this shadowy world, consumer information is regularly exchanged between industry players, which includes credit grantors, debt buyers, collection agencies, debt brokers, legal collection firms and service providers.  And, far too often, this consumer data is leaked, stolen, or sold to entities which use the information for identity theft and collection scams such as phantom debt collection;  an area of focus for government enforcement agencies such as the FCA (UK), CFPB (USA), Department of Education and the Treasury Department.     
 
Foundation: 
The warning signs are not hard to miss, it’s all in the numbers. Data and information is spread out among various entities and individuals who manage or own the debt title, with over 100 billion dollars of new (non mortgage) charged off debt in the US alone every year.  Adding to the already massive amount of credit card debt information being stored in various locations, in late December 2014, the Consumer Financial Protection Bureau (CFPB) highlighted that there are over 43 million Americans that have delinquent medical debt on their credit reports. In Britain, The Guardian reported that in April of 2012 the total number of debts in collection equaled the total number of households in Britain.  The Wall Street Journal reported that in 2012, private debt in Brazil represented 220% of GDP which is an impediment to economic growth.  These huge figures are presenting major tracking and organization challenges for the industry and consumers - worldwide. This massive industry is still managed on a “case by case” basis, without any uniformity like other asset classes. The lack of overall transparency and a central repository to provide digital governance to help maintain account integrity will continue to create issues when attempting to manage debt, making it vulnerable to security threats for the debt owner, collectors and consumers. 

The “Security Breach” Potential: 
As regulators focus on wrangling in phantom debt and phony debt collectors, are they missing the major potential for a security breach? While most countries have a set of data privacy laws, regulations or requirements, there are lapses which are best illustrated by the effectiveness and increasing volume of phantom debt collection.  And, that is because phantom debt collection is most effective when it starts with some basic account information such as the consumer name, last 4 digits of an id number, spouse’s name, and a few other identifiers which helps to legitimize the caller to the consumer.  The data vulnerabilities only increase as information is sold and passed on to debt collectors who each use their own individual techniques to manage information and track down consumers. 

The Solution: 
The overall security threat for the debt industry stems from the originally stated, “shadowy” and unregulated history. Global Debt Registry believe that strong digital governance will reduce the occurrence of rogue collectors and phantom debt, which will enhance consumer confidence in the integrity of the collection process and industry players, and help to stem the ever increasing costs of collections. Creating an accurate and central reporting structure will not only provide transparency for managing debt information, but it greatly reduces the risk of a security breach by providing a more secure mechanism to exchange confidential information between and industry participants and consumers. 
As the industry adopts a digital governance platform, the result will be an ever increasingly consistent set of collection practices which are based on readily available electronic account documentation, consistent data standards, continuity of account servicing, and reduction in complaints and disputes.  Securing this platform , secure network design, secure application development practices, limiting access to information based on real business need, 24/7/365 security monitoring, and implementing secure management and operational practices which protect the individual and the organization at every step . 
Global Debt Registry provides a secure digital governance platform for the debt collection eco-system which captures, tracks, stores and enable the secure sharing of account data and documents for the account lifecycle – with integrity and accuracy.  GDR works with all broad cross section of industry players to tailor its digital governance solutions to improve consumer outcomes and reduce industry risk. GDR is PCI DSS compliant. Our multi-layered security model protects data and documents consistent with US state and federal requirements including GLBA, HIPAA and the FACT Act and participates in the U.S.-EU Safe Harbor Framework. GDR’s multi-layered security framework is designed to protect consumer information consistent with applicably US and international security requirements.  The multi layered security model is designed to protect day through the use of network architectures, best practice secure application development, best practice system management, tokenization, encryption, 24/7/365 monitoring and more.
 
Increased attention to the integrity and security of account data throughout the whole lifecycle of the account by the entire collection ecosystem is needed.  And, digital governance offered by a debt registry is the first and most important step in achieving this goal.  Otherwise, all attempts are simply trying the same thing over and over again and expecting different results.  

https://globaldebtregistry.com

« Russia Faked MH17 Images
How to Stalk Someone’s Location on Facebook »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Appknox

Appknox

Appknox is the world’s most powerful plug-and-play security platform that helps developers, security researchers, and enterprises to build a safe and secure mobile ecosystem.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.