CU 2.0 Podcast: Episode 4 : Amy Downs – Credit Union 2.0
CU 2.0 Podcast: Series 4 : Amy Downs – Credit Union 2.0 http://bit.ly/2Qb17eE
CU 2.0 Podcast: Series 4 : Amy Downs – Credit Union 2.0 http://bit.ly/2Qb17eE
By Robert McGarvey
The dark web is aflood with stolen airline miles for sale. That’s the surprising punch to the face in a recent report from Comparitech.
The subhead delivers the message: “There’s a black market for your frequent flyer miles. Stolen frequent flyer accounts and rewards points are a hot commodity on the Dark Net.”
According to Javelin Strategy + Research, in 2017 11% of attacks on existing financial accounts were on loyalty programs. That’s up from 4% in 2016.
According to Barry Kirk, Vice President of Loyalty, Maritz Motivation Solutions, “Every sizable loyalty program was a victim of attempted fraud or hacking in 2017. Those who believe they weren’t simply haven’t paid attention.”
Maritz research says that 7% of us self identify as victims of program fraud.
Left unknown is how many of us are victims but haven’t realized it – probably because a little used account was pilfered. If we do eventually return to that site, we may have forgotten what our miles total should be and just accept that, well, I must have emptied it out, I forget on what.
Headline winning breaches of loyalty programs are few. The Hilton attack four years ago comes to mind.
In 2015 United and American admitted their programs had been hacked – but both were relatively small thefts. Some 10,000 accounts were said to be compromised at American, fewer at United.
Yet hackers are continually nibbling away at our stashes of miles and points.
A proof is that brisk dark web marketplace, reported by Comparitech, which observed: “On Dream Market, one of the largest black markets on the dark web, a single vendor sells reward points from over a dozen different airline reward programs, including Emirates Skywards, SkyMiles, and Asia Miles. Going by the handle @UpInTheAir, they sell a minimum of 100,000 points for the reward program of your choice, starting out at $884 as of time of writing (this was probably $1,000 originally, but Bitcoin price fluctuations caused it to go down).”
A rule of thumb is that miles are worth 1 to 2 cents apiece (of course smart shoppers can get significantly greater value and less astute shoppers will get lower returns).
On the dark web, however, the going rate, according to Comparitech, appears to be much lower – often as little as 1/10th of the typical value.
There’s a reason for that. Stolen miles probably will not get cashed in for flights, mainly because of ID issues. So what are they good for?
Stuff.
For instance, in 2017, Air Miles, a Canadian loyalty scheme, issued a warning that thieves were using miles to buy merchandise in stores that participate in the program.
In other cases, bolder crooks redeem miles for flights and then sell the travel on websites, often at huge discounts. See a flight going for half what it’s worth and that’s a red flag for trouble ahead.
How do thieves get most of their stolen miles? Generally by hacking into individual accounts – meaning they figure out your user name and password, or they use a robot to try enough combinations until it stumbles into the proper formula. It sounds labor intensive but, increasingly, it is automated.
Loyalty programs now are in a fast track mode to contain fraud. According to Maritz’ Kirk, “Until very recently, program fraud was only discussed in hushed tones or dismissed as a non-issue. Now all major loyalty agencies proudly promote their fraud protection tools and process.”
Even so, the burden is on you. The miles and points are yours and that also means they are yours to safeguard.
How? That’s easy. Comparitech offered a number of tips, including:
“Shred your boarding pass after a flight.
Never post a photo of your boarding pass online.
Use a strong and unique password for your frequent flyer account.
Monitor your account for suspicious activity.”
The last is crucial. Make it a habit to stop into your loyalty accounts at least monthly.
And also make it a habit to change your passwords occasionally, certainly yearly.
One last bit of advice: just don’t use public wifi to access your loyalty accounts. Of course it’s tempting when you are sitting at the airport to put the time to use surfing your airline and hotel websites. Don’t. At least don’t on public wifi. Use a cellphone hotspot instead.
It’s up to you to protect your miles. Know that and do it.
McGarvey on CU Technology: CU2.0 Podcast – Episode 3 – Talking with Kirk Drake http://bit.ly/2ppHILE
By Robert McGarvey
TripAdvisor has brought out the megaphones, hired the brass band, and is busily proclaiming that its fraud team has made TripAdvisor reviews a safe place for us to find the information we need to book the right accommodations. It’s a story with a lot of fake reviews, even an arrest.
Should we break out the bubbly? Maybe not yet.
TripAdvisor crowed online: “Back in 2015, our dedicated team of fraud investigators identified a new illegal business in Italy called PromoSalento that was offering to write fake reviews for hospitality businesses to boost their profile on TripAdvisor. Several Italian businesses forwarded the emails to us, which kick-started an investigation that would ultimately see the person behind PromoSalento sent to jail!”
Tnooz, a trade pub, reported on this outcome: “In June of this year, the Criminal Court of Lecce found the owner guilty of using a fake identity to commit fraud. He has been sentenced to 9 months in prison and will have to pay 8,000 euros in costs and damages.”
Posting fake reviews is in fact illegal in some of Europe.
Question: Is it illegal to pay for fake reviews in the US? It’s not clearly illegal although posting such reviews has and could result in litigation that would be expensive to fend off.
What I can say is that I have seen numerous solicitations to pay writers to create fake reviews. Rates, incidentally, are paltry – often $10 or under. Sometimes $5.
But for the right writer – particularly in the right low cost country – $5 might be a decent wage for a few minutes work.
Often, too, I have spotted an avalanche of fake reviews posted by hotel staff or maybe their friends.
TripAdvisor says they have their eyes open for this and they point to their detailed work to hunt down the Italian behind the paid reviews in his country. “Over the course of our investigation, our technical analysis identified and then either blocked or removed more than 1,000 attempts by PromoSalento to submit reviews to the TripAdvisor site on hundreds of different properties.
“PromoSalento attempted to avoid our scrutiny by regularly changing their usernames and email addresses, but our fraud detection processes use a suite of advanced technologies to evaluate hundreds of review attributes such as IP addresses, browser types and even the screen resolution of a reviewer’s device. Based on that analysis, we were able to see a trail of digital and behavioral ‘breadcrumbs’ that led our team straight back to PromoSalento.”
Hold your applause.
What TripAdvisor did is good – that’s obvious – but it also did it to protect its core functionality. A Gresham’s Law applies online where bad reviews drive out good and so TripAdvisor cannot allows its service to be overwhelmed by bad reviews.
Particularly not when it is all so blatant.
Just a few problems that lead me to be restrained in saluting TripAdvisor.
First, there are many ways to buy fake reviews that probably will sidestep algorithms that hunt for fraud – e.g., paying writers only when their review had been posted by them and gone live. That leaves no trail back to the buyer and, from what I hear, the market for fake reviews remains brisk.
Second, there are – to my eyes – obviously fake reviews generated internally that still pop up with regularity. TripAdvisor doubtless has algorithms that hunt for fakes. But give a hotel employee a VPN and imagine how many reviews he/she can post.
TripAdvisor itself has warned hotel employees to cool it. That tells you the problem is bad.
It gets worse, a lot worse.
The bigger problem: TripAdvisor itself has a history of deleting negative reviews that aren’t fake, anything but. They just stung hotel and restaurant employees who insisted they come down. And they did. Some of those deleted reviews in fact alleged rapes by hotel employees.
That is information a potential guest very much would want to know.
TripAdvisor of course has said its corrected its behaviors, even putting in a badge notification for establishments that may have had allegation of rapes and assaults.
Is that good enough for you?
Know your rights. Congress last year passed the Consumer Review Fairness Act which makes it illegal to threaten to sue consumers or seek to penalize them financially for negative online reviews.
The FTC has said it will slap companies that ignore the law.
Personally I want more from the FTC.
But, mainly, I want more from TripAdvisor. A reliable review site would be a very good thing in the fragmented hotel business – and a marvelous thing for those of us who travel internationally where, in many countries, independents are the only choices. So there isn’t that same brand promise that guides us to many hotels in the US.
I want TripAdvisor to work.
I’m just unconvinced that it does.
Ask me again in six months. TripAdvisor just has announced a massive shift into professional content and a move away from consumer created content. Is that the answer?
Color me skeptical. A lot of “professional” content is anything but. And these days it proliferates like kudzu. But ask anyway in six months because maybe my answer will be cheerier.
Or maybe not.
The CU2.0 Podcast: Episode 1 — the Chris Otey Interview http://bit.ly/2wRJCsD
CU 2.0 Podcast: Series 2 : Jennifer Oliver – Credit Union 2.0 http://bit.ly/2MsOMAf
By Robert McGarvey
It’s a traveler’s nightmare. Something is stolen from your checked bag – it’s almost always the good stuff too such as jewelry or a slick camera – or maybe the bag and its content simply are demolished and what you retrieve at baggage claim is scrap. Then what?
Surely you’ll be made whole, particularly when your gripe is with TSA, a federal agency, not an airline.
Hah.
An NJ.com story’s headline tells you what to expect: Good luck getting money from the TSA for your lost, damaged luggage.
New data via Dorian Banutoiu – which looks at 16 years of claims, 2002-2017, is just as grim. It shows that of 218,000 claims, 101,000 were denied, 9000 are pending, and 83,000 are marked paid.
The NJ.com research crunched data from only the 15 busiest airports – Newark included – and it found that: “Of the 34,127 claims filed at these airports from 2010 to 2017, almost 41 percent — or four out of every 10 requests — were denied. In contrast, about 26 percent were approved for payment or settled for a lesser amount. About 13 percent were under review, and the rest had been canceled.”
In the LA Times, reporter Hugo Martin – drawing on TSA data mainly from 2016 – concluded this: “Of the TSA claims that are resolved, 54% are denied, 24% are approved in full, 12% are settled for an amount less than what was requested and 10% are canceled or closed out for other reasons.”
Martin continued: “The most common items lost or damaged are bags, cases, purses, clothing, computers and accessories and jewelry.”
That’s right, the good stuff. Nobody wants to take my 20 year-old LL Bean toiletry bag, please.
Martin added: “Jewelry, cash and camera equipment are the items rejected by the TSA at the highest rate, at least 70% of the time.”
The data also show that claims made at checkpoints are far more likely to be approved than are claims involving checked baggage. That’s bad news because NJ.com data show that 75% of claims involve checked baggage. Just 24% are at checkpoints.
The average settlement amount over the past 16 years is $199.
Curiously, according to Travel Pulse, “If you are filing a claim, you are more likely to get repaid if you file it in the first half of the year, according to the data, which found that there was a lower average of payments approved in the second part of the year.”
NJ.com added: “Critics say the TSA takes an overly harsh approach, often claiming it can’t find evidence that it was responsible for the loss or damage. And the agency continues to deny the problem of theft at airports, they say, though there’s few other explanations for the losses.”
Theft, according to NJ.com, is the biggest issue: “About 60 percent of all the claims at these airports related to property loss.”
Some airports have so much theft that occasionally local police issue warnings, as happened not long ago at Orlando.
Some grumbles about TSA are genuinely macabre, such as an NFL player’s complaint – with photos to prove his point – that TSA spilled his late mother’s ashes in his bag.
Particularly interesting in the NJ.com data dump is its tally of which airports are most likely to see claims denied and the big winner – by far – is Las Vegas/McCarran where 56% of claims are denied.
The best airport for these matters is San Francisco where essentially all claims are approved.
Newark Airport, for what it’s worth, came in just behind San Francisco, approving roughly 65% of claims.
How not to become a victim? That’s easy. Never pack anything of value in checked baggage. Clothing, maybe. But jewelry, electronics, etc., nope, do not think about it. Carry it on. Or leave it at home.
Also, report any losses as soon as detected, ideally within 24 hours. Procrastination will work against you.
Some passengers are also buying GPS trackers for their luggage – although there’s no clear connection between tracking a bag’s whereabouts and stopping theft of particular content.
The bad news of course is that, in coach, the battle for the overhead bin is as fierce as ever, as a USA Today headline shouted. That forces many passengers to check bags and that triggers many possible miseries.
There is a cure. My advice regarding valuables is if you don’t need it, don’t bring it. Personally I travel with an old Chromebook – not worth $100 – and if it went missing I’d shed no tears. I bring no jewelry. Nothing of any real value. Haven’t in some years.
Spartan? I suppose. But very, very practical in today’s travel marketplace.
By Robert McGarvey
87% of us want to travel sustainably, said a recent poll via Booking.com. But more of us fail than succeed. 39% said they always or usually travel sustainably. But 48% of us admit we fail.
Business travel is a substantial offender. Said pwc: “Business travel remains our single largest source of carbon emissions, and – as we’ve continued to reduce our emissions from energy – has grown to around 80% of our total carbon footprint in 2017.”
Most big businesses would have to say ditto. Where their pollution is biggest is in travel.
The prime offender of course is air travel: it amounts to 70% of our total emissions, per pwc.
The more I dig into sustainability and business travel, the more questions and concerns I have. Suddenly sustainability seems a life or death issue.
One look at starving polar bears ought to persuade you that this stuff is serious, it is way beyond a crunchy granola fear.
Here’s the idea that frightens many business travelers: “The simplest way to cut emissions caused by travel is to avoid it,” said pwc.
Yep.
I am a product of a time and a work culture where a possible trip produced quick assent: sure, I’ll go. It could be a convention in Chicago, an angry client in Washington DC, a prospective new client in Los Angeles, or a speech in Boston. It didn’t matter. Sign me up.
Now I am beginning to question every trip: is it necessary? Can I do it via telephone?
When the impact of business travel was mainly on my time, I shrugged off the time burdens and said sure. Now – increasingly – the impact seems to be on the planet itself and that is a much bigger issue.
A bonus: traveling less is also good for our personal health. The evidence is strong that a heavy travel load is bad for our bodies.
That’s another reason to really question our trips.
Do you remember when it was common for a big company to send a few hundred junior execs off to a conference center to spend three or four days learning, say, Lotus 123 or WordPerfect? That was the norm and, for many Boomers, it seemed fun.
Millennials, who today are carrying the bulking of the business travel load, aren’t buying the rationale of that trip, mainly because they know that they could learn new software perfectly well at their desks – with no new carbon hits such as are associated with those those trips of yesteryear to learn new software.
Oh, I also vividly recall a story told me by the VP of HR at a Fortune 100 company where, in the mid 1980s, as a junior exec, he was sent off to one of those trainings where he in fact learned Lotus 123. Just one problem. When he returned to his office, he still did not have a computer and by the time he got a computer a few years later, he didn’t remember a thing about Lotus 123.
But he did tell me that under his leadership the company was minutely scrutinizing all planned educational meetings – and he hoped to eliminate most.
That’s a harsh reality. As I look back I see a lot of trips that I now see as unnecessary.
I am a fan, incidentally, of big, glitzy, high energy sales conferences – they pump up attendees in ways that won’t happen when you sit at a desk and watch a video of even a high impact speaker like Tony Robbins. In person just is more powerful.
Small meetings where intimate exchanges happen also can only be in person.
But a lot of business travel remains a product of habit, of how we have always done business. And maybe it’s time to rethink.
Right now, hotels are tripping over themselves to announce they will no longer use plastic straws. Some also are replacing individual toiletries with bulk dispensers. Many others encourage us to use towels and sheets multiple days.
So what?
All those steps are good as far as they go but they don’t go far and if you never use a plastic straw again in your life it will have zero impact on polar bears.
We probably shouldn’t be in that hotel room at all.
What really matters is flying only as necessary. Using public ground transportation. Walking is better still.
Always ask, is this trip necessary? Really?
What’s the lowest carbon impact to get this business handled?
The encouraging reality is that more of us are genuinely asking those kinds of questions and acting accordingly. The old days of “sure, boss, I’ll be in Houston tonight, no prob” are over. Maybe we’ll go to Houston, maybe we won’t, and what’s new now is that we’ll carefully assess the alternatives. When flying is the better choice, off we go. When it isn’t, home we stay. And that’s a better reality. For us and for the planet.
By Robert McGarvey
For CU2.0
Talk with credit union AML/BSA staffers as well as senior executives and you will hear a torrent of woe is me complaining about rising workloads, intransigent regulators, too tight budgets, and inadequate resources.
And then there is a new report from Aite Group’s Julie Conroy – based on extensive interviews with over 40 BSA/AML experts – and the title tells you the theme: The AML of Tomorrow: Here Today.
In the second paragraph Conroy puts out the good news: “Advanced technologies such as machine learning, robotic process automation (RPA), and natural language processing and generation are helping to even the playing field by enhancing both detection and operational efficiency. The even better news: Regulators are gradually growing comfortable with the use of these advanced technologies for AML.”
Read that again. What she is insisting is that financial institutions now have access to technologies that will let them keep pace with – maybe get a step ahead of – criminals who want to launder money.
The stakes are high. Two credit unions in the past decade have effectively been put out of business because of AML deficiencies – Bethex and North Dade.
No credit union wants to be linked with money laundering. But, frankly, trying to keep up with this with a small staff who are doing everything by hand is a loser’s tactic.
How much money is laundered annually? Nobody knows. The United Nations has estimated it’s somewhere between $800 billion and $2 trillion. The high end is about the GDP of Brazil and more than Italy’s. That’s a lot of money in motion and, accordingly, you have to assume that the people who have put it in motion are savvy, wily, and of course know exactly the defenses used by banks and credit unions.
Accordingly, FIs are spending a lot to defend themselves – much of it on payroll. Conroy cited a report from the Clearing House that estimated that major US FIs spent $8 billion on compliance in 2017. She also noted that one large US FI interviewed for her report employed more than 5000 in compliance and “can’t hire fast enough.”
All those workers push out an avalanche of SARs. In 2013 they filed 1.22 million. By 2017 that rose to 2.03 million.
Conroy also pointed to a numerical disconnect that frustrates AML workers and their bosses. “the fact remains that there are on average only 1,200 moneylaundering- related convictions per year in the U.S., compared with over 1 million SARs filed per year.”
In other words: is all the work really worth the effort and expense?
It gets worse. In many institutions, said Conroy, business line execs grumble that AML teams are “hassling” their customers, making it harder to do the business that brings in money to the FI. AML, in many institutions, is seen as a nuisance that wastes money while making it harder to make money.
Ouch.
Wrote Conroy: “All of this points to the need for the AML function to find technology that enables precise detection while minimizing false positive noise.”
She continued: “The trifecta of increasing criminal sophistication, a steady increase in regulatory expectations, and under-resourced AML departments are bringing AML efforts to a breaking point. As a result, financial services firms are beginning to embrace technologies such as machine learning, RPA [robotic process automation], and natural language processing and generation.”
“Today’s AML function can no longer rely on legions of AML analysts, investigators, and rules-based automation. The use of advanced technologies is needed to aid AML departments in the gathering, filtering, and meaningful assessment of data from multiple sources in multiple formats.”
That prescription puts fear in the hearts of many credit union leaders – they worry about the costs and also the complexities of advanced technologies.
But Conroy has this absolutely right. The only way to stay ahead the AML wars is with technology that can automate much detection and even reporting. There just aren’t enough AML staffers to be hired and so they get paid ever more.
But – and this is crucial – many of them are burning out, even quitting.
The machines won’t quit on you.
What should your next step be?
In her report Conroy reviews the many technology options out there. Get the report, read her reviews.
And then what? Her advice is simple: accept that you can’t wait, delay is not an option.
She added: “Try starting small. Cloud-based solutions can be implemented in modules that wrap around or interact with legacy systems to improve performance without a ‘rip and replace’ scenario. In this way, FIs can address the most pressing system deficiencies relatively quickly with less impact to budget and IT resources.”
It’s good advice.
Just don’t wait.
Big data and your credit union: Black magic or salvation? – CUInsight http://bit.ly/2wt1Ro6