It’s Phishing Season: How to Prevent Your Company from Getting Speared

David Newell

David Newell

Forbes magazine reported in May that “people are often the weakest link in the security chain.” The problem posed by contributors Steve Culp and Chris Thompson is that cyber criminals target fallible humans to get around investments in technical and physical security systems.

We recently heard a story that turns that idea on its head. Perhaps people can be the strongest link instead!?

Last month, a firm of about 150 employees was targeted with a spear-phishing attack (spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data). The attackers sent an email with a bogus invoice attached to nine different employees. Each phish was unique, with different text and filenames to evade detection, and the phishers personalized the messages with names and titles.

Unfortunately, one target, who works with invoices every day, didn’t realize this one was fake.

After clicking to open the Microsoft Word attachment, a malicious macro exploited a zero-day vulnerability (A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it.), which bore into the computer. With a foothold on the system, the attacker’s software reached out to “command and control” (C&C) servers (command and control (C&C) infrastructure consists of servers and other technical infrastructure used to control malware in general, and, in particular, botnets.) in four different countries to try to make a connection. Once connected, the code started downloading additional applications to the computer’s hard drive.

At this point, you can only imagine the worst happening: encrypted files being compromised on the victim’s computer and shared drives, hackers gaining access to customer credit card data – panic-evoking stuff! Instead, the attack abruptly stopped. A member of the IT team rushed into the victim’s office and unplugged the network cable.

The quick resolution wasn’t luck. The company had focused on security improvements over the previous year.

The firm brought in consultants to help design its security program, establish controls, scan its networks, put monitoring systems in place, update and patch, share training and awareness, and it ran through table-top exercises to test out its processes. It took hard work to reach the point where the company could quickly identify and contain an attack. One of its practices was now a “post-mortem” review, where the firm analyzes an event to learn and, when needed, make improvements. As a result, the company’s IT team mapped out the attack which we shared above.

The spear was carefully aimed.

Though only one person opened the malicious email attachment, the phish was targeted to nine different people at this firm. As it turned out, the nine names and titles came from one of many sites that harvests and sells personal information on the Internet. One name and title were incorrect in a unique way that made it clear which website was the source. An intriguing twist was that that site listed two additional employees who did not receive phishes. Both were members of the technology team. It appears the bad guys took the time to filter out IT staff who might be more likely to spot an attack.

The email messages all purported to deliver invoices, but each was slightly different. Each malicious attachment was also different. Those differences appear to have helped the malware bypass the firm’s gateway anti-malware. (The company switched products to add attachment sandboxing after this attack, and it updated its configuration standard to disable Word macros.) The team checked mail server logs to identify other recipients of the phishing attack, confirmed that none of the other eight had clicked the attachment, and removed the messages.

The firm’s intrusion detection system (IDS) didn’t detect the attack. Because the firewall blocked traffic to “risky countries,” it took several tries for the malware to find a C&C server it could reach. The firewall logged those attempts and successful connections to download more software to a centralized server but, like the IDS, the log monitoring software hadn’t registered an attack. The company’s anti-virus software only triggered on one of the additional malware downloads, reporting that the system had successfully quarantined a file.

How did IT (literally) pull the plug on this attack so quickly?

The person who opened the malicious attachment realized it was bogus and, instead of brushing it off or worrying about getting in trouble, quickly notified the IT department by following the protocol of submitting a trouble ticket via the company’s ticketing system and by personally finding an IT representative in the office. As a result, an IT staffer immediately checked the anti-virus logs and raced to the victim’s office.

Again, the swift response wasn’t luck. In addition to conducting annual awareness training sessions with all employees, each week, the firm’s IT team rotates a new “digital poster” with a simple security awareness message on every computer’s login screen. These reminders reinforce security practices that every workforce member should know. About 35% of the messages focus on reporting potential incidents to IT.

The secret to effective security reminders is three ingredients: simplicity, variety, and policy. For a little extra impact, add humor.

Make your reminders simple. Don’t use a lot of words. Deliver your message in five seconds as a worker logs in or walks down a hallway. Vary the backgrounds and format of your reminders, and rotate and refresh your reminders regularly. And mix in policy. That doesn’t mean you have to quote your policies, but consider the policies you want your workforce to follow and focus on the key policy statements that apply to everyone in your organization. Topics like good passwords, reporting possible incidents, protecting data, preventing loss or theft, and using encryption are examples. And, seriously, mixing in some humor, pop culture references, or unexpected formats (for example, haikus) can draw and keep attention. If you can get your workforce to look forward to your next information security awareness message, they are paying attention.

How should you deliver awareness messages? Continuously rotate new messages on digital signage platforms. Print small posters and place them on bulletin boards and cubicle walls. Place digital images on login screens, backgrounds, or screen savers. Send reminders by email. Post them on your intranet.

When the company completed its post-mortem review after the attack we’ve described, they reasoned that the critical control that stopped this attack quickly was an awareness poster. A person paying attention to reminders had halted an attack that two anti-virus systems, IDS, a firewall, logging, scans, and patching couldn’t stop.

People can be the strongest link in the security chain!

Additional contributions by L Kristopher Meier, President, Station 28, LLC, and Edward O’Keefe, Director of Application Development, ABC-Amega, Inc.

It’s Phishing Season: How to Prevent Your Company from Getting Speared
http://www.insidearm.com/opinion/its-phishing-season-how-to-prevent-your-company-from-getting-speared/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

FTC Workshop Tomorrow – Putting Disclosures to the Test

The Federal Trade Commission’s workshop “Putting Disclosures to the Test” is taking place tomorrow, Sept. 15, 2016, in Washington. The workshop will feature research on the effectiveness of disclosures made to consumers in a variety of areas from advertising to privacy policies.

According to the workshop announcement, the FTC has a long commitment to understanding and testing the effectiveness of consumer disclosure, and is especially interested in learning about the costs and benefits of disclosure testing methods in the digital age.  A number of factors impact the effectiveness of disclosures, including whether they contain the most essential information and consumers notice them, direct their attention towards them, comprehend them, and are able to use that information in their decision making.  Some testing methods are more appropriate than others for evaluating these factors.

FTC Chairwoman Edith Ramirez will provide opening remarks. The full event agenda and list of presenters is available online.

The event is free and open to media and the public, and more information on how to participate is below:

IN PERSON: The event will take place from 9:15 a.m. to 5:30 p.m. at the FTC’s Constitution Center offices at 400 7th Street, SW in Washington, DC.

WEBCAST: The conference will be available online via webcast. A link will be posted on the workshop website once the event begins.

TWITTER: The FTC will live-tweet the conference from @TechFTC using the hashtag #FTCDisclosures.

insideARM Perspective

While this workshop isn’t specifically about debt collection disclosures, this topic is clearly of great interest to the ARM industry, especially as the CFPB is contemplating new rules surrounding disclosures in a variety of areas.

FTC Workshop Tomorrow – Putting Disclosures to the Test
http://www.insidearm.com/daily/collection-laws-regulations/collection-laws-and-regulations/ftc-workshop-tomorrow-putting-disclosures-to-the-test/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

FTC Workshop Tomorrow – Putting Disclosures to the Test

The Federal Trade Commission’s workshop “Putting Disclosures to the Test” is taking place tomorrow, Sept. 15, 2016, in Washington. The workshop will feature research on the effectiveness of disclosures made to consumers in a variety of areas from advertising to privacy policies.

According to the workshop announcement, the FTC has a long commitment to understanding and testing the effectiveness of consumer disclosure, and is especially interested in learning about the costs and benefits of disclosure testing methods in the digital age.  A number of factors impact the effectiveness of disclosures, including whether they contain the most essential information and consumers notice them, direct their attention towards them, comprehend them, and are able to use that information in their decision making.  Some testing methods are more appropriate than others for evaluating these factors.

FTC Chairwoman Edith Ramirez will provide opening remarks. The full event agenda and list of presenters is available online.

The event is free and open to media and the public, and more information on how to participate is below:

IN PERSON: The event will take place from 9:15 a.m. to 5:30 p.m. at the FTC’s Constitution Center offices at 400 7th Street, SW in Washington, DC.

WEBCAST: The conference will be available online via webcast. A link will be posted on the workshop website once the event begins.

TWITTER: The FTC will live-tweet the conference from @TechFTC using the hashtag #FTCDisclosures.

insideARM Perspective

While this workshop isn’t specifically about debt collection disclosures, this topic is clearly of great interest to the ARM industry, especially as the CFPB is contemplating new rules surrounding disclosures in a variety of areas.

FTC Workshop Tomorrow – Putting Disclosures to the Test
http://www.insidearm.com/daily/collection-laws-regulations/collection-laws-and-regulations/ftc-workshop-tomorrow-putting-disclosures-to-the-test/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

LiveVox Shares Top 5 Ways Cloud Technology is Lowering the Barriers to Managing Compliance at TRMA 2016

SAN FRANCISCO, Calif. – LiveVox Inc., a leading provider of cloud contact center solutions for enterprise operations, announced that Director of Client Advocacy, Paul McGee, and Director of Product Management, Kevin Stark, will host a session on how the industry is leveraging technology to lower the cost and complications of addressing compliance challenges such as the TCPA.

  • LiveVox product development and client advocacy leaders will host a session on how cloud plug-and-play risk mitigation solutions are providing an alternative option and pricing model to managing compliance, even for some of the most challenging regulations such as the TCPA
  • Speakers will discuss how recent rulings such as Pozo vs. Stellar Recovery are prime examples of how innovation such as LiveVox’s Four Clouds is helping the industry find a simplified and cost-effective path to compliance-focused performance optimization
  • The panel, “Top 5 Ways Technology is Being used to Minimize the Impacts of Compliance on Performance” takes place on Wednesday, September 14th at the 2016 Telecom Risk Management Association (TRMA) Fall conference 

As the regulatory environment continues to bring new challenges to this industry, business leaders have been forced to think outside the box and adopt new technology that provides a more-cost effective and simplified path to evolve their people and processes to manage compliance.

What have they learned?  Join industry operation consultants who have the unique insight of speaking with leaders across multiple business lines as they discuss the most effective approaches to date.

On the session, Paul McGee, LiveVox Director of Client Advocacy, states, “In an environment where litigation costs continue to mount, businesses have been stuck between a rock and hard place. Either risk lawsuits, or allocate millions to build a new compliance-focused system that may be irrelevant with another regulatory change. But we are seeing a material shift in how operations are adapting. Technology such as cloud provide a viable path to address this dilemma, offering a per-use option like LiveVox’s Four Clouds. And most importantly, we are seeing the courts confirm their validity in decisions such as the Stellar ruling. The impact of these developments are very real and those that don’t capitalize on it will get left behind.”

LiveVox is a leader in providing risk mitigation tools that simultaneously address key compliance concerns while optimizing performance efficiencies.  LiveVox’s Clicker Application and Four Clouds exemplify just two of many capabilities LiveVox is providing the industry to maintain its competitive advantage in a changing regulatory environment through innovation. To learn more, contact us at info@livevox.com.

About the event:

  • SESSION: Top 5 Ways Technology is Being used to Minimize the Impacts of Compliance on Performance
  • DATE: Wednesday, September 14th, 2016 at 10:15am EDT – 11:00am EDT
  • PANELISTS: Kevin Stark, Director of Product Management, LiveVox, Inc. and Paul McGee, Director of Client Advocacy, LiveVox, Inc.

About LiveVox, Inc.

LiveVox is a leading provider of cloud contact center solutions for enterprise operations.  Through a patented PCI-certified cloud platform and redundant IP/MPLS mesh, it delivers true multi-tenant, highly scalable and burstable contact center solutions such as ACD, Dialer, IVR, centralized call recording, business analytics and compliance suite. LiveVox enables fast deployment of contact center solutions from the cloud, while offering customers full control to manage their day-to-day business requirements in a cost-efficient way. For more information, visit www.livevox.com.

 

LiveVox Shares Top 5 Ways Cloud Technology is Lowering the Barriers to Managing Compliance at TRMA 2016
http://www.insidearm.com/daily/collection-laws-regulations/tcpa/livevox-shares-top-5-ways-cloud-technology-is-lowering-the-barriers-to-managing-compliance-at-trma-2016/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

LiveVox Shares Top 5 Ways Cloud Technology is Lowering the Barriers to Managing Compliance at TRMA 2016

SAN FRANCISCO, Calif. – LiveVox Inc., a leading provider of cloud contact center solutions for enterprise operations, announced that Director of Client Advocacy, Paul McGee, and Director of Product Management, Kevin Stark, will host a session on how the industry is leveraging technology to lower the cost and complications of addressing compliance challenges such as the TCPA.

  • LiveVox product development and client advocacy leaders will host a session on how cloud plug-and-play risk mitigation solutions are providing an alternative option and pricing model to managing compliance, even for some of the most challenging regulations such as the TCPA
  • Speakers will discuss how recent rulings such as Pozo vs. Stellar Recovery are prime examples of how innovation such as LiveVox’s Four Clouds is helping the industry find a simplified and cost-effective path to compliance-focused performance optimization
  • The panel, “Top 5 Ways Technology is Being used to Minimize the Impacts of Compliance on Performance” takes place on Wednesday, September 14th at the 2016 Telecom Risk Management Association (TRMA) Fall conference 

As the regulatory environment continues to bring new challenges to this industry, business leaders have been forced to think outside the box and adopt new technology that provides a more-cost effective and simplified path to evolve their people and processes to manage compliance.

What have they learned?  Join industry operation consultants who have the unique insight of speaking with leaders across multiple business lines as they discuss the most effective approaches to date.

On the session, Paul McGee, LiveVox Director of Client Advocacy, states, “In an environment where litigation costs continue to mount, businesses have been stuck between a rock and hard place. Either risk lawsuits, or allocate millions to build a new compliance-focused system that may be irrelevant with another regulatory change. But we are seeing a material shift in how operations are adapting. Technology such as cloud provide a viable path to address this dilemma, offering a per-use option like LiveVox’s Four Clouds. And most importantly, we are seeing the courts confirm their validity in decisions such as the Stellar ruling. The impact of these developments are very real and those that don’t capitalize on it will get left behind.”

LiveVox is a leader in providing risk mitigation tools that simultaneously address key compliance concerns while optimizing performance efficiencies.  LiveVox’s Clicker Application and Four Clouds exemplify just two of many capabilities LiveVox is providing the industry to maintain its competitive advantage in a changing regulatory environment through innovation. To learn more, contact us at info@livevox.com.

About the event:

  • SESSION: Top 5 Ways Technology is Being used to Minimize the Impacts of Compliance on Performance
  • DATE: Wednesday, September 14th, 2016 at 10:15am EDT – 11:00am EDT
  • PANELISTS: Kevin Stark, Director of Product Management, LiveVox, Inc. and Paul McGee, Director of Client Advocacy, LiveVox, Inc.

About LiveVox, Inc.

LiveVox is a leading provider of cloud contact center solutions for enterprise operations.  Through a patented PCI-certified cloud platform and redundant IP/MPLS mesh, it delivers true multi-tenant, highly scalable and burstable contact center solutions such as ACD, Dialer, IVR, centralized call recording, business analytics and compliance suite. LiveVox enables fast deployment of contact center solutions from the cloud, while offering customers full control to manage their day-to-day business requirements in a cost-efficient way. For more information, visit www.livevox.com.

 

LiveVox Shares Top 5 Ways Cloud Technology is Lowering the Barriers to Managing Compliance at TRMA 2016
http://www.insidearm.com/daily/collection-laws-regulations/tcpa/livevox-shares-top-5-ways-cloud-technology-is-lowering-the-barriers-to-managing-compliance-at-trma-2016/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

CFPB Makes Bridgepoint Education Refund All Private Student Loans

The Consumer Financial Protection Bureau (CFPB) announced yesterday that it has taken action against for-profit college chain Bridgepoint Education, Inc. for deceiving students into taking out private student loans that cost more than advertised. The Bureau is ordering Bridgepoint to discharge all outstanding private loans the institution made to its students and to refund loan payments already made by borrowers. Loan forgiveness and refunds will total over $23.5 million in automatic consumer relief. Bridgepoint must also pay an $8 million civil penalty to the Bureau.

The CFPB’s investigation was assisted by the California Attorney General and the Department of Education.

The CFPB’s order can be found here: http://files.consumerfinance.gov/f/documents/092016_cfpb_BridgepointConsentOrder.pdf

According to the CFPB’s statement:

Bridgepoint Education, Inc. is a for-profit, post-secondary education company based in San Diego, Calif. that does business as Ashford University and the University of the Rockies. Over the past several years, the two for-profit colleges have enrolled hundreds of thousands of students, most of whom take courses online.

From 2009 until recently, Bridgepoint offered private student loans to its students to help cover the cost of tuition. The Bureau found that the school deceived its students about the total cost of the loans by telling students the wrong monthly repayment amount. As a result, students at Bridgepoint were deceived into taking out loans without knowing the true cost, and were obligated to make payments greater than what they were promised. Specifically, the CFPB found that Bridgepoint told students that borrowers normally paid off loans made by the school with monthly payments of as little as $25, an amount that was not realistic.

The CFPB’s consent order requires Bridgepoint to:

  • Provide $23.5 million in relief and refunds to consumers: Bridgepoint must refund all payments made by students toward private student loans taken out from the school, including principal and interest, a total of about $5 million. Bridgepoint must also discharge all outstanding debt for its institutional student loans, a total of approximately $18.5 million. Student borrowers eligible for relief are not required to take any action.
  • Make the cost of college clear with mandatory financial aid shopping tool: Bridgepoint must require all entering students, and current students who start different programs, to use a newly created financial aid disclosure tool when they borrow money to pay for school. Students will use the new tool to access personalized financial aid offer information as well as information about graduation and loan default rates, potential salaries for their programs, and post-graduation budgeting. Bridgepoint must require that students use the tool to access this important information before enrolling. The school will be responsible for generating a personalized interactive disclosure for each student. An example of what students will see when they access the tool is available here.
  • Halt illegal practices: Bridgepoint is prohibited from making false, deceptive, or misleading statements regarding actual or typical monthly payments students are obligated to make in connection with its private student loan program.
  • Remove negative loan information from borrowers’ credit reports: Bridgepoint must remove from borrowers’ credit reports any negative information about outstanding private student loan debt owed to the school. Bridgepoint must also stop reporting information to debt collectors and credit reporting companies about private student loan debt unless it is necessary to remove negative information on a consumer credit report.
  • Pay an $8 million penalty: Bridgepoint must pay an $8 million penalty payment to the CFPB’s Civil Penalty Fund.

 

 

CFPB Makes Bridgepoint Education Refund All Private Student Loans
http://www.insidearm.com/daily/student-loan-collection-news/student-loan-collections/cfpb-makes-bridgepoint-education-refund-all-private-student-loans/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

CFPB Makes Bridgepoint Education Refund All Private Student Loans

The Consumer Financial Protection Bureau (CFPB) announced yesterday that it has taken action against for-profit college chain Bridgepoint Education, Inc. for deceiving students into taking out private student loans that cost more than advertised. The Bureau is ordering Bridgepoint to discharge all outstanding private loans the institution made to its students and to refund loan payments already made by borrowers. Loan forgiveness and refunds will total over $23.5 million in automatic consumer relief. Bridgepoint must also pay an $8 million civil penalty to the Bureau.

The CFPB’s investigation was assisted by the California Attorney General and the Department of Education.

The CFPB’s order can be found here: http://files.consumerfinance.gov/f/documents/092016_cfpb_BridgepointConsentOrder.pdf

According to the CFPB’s statement:

Bridgepoint Education, Inc. is a for-profit, post-secondary education company based in San Diego, Calif. that does business as Ashford University and the University of the Rockies. Over the past several years, the two for-profit colleges have enrolled hundreds of thousands of students, most of whom take courses online.

From 2009 until recently, Bridgepoint offered private student loans to its students to help cover the cost of tuition. The Bureau found that the school deceived its students about the total cost of the loans by telling students the wrong monthly repayment amount. As a result, students at Bridgepoint were deceived into taking out loans without knowing the true cost, and were obligated to make payments greater than what they were promised. Specifically, the CFPB found that Bridgepoint told students that borrowers normally paid off loans made by the school with monthly payments of as little as $25, an amount that was not realistic.

The CFPB’s consent order requires Bridgepoint to:

  • Provide $23.5 million in relief and refunds to consumers: Bridgepoint must refund all payments made by students toward private student loans taken out from the school, including principal and interest, a total of about $5 million. Bridgepoint must also discharge all outstanding debt for its institutional student loans, a total of approximately $18.5 million. Student borrowers eligible for relief are not required to take any action.
  • Make the cost of college clear with mandatory financial aid shopping tool: Bridgepoint must require all entering students, and current students who start different programs, to use a newly created financial aid disclosure tool when they borrow money to pay for school. Students will use the new tool to access personalized financial aid offer information as well as information about graduation and loan default rates, potential salaries for their programs, and post-graduation budgeting. Bridgepoint must require that students use the tool to access this important information before enrolling. The school will be responsible for generating a personalized interactive disclosure for each student. An example of what students will see when they access the tool is available here.
  • Halt illegal practices: Bridgepoint is prohibited from making false, deceptive, or misleading statements regarding actual or typical monthly payments students are obligated to make in connection with its private student loan program.
  • Remove negative loan information from borrowers’ credit reports: Bridgepoint must remove from borrowers’ credit reports any negative information about outstanding private student loan debt owed to the school. Bridgepoint must also stop reporting information to debt collectors and credit reporting companies about private student loan debt unless it is necessary to remove negative information on a consumer credit report.
  • Pay an $8 million penalty: Bridgepoint must pay an $8 million penalty payment to the CFPB’s Civil Penalty Fund.

 

 

CFPB Makes Bridgepoint Education Refund All Private Student Loans
http://www.insidearm.com/daily/student-loan-collection-news/student-loan-collections/cfpb-makes-bridgepoint-education-refund-all-private-student-loans/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

Wells Fargo $185 Million Penalty is a Warning to Collectors, Too: Look Hard at Your Compensation Plans

Yesterday, the Consumer Financial Protection Bureau (CFPB) announced that it had fined Wells Fargo Bank, N.A. (Wells Fargo) the largest penalty the CFPB has ever imposed for the widespread illegal practice of secretly opening unauthorized deposit and credit card accounts. Collection agencies should take note — this is not just about bank accounts. This is about compensation policy and the behavior it drives.

Wells Fargo is facing $185 million in civil penalties from the CFPB, OCC, and the city of Los Angeles over its aggressive cross-selling of financial products that resulted in unauthorized accounts being opened without consumers’ knowledge. The bank will pay full restitution to all victims and a $100 million fine to the CFPB’s Civil Penalty Fund. Wells will also pay an additional $35 million penalty to the Office of the Comptroller of the Currency, and another $50 million to the City and County of Los Angeles.

Per the Press Release issued by the CFPB:

Spurred by sales targets and compensation incentives, employees boosted sales figures by covertly opening accounts and funding them by transferring funds from consumers’ authorized accounts without their knowledge or consent, often racking up fees or other charges. According to the bank’s own analysis, employees opened more than two million deposit and credit card accounts that may not have been authorized by consumers.

“Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receive bonuses,’ said CFPB Director Richard Cordray. “Because of the severity of these violations, Wells Fargo is paying the largest penalty the CFPB has ever imposed. Today’s action should serve notice to the entire industry that financial incentive programs, if not monitored carefully, carry serious risks that can have serious legal consequences.”

Cordary elaborated further on the Press Call after the announcement. In his prepared remarks he noted:

“Much bank growth these days is occurring by cross-selling customers on more products and services. This is a common approach, and it should lead banks to devote more attention and resources to strong customer service, since the easiest and best way to earn more business from existing customers is by giving them superior value and excellent service. That produces high levels of customer satisfaction, which in turn should generate repeat business from them and positive word of mouth to others.

But what happened here instead is that Wells Fargo built an incentive-compensation program that made it possible for its employees to pursue underhanded sales practices, and it appears that the bank did not monitor the program carefully. Thousands of bank employees found ways to game the system by secretly signing up existing clients for new services that were never requested. They misused consumer names and personal information to create new checking and credit card accounts to inflate their sales figures to meet their sales targets and claim higher bonuses. Money that belonged to customers was used and moved around without their consent, and in some instances these activities generated new fees and costs.

Unchecked incentives can lead to serious consumer harm, and that is what happened here. We are not saying that companies cannot have incentive compensation structures. They are common enough in the industry and they can motivate positive behavior. But companies need to pay very close attention to make sure they have effective monitoring in place to ensure that consumers are protected.

Our investigation found that since at least 2011, thousands of Wells Fargo employees took part in these illegal acts to enrich themselves by enrolling consumers in a variety of products and services without their knowledge or consent. Many have since been terminated. According to the bank’s own analysis, employees opened more than two million deposit and credit card accounts that may not have been authorized by consumers. Employees funded the deposit accounts by transferring funds from existing accounts. As a result of these illegal deposit and credit card practices, many consumers were hit with annual fees, overdraft-protection charges, finance charges, late fees, and other costs.”

A copy of the Consent Order can be found here.

insideARM Perspective

The announcement also should set off alarms at all financial institutions and entities subject to CFPB supervision (including collection agencies) that incentive compensation practices need extra scrutiny to ensure there is no potential for consumer harm.

This sentence from Director Cordray’s prepared remarks is particularly notable,

“Our investigation found that since at least 2011, thousands of Wells Fargo employees took part in these illegal acts to enrich themselves by enrolling consumers in a variety of products and services without their knowledge or consent.”

Thousands of employees took part in these illegal acts! This statement is mind boggling. The offensive conduct was not conducted by a single individual or a small group of rogue employees. This statement suggests that the weakness in the incentive compensation policies was common knowledge – at least to a certain subset of Well Fargo employees.

This announcement is somewhat surprising to members of the ARM industry who have ever done any work for Wells Fargo or gone through the vetting process to be considered as a Wells Fargo vendor.  The bank is well known for a stringent and through review process for it agency partners, which often lasts months and requires significant dedicated resources to comply with requests for documents and data.  Wells Fargo has required that its vendors’ Compliance Management System (CMS) be virtually impenetrable. Many potential agency partners do not survive the Wells Fargo scrutiny.

However, the fine and consent decree suggest that Wells Fargo’s internal practices may not have been as robust as the company requires of the partners.

Most significantly, many collection agencies have recently begun adjusting compensation programs to incorporate compliance factors. This should stand as a very clear lesson: Do your incentive plans present the potential (whether intentional or unintentional) for harm to consumers? If you haven’t already taken a hard look at the behavior driven by your compensation program — especially collector compensation — now is the time.

 

Wells Fargo $185 Million Penalty is a Warning to Collectors, Too: Look Hard at Your Compensation Plans
http://www.insidearm.com/daily/featured-post/wells-fargo-185-million-penalty-is-a-warning-to-collectors-too-look-hard-at-your-compensation-plans/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

Delta Outsource Group, Inc. Teams Up With KidSmart

ST. LOUIS, Mo. — Delta Outsource Group, Inc. teamed up with KidSmart – Tools for Learning to help children in St. Louis succeed by providing free school supplies through KidSmart’s Free Store.  Delta Outsource Group team members contributed dozens of backpacks filled with crayons, markers, paper, glue, pencils, and much more.  The initiative was led by Sandy Dove, Vice President of Collections and Stephanie Gerth, Client Support Manager.  Together the two of them work together to lead the P.A.W.S. team at Delta Outsource Group, Inc.

The drive is just one of many that Delta Outsource Group, Inc. participates in through its P.A.W.S. (Positive Attitudes Will Succeed Initiative).  The PAWS Initiative at Delta Outsource Group, Inc. was created as an intentional means of supporting the people within our organization and within our community.  It is more than a few positive words; it is a belief system that must be chosen, actionable and reinforced daily. PAWS is the vehicle for which we intend to build a foundation for a culture of positive work practices and shared vision.

Delta-Outsource-kidsmart-photo

About Delta Outsource Group, Inc.

Delta Outsource Group, Inc. provides innovative, quality and cost effective receivables management solutions built on a foundation of integrity, transparency, and accountability. We offer a diverse selection of call center solutions from first party and customer care programs, to post charge off recovery and legal programs. Delta Outsource Group, Inc. employs a highly experienced and motivated workforce empowered to deliver superior results by incorporating innovative technology with intelligent analytics.

Delta Outsource Group, Inc. can be found on the internet by visiting: http://www.deltaoutsourcegroup.com

Contact

Delta Outsource Group, Inc.
Jackie Mucha, Chief Marketing Officer
Jackie.mucha@deltaoutsourcegroup.com
636-590-3649

Delta Outsource Group, Inc. Teams Up With KidSmart
http://www.insidearm.com/doing-it-right/delta-outsource-group-inc-teams-up-with-kidsmart/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management

LiveVox Unveils Business Intelligence Capabilities Driving Faster Revenue Recovery Strategies in Sept. 21 Webinar

Registration is available here

SAN FRANCISCO, Calif. – LiveVox Inc., a leading provider of cloud contact center solutions for enterprise operations, announced that it will partner with insideARM to unveil its Business Intelligence (BI) Tool.  Technology leaders and industry revenue recovery experts will walk the participants through real world examples of how Business Intelligence is being leveraged in today’s contact centers to optimize each operational strategy and contact attempt.

Learn how Business Intelligence (BI) is being used in revenue recovery contact centers to uncover competitive advantages buried in dated excel sheet reporting and analytics

Panelists will not only provide a first look at BI, but also share how revenue cycle managers in both financial services and healthcare are using the tool to optimize each contact attempt in a tightening regulatory environment. 

Link Between Compliance and Business Intelligence

On the importance of Business Intelligence in today’s compliance-driven environment, Dusty Whitesell, Chief Evangelist states, “Regulations continue to reduce the ability to dial at high volumes, increasing the cost per dial. Finding ways to maximize each call attempt has become more important than ever. Big data holds the key to uncovering these opportunities and I’m excited to share how contact centers are not only leveraging that today, but doing so in a cost effective way.”

To see an overview of LiveVox’s BI Tool click here.

Contact center leaders are eliminating their dependence on static excel sheets and turning to Business Intelligence (BI) for insight. Attend the webinar to learn how.

About the event:

  • EVENT: Outsmart the Competition with Business Intelligence
  • DATE: Wednesday, September 21st, 2016
  • PANELISTS:
    • Jim Lynch, Senior Operations Consultant, LiveVox, Inc.
    • Fabrice Della Mea, VP of Product Solutions, LiveVox, Inc.
    • Dusty Whitesell, Chief Evangelist, LiveVox, Inc.

LiveVox is a leader in providing risk mitigation tools, such as Four Clouds, that simultaneously addresses key compliance concerns while optimizing performance efficiencies.  LiveVox’s BI Tool is another prime example of how LiveVox is providing contact centers with a competitive advantage in a changing regulatory environment through innovation. To learn more, contact us at info@livevox.com

About LiveVox, Inc.

LiveVox is a leading provider of cloud contact center solutions for enterprise operations.  Through a patented PCI-certified cloud platform and redundant IP/MPLS mesh, it delivers true multi-tenant, highly scalable and burstable contact center solutions such as ACD, Dialer, IVR, centralized call recording, business analytics and compliance suite. LiveVox enables fast deployment of contact center solutions from the cloud, while offering customers full control to manage their day-to-day business requirements in a cost-efficient way. For more information, visit http://www.livevox.com.

LiveVox Unveils Business Intelligence Capabilities Driving Faster Revenue Recovery Strategies in Sept. 21 Webinar
http://www.insidearm.com/daily/collection-technologies/collection-technology/livevox-unveils-business-intelligence-capabilities-driving-faster-revenue-recovery-strategies-in-sept-21-webinar/
http://www.insidearm.com/feed
insideARM

Accounts Receivable Management