Stopping Phone Spam from Rachel from Cardholder Services
Over 80% of the calls on our home phone are spam marketing calls of one type or another. Our home phone line gets frequent calls from “Rachel at Cardholder Services” with a social engineering scam to get your credit card number. Sometimes her name is Carmen or some other name. Of late, the caller ID information has been spoofed--a felony punishable by a $10,000 fine for each violation. Blocking unknown callers doesn't do any good, because most of the scam calls have caller ID information--though the caller ID is bogus. In some case the scammers calling our number have spoofed United Parcel Service, while in others they spoofed a number a few digits off that is used by a residence a few blocks away, and occasionally our number itself. It had gotten to the point that my wife and I were starting to use our cell phones to call one another at home, so I started looking at some solutions, and ended up with a three-layer system that now catches most of the spam calls. The first layer is call blocking at our telco, the second is a service called NoMoRobo, and the third is a low-power computer running a program called Network Caller ID. The article that follows talks about how to implement this and other topics on telephone spam:
- Turning on Call Blocking at Telco
- Sign up with NoMoRoBo
- Political Robo Calls
- Using Call Tracing to Prepare to Turn over to Law Enforcement
- File a Complaint with FCC
- Alternatives for Blacklist Devices
- Installing Network Caller ID Package and Enabling Blacklist Hang-up
- Results from Installing NCID
Turning on Call Blocking at Telco
The first step was logging on to our telco and searching through the features on our account to find call blocking; our telco allows us to block up to ten specific numbers, or block anonymous calls, but not both. Since most of the calls were coming from spoofed numbers, I checked the box for blocking a specific list and started filling in the numbers off of our caller ID. This step cut the volume of scam calls from 10 per day to 2 per day. The remaining scam calls were mostly ones that were anonymous and did not spoof the caller ID.
For this call blocking, it is probably best to put in at least your own phone number, since this spoofing attack is not likely to be widespread enough to end up in one of the blacklists described below.
In the Google Voice interface, you can block individual phone numbers that have called your Google Voice number. This is an important step, as many of the “Google Listing” spam appears to use Google Voice directly as a way to avoid having Google Voice forward to your external phone numbers.
Change to a Telephone Provider that Supports NoMoRoBo and Other Call Blocking Features
If your telephone provider does not support NoMoRoBo or provide any other call blocking features, consider switching to a provider that does provide call blocking features. Strictly for cost reasons ($30/month) we switched to voip.ms, a voice over IP service (VOIP) that supports NoMoRoBo. Voip.ms also provides a lot of call blocking features that Verizon/Frontier did not offer; it is not as robust as the NCID solutions that I describe later, but it does allow 500 block numbers instead of the 10 or 20 that Verizon/Frontier allowed, and it has the capability to do “regular expressions” for evaluating the caller ID line. The cost will be about $5/month for our typical use, with about $85 in initial costs for hardware and setup.
To make this work on all of the phones in our house, I installed an Obi202 box (about $70 of the $85 total cost)to connect the VOIP line to our home phone wiring. Setting this up requires some technical skills. You should be comfortable configuring IP addresses and opening ports on a router before you attempt this.
There are three caveats to going to a VOIP service:
- They don’t claim to provide telco level reliability for 911 calls. You can set it up, but you should not go this route unless you have a backup approach for calling 911–a cell phone will do fine.
- Setting up your outbound caller ID takes some doing, and requires a one-time $10 charge.
- If you are on Frontier, when you port your number, they will close all of the services on your account including Internet and TV, and the customer service people do not know that two months in to the transfer from Verizon to Frontier. Getting Internet working again will require several calls.
All said, the transfer to VOIP has worked well, and it appears to do a better job of spam call blocking; I think voip.ms is transfers calls to NoMoRoBo faster than Verizon/Frontier, as the hang-up occurs midway through the first ring most of the time, and I think it may actually hang up before the first ring in some cases.
Sign up with NoMoRoBo
The second step was easy and fairly effective. Because the robo-dialer scam problem has gotten so bad, some business have started to help address the problem. Nomorobo is one such service. I’m not sure how they make their money at this point, but I suspect that they will start offering subscriptions or will offer the service through telcos at some point. In any case, my wife signed us up and it works similar to the Network Caller ID (NCID) system described below, but it is much easier to set up. The service is currently limited to phone lines that can ring simultaneously in two places–primarily VOIP. The phone rings once and then Nomorobo looks at the caller ID and hangs up if the number is on their list.
In practice, Nomorobo has hung up on some calls from numbers that were not in my NCID log yet, and in other cases, it hung up on phone calls that were legitimate; there is no way to white-list numbers that I can find. Fortunately, the NCID log is easy to use, so I could recognize the number and call it back.
Not all telcos support NoMoRoBo; in particular Google Voice and MagicJack do not at this writing. See the NoMoRoBo Supported Carriers list in the sign screen to check for yours.
Political Robo Calls
The legislation that requires legitimate telemarketers to honor the Do Not Call list exempts charities and political robocalls. Because NoMoRoBo is an opt-in service, NoMoRoBo has the option to block political robo calls, but you must check off an item in your profile to do so. In practice, it isn’t all that effective at blocking political robo calls, and may be the subject of some manipulation. In a recent primary, NoMoRoBo did not stop many (if any) of the robo calls from PACs on one side of the contest, but it did stop the second and subsequent in-person calls from a resident of my town who was a volunteer for the other candidate. As I maintained my NCID blacklist, it was reasonably effective at blocking the PAC robo calls, b
File a Complaint with FCC
The third step initially felt like a waste of time, but has turned out to be quite important; you should file a complaint on the FCC web site. This may not do anything in the short run, but will help in the longer term; the FTC has actually sponsored a contest for solutions on dealing with “Rachel Robocalls” and now publishes a list of phone numbers associated with complaints. The list is updated monthly, and is very useful; since I installed it on the Network Caller ID server described below, it has caught almost 100% of spam calls. There are Android apps that appear to use this list as well. Filing a complaint with the FCC is an important part of fighting robocalls.
Using Call Tracing to Prepare to Turn over to Law Enforcement
The next step took a little bit more research, and may cost me some money. After a scam call that used a spoofed caller ID (a felony), I pressed *57 which initiates a telephone company trace that is kept for 90 days and which the telco can turn over to law enforcement. Some sites indicate that telcos charge for this while our telco web site is silent about any extra charges for traces. It will take a while to find out whether or not this does anything, and whether or not there is enough information to pass on to law enforcement.
Alternatives for Blacklisting Devices
There are both commercial and open source software devices that will allow you to blacklist specific phone numbers or in some cases patterns. The commercial devices are easier to set up, but don’t necessarily allow you to specify patterns while the open source devices (Network Caller ID) are more flexible but are also more complex to set up. The next sections describe both some commercial devices and an open source device that I am using successfully.
I have not used these devices, but they have been recommended in other reviews, and the features are features described are features that I have found to be useful in my NCID set up.
- Digitone Call Blocker Plus. This is a central device; you may have to go to it to add a number.
- Panasonic Home Monitoring telephones with Call Blocking. These are generally limited to 250 numbers; my block list is rapidly approaching that length. Phone systems have the advantage of allowing you to add block numbers from any handset.
Open Source Devices
Open source software is available for doing call blocking. These can be configured to run on a Raspberry Pi, an old laptop (especially if it has a modem) or any computer that is left running. The adventurous might even be able to get it running on an old router or Western Digital NAS device.
- Network Caller ID (NCID). I use this very successfully; instructions for configuring this on a Raspberry Pi is discussed below.
- Telemarketing (Junk) Call Blocker. I have not used this.
- Various Android applications
Network Caller ID (NCID)
Network Caller ID (NCID) is a great open source package for setting up sophisticated call blocking. The remainder of this article is dedicated to setting up NCID on a Raspberry Pi low-power server.
Installing Network Caller ID Package and Enabling Blacklist Hang-up
Network Caller ID (NCID) is much more technical than all of the previous solutions, but is by far the most flexible. For users that are comfortable with using the command line, this is pretty easy, but it will be difficult for users that don't regularly use command-line utilities. The open source program Network Caller ID (NCID) allows you to hook up a modem to a phone line and then automatically hang up calls that match rules in a blacklist file. This program will address anonymous calls and repeated spoofed calls simultaneously--something I can't do at through the telco web site. Call blocking at my telco won't allow me to block numbers that have a leading 1, as in 1-xxx-xxx-xxxx where the caller ID spoofers put a 1 in front of the area code. NCID will allow me blacklist these numbers.
NCID is available for Linux, Mac and Windows. To find installation instructions for your particular platform and/or distribution, search on ncid, ncid-client, ncid-mythtv, and ncid-pop. For the most recent versions of Ubuntu, this may be part of the standard repository. There is a binary available on the NCID web site for Cygwin, so it should be possible to run NCID on an old Windows laptop if you don't want to load a Linux distribution, though I have not tried this.
NCID has an app for Android that allows you to send caller ID and SMS text information from your cell phone to NCID and then to your computer display, allowing you to know when your cell phone rings when it isn't right next to your desk. I haven't configured this feature.
NCID won't completely block the call, but will automatically hang up after the first ring if the call matches one of the rules in your
Installing NCID on a Raspberry Pi Server
For my NCID installation, I used a TrendNet TFM-561U modem which was about $25 at a local computer store. I attached it to a Raspberry Pi low power server that I use for a few utility functions that aren’t computationally intensive. NCID was’t available in the standard Raspian repositories, but I was able to get useful instructions from the NCID web site, but these have subsequently been deleted..
The first step is to download the .deb packages for your architecture from Sourceforge and then use
gdebi to install the .deb packages:
gdebi ncid_1.8-1_armhf.deb gdebi ncid_gateway_1.8-1_armhf.deb
dpkg -i ncid_1.8-1_armhf.deb dpkg -i ncid_gateway_1.8-1_armhf.deb apt-get install -f
Originally, I ended up having to use the gdebi package to install NCID, but have successfully used
dpkg. Gdebi attempts to do more resolution of package dependencies than dpkg, and has a reputation for doing a less brute-force job than apt.
To use NCID, you have to configure
/etc/ncid/ncidd.conf to make a couple of changes to turn on blacklist call hangup and configure your modem:
- Uncomment the line for
set ttyport = /dev/ttyACM0to enable the TrendNet modem. Which line you uncomment or change will depend upon your platform, distribution and modem type.
- Uncomment the line for
set hangup = 1to cause NCID to hang up on calls that match a black list.
- I did not need to modify the init string for the modem, but one article reader had to add
AT+VCID=1to the modem initialization.
Configuring the NCID Blacklist
To start hanging up on anonymous and blacklisted numbers, I made the following changes to the
^UNKNOWN ^unknown ^Unknown ^No Caller ID ^OUT-OF-AREA ^UNAVAILABLE ^CONSUMER SVCS ^DMCR ^RING ^000
"OUT-OF-AREA" has blocked some legitimate calls from Google Voice numbers. I had to add these numbers to the
Make sure to include numbers both with and without the preceding 1 for long distance.
If you have problems with NCID hanging up on ALL calls, look in your
ncidd.blacklist for something like
as this appears to cause it to hang up on all calls.
You should download and format the FTC complaint list as described in the related article Download and Format the FTC Robocall Complaint List for NCID. This list has caught almost 100% of robocalls since I installed it on my NCID server in early November, 2015.
Installing and Configuring NCID Clients
Although we now have caller ID on all of our phones, I wanted to have it display on my computer terminal. For this I downloaded and installed the NCIDPop package for Mac OS X. The first time it came up, it brought up a configuration dialog where I had to put in the IP address of the Raspberry Pi server that had the modem attached to it. NCIDPop also has a feature where it can use the
say text to voice command to read the phone number to you. In some cases, this is annoying, but in others it is useful.
The NCID Android application can optionally transfer calls on your Android phone to the NCID server. This can be useful in keeping track of robo callers and adding them to the black list. There are a number of other features that I'm not using at this point.
It was nice to be able to put caller ID on all computers using only one modem.
Results from Installing NCID
After installing Network Caller ID, it took me a few days of adding rules for various marketing robo dialers. After five months, I probably spend about two minutes per day adding new spam phone numbers to the
At this point NCID is automatically hanging up on about 50% of all robo dialer calls and is allowing almost all legitimate calls through. NoMoRobo catches a few that NCID does not, and both miss about 10-20% of the spam calls. NCID hung up on two legitimate calls that I can't figure out what rule caused the hangup. I have programmed it to hang up on all calls that come in without caller information including "OUT OF AREA"; this is a problem for Google Voice and other voice over IP (VOIP) telephone numbers and has blocked a small number of legitimate calls. You can avoid this for specific numbers by putting the number in the
Results from NCID and NoMoRoBo
As calls come in during the month, I add all spam calls that got past NCID into the NCID blacklist. The number of valid calls can be calculated by joining the NCID blacklist file with the NCID call log on the phone number as shown in Figure 1. The average numbers are annoying:
- About 0.58 calls per day are valid.
- About 0.14 spam calls per day are stopped by NCID based upon the local blacklist phone number (after November 1, 2015).
- About 0.21 spam calls per day are stopped by NCID based upon the FTC complaint list (after November 1, 2015).
- About 1.7 calls per day are spam calls that are either blocked by NoMoRoBo or get through to ring multiple times.
- After February 2015 43.5% of calls were valid, while 56.5% were spam calls.
It is important to note in Figure 1 that many of the calls are labeled as “NoMoRoBo or Pass-through Spam” are stopped at one ring by NoMoRobo. Unfortunately, I don’t have a way to identify these; I may eventually look at the NCID code to see if there is a way to identify calls that only ring once, and use a different code in the
In early 2016, the phone line was ported from Verizon to a VOIP provider. This broke the NCID installation, but also caused NoMoRoBo to be more effective; the VOIP ring was delayed a few tenths of a second, allowing NoMoRoBo to block the call before the VOIP line rings and NCID blocks the call. The increased effectiveness of NoMoRoBo was a disincentive to fix NCID, and thus much of the data for 2016 is missing.
For additional information, you may be interested in other articles on NCID and stopping phone spam:
- Current Month Phone Spam Call Blocking Effectiveness shows the effectiveness of the various call blocking methods on our residential land line.
- Stopping Rachel from Cardholder Services covers multiple ways to address phone spam, including setting up an NCID server.
- Download and Format the FTC Robocall Complaint List for NCID shows how to download and format the FTC complaint list to give you a list of spammers before they call you.
- Using NCID on Two Phone Lines shows how to add a second modem to your NCID configuration.
- Written by Bruce Moore
- Hits: 26033
Security Threats in 2017
As the 2016 election cycle shows, computer security cannot be taken lightly. The Russian hack of the Democratic National Committee was exacerbated by the fact that it was initially handled only by an entry-level employee who made some poor decisions. The Russian social engineering hack of John Podesta’s email may have been made easier by a possible failure to turn on two-factor authentication on his Google account. It will only get worse.
Malwarebytes released a forecast of problems in the coming year that should be required reading for all computer users; computer security people already know this stuff; I’m talking about my wife, my siblings and my extended family members whose home network problems I fix when I visit. Read the article and then start doing the following if you have not already done so:
- Turn on two-factor authentication for Google.
- Turn on two-factor authentication for Facebook.
- Turn on two-factor authentication for Yahoo/Flickr.
- Turn on two-factor authentication for everything else
- Encrypt your iPhone or Android phone to protect it if is lost or stolen.
- Enable a remote reformat capability for your cell phone.
- Tell all businesses that you deal with to convert to HTTPS if they have not. Give them a reason to get secure–your continued business
- Do not re-use passwords, which will require getting a password manager. Use a hard password on your password manager. Password managers are a likely new target for attacks, so I have chosen one (Keepass) that is somewhat less convenient, but which would first require the attacker to gain access to my computer.
- Stop using Internet Explorer (and any service that requires it) and switch to Firefox, Chrome or Vivaldi as a browser. Firefox is best from a privacy standpoint, but Chrome and Vivaldi are faster and OK for privacy if you turn off some default settings. I am starting to use Vivaldi a lot and like it. Opera was purchased by a Chinese firm, and is no longer a browser that I use regularly, as I just do not trust Chinese companies for anything after the Startcom certificate mess.
- Decommission all Windows XP computers, if you have not already. Remove the hard drive and destroy it or wipe it before disposing of it.
- Change the default passwords on your router, Roku, Apple TV, smart TV, DVD player, baby cams, kitty cams, garage door opener (yes, some have WiFi) and other devices. Use something unique to each device and hard. For these it is OK to tape the password on the device; if someone breaks into your house and gets the password to your kitty cam, you have bigger problems. Hacked baby cams and other devices were used on a recent denial of service attack.
- Update the firmware on all of the above devices. Pay attention to the manufacturer’s firmware update practices when purchasing new devices, and do not buy from firms that never release security updates. You can continue to use some manufacturer-abandoned routers with DD-WRT.
- Consider encrypting USB flash drives. Veracrypt works on all platforms if you have to go from Windows to OS X, to Linux.
- Encrypt your laptop hard drive.
- Make sure that your phone has security patches. This is easy on iPhones, but not on Android devices (except those purchased directly from Google like the Nexus series). If your device cannot be made current on security patches, get a new one.
- Switch to Signal, What’s App, or perhaps the somewhat less secure Hangouts for all of your messaging. I really like Signal.
- Do disk-level backups to a USB drive and keep one off-site in a safe-deposit box. This is to protect family photos. I use Clonezilla. When I was a systems programmer and database administrator, we used to say “tape is cheap.” Today, USB disks are cheap. You only need a backup when you need a backup, and when you need one, you would pay a lot to have one.
- Use a cloud backup service like Backblaze or Carbonite. The cloud is cheap today. Macafee, Symantec and others offer cloud backup as well.
- Keep your antivirus updated. Windows 10 has a decent built-in anti-virus and firewall, but if you are on another platform, you should have something and there are solutions for Windows 10 that are arguably better than the free one.
- Give your extended family members a disk drive with family photos for Christmas or the gift-giving opportunity of your choice. This is part of my disaster revovery plan as well as family history communication.
- Stop taking fun quizzes on Facebook. Most, if not all, are just a way to collect your personal information for impersonation, identity theft or more benignly to fill you Facebook feed and mailbox with annoying targeted marketing.
- Written by Bruce Moore
- Hits: 1541
Choosing a DNS Server
For several years, I have used the Norton domain name server (DNS) servers as a way to avoid known phishing and malware websites. Unfortunately, Norton discontinued this service earlier this year so I had to look for new DNS servers, as I have been unable to find information on the security approach of the servers provided by my ISP. I also do not like the idea of my ISP selling my DNS lookup information to the highest bidder.
While using my ISP’s DNS servers while I looked around, I discovered that the Norton servers had become really slow, and that browsing performance was much better using a faster DNS server. In looking for DNS benchmarking software, I found NameBench which is available as on Windows via Cygwin and on OS X via MacPorts.
The first run using NameBench was to compare two local caching DNS servers built in to routers, and to compare OpenDNS with Google DNS servers. Figure 1 shows that configuring a caching nameserver on you local router makes a HUGE difference; if your router does not offer this feature, get one that does.
After looking at the importance of a caching DNS server, it is then worth comparing the performance of other public DNS servers, as shown in Figure 2. For this test, I used only DNS servers that do not appear to track requests; this is why the Google DNS servers were excluded from this test.
The sections that follow describe installing NameBench and a review of some of the open name servers available. NameBench is relatively old and appears to have some Python 2.7 dependencies that may present problems in some environments.
Installing Namebench is easy if you have Cygwin or MacPorts installed, but difficult if you do not.
Installing NameBench on Ubuntu
To install NameBench on Ubuntu, use the command
sudo apt-get update sudo apt-get install namebench
It is that easy. Start it from the launcher.
Installing NameBench on OS X
On OS X, you will need to first install MacPorts, which is not trivial; if you do not have MacPorts installed, look for another DNS benchmarking tool. To install it use
sudo port selfupdate sudo port install namebench
Installing NameBench on Windows
NameBench is available under the Cygwin
Comparison of Selected Open DNS Services
Comodo is a security and SSL certificate provider that also provides an open DNS service with malware and phishing blocking. For my connection, it is slower than OpenDNS, but with DNS caching turned on in my router, this is not a big issue.
OpenDNS was one of the early non-ISP DNS services, and was purchased by Cisco in August, 2015. Although it offers adult content filtering free, getting malware and phishing filtering is a for-fee service.
Cloudflare is a non-tracking DNS service, and claims to be the fastest. It does not provide phishing and malware filtering.
Verisign is a well-known SSL certificate vendor that also offers DNS and other services. Verisign claims not to sell your DNS lookup data, but does not make any statements about blacklisting phishing and malware domains.
Google offers a fast public DNS service, but makes no statements disclaiming tracking, nor does it have blacklist for malware and phishing domains.
This article only gives a sampling of the options for domain name services. Before choosing a DNS service, make sure to test the performance at your location.
- Written by Bruce Moore
- Hits: 70
Configure Network Caller ID (NCID) to work with an OBi202
If you have an OBi202 (or other ObiHai/Polycom device), you do not need a modem to get Network Caller ID to work with your phone system, at least for reporting purposes, though for automatic hangup, you will still need to attach a modem. In most circumstances, this is not of much use, but if you want to measure the effectiveness of a service like NoMoRoBo, you will need to do this. Because NoMoRoBo hangs up before NCID registers the call via the modem, you will need to capture the call via the Polycom (previously ObiHai) device if you want to identify calls that NoMoRoBo kills before NCID recognizes the call and hangs up.
obi2ncid gateway provided with NCID can read and parse the syslog from the Polycom device and report the calls that are killed before NCID can recognize the call.
The discussion that follows assumes that you have already installed NCID.
Set up obi2ncid.conf
To set this up, configure the
/etc/ncid/obi2ncid.conf file. In most cases you can keep the defaults but in almost all cases you will want to update the identifiers for each line on the ObiHai device to match the extension or number that you are using:
# Defaults: SP1, SP2, SP3, SP4 linesp1 = "Home" linesp2 = "Work" linesp3 = "Fax1" linesp4 = "Fax2"
Configure ObiHai Device for Syslog
Next, you will need to log in to the Polycom device to and change the destination IP address and port for the syslog to match the IP address of your NCID server and the port that the obi2ncid program listens:
Start the obi2ncid Service
Finally, you will need to start the obi2ncid service:
sudo service obi2ncid start
Interpreting the Results
Once you have this set up, you will get additional call information in the NCID client displays if your provider has been blocking calls before NCID registers them:
- For calls that NoMoRoBo hangs up, you will get one entry from the ObiTalk device.
- For calls that NoMoRoBo does not block, you will get one entry from ObiTalk and one from the NCID modem (ncidd).
- Written by Bruce Moore
- Hits: 319
Auto Loan Severity of Loss and the CPI for Used Cars and Trucks
Institutions typically use their own experience to estimate recoveries and thus the severity of loss for auto loan defaults. The Consumer Price Index for Used Cars and Trucks (CPI-UCT) can be helpful in determining whether changes in recoveries and severity of loss are due to declining credit quality or changes in the used car and truck market. When used car prices fall and thus the CPI-UCT falls, auction prices are lower and the recoveries on repossessed vehicles are lower, leading to a higher severity of loss. When the CPI rises, auction prices are higher, recoveries are higher and the severity of loss is lower. The discussion that follows will illustrate how changes in the CPI-UCT and the averaging period used for pricing-related loss rate forecasting can help in understanding changes in severity of loss for auto loan portfolios.
The CPI-UCT has stabilized since mid-2011 as shown in Figure 1. This will change the severity of loss behavior of most auto loan portfolios, causing losses to be higher than expected for institutions that price loans using an estimate for the severity of loss using a rolling average with a period of more than two years.
Figure 1 shows the dramatic drop in the CPI-UCT during the early part of the recession in 2008-2009, followed by a dramatic rebound due to the reduced new-car manufacturing capacity that resulted from bankruptcies and restructuring in the auto industry. The rebound largely ended in the summer of 2011. The CPI-UCT is currently dominated by seasonal used-auto purchase demand; it is high in the Spring and low in the Winter.
For institutions that use a rolling average to estimate future severity of loss for new and used auto loans, the changes in the used car market reflected in the CPI-UCT will affect the actual severity of loss compared to the severity of loss estimate used to price loans at the time of origination. Institutions that use a rolling average of more than 5 years have experienced lower than expected severity of loss, and thus higher than expected net interest income. This better than expected performance is about to end for these institutions, not because loans are performing better or worse, but because the 2008-2009 crash in the used car market is about to roll out of the data set used to calculate the rolling average that was used in pricing the loans.
Figure 2 shows the 5-year rolling average for CPI-UCT and has a clearly rising value that will cause losses to be lower then originally estimated. For example, loans that originated in January of 2012 (rolling average of 138 used for pricing) and defaulted in January of 2013 (actual value of 147 at time of default) saw a 6% higher recovery than expected. The better than expected performance will decline as the 2008-2009 crash numbers continue to drop out of a 5-year rolling average in the coming months.
This affect would be greatest for loans originated in October, November or December of 2009 when the 5-year rolling average hit a minimum of slightly more than 135. Loans originated at the bottom would experience an approximately 8.5% better than expected recovery in the event of default.
Institutions that use shorter rolling averages have already begun to see the 2008-2009 crash values and the subsequent rebound begin to drop out. For example, using a 3-year rolling average for pricing purpose as shown in Figure 3, the same January 2012 loan would have been priced with a estimated recovery value of 140, with an actual recovery value of 147 at time of default for a 5% higher than expected recovery.
The three-year rolling average is more volatile than the 5-year; the minimum would have been 132, for an approximately 11.4% better than expected recovery in January, 2013. This benefit will rapidly go away as the values from the crash continue to drop out of the rolling average used for pricing.
Using the 2-year rolling average shown in Figure 4, the recovery estimate used for pricing would be about 146, for a less than 1% better than expected recovery in January of 2013; institutions using this shorter rolling average have already seen the affects of the crash period dropping out of the average.
Although a 6% better than expected recovery may not sound like much, it can translate into a disproportionately large change in the severity of loss. 6% on a $10,000 vehicle would be $600. If the outstanding loan is $12,000, when the 6% better than expected recovery goes away, the severity of loss goes from $1,400 ($12,000 - $10,600), to $2,000--a change of 43%.
The CPI-UCT is helpful in determining whether changes in recoveries are due to credit problems, or used car market problems. The crash in used car and truck prices that occurred in 2008-2009 was a very unusual event, and will cause some unusual and perhaps negative changes in the severity of loss in car loan portfolios.
Data are from the CUSR0000SETA02 series available from the St. Louis Federal Reserve FRED2 system.
- Written by Bruce Moore
- Hits: 3441