May 28, 2020 at 5:50 PM
New technology gives the promise of greater enablement. But some of the shrewdest entrepreneurs understand that opportunity comes from the unintended consequences of new technology. So, let us take digitalisation of the loan application process: the opening of digital channels has enabled lenders to service their customers 24/7 and through APIs integrate with a host of sophisticated services. However, the advent of the digital channel has meant more opportunity for fraud. The question to ask is:
Are you doing enough to mitigate application fraud risk?
In this 2-part blog we will be looking at 10 steps that the industry leaders are taking to prevent application fraud.
1. External databases – SAFPS/AML/PEP/Sanction lists
The first item is the interrogation of external databases. The likes of fraud prevention services such as the SAFPS (in South Africa) provide an updated database of known and suspected fraud. If third-party fraud is taking place using a person’s details, then often those details are used on other applications. Linking into these pooled databases is critical.
There are other databases out there too. Links into terrorism, sanctions and anti-money-laundering lists are not only best practice but are necessary for compliance purposes.
For vehicle asset finance vehicle verification is often done through a credit bureau or government bureau that holds vehicle information. For second-hand vehicles this will verify that the vehicle is owned by the seller.
For property finance a deeds office verification is required to ensure that the property is owned by the seller. This data is occasionally held by a credit bureau too.2. Internal databases
Internal databases are also an important source of information. Here are some examples of how they are used:
- Keeping a list of previously known frauds with the applicant names, associated addresses, phone numbers and bank account numbers and allowing for the cross-referencing of new applications is More advanced systems will allow for fuzzy-matching of names and addresses too.
- List of employers and their associated phone numbers are also held by some lenders. This data is used to match applicants applying from those same businesses to ensure that the work number given is acceptable.
- For existing customer applications, large changes to the customer’s income is often also flagged.
- In some cases, leading lenders will hold databases of acceptable income ranges for listed occupations, flagging any applicant whose income falls outside of this range.
3. Fraud rules, fraud scores and machine learning
Fraud rules can be simple or can be complex. Leading lenders will have a long list of fraud rules. Whilst hitting one rule may only slightly increase the risk of fraud, hitting many increases it a lot. A score is applied to each rule and if the application scores higher than a certain number, then that application will be tagged for investigation.
Whilst many lenders may have rules pertaining to a specific application, for example: “ID not verified at the bureau”, more advanced lenders will employ rules that will look at patterns from previous applications too.
For online applications, repeated values and changes to values on resubmitted applications may result in a rule being hit. Another tool that is used is to employ machine learning to continuously assess the rules and weightings. Machine learning is no longer used in transactional fraud only!
4. ID number verification
A simple rule used in many jurisdictions is the verification of the ID. This could be via database or looking specifically at the ID number itself. In South Africa there is a relationship with the ID number digits (particularly the last four) meaning that a random number would unlikely result in an acceptable ID pattern. In other countries driving licenses and social-security numbers often have patterns and restrictions that can be checked (e.g. number of digits, number ranges, identification digits for local/foreigner, etc.).
5. Application inconsistencies
For digital applications, application inconsistencies are also worthy flags for potential fraud. Relationships between different data like date-of-birth and age; time-at-current-employment and age, income and occupation. These sorts of relationships are good indications as to whether the application might be fraudulent or not.
These five steps are important to help reduce your application fraud risk. In the next blog, https://insights.principa.co.za/10-ways-of-combating-application-fraud-part-2, we will explore another five steps.
If you would like to learn how Principa can assist you in reducing the impact of application fraud in your business, then please get in touch (firstname.lastname@example.org). We would be happy to have a no-obligations call with you to discuss your concerns.