How to Prevent Loan Application Fraud

How to Prevent Loan Application Fraud

This post was originally available on Feb 2016. Updated on Jan 31st 2020 for new techniques, and focus on overall account fraud vs just account origination fraud.

Regulations, compliance and overall risk management place a significant operational burden on financial services. Online lenders are no different. You have to comply with multiple regulatory requirements, and you are- like any other financial service- very susceptible to account fraud: origination fraud and account takeover.

If you want to prevent and reduce account fraud, your strategy and fraud detection system should include a combination of identity verification, account origination and account takeover protection.In this post, we’ll explain how identity verification and Know Your Customer (KYC) processes are related, and how you can expand them for better fraud coverage. We’ve also provided specific recommendations for identity verification security tests, and account origination protection strategies that can help you prevent fraud during the loan application process.

Most financial institutions are moving to Orchestrations Hubs like IdentityMind Platform to implement all the identity validation functions integrated with risk analysis and fraud prevention.

…We’ll leave account monitoring and account takevoer for a following post.

Disclaimer: What you won’t learn here

For the purposes of this article, we’ll focus on the aspects of fraud that have to do with identity theft, and account origination fraud.

We will not be discussing the aspects of identifying fraud that involve defaulting on a loan due to the inability of an individual or business to pay back an acquired loan.

The analysis and the recommendations in this article are intended to help you validate an identity and ensure an individual or business is who they say they are, rather than someone else applying under their name, with no intention of paying off the loan afterward.

KYC Is Your First Line of Defense- But Not Sufficient to Prevent Account Fraud

Anti Money Laundering (AML) regulatory compliance requires financial services to perform a set of tasks to verify the identity of the customer (individual or business).These tasks are usually part of the Customer Identification Program (CIP), loosely referred to in the industry as Know Your Customer (KYC).

Unfortunately, KYC also has a meaning outside compliance – it means that you know enough about a customer to perform financial behavior analysis. In this post we’ll refer to the parts of KYC that deal with identity verification and its uses when trying to prevent lending fraud, and more specifically loan application fraud.

From an AML perspective, the focus of the KYC process is to ensure you know enough about your customers to flag suspicious activity, and if need be, have enough information to support an investigation. However, when performed correctly, activities during the KYC process can also help you flag serious issues like identity theft, and help you protect your business from fraud.



The Main Challenges for Online Lenders when Performing KYC 

Online lenders deal exclusively with online onboarding. Validating an online borrower’s information has different challenges than in-person:

  1. An online loan application is accessible to a wider set of potential customers. Unfortunately, this means loan applications are also available to a wider set of fraudsters. You will have to interact with them electronically and, like customers, they can access your website anytime from anywhere in the world.
  2. The methodology for assessing an identity online is less secure than most in-person interactions, and documents can be easily forged online.
  3. The level of scrutiny required to assess an identity online (friction) dramatically affects the likelihood of acquiring a new customer, which can then negatively impact the performance of your business model.

Because of the impact caused by additional friction, online financial services tend to reduce the information required from clients during onboarding. They simplify the process to what is necessary for complying with regulations, and thus open the door to abuses and fraud.

The large majority of financial services- especially in online lending, leverage credit bureau databases for identity verification. However, these services offer limited attributes for validating an identity. The fundamental problem lies in that the data attributes used most frequently are also the most commonly stolen and available for purchase online. Checks against identity databases may be sufficient to comply with AML regulations, but they are not sufficient for preventing lending fraud.

The key is how to achieve a balance between mitigating risk, and adding friction that causes customer abandonment. It’s important to determine the risk level associated with each potential customer, and only introduce more friction to the onboarding process when necessary.

8 Identity Verification Tests to Prevent Loan Account Fraud

The following Know Your Customer (KYC) security checks are the most commonly applied tests used on the IdentityMind platform to better verify a potential borrower’s identity during the onboarding process:

  1. Identity Document Verification (e.g. passports, drivers license, national IDs)

This is accomplished by analyzing a picture of the image of the document, and verifying its authenticity. Taking the picture can be included as part of the onboarding process with the device camera, preferably by the client’s mobile device. PC cameras continue to lack the image quality necessary to proper document validation.

The key for document validation is a quality image. Vendors provide SDKs that can be implemented in your mobile apps and some have also web-based solutions.

Identity Document Verification to Prevent Loan Application Fraud

With newer providers of document verification you can compare the face image extracted from the document with a “selfie”. Ideally both the capture of the image and the selfie are performed at the time of the validation. Furthermore you can (and should) also perform a liveliness test to make sure that the selfie is taken off a “live” individual.

Click below to learn more about IdentityMind Document Validation.



See how identity document verification works here

 2. Identity Data Validation

This is the verification of a match between the submitted information such as name, address, phone, Social Security Number (SSN), tax ID and date of birth against public and private databases. It is possible to extract this data from an authorized document, and compare that extracted data against the provided information, as well as public and private databases.

3. Bank Account Ownership

The goal of this test is to verify a client actually has access to the bank account presented during the onboarding process. This validation can be done by having the client provide the bank’s credential details, or via micro-deposits to the account.

4. “Out of Wallet” Questions

In “Out of Wallet” Questions- which can also be referred to as, “Knowledge Based Authentication”- the system matches an identity based on submitted information, and provides questions that should only be answered correctly by that person. These questions are presented in a multiple choice format, and the user must choose the right answer. Common examples of these questions include previous address, names of relatives, place of birth, etc.

Out of Wallet Questions to Prevent Loan Application Fraud

 5. Identity Risk Scoring

This test compares submitted information with databases of stolen attributes and heuristics, providing you with a risk score based on the likelihood of the given identity being forged using compromised information.

Machine learning techniques have really evolved in the past few years making scoring on identity attributes accurate and feasible. Click below to learn how IdentityMind uses supervised machine learning to reduce false positives and increase accuracy in the KYC and identity validation process.


6. Out of band Phone Verification

Out of Band verification allows you to assess in real-time whether the presented phone number is indeed in the possession of the identity being evaluated. In some geographies, you can even verify whether the phone number and subscriber data match.

7. Social media analysis 

Social Media analysis examines social network information to identify risk conditions that may indicate the identity in question is fake, or presents enough risk indicators to require further vetting. This is especially useful if the onboarding process is tied to social network accounts.

8. Video Conversation 

In some countries, you are required to have a personal conversation with the potential client. This can be accomplished by embedding a video chat plugin to perform a video conference with the potential client.

Account Origination Fraud Prevention — Beyond Identity Verification

Regardless of how lax or strict you are during the identity verification portion of the onboarding process, some identity theft will always slip through- the question is how much. You are obviously trying to minimize it, but fraudsters can be surprisingly diligent in stealing an identity.

The really good ones are hard to catch, and those who have acquired multiple stolen identities will attempt to use them rapidly when they find a way in. If they find an institution vulnerable to one identity, they’ll typically attempt to exploit that institution multiple times with other stolen identities. This is common in the online world.

Online lenders must analyze the risk of the account origination and loan application fraud by looking at the online session information, and incorporating it within the context of the identity data.

These are well known practices by risk managers in ecommerce. However, many of the emergent financial business models (e.g. crowdfunding, internet lending, money transmitters) are not used to this type of fraud prevention. Especially when risk and compliance officers are transitioning from the physical to online world.

Incorporating advanced fraud prevention into the KYC process is a necessary protection you should implement right at the moment when borrowers are creating their accounts or applying for a loan.

In the identity evaluation guide below we provide you with a framework to embed risk analysis into the onboarding/KYC process.

4 Strategies to Prevent Lending Fraud with Account Origination Protection

The following strategies- gathered from real use cases with our clients- describe some of the ways you can prevent loan application fraud during the onboarding process using our platform:

  1. Leverage industry data

Fraudsters tend to reuse stolen identity data across businesses in the same industry. If a fraudster is able to acquire a loan from an , they will attempt to acquire a loan using the same information at a different online lender.

The IdentityMind platform shares fraudulent data in real-time, alerting you when fraudsters recognized by other online lenders are applying for a loan at your institution. The relevance of industry data has been demonstrated repeatedly as fraudsters focus on a particular industry.

2. Leverage your own data

We enable clients to seed the IDM system with historical data, including your watch lists, black lists and rejected users.

Our system automatically adds the attributes of rejected applications to a watch list, and alerts you when they appear as part of a new application. This allows you to easily identify recurrent users trying to hide their previous attempts.

The system highlights these “watched” attributes even when hidden under several layers of transactions (what we call “degrees of separation”). Similarly, and perhaps more important, is when this reveals new applications connected to entities on your black list.

In addition, the IDM platform implements two additional functions to allow clients inform the platform of business-specific attributes: 1) Tag framework and 2) Open API – Memo Fields. Both can be used within the rule system and also to inform machine learning algorithms.

Inform the IdentityMind Platform with Specific Business Information to Improve Fraud Prevention and Risk Analysis

3. Common attributes outside identity data

Fraudsters often utilize attributes that are common across their stolen identities, such as phone numbers, bank accounts, and email addresses.

One of our clients configured a rule that flagged new loan applications attached to bank accounts already associated with another identity.

This rule detected fraudsters who had passed all identity verification security tests, and had even verified “ownership” of the bank account.

These fraudsters had used different devices, but the same bank account. The loan applications were then rejected, and the fraudsters attempted another application using a different bank account. However those attributes were already tainted from the previous process, and they were repeatedly denied for new loans.

4. Geolocation Risk Analysis

Our clients benefit from our expertise in eCommerce fraud prevention, specifically with risk analysis based on geography, distance between the location of the potential customer and their billing information, and more.

Location is assessed for all users regardless whether they are accessing your website from a computer or mobile phone. Our platform can connect to Mobile Network Operators and assess the location of the subscriber, take latitude and longitude from the device itself, or rely on the true IP address of the computer, removing proxies in between.

Final Thoughts

The combination of KYC and fraud prevention techniques during account origination are a much better solution than just one or the other. The more diverse your protection is, the better the overall results.

A combined solution also offers alternatives to heavy friction during the identity verification process. Distributing the effort between Identity Verification and Account Origination will help you achieve a better balance during the onboarding process and prevent more account fraud overall.

What’s Next?

While we have talked and described scenarios during account origination, account fraud can go far beyond origination. In fact, one of the more prevalent types of account fraud is Account Takeover (ATO). Account origination and account takeover are considered the number one and two risk factors to financial institutions at large. With the proliferation of identity data breaches worldwide, all financial institutions onboarding clients and offering financial services at largely at risk.

This post was originally available on Feb 2016. Updated on Jan 31st 2020 for new techniques, and focus on overall account fraud vs just account origination fraud.

Book a Meeting


Let's Talk Support