In our previous blog, we covered five steps to help lenders avoid application fraud. Application fraud has been an increasing blight on credit books particularly with the growth in digital channels. In this blog we explore another five fraud-mitigation steps.

6.  Selfie/ID-matching

Some leading lenders have been utilising a technique for matching an ID photo with a customer selfie. A customer turns on their webcam and looks left/right and up/down (this ensures that it is a 3D image of a face that is being shown and not another photo). The computer makes a digital image of the customer’s facial ratios and then compares these to the ID photo given. Any inconsistencies can be flagged to undergo further verification.

An extension of this employed by banks in Europe and Asia is the video-chat applicant authentication where the applicant chats directly with a verification agent to confirm identification and avoid third-party fraud. Further to this, some lenders use voice authentication software for their existing customers.

7.  Document verification

Documentation verification is a critical step in the application process. Whilst most verification by lenders is done manually, there are some automatic solutions out there. The documentation required for an application varies by product and by country, but some of the common automated verification tools include the following:

1. ID verification – this will verify that the ID document/card/passport is genuine and has not been tampered with. It will also scrape the ID number and ensure that it is the same as the ID number given by the applicant.
2. Bank account verification – this will authenticate the bank account is valid and belongs to the applicant (also that it is not closed nor dormant).
3. Income verification – this will take the information on a payslip or bank statement and using optical character recognition (OCR) will scrape the scanned payslip or bank statement and ensure that the documentation has not been tampered with and that the values add up correctly and are in line with what was manually captured. In some countries open banking allows a borrower to pull a bank statement containing the applicant’s income data directly from the bank.

8.  Device behaviour

More advanced fraud detection for digital applications will monitor the filling in of the application form. A lot of copy-and-pasting may indicate a bulk fraud attempt. Furthermore, multiple applications from one device or multiple amendments to an application may indicate fraud. An application that is filled in too quickly too slowly may also indicate fraud.

9.  Foreign applications

Foreign applications are also important to control. Many lenders prevent applications from outside their own country. Fraudsters utilise Virtual Private Networks (VPNs) to get around this. Lenders counter-act this by having a list of transparent proxies in their country which will flush out some VPNs. There are some advanced techniques to flush out anonymous proxies too, but they are not all fail-safe.

10.  Verifying accounts at the bureau through knowledge-based authentication (KBA)

A method that has been used for a while (normally through call-centre verification) is KBA or knowledge-based authentication. Here a bureau record is pulled on the customer and questions are asked such as: “With which mobile network do you have a mobile account?” and then giving a list of options from which the applicant can pick. Other questions could include asking about credit limits on credit cards, the bank holding the customer’s mortgage, previous addresses of the applicant, retail accounts or unsecured loans taken out. Many bureaux offer this service.

Other mitigations

Another indication of possible fraud is the amount of time an applicant has spent on the website. An applicant browsing the sight extensively is less likely to be fraudulent than an applicant who goes straight to the website and applies. This information could be managed and monitored through anti-fraud software.

Although less relevant with digital channels, a common mitigation step used by lenders is to classify certain branches as high-fraud-branches. Additional assessment steps are typically used on applications coming from these branches.

Finally, it is also worth mentioning general software security if you are lending through a digital channel. This includes securing both the application and the database. We will cover software security in a future blog.

Conclusion

As the list indicates, there are many fraud mitigation steps that can be utilised in originations. Very few lenders utilise all these steps and the implementation of technology and strategies to incorporate each step obviously has financial and time implications. Ultimately lenders need to do a benefit analysis to determine what steps they should deploy, but as fraudsters often seek out the more fraud-vulnerable credit providers, it is important to stay ahead of the pack.

If you would like to learn how Principa can assist you in reducing the impact of application fraud in your business, then please get in touch (info@principa.co.za). We would be happy to have a no-obligations call with you to discuss your concerns.