Skip to main content
Application Fraud: You Had Me At "Hello"

Physical security specialists will tell you that the best way to avoid a burglary is to use both visible and diverse deterrents. These can range from sensor/timed lights, to having multi-point locks on all doors and windows, to installing intruder alarms, etc. The greater the number and combination of deterrents, the more likely it is that a would-be burglar would pass by and look for "easier pickings".

The same is true of fraud defenses on financial products. Anti-counterfeiting measures on card products are a great example, with the likes of the card scheme hologram, unique embossed characters, the printing of cryptographic card verification codes, micro-printing and the introduction of chip cards all making it increasingly difficult for traditional counterfeit cards to proliferate in the way that they were doing 10-15 years ago. But the criminals did not go away: They have just moved on to looking for other means of accessing funds on cards by exploiting weaker defenses, such as application fraud vetting, insecure card delivery, etc.

Regulators worldwide have made it a compliance pre-requisite for financial institutions, and others in the value chain, to "Know Your Customer". In practical terms this most often means requiring documentation at account opening, or upon major transactions, and validating that these are bona fide. The problem is that — in an increasingly remote-service and transactionally border-less world — such documentation is often not physically viewed; instead, details are taken online, or electronic copies are obtained through remote channels. Criminals have come to realize this.

Criminals have further realized that even supposedly "official" identification documentation can be the subject of confusion and easily fabricated. Also, in a recessionary market where the need for ease and speed of customer service are king, many financial institutions will rely exclusively on the authenticity of an "official" identity document when providing a new credit facility.

Consider the freedom of movement of people and trade created by the European Union and the right of each citizen to be treated, and access services, in any member country in the same way as they would be in their home country. This means that "official" documentation characteristics are often difficult to know/consolidate at financial service organizations. Lenders may need to recognize the authenticity of a driving license from Latvia, a passport from Estonia, or an identity card from Belgium, for example.

Other challenges in an originations (or on-boarding) context is that most Know Your Customer and application fraud vetting solutions are only truly effective in weeding out criminals if the details used are the same as those from a prior fraud case, or linked to a suspected perpetrator.

So the criminal fraternity have been busy using acquired, misrepresented or even fabricated identity documents, and masking their connections, in order to gain access to products or services that should not otherwise have been supplied.

This is why lenders are stepping up their focus on application fraud as part of their enterprise fraud programs. In the fight against application fraud, the sharpest lenders are seeking a combination of predictiveness (through analytics); conditional rules that can be deployed in real time; matching and linking (both at a direct and indirect or "fuzzy logic" level, to determine relational connections); tailored alerts and case management; and customer communication strategies.

FICO has been actively working across its tools and solution, plus with partners like Equifax, to help bring about this collection of functional capabilities. The first generation availability is scheduled for December 2012, and the aim is indeed to catch fraudsters at "Hello"!

related posts