Topics

As fraud continues to rise in the rental housing market, tenant screening practices are evolving. In an earlier blog, I explored how Experian Observed DataTM can provide early indicators of income and employment consistency, offering screening companies a way to reduce reliance on costly or time-intensive verification methods.  In this follow-up, I explore two additional tools that strengthen the tenant screening process: Experian VerifyTM for Research Verifications and Experian Verify for Permissioned Verification's AI-powered Document Review. Used together, these solutions enable a layered approach that boosts both efficiency and prevention of fraud. Modernized Research Verifications Manual employment and income and employment checks—once the standard for tenant screening—are time-consuming and often inconsistent. Traditionally, screening companies had to reach out directly to employers and request proof of employment. While still useful, this method puts pressure on internal resources and is not always scalable.  To streamline manual verification, many organizations are partnering with third-party providers, especially those that take a digital-first approach. Outsourcing allows screening companies to delegate outreach, follow-ups, and fraud detection to specialized teams trained in document validation and employer communication. These services deliver the same insights internal teams would gather, while freeing up in-house resources for more strategic initiatives. By leveraging digital tools such as conversational AI, online forms, and automated workflows—combined with human oversight—digital-first vendors offer a more scalable and cost-effective alternative to fully manual processes. This approach not only reduces operational costs but also shortens turnaround times, helping screening companies respond faster without compromising accuracy or fraud resistance. Key advantages:[MJ1]  Reduces the burden on internal staff Ensures consistency and fraud awareness in document review Provides a reliable fallback when other verification tools return limited data This approach is especially valuable when initial data sources yield incomplete results and further confirmation is required. AI-Enhanced Document Upload and Review Another common scenario in tenant screening is the submission of income documents by the applicant, often in the form of paystubs or bank statements. Manual review of these documents is prone to error and increasingly vulnerable to sophisticated forgeries, including those generated by artificial intelligence. AI-powered document analysis tools are now helping screening companies process uploaded documents more securely and efficiently. These platforms typically work by: Allowing applicants to upload documents through a secure portal Using AI to scan for signs of tampering, fabrication, or inconsistency Returning standardized results that are easier to evaluate and compare By automating the detection of anomalies and potential fraud indicators, these tools reduce the workload for staff while improving the reliability of the review process. Benefits include: Faster review and turnaround times Improved fraud detection capabilities Greater consistency across applicants This method is especially useful when traditional employer APIs are unavailable or when screening companies need additional confirmation beyond initial data sources. A Layered Approach to Verification By combining different verification methods, screening companies can design workflows that adapt to a wide range of applicant profiles and risk scenarios. A layered strategy might include: Starting with an inexpensive source of income or employment data to identify likely matches Using AI-based document review when additional validation is needed Turning to manual research verifications only when necessary This cascading process allows screening companies to control costs while maintaining a strong defense against fraud. It also ensures that higher-cost methods are used only when the earlier steps do not provide enough confidence to proceed. Modern Challenges Require Modern Solutions Fraud in tenant screening is increasing rapidly. According to industry surveys, over 93 percent of screening companies have encountered fraud in the past year, and the majority have dealt with falsified income documentation. Traditional approaches, especially manual review, are no longer sufficient on their own. By rethinking verification strategies and incorporating modern tools like outsourced research verification and AI-enhanced document review, screening companies can reduce risk, improve efficiency, and better prioritize their resources. Learn More For organizations interested in implementing these types of verification tools, several providers—including Experian—offer services designed to support this layered approach. These solutions can help screening companies strike the right balance between cost, compliance, and fraud resistance. To learn more, visit experian.com/verify.

In today’s digital lending landscape, fraudsters are more sophisticated, coordinated, and relentless than ever. For companies like Terrace Finance — a specialty finance platform connecting over 5,000 merchants, consumers, and lenders — effectively staying ahead of these threats is a major competitive advantage. That is why Terrace Finance partnered with NeuroID, a part of Experian, to bring behavioral analytics into their fraud prevention strategy. It has given Terrace’s team a proactive, real-time defense that is transforming how they detect and respond to attacks — potentially stopping fraud before it ever reaches their lending partners. The challenge: Sophisticated fraud in a high-stakes ecosystem Terrace Finance operates in a complex environment, offering financing across a wide range of industries and credit profiles. With applications flowing in from countless channels, the risk of fraud is ever-present. A single fraudulent transaction can damage lender relationships or even cut off financing access for entire merchant groups. According to CEO Andy Hopkins, protecting its partners is a top priority for Terrace:“We know that each individual fraud attack can be very costly for merchants, and some merchants will get shut off from their lending partners because fraud was let through ... It is necessary in this business to keep fraud at a tolerable level, with the ultimate goal to eliminate it entirely.” Prior to NeuroID, Terrace was confident in its ability to validate submitted data. But with concerns about GenAI-powered fraud growing, including the threat of next-generation fraud bots, Terrace sought out a solution that could provide visibility into how data was being entered and detect risk before applications are submitted. The solution: Behavioral analytics from NeuroID via Experian After integrating NeuroID through Experian’s orchestration platform, Terrace gained access to real-time behavioral signals that detected fraud before data was even submitted. Just hours after Terrace turned NeuroID on, behavioral signals revealed a major attack in progress — NeuroID enabled Terrace to respond faster than ever and reduce risk immediately. “Going live was my most nerve-wracking day. We knew we would see data that we have never seen before and sure enough, we were right in the middle of an attack,” Hopkins said. “We thought the fraud was a little more generic and a little more spread out. What we found was much more coordinated activities, but this also meant we could bring more surgical solutions to the problem instead of broad strokes.” Terrace has seen significant results with NeuroID in place, including: Together, NeuroID and Experian enabled Terrace to build a layered, intelligent fraud defense that adapts in real time. A partnership built on innovation Terrace Finance’s success is a testament to what is  possible when forward-thinking companies partner with innovative technology providers. With Experian’s fraud analytics and NeuroID’s behavioral intelligence, they have built a fraud prevention strategy that is proactive, precise, and scalable. And they are not stopping there. Terrace is now working with Experian to explore additional tools and insights across the ecosystem, continuing to refine their fraud defenses and deliver the best possible experience for genuine users. “We use the analogy of a stream,” Hopkins explained. “Rocks block the flow, and as you remove them, it flows better. But that means smaller rocks are now exposed. We can repeat these improvements until the water flows smoothly.” Learn more about Terrace Finance and NeuroID Want more of the story? Read the full case study to explore how behavioral analytics provided immediate and long-term value to Terrace Finance’s innovative fraud prevention strategy. Read case study

In the latest episode of “The Chrisman Commentary” podcast, Experian's Alison Bird, Product Owner, and Joy Mina, Director, Product Commercialization, discuss how streamlining the verification process helps mortgage lenders serve more borrowers without sacrificing accuracy. Listen to the full episode for all the details and tune in to the previous episode to learn why price transparency is important in the verification process. Listen now

In today’s digital payments landscape, fraudsters are constantly developing new tactics to exploit vulnerabilities. One of the most common credit card schemes financial institutions and merchants face are BIN attacks. But what exactly is a BIN attack, and how does BIN attack fraud work? What is a BIN attack? BIN attacks, a type of card not present fraud, target the Bank Identification Number (BIN) ­— the first six to eight digits of a credit or debit card number that identify the issuing financial institution. Fraudsters use these digits to systematically generate and test potential card number combinations. The goal of a BIN attack is to discover valid card numbers that can be used for fraudulent transactions. Because BINs are publicly available and consistent across card issuers, they provide a predictable framework for attackers. How does it differ from other types of payment fraud? Payment fraud takes many forms, but BIN attacks stand apart because of their scale and automation. Card testing fraud vs. BIN attacks: Both involve criminals running authorization attempts to identify valid card details. However, card testing typically uses data from a single stolen card, while BIN attacks systematically generate thousands of possible card numbers from a known BIN range. Account takeover fraud vs. BIN attacks: In an account takeover, fraudsters gain access to a customer’s existing account, often through phishing or stolen login credentials. BIN attacks don’t require account access — instead, they exploit card number patterns to guess valid accounts. What are the consequences of a BIN attack? BIN attacks don’t just result in stolen card numbers — they create wide-ranging business risks that can impact operations, revenue and customer trust. For financial institutions and merchants, the ripple effects can be significant: High transaction volumes: BIN attacks are carried out using automated scripts or bots that fire off thousands of transaction attempts per minute. This traffic can overwhelm payment systems, slow down processing and disrupt the checkout experience for legitimate customers. Increased chargebacks: Once fraudsters identify valid cards, they make unauthorized purchases that often result in chargebacks. Both merchants and issuers absorb these losses — merchants lose revenue, while issuers reimburse cardholders. Network and processing costs: Every transaction attempt — even those declined during a BIN attack — still incurs network and processing fees. Merchants and issuers can end up paying for thousands of authorization requests, draining resources. Reputational damage: Today’s consumers expect seamless and secure payments. If they experience frequent declines, blocked cards or fraudulent activity, their trust in the institution or merchant erodes. How to protect against BIN attack fraud Mitigating BIN attacks requires a proactive, layered defense strategy. Financial institutions and merchants should consider: Advanced fraud detection and analytics: BIN attacks generate massive volumes of fraudulent traffic. By leveraging AI-driven analytics and machine learning, institutions and merchants can monitor for unusual transaction patterns, velocity spikes and bot-driven activity. Identity and device intelligence: Fraudsters often hide behind bots, stolen IP addresses and compromised devices. With identity verification and device intelligence solutions, merchants and institutions can better determine whether a transaction is coming from a legitimate customer or a fraudster testing card details. Multi-factor authentication (MFA): BIN attacks succeed on speed and automation, firing off thousands of transactions. MFA can help disrupt this process by requiring additional proof of identity from the customer, such as facial recognition or one-time passcodes. Credit card authentication: BIN attacks exploit the gap between payment credentials and the identity of the person using them. A solution like Experian LinkTM seamlessly connects the payment instrument with the digital identity presented for payment, helping merchants to reduce false declines, fraud and operating expenses. Build a stronger defense against BIN attacks BIN attacks are a growing threat in today’s digital payments ecosystem. But with the right safeguards in place, organizations can stay ahead. Learn how Experian can help you strengthen your fraud defenses to reduce losses and protect customer trust. Learn more

Mid-sized banks are large enough to pursue ambitious growth strategies, like expanding loan portfolios or entering new markets, but not so large that they can withstand major credit losses without consequence. So how do lending organizations manage their credit risk strategies to grow without taking on more risk than they can handle?

Nearly 19 million U.S. households remain unbanked or credit-invisible,1 not due to a lack of financial responsibility but because traditional credit models alone may not include key financial behaviors. These individuals often save, earn and budget wisely, yet conventional scoring systems do not recognize them. We’ve recently partnered with Plaid, the trusted leader in open finance, to change that. Together, we’re putting cash flow underwriting front and center — giving lenders access to real-time, consumer-permissioned financial data that paints a fuller, more accurate picture of creditworthiness. Why cash flow data matters now  In the U.S., many consumers with limited credit histories want to build their profiles but don’t know how. Cash flow underwriting bridges this gap. Cash flow insights reveal real-world financial activity — like income patterns, spending habits and account balances — in real time. This empowers lenders to make smarter, faster and more inclusive credit decisions, while helping consumers gain access to the financial services they deserve. What cash flow insights deliver By incorporating cashflow data into your decisioning strategy, you can: See beyond the score with a richer view of a consumer’s financial health. Accelerate approvals with more accurate and timely insights. Expand access to credit while strengthening portfolio diversity and reducing risk. Download our infographic to see how cash flow underwriting is reshaping lending — and how you can lead the change. Download infographic 1Mullen, C. (2024, November 13). Underbanked US population grows to 14.2%, FDIC finds. Banking Dive. 

Credit decisioning has traditionally relied on static data like credit bureau scores, income statements, and past repayment history. As financial behavior becomes more dynamic and consumer expectations shift toward instant decisions, real-time data is emerging as a powerful tool in reshaping how lenders assess risk.

Lending fraud – what is it? Lending fraud is a deceptive practice in which individuals or entities intentionally provide false or misleading information during the loan application process to secure credit or financial gain. This can include using fake identities, inflating income, forging documentation, or applying for loans without the intention of repayment.   The consequences are significant: lenders suffer financial losses, consumers experience identity theft or damaged credit scores, and the economic system bears increased risk and regulatory scrutiny. Loan fraud is a growing concern across consumer, commercial, and mortgage lending sectors, affecting institutions of all sizes. How do I safeguard my organization from loan fraud?    Preventing lending fraud is a complex, ongoing challenge that requires a multi-layered and holistic approach. As fraud tactics become more sophisticated, especially with the rise of generative AI and digital lending channels, financial institutions must continually evolve their defenses.  Strong identity verification is the first line of defense. Lenders should implement advanced authentication tools beyond basic KYC (Know Your Customer) checks. This includes biometric verification, document verification, and device intelligence —technologies that assess the authenticity of the user and the device used during the application process. These tools can help detect synthetic identities — false identities created using a blend of real and fabricated information — increasingly used in loan fraud schemes.  Another crucial strategy is real-time data analytics and behavioral monitoring. Lenders can quickly identify anomalies that may indicate fraudulent activity by analyzing applicant behavior, credit history, device usage patterns, and geolocation data in real time. For example, if an applicant submits multiple loan applications from different IP addresses in a short time frame, that could raise a red flag for potential lending fraud.  Employee training and awareness are also essential. Frontline staff must be equipped to identify warning signs, such as inconsistencies in application documents or rushed, high-pressure loan requests. Regular fraud prevention training helps employees stay alert and aligned with the organization’s risk management protocols.  57% of financial institutions reported direct fraud losses exceeding $500,000 in the past year, with 25% exceeding $1 million.1 Consumers reported losing more than $12.5 billion to fraud in 2024, which represents a 25% increase over the prior year.2 In addition, robust internal controls and auditing mechanisms are critical in prevention. Organizations should regularly audit loan origination processes and investigate unusual approval patterns to detect insider fraud or systemic vulnerabilities.  Finally, consumer education is a vital, often overlooked, aspect of combating loan fraud. Lenders should provide resources to help customers understand the risks of identity theft, encourage them to monitor their credit reports regularly, and empower them to report any suspicious activity. A well-informed customer base can be a valuable early warning system for fraud.  With digital lending becoming the norm, preventing lending fraud means staying ahead of increasingly tech-savvy fraudsters. Leveraging data, technology, and education together builds a stronger, more resilient fraud defense framework.  Lending fraud + Experian – How we can help  With access to the industry’s most advanced fraud detection and identity verification tools, partnering with us gives you a potent edge in combating lending fraud. As a global leader in data, analytics, and technology, our comprehensive and accurate sets of consumer information enable you to spot risks that might be invisible through conventional means. Our approach combines rich data insights with powerful machine learning algorithms, delivering fraud prevention tools that are intelligent, scalable, and highly adaptive.  Our fraud detection technologies are designed to protect every stage of the lending lifecycle. From real-time identity verification and multi-factor authentication solutions to behavioral biometrics and device intelligence, so you can detect synthetic identities, manipulated applications, and other forms of loan fraud before they lead to financial loss.  In an era where trust is currency, partnering with us doesn’t just help protect against lending fraud — it enhances your reputation as a secure, responsible lender. You gain the confidence of your customers by providing safe, streamlined lending experiences while meeting compliance requirements and reducing operational risk. With us, you’re not just reacting to fraud—you’re anticipating it, preventing it, and confidently growing your business.  Learn more 1State of Fraud Benchmark Report. Alloy. (2024). 2New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024. Federal Trade Commission. (2025, March 10). 

In 2025, home equity lending has re-emerged as a central theme in the American financial landscape—an evolution not driven by hype, but by hard data, economic realities, and consumer behavior. As homeowners grapple with inflation, rising consumer debt, and a persistent affordability crisis in housing, the home equity line of credit (HELOC) is gaining traction as a practical, flexible, and often misunderstood financial solution.

Experian is proud to be a Thought Leadership Sponsor at this year’s Federal Identity Forum & Expo (FedID)! We’re bringing the latest innovations in fraud prevention, identity verification, and behavioral analytics – all designed to help government agencies protect access, ensure trust, and stay ahead of evolving threats.

Now in its tenth year, Experian’s U.S. Identity and Fraud Report continues to uncover the shifting tides of fraud threats and how consumers and businesses are adapting. Our latest edition sheds light on a decade of change and unveils what remains consistent: trust is still the cornerstone of digital interactions. This year’s report draws on insights from over 2,000 U.S. consumers and 200 businesses to explore how identity, fraud and trust are evolving in a world increasingly shaped by generative artificial intelligence (GenAI) and other emerging technologies. Highlights: Over a third of companies are using AI, including generative AI, to combat fraud. 72% of business leaders anticipate AI-generated fraud and deepfakes as major challenges by 2026. Nearly 60% of companies report rising fraud losses, with identity theft and payment fraud as top concerns. Digital anxiety persists with 57% of consumers worried about doing things online. Ready to go deeper? Explore the full findings and discover how your organization can lead with confidence in an evolving fraud landscape. Download report Watch on-demand webinar Read press release  

In today’s evolving economic climate, lenders face a growing challenge: how to accurately assess creditworthiness — especially for consumers with limited credit histories. That’s where cash flow insights come into play. Our latest infographic illustrates how cashflow data helps lenders achieve a more comprehensive understanding of borrowers' financial health. What you'll learn: Why cashflow data is essential for modern, inclusive lending The key financial behaviors that cash flow insights can uncover How these insights help lenders expand market reach and make more precise decisions Read the infographic to learn more. View infographic

In early 2025, European authorities shut down a cybercriminal operation called JokerOTP, responsible for over 28,000 phishing attacks across 13 countries. According to Forbes, the group used one-time password (OTP) bots to bypass two-factor authentication (2FA), netting an estimated $10 million in fraudulent transactions. It's just one example of how fraudsters are exploiting digital security gaps with AI and automation. What is an OTP bot? An OTP bot is an automated tool designed to trick users into revealing their one-time password, a temporary code used in multifactor authentication (MFA). These bots are often paired with stolen credentials, phishing sites or social engineering to bypass security steps and gain unauthorized access. Here’s how a typical OTP bot attack works: A fraudster logs in using stolen credentials. The user receives an OTP from their provider. Simultaneously, the OTP bot contacts the user via SMS, call or email, pretending to be the institution and asking for the OTP. If the user shares the OTP, the attacker gains control of the account. The real risk: account takeover OTP bots are often just one part of a larger account takeover strategy. Once a bot bypasses MFA, attackers can: Lock users out of their accounts Change contact details Drain funds or open fraudulent lines of credit Stopping account takeover means detecting and disrupting the attack before access is gained. That’s where strong account takeover/login defense becomes critical, monitoring suspicious login behaviors and recognizing high-risk signals early. How accessible are OTP bots? Mentions of OTP bots on dark web forums jumped 31% in 2024. Bot services offering OTP bypass tools were being sold for just $10 to $50 per attack. One user on a Telegram-based OTP bot platform reported earning $50,000 in a month.   The barrier to entry for fraudsters is low, and these figures highlight just how easy and profitable it is to launch OTP bot attacks at scale. The evolution of fraud bots OTP bots are one part of the rising wave of fraud bots. According to our report, The Fraud Attack Strategy Guide, bots accounted for 30% of fraud attempts at the beginning of 2024. By the end of the year, that number had risen to 80% — a nearly threefold increase in just 12 months. Today’s fraud bots are more dynamic and adaptive than before. They go beyond simple scripts, mimicking human behavior, shifting tactics in real time and launching large-scale bot attacks across platforms. Some bypass OTPs entirely or refine their tactics with each failed attempt. With generative AI in the mix, bot-based fraud is getting faster, cheaper and harder to detect. Effective fraud defense now depends on detecting intent, analyzing behavior in real time and stopping threats earlier in the process. Read this blog: Learn more about identifying and stopping bot attacks. A cross-industry problem OTP bots can target any organization that leverages 2FA, but the impact varies by sector. Financial services, fintech and buy now, pay later (BNPL) providers are top targets for OTP bot attacks due to high-value accounts, digital onboarding and reliance on 2FA. In one case outlined in The Fraud Strategy Attack Guide, a BNPL provider saw 25,000+ bot attempts in 90 days, with over 3,000 bots completing applications, bypassing OTP or using synthetic identities. Retail and e-commerce platforms face attacks designed to take over customer accounts and make unauthorized purchases using stored payment methods, gift cards or promo credits. OTP bots can help fraudsters trigger and intercept verification codes tied to checkout or login flows. Healthcare and education organizations can be targeted for their sensitive data and widespread use of digital portals. OTP bots can help attackers access patient records, student or staff accounts, or bypass verification during intake and application flows, leading to phishing, insurance fraud or data theft. Government and public sector entities are increasingly vulnerable as fraudsters exploit digital services meant for public benefits. OTP bots may be used to sign up individuals for disbursements or aid programs without their knowledge, enabling fraudsters to redirect payments or commit identity theft. This abuse not only harms victims but also undermines trust in the public system. Across sectors, the message is clear: the bots are getting in too far before being detected. Organizations across all industries need the ability to recognize bot risk at the very first touchpoint; the earlier the better. The limitations of OTP defense OTP is a strong second factor, but it’s not foolproof. If a bot reaches the OTP stage, it's highly likely that they've already: Stolen or purchased valid credentials Found a way to trigger the OTP Put a social engineering play in motion Fighting bots earlier in the funnel The most effective fraud prevention doesn’t just react to bots at the OTP step; it stops them before they trigger OTPs in the first place. But to do that, you need to understand how modern bots operate and how our bot detection solutions, powered by NeuroID, fight back. The rise of GenAI-powered bots Bot creation has become dramatically easier. Thanks to generative AI and widely available bot frameworks, fraudsters no longer need deep technical expertise to launch sophisticated attacks. Today’s Gen4 bots can simulate human-like interactions such as clicks, keystrokes, and mouse movements with just enough finesse to fool traditional bot detection tools. These bots are designed to bypass security controls, trigger OTPs, complete onboarding flows, and even submit fraudulent applications. They are built to blend in. Detecting bots across two key dimensions Our fraud detection solutions are purpose-built to uncover these threats by analyzing risk signals across two critical dimensions. 1. Behavioral patternsEven the most advanced bots struggle to perfectly mimic human behavior. Our tools analyze thousands of micro-signals to detect deviations, including: Mouse movement smoothness and randomness Typing cadence, variability and natural pauses Field and page transition timing Cursor trajectory and movement velocity Inconsistent or overly “perfect” interaction patterns By identifying unnatural rhythms or scripted inputs, we can distinguish real users from automation before the OTP step. 2. Device and network intelligenceIn parallel, our technology examines device and network indicators that often reveal fraud at scale: Detection of known bot frameworks and automation tools Device fingerprinting to flag repeat offenders Link analysis connecting devices across multiple sessions or identities IP risk, geolocation anomalies and device emulation signals This layered approach helps identify fraud rings and coordinated bot attacks, even when attackers attempt to mask their activity. A smarter way to stop bots We offer both a highly responsive, real-time API for instant bot detection and a robust dashboard for investigative analytics. This combination allows fraud teams to stop bots earlier in the funnel — before they trigger OTPs, fill out forms, or submit fake credentials — and to analyze emerging trends across traffic patterns. Our behavioral analytics, combined with device intelligence and adaptive risk modeling, empowers organizations to act on intent rather than just outcomes. Good users move forward without friction. Bad actors are stopped at the source. Ready to stop bots in their tracks? Explore Experian’s fraud prevention services. Learn more *This article includes content created by an AI language model and is intended to provide general information.

Financial institutions are sitting on a goldmine of data: customer transactions, credit histories, digital interactions, and more. But the real value is found when that data is transformed into insights that drive smarter decisions, faster responses, and better outcomes for both the business and consumers.

Risk management specialists, marketing departments, and customer success teams often work from different data sets, leading to inconsistent insights and missed opportunities. A unified data strategy can help break down these silos and unlock the full potential of an organization’s ability to turn raw data into actionable insights.