By: Kennis Wong   In the last post, I emphasized the importance of fraud detection even after an account has been approved. If information gathered later indicates an application was fraudulent, credit issuers can still take action on the account to minimize fraud losses. Monitoring your internal systems to find suspicious activities is one way to do it. If the account holder has unusual purchase patterns, such as spending $2000 at a dry cleaner, you may want to stop and have a closer look. But more revealing would be the bigger picture – Is the account holder developing other financial relationships? Do these other applications indicate high identity theft risk? Are there any unusual patterns across the multiple financial relationships? The tricky part is finding the related applications. If you are looking for applications that use the same SSN, name, DOB, address and phone number, you may be missing information that helps detect fraud. Fraudsters often mutate elements of the PIIs when they use stolen identities to hide their fraudulent activity.  If you link related applications together, you can then look for unusual patterns collectively. Find that the same social security number was used 10 times, with different addresses, all in the same week? Bad sign. Individual signs may help very little. False-positives and fraud referral rates may be too high if your action is based on just one or two signs. That’s why Experian recommends using a risk-based method for minimizing fraud instead of a rule-based method. You need fraud analytics to put all signs together in a way that is predictive of identity theft. Timeliness is the key to successful fraud account management. If the identity fraudster has already used all available credit on a credit line, then it is too late to minimize fraud and action on the account. The only benefit at that point — saving time by telling your collection department not to waste effort attempting to collect on the account.

By: Kennis Wong Most lenders authenticate applicants before they extend credit. With identity theft so prevalent today, not ensuring you are dealing with the real consumer before starting a customer relationship is like playing Russian roulette. Especially for installment loans, when the goods are out, the chance of recouping the money in the case of identity theft is slim. Even for secured loans like car loans, fraudsters can always cash out the car in Mexico, and you will never see the shadow of it again. No wonder lenders place a lot of emphasis on checking people’s identities at application. For many cases, this is really the key point where identity fraud can be stopped. But it is not necessarily true for all type of lenders. For revolving loans, lenders could still minimize fraud losses after credit application is approved, as long as available credit still exists. You can imagine that once a fraudster gets hold of someone’s identity, s/he is likely to maximize its value by using it again and again. Therefore, there should be more credit activities, hence more evidence of misuse, by Day 7 than on Day 1. In the unfortunate event that a fraudster passes authentication on Day 1, it is still possible that you discover the fraud on Day 7 if you have new information. If you are a credit card issuer, it means you can still stop the action before the credit card gets to the fraudster’s hand and gets activated. Unfortunately for a lot of smaller lenders, the due diligence stops at the point of application. Even larger lenders only start their “account management” fraud detection at the point of high-risk transaction or payment. By not watching the new customer relationship closer and studying fraud trends, they are missing out fraud loss reduction opportunity.

By: Kristan Frend It seems as though desperate times call for desperate measures- with revenues down and business loans tougher than ever to get, “shelf” and “shell” companies appear to be on the rise. First let’s look at the difference between the two: Shelf companies are defined as corporations formed in a low-tax, low-regulation state in order to be sold off for its excellent credit rating. According to the Better Business Bureau, off-the-shelf structures were historically used to streamline a start-up, but selling them as a way to get around credit guidelines is new, making them unethical and possibly illegal. Shell companies are characterized as fictitious entities created for the sole purpose of committing fraud. They often provide a convenient method for money laundering because they are easy and inexpensive to form and operate. These companies typically do not have a physical presence, although some may set up a storefront. According to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network, shell companies may even purchase corporate office “service packages” in order to appear to have established a more significant local presence. These packages often include a state business license, a local street address, an office that is staffed during business hours, a local telephone listing with a receptionist and 24-hour personalized voice mail. In one recent bust out fraud scenario, a shell company operated out of an office building and signed up for service with a voice over Internet protocol (VoIP) provider. While the VoIP provider typically conducts on-site visits to all new accounts, this step was skipped because the account was acquired through a channel partner. During months one and two, the account maintained normal usage patterns and invoices were paid promptly. In month three, the account’s international toll activity spiked, causing the provider to question the unusual account activity. The customer responded with a seemingly legitimate business explanation of activity and offered additional documentation. However, the following month the account contact and business disappeared, leaving the VoIP provider with a substantial five figure loss. A follow-up visit to the business showed a vacant office suite. While it’s unrealistic to think all shelf and shell companies can be identified, there are some tools that can help you verify businesses, identify repeat offenders, and minimize fraud losses. In the example mention above, post-loss account review through Experian’s BizID identified an obvious address discrepancy – 12 businesses all listed at the same address, suggesting that the perpetrator set up numerous businesses and victimized multiple organizations. The moral of the story? Avoid being the next victim and refine and revisit your fraud best practices today. Click here for more information on Experian's BizID