The FinTech fraud fight: Detecting the wolves in sheep’s clothing
The history of frauds dates back to well before the birth of Christ.
It seems to have been as omnipresent as the Holy Spirit, one might argue that the bible seemingly has more to say about money and debt repayment than it does about faith and prayer.
On that note, let’s dive straight into all things fraudulent.
Financial frauds are all pervasive — from stock market frauds to insurance frauds to, of course, credit frauds.
Some are downright amusing. For instance, the outlandish but incredibly real story of the ‘high-frequency trading’ fraud on Wall Street — that involved digging through mountains and rivers, right from Chicago to New Jersey to lay fibre-optic cables in an attempt to reduce transmission time for data from 17 to 13 milliseconds.
When it comes to insurance frauds, there’s the macabre tale of Sukumara Kurup that fascinates Kerala even after 37 years. He is said to have orchestrated his own death by allegedly murdering another man named Chacko in order to land a massive insurance sum. Some believe that Kurup is still alive and well while others obsess over the case and the investigation reports till date.
As regards credit, frauds go back as early as Egyptian civilization. In fact, I briefly discussed credit frauds through history in one of my earlier pieces.
However, the most legendary of them all, is the mortgage fraud that culminated in the 2008 crisis that shook the world. Financial institutions were found to be working hand in glove with credit rating agencies to indulge in predatory lending, and then later gift wrapping junk debt to sell on the securities market. The sheer inventiveness and connivance of the scheme is mind-boggling.
Credit: Andrew C
Jump to 2022, there is a ballooning fraud problem that’s growing in the shadows of the new, blue-eyed boy in town — Buy Now, Pay Later (BNPL).
The BNPL loot — big money stolen in small bags
All the street pickpockets seem to be now on Telegram channels such as ‘F University’, getting educated on how to hack into user accounts and steal credentials through phishing and other means.
And the plunder is substantial. Merchant losses to online payment fraud will exceed $206 billion cumulatively for the period between 2021 and 2025, according to Juniper Research. To put things in perspective, this figure is about 10 times Amazon’s net income in FY 2020.
Recently, hundreds fell victim to PAN identity theft on Indiabulls-owned Dhani app. Unfortunately for Dhani, one of them was Sunny Leone who took to Twitter to express her exasperation over some nincompoop messing up her CIBIL score, earning the platform considerable infamy.
This flurry of frauds is not the challenge of Dhani alone, but of all FinTechs. In efforts to make customer journeys as seamless as possible, a good number of them put authentication and validation checks on the backburner, thereby losing the plot. This growing trend was best captured by a fintech expert who said, “Companies used to build financial products starting with the risk. Everything today is built starting with marketing, and risk oftentimes comes way further down the funnel”.
“Digital lenders must strike a fine balance between user experience and fraud checks. Because speed shouldn’t come at the cost of due diligence.”
Spending on fraud detection services is expected to go through the roof, well over $11.8 billion globally in 2025. This is bound to eat into gains made through BNPL and other new-age credit offerings, thereby affecting long term viability and profitability of FinTechs.
Frauds come in all shapes and sizes
Broadly, frauds observed in the digital lending space can be categorised into three; identity frauds, transaction frauds, and author frauds.
At the basic level, fraudsters trick unsuspecting customers into sharing their credentials and take over their accounts. At a more advanced level, tech-savvy scamsters procure personally identifiable information (PII) through methods such as phishing, credential stuffing, and SIM card cloning. Some use stolen identities while others stitch together a fictitious character to create what is called a synthetic identity.
They create synthetic identities using valid but stolen Aadhaar numbers with accompanying false PII. Growing use of synthetic identity is often attributed to an increasing amount of compromised PII from major data breaches over recent years as well as unintentional disclosure over social media.
Another commonly seen fraudulent activity involves tampering of documents and financial statements called author frauds. Besides these, there are transaction frauds, wherein borrowers make purposeless transactions with the sole intention of pumping up cash flow to deceive underwriting models.
Put the brakes on hustled money
Estimates suggest that synthetic identity fraud in the US alone is a $6 billion problem.
Best way to tell a synthetic identity from a valid one would be to check for multiple account applications from the same IP address or device, multiple identities with the same Aadhaar number, multiple applicants with the same address or phone number, etc.
When it comes to these types of fraud, everybody loves to parade their AI/ML capabilities. But then, frankly, there’s only so much machine learning can do. Dan Ariely sums it up rather catchily, he says that AI is like teenage sex — everybody claims to do it, but nobodody really does it. Given that synthetic ID frauds in India are still in a nascent stage, it may take ML some time to detect irregularities and hit the nail on bogus IDs.
Yet, this is an area that deserves utmost attention, because once a synthetic identity has been planted in the financial system, they look and behave like normal consumers, and the identity can be nurtured for months and sometimes even years, until it goes bust one day after having secured a fat credit line.
Basically, validating the user-identity during the sign-up process is simply non-negotiable. Onboarding process must be infallible, without adding complexity. BNPL systems should include biometric authentication, liveness checks, and fake-document checks (such as holograms or font mismatch) as part of the sign-up process to counter fake identity creation.
As regards transaction frauds, ML models can be trained to detect pattern deviations in inflows and outflows to find out if the borrower has been cooking their books.
Essentially, anything less than 1000 varied parameters to ascertain risk involved in user interactions is unadvisable. Lack of focus on authentication and validation processes will prove to be the Achilles’ heel that brings down triumphant FinTechs.
Bottom line
Technology is evolving faster than ever, but so are frauds. Scammers are getting more creative by the day. And the threat is real, so much that the industry body of UK finance said that current fraud levels are now a threat to national security.
One of the best ways to defeat it, is to draw attention to it, as we did with the virus recently. Brushing fraud problems under the carpet will only add to the problem. It's time fraud detection and prevention conversations take centre stage.
The onus is upon FinTechs to voluntarily adopt robust regulatory compliance mechanisms, work together, and collaborate to nullify this growing threat.
More importantly, fraud prevention needs a dynamic model that can act and react on and real-time basis.
Also, it wouldn't be a bad idea to master the art of deception, yourself. Because you have to think like the bad guys to catch the bad guys.