Fraud fighters zero in on document manipulation

Among the richest signals lenders can use to assess the authenticity of loan applications are artifacts in submitted documents — changes to fonts, say, or digital white-out used to cover and replace a balance figure — that are often invisible to the naked eye.

This is one of several methods banks can use to detect fraud in loan applications, an issue that has come to the fore as Paycheck Protection Program abuses continue to be investigated. The Department of Justice has already brought more than a thousand cases related to pandemic relief funds and has alleged losses over $1.1 billion, with most cases alleging that individuals created shell companies or inflated employee numbers to claim larger loan amounts.

Detecting fraud has also grown in importance as the cost of fraud rises, and a variety of companies offer services to detect document manipulation in the fight against fraud.

This week, document automation platform Ocrolus, whose software is used by banks and fintechs including SoFi, LendingClub and Enova, launched a new version of its fraud detection platform called Detect.

While Detect already supported document manipulation detection, the new features provide additional context by showing lenders where file tampering occurred in a document, what fields fraudsters have changed and how they changed them. The company said the new version would help financial institutions, especially small business lenders, make more informed lending decisions.

"As the lending industry shifts to digital loan application processes, fraud is rapidly increasing and becoming more difficult for humans to catch," said John Forrester, senior vice president of product at Ocrolus. "Detect enables lenders to quickly and confidently process more loans by proactively providing them with clear and reliable fraud signals."

Whereas fraudsters in the analog space can use ink-dissolving chemicals to erase and replace dates, names, numbers or addresses on financial documents, the tools for forging digital documents are much different and, without the aid of software, often more convincing.

Telltale signs can tip off a careful eye forensically analyzing a document for suspicious signals. In particular, PDFs contain a rich trove of metadata that can go as far as disclosing the date a forged document was edited and the software used to change it. Even individual fields have their own metadata in some PDFs, providing insight into the original values the fields contained.

Fraud detection software company Inscribe also announced new document automation features this week, adding to its existing suite of tools, which includes document manipulation detection. Other companies that offer such services include Informed.IQ, Trulioo, Onfido, Jumio, Membercheck and Resistant AI.

Because of the variety in the solutions fraud prevention companies offer, lenders might be better off when they lean on multiple partners — something Ocrolus does itself. Among its partners is Sentilink, an identity verification platform that specializes in detecting synthetic identities.

To make good software choices in this area, financial institutions need to consider a number of factors, including the flexibility the fraud detection provider has to align its policies with the financial institution's needs, according to Nick Parfitt, principal and anti-money laundering subject matter expert at Feedzai, which provides financial institutions tools for preventing payment fraud.

Lenders typically set out to find a holistic fraud prevention solution rather than document forensics software, Parfitt said, but the latter can be useful to financial institutions that process a heavy load of documents with every application, such as mortgage lenders and small business lenders.

These large-value loans are increasingly a target for fraudsters. Although the number of fraud cases has decreased since last year, according to data from TransUnion, the total cost of fraud has increased according to analyses from the Federal Trade Commission and LexisNexis Risk Solutions, because fraudsters are going after larger payouts rather than numerous small heists.

The quality and quantity of the data fraud prevention specialists use is also key because many services train and maintain artificial intelligence algorithms to detect fraud using real examples. Ocrolus CEO Sam Bobley said his company processes more than 250,000 small business applications per month, allowing the company to train its algorithms on the novel techniques fraudsters use to forge and manipulate documents.

"It's a growing data set that gives us a lot of different types of edge cases, and we see all sorts of interesting fraud rings and patterns that Ocrolus is in a unique position to capture," Bobley said.

Some vendors including Ocrolus and fraud analytics firm Fiverity also boast human-in-the-loop processes, allowing fraud analysts to learn from and provide feedback to algorithms for a force multiplication effect.

Of course, lenders should also test fraud detection companies' products using their own data, Parfitt said. Running a set of loan applications through these detection algorithms can provide meaningful and sometimes surprising results.

David Snitkof, vice president of product for Ocrolus, said the company recently had a testing session with a small business lender that provided 3,500 loan applications. Snitkof said Ocrolus detected file tampering on over 20% of the documents the lender provided while the lender had only flagged 4% of the applications for fraud. Snitkof said, had the lender spent around $40,000 in Ocrolus services and technology, it would have saved $1.2 million in fraudulent loans.

"Lending is this funny business of asymmetric risk," Snitkof said. "If you can spend a little bit of money to detect risk on your absolute riskiest accounts, the amount you save is huge."

For reprint and licensing requests for this article, click here.
Fraud detection Fraud Technology
MORE FROM AMERICAN BANKER