Reports that last week's terrorist attack in San Bernardino, Calif., may have been financed by a $28,500 loan from Prosper Marketplace have provoked a wave of scrutiny of online marketplace lending.
Much of the news coverage has focused on whether San Francisco-based Prosper took adequate steps to sniff out the deadly plot. At this stage, no evidence has emerged to suggest that the company should have detected murderous plans that were apparently also unknown to U.S. authorities.
But the San Bernardino case also highlights a key vulnerability of the rapidly expanding sector: the prevalence of fraud by prospective borrowers.
"There's sort of a higher risk that's endemic to this environment, where loans can be made much more efficiently," said Alex Johnson, an analyst at Mercator Advisory Group. "Efficiency is great when it is used to make loans to people who need money in a hurry. But there's also a risk."
Syed Rizwan Farook and his wife, who were reportedly motivated by radical Islamic beliefs, used AR-15 assault rifles to kill 14 people and injure 21 more at a holiday party on Dec. 2. Both assailants were later killed in a shootout with police.
Citing an anonymous source, Bloomberg News reported that Farook claimed on his Prosper loan application that he planned to use the funds to consolidate debt. According to Fox News, he instead withdrew $10,000 in cash, and made three money transfers totaling at least $15,000, apparently to his mother.
Overall, borrower fraud is roughly two to four times more common in the online lending sphere than it is in the credit card business, according to data compiled by ID Analytics, which sells fraud-detection services to lenders.
There are several reasons why lending websites like Prosper have become magnets for fraudsters. Unlike traditional bank lending, the websites do not require loan applicants to meet anyone face to face.
"Any of the anonymous lending channels — be they mobile or desktop — are beacons for fraudsters," said Garient Evans, vice president of solution services at ID Analytics.
A recent survey by IDology found that 79% of senior executives at banks and in other industries believe fraud attempts are most prevalent through mobile and website applications. That compared to only 8% of executives who identified in-person channels as the top targets by fraudsters.
What's more, online marketplace lenders make bigger loans to new customers than credit card issuers do, which also makes them attractive targets. Prosper offers unsecured personal loans of up to $35,000.
And marketplace lenders strive to get cash in borrowers' hands more quickly than credit card companies do. That leaves less time for fraud checks, according to Evans.
Prosper spokeswoman Sarah Cain said that all loans originated through the firm's online platform are subject to identity verification and screening processes required by law, including anti-terrorism and anti-money-laundering laws.
"As part of our standard procedures, we also confirm that all funds are disbursed into a verified U.S. bank account in the borrower's name," Cain said in an email.
But ferreting out the type of fraud that was apparently perpetrated in the San Bernardino case is not typically a high priority for online lenders, according to Evans, of ID Analytics.
Regarding that kind of fraud, which involves borrowers lying about their plans for the loan proceeds, he said: "Most lenders would tell you they kind of don't care for credit underwriting purposes, as long as that person intends to pay."
He added that Farook and his wife "were going to die. They had no intention of paying. And I'm not clear that there's anything in the credit universe that picks up on that kind of signal."
When it comes to fraud detection, online lenders largely focus on verifying that borrowers are who they claim to be. That is because fraud losses are often the result of identity theft or the creation of a false identity.
Marketplace lenders such as Prosper, which do not take credit risk themselves, but rather sell the loans to investors, are particularly concerned about identity verification, according to Evans. He said that those firms typically have contractual obligations to reimburse investors for losses in cases of confirmed identity theft.
Last week's mass shooting has put firms that specialize in online financial services on the defensive, left to argue that the channel's speed and efficiency offer a net benefit for society, even if they can occasionally be exploited by bad actors.
"It would be a bad place if we got to a point where we're starting to question digital progress because of one incident," Alex Sion, president of the mobile banking app maker Moven, said Thursday during a panel discussion in New York.
Still, the San Bernardino attack could lead online lenders to start looking for new ways to determine whether a borrower has nefarious plans.
Michael Smith, an anti-fraud specialist at LexisNexis Risk Solutions, said that it is no longer enough for lenders just to verify borrowers' identities and check whether they are on the watch list maintained by the Treasury Department's Office of Foreign Assets Control.
"That's just an antiquated approach to the problem. They've got to look at the problem more holistically," he said.
Robert Barba contributed to this report.