In the Loop: New Models for Fraud Prevention Part 1

Four fintech leaders discuss key issues in addressing financial fraud

PART I

Welcome to this recap of the Ocrolus virtual roundtable discussion on financial fraud and fraud prevention. Ocrolus’ Head of Analytics David Snitkof leads a lively discussion with Nicole Hill, Head of Consumer Bank & Shared Services Risk Oversight with Citizens Bank, Naftali Harris, co-founder and CEO of Sentilink, and Kyle Mack, CEO and co-founder of Middesk. This week we’re presenting part one of their conversation. Part 2 will be posted next week.

David Snitkof:

There’s so much happening in the world of financial technology, but one thing is constant, if you’re in the business of money, there will always be someone trying to steal it. Identifying and preventing fraud is a key need for any financial institution, and while the problem has long been present, the means of execution are changing rapidly. There are new products, new technologies and economic circumstances, which all affect the nature of fraud. The fraudsters are constantly innovating and those providing financial services can not afford to sit still.

I’m joined by three incredibly knowledgeable people with a lot of interesting things to say on the topic and looking forward to a great conversation. So I’d love for each of the three of you to introduce yourselves. Perhaps we can start with Nicole.

Nicole Hill:

Thank you David, I’m Nicole Hill, Head of Consumer Bank & Shared Services Risk Oversight at Citizens Bank. Have roughly about 20 years of risk management experience specifically in the FinTech space, as well as in the financial service space.  Really excited to join the webinar. It’s been a year of learning, a year of growing, as well as the year of identifying new techniques that the fraudster continues to keep all of us up at night. 

David Snitkof:

Great. Thanks Nicole. Naftali, how about you?

Naftali Harris:

Yeah. Hi everyone. I’m Naftali Harris, co-founder and CEO of SentiLink and, like Nicole, I’m delighted to be here with the Ocrolus team, just a real pleasure to be on and talking with some extremely knowledgeable people. My company, SentiLink, prevents fraud for banks, lenders, and other financial institutions. We focus in particular on first party fraud and especially on synthetic fraud where someone creates a fake person, uses that fake person to open up an account to steal funds or launder money, in many cases we’ve even seen them doing that same thing for businesses. So, delighted to be here and really excited for our conversation today.

David Snitkof:

Thanks, and Kyle, great to have you here too as well.

Kyle Mack:

Yeah. Thank you for the opportunity to get to chat with you all. My name is Kyle Mack, I’m the CEO and co-founder of a company called Middesk. We build data products to help financial service companies verify the legitimacy of their customers. So very focused on all of the commercial applications for data, mainly our clients are using the products today to open deposit accounts and to underwrite small business loans.

David Snitkof:

All right. So, fraud is in the shadows and so naturally people don’t necessarily have a great sense of how much fraud is out there and what types of fraud, and sometimes you talk to a lender and they’ll say, “Well, we don’t really have any fraud or we don’t have much fraud.” And you think, “Well really?” Assuming people are saying that sincerely, why do they have that impression? Nicole, what do you think?

Nicole Hill:

Great question, David. So today with the type of fraud that occurs and Naftali can definitely speak to this, first party fraud has been eye-opening across not only financial services, but FinTech. And I think it just takes more collaboration on behalf of not only analytics, but also with risk partners, and fraud partners, and then really saying, “Let’s evaluate at the bottom of the funnel.” And what I mean by the bottom of the funnel is what’s not being paid from a collection strategy standpoint. And how can we start learning those opportunities by bringing in great partners like SentiLink to be able to screen scrape or scrap some of the things that we’re seeing in financial services and FinTech.

Nicole Hill:

So when you don’t see it and it ends up in the incorrect GL, or it’s in a collection loss GL, then you start to wonder why is that number in those buckets growing? 

Naftali Harris:

One of the real challenges I think, especially with some of the more modern and sophisticated forms of fraud, is that unlike traditional identity theft, the new kinds of fraud don’t smack you in the face and say, “Hey, you have fraud.” I think they are a lot more subtle. If you look at synthetic fraud in particular, this is a case where you have someone that has invented a fake person and that fake doesn’t actually exist.  And so, when they open up an account, borrow money, and then don’t repay it, there’s no consumer victim that’s going to come to you and say, “I was the victim of identity theft. Please, close this down and stop lending to someone that isn’t actually me.” What ends up happening is it charges off and you try to collect on it and you can’t and if you don’t know what you’re looking for, then you’ll look at your fraud bucket and you’ll say, “I don’t have any fraud,” but of course you do. And it’s just in a different loss category.

Naftali Harris:

And I think, especially now as fraudsters have gotten more sophisticated, a lot of those tactics fall in that same category. I look at things like credit washing where people maliciously dispute trade lines off their credit reports, if you misstate your income, many kinds of first party fraud have that same characteristic where it doesn’t just show up and announce, “Hi, fraud is here.” And instead, it is a lot more subtle.

Kyle Mack:

I have to echo the points that Naftali made around fraud becoming subtle. We see this data from the commercial use case and one of the challenges I think on the commercial side is, the government is the steward of commercial data. They are the public record. And so a lot of the information around businesses is, in many cases, public. And then even more complex is that there’s actually a number of opportunities for commercial data to actually be edited directly at the government source by people who don’t own the information.

When we’re talking about commercial applications, maybe as a three-sided problem of the applicant of an account and the business entity, and then trying to find a relationship between the two. It actually is fairly easy to build the relationship between an individual, whether that’s a real person or a fake identity and a business in the case that the commercial entity is actually a legitimate company.

David Snitkof:

Are there fraud patterns and techniques that we’ve seen emerge recently that have only really taken place over the past couple of years?

Naftali Harris:

We’ve certainly seen some really interesting new forms of fraud, some of which are just so clever you have to ask yourself, “How did they even come up with this?” Like one, I just know this pretty funny example of this is, we’ve seen something that we’re calling same name fraud, it’s this phenomenon where, for typical identity thefts, I would go find a data breach and I would steal everyone’s identity. So for example, suppose I stole Nicole’s identity, well, one of the challenges I have stealing Nicole identity is, when I get asked for a driver’s license or something like that, I’ll have to create a fake driver’s license that has Nicole’s name on it, and date of birth, and yes, it’s possible to create fake driver’s licenses in some cases, ones that are pretty good, but it is challenging.

And so what we’ve seen instead with this same name fraud is, somebody whose actual name is John Smith will go and steal the identity of everybody else whose name is John Smith. And you’ll be able to use a real driver’s license and it ends up manifesting itself in the data in a pretty interesting way. Or you end up with a whole bunch of people whose name is John Smith that all apply at the same time and all use the same address, and you’re like, “What is John Smith from Vermont doing, applying the same day as John Smith from… Did we advertise it at John Smith convention or something like that?” 

Kyle Mack:

You always have to sympathize with the person whose name is truly John Smith.

Naftali Harris:

I know, I know. If there’s any John Smith on the call today, I apologize. I wasn’t talking about you in particular.

David Snitkof:

It’s good to have a fraud-proof unique name.  On another topic, one thing we’re very good at in the United States is structuring. We know we’ll structure anything that can be structured and securitize anything that can be securitized.  The question is, how much do we value the privacy of private enterprise? And there’s some value there to let people have freedom of association and be able to register and be able to have a shell and not necessarily share with the entire public how that stuff is structured. Although, there’s some value of sharing it with someone just in a way that, if you’re applying for a financial service of some kind, you can verify the identity of that person and just keep people safe. And I think it’s a fine line that our country certainly hasn’t figured out, it’s certainly possible that others have.

Naftali Harris:

Yeah. And I think David, to that point, I think one of the subtexts there, which I think all of us would agree with, is that the government, from federal to states, even down to municipal, can be a really strong partner for identity verification. One example I’ll point to was this new program actually created by the Social Security Administration called eCBSV, which is a mouthful, but it stands for Electronic Consent Based SSN Verification, I guess the acronym is not important, but the long and the short of it is, for the first time ever, you can actually open up an API that allows you to verify whether a name, date of birth and some combination is actually true. The first time ever, you can really do this at scale.

I think from a business perspective, the data is more fragmented, more difficult, just harder in general, the problem with consumers, but we’re hoping that legislation will pass as well and that things will improve on the business side.

David Snitkof:

Yeah, that’s really interesting. Kyle, could you explain a little bit about what that commercial data landscape looks like?

Kyle Mack:

Oh yeah. I think fragmented is a great word for it. So, to broadly paint the picture of entity types as a starting point, sole proprietorship versus LLCs and corporations, and we could get even more granular, but there’s a different answer to that question for each of those slices. When you’re talking about a sole proprietorship, we’re really walking a very fine line between just a person and a person who maybe has gone a little bit further to reserve a name for their entity.

I could be Kyle’s water bottle company, and that data may be stored at a city-level, County-level or a state-level, depending on where we’re talking about. In terms of being a more registered entity, we’re talking about LLCs and corporations, okay, we’re now talking at a state-level, all of these entities might have tax IDs which are going to be managed at a federal-level, however, there’s no real relationship between the federal tax ID and any of the state, city or County level corporate registration records.

So, it is extremely fragmented. Another challenge that exists in the world of commercial data, is the creation of a lot of these records. There are middleman companies, there’s an entire industry of these, what are called registered agent services, which actually are the middleman between the government and the business entity. And one of the roles they play is masking the information of the business owner. So you might pull the corporate records for a business entity, and actually when you look at the address for the business, it’s not their address at all. It’s the address of a third-party company they had to use who’s based in Delaware, but the company is in Florida.

When we started Middesk, I remember it took Lexis a year to have any information on our company. Not because it doesn’t exist just because of the cadence that that data is made available for these services. So when you’re thinking about being a bank and you’re onboarding a business who’s three months old, data might exist somewhere, but it’s actually not available through the third party companies that most folks use.

So, this has been the thesis around our business from the beginning, which is the world of consumer data is not perfect. There are still plenty of problems with it. But it’s made a lot of progress. The world of commercial data is way behind. And so we’re really trying to take this same lengths of trying to build this reliable, trusted data asset of all the commercial data that exists today in the U.S. But it’s fragmented, is a great word for it, to put it shortly.

David Snitkof:

Given that incredible complexity of fragmentation, Nicole, how does a lender balance the need to do all of that thorough diligence with actual process efficiency and even just avoiding false positives.

Nicole Hill:

And so, Kyle, it’s great that you just mentioned the complexity around the fragmented way of identifying real intelligence, to be able to know a commercial business with the beneficial owners and just with my experience and working with the company at Citizens, beneficial owners and reviewing commercial data today, we are heavily in a manual view to make sure we’re capturing the right beneficial owners. We understand the structure of the business, of course, we can get to your point like DNB information, but it’s all about timing.

And so we have a fiduciary responsibility as a financial institution to make sure that we know who our business owners are, to make sure that they’re onboarding appropriately, making sure that the beneficial owners are real individuals. And today we may have limited insight to that which will result in auto uploading of documentation to support that they are a valid business, versus going to where you’re mentioning, which is a real time source system that can help us speed up the onboarding of a net new business owner that actually is a legitimate one and be able to get them in the door.

And so, that convoluted way of what you mentioned, it actually creates a little bit of friction for an actual new business owner that says, “I just want to open up a bank account, or apply for a loan,” but we’re asking for so many checks and balances because we can’t get the information readily at our fingertips.

Naftali Harris:

I think, that it’s something that so many of us forget, which is really the flip side of a fraud. I think there’s this interesting phenomenon, especially in FinTechs, when, if you look at any FinTech that has a really amazing slim down application process, and TechCrunch writes about it and they say, “Oh, wow, what an amazing application flow. They must have a great product team.” I always say, “No. They have a great risk team.” The reason you can do that is because you have the analytics and the risk that you can actually support that.

And so, we forget that… We think about, “Hey, let’s stop the bad guys from stealing funds.” But the flip side of this is, if you can do a great job of that, you can make an incredible experience for your customers. You’re going to open the door to new segments, in many cases, underserved populations that you wouldn’t otherwise be able to access and that’s so important, and it’s such a critical thing that always have to do.

Kyle Mack:

Yeah. I mean, I love this idea of how to make trust scalable, and really the thing you’re talking about, is the businesses who have figured out how to do that to a certain extent. And I totally agree that, there’s always the flip side of the coin. Most businesses are good and they’re excited to get a bank account and to pay an employee and to have a credit card, to be able to go and buy stuff for their business and trying to figure out ways of making that easier for those individuals is core to everything that we’re doing. 

If you’re interested in learning more about how Ocrolus can help you with fraud detection and prevention, start your free trial now.