managing fraud risk in o l - amazon s3 · default on a loan-party fraudsters have been target in...

Managing Fraud Risk in Online Lending A Mercator Advisory Group

8 Clock Tower Place,

phone:

www.mercatoradvisorygroup.com

© 2012

A Mercator Advisory Group

Managing Fraud Risk in Online LendingA Mercator Advisory Group

8 Clock Tower Place,

phone: 1(781) 419-


Mercator Advisory Group, Inc.

MANAGING

ONLINE

Mercator Advisory Group

Managing Fraud Risk in Online LendingA Mercator Advisory Group Executive Brief

8 Clock Tower Place, Suite 420 | Maynard, MA 01754

-1700 | e-mail:



ANAGING

NLINE L

Mercator Advisory Group

Managing Fraud Risk in Online Lending Executive Brief Sponsored by

Suite 420 | Maynard, MA 01754

mail: [email protected]


ANAGING FRAUD

LENDING

Mercator Advisory Group Executive Brief Sponsored by iovation

Sponsored by iovation

Suite 420 | Maynard, MA 01754

[email protected]

RAUD

ENDING

Executive Brief Sponsored by iovation

[email protected]

RAUD RISK IN


ISK IN


November

November 20121

2012


© 2012





Managing Fraud Risk in Online Lending Executive Brief Sponsored by Sponsored by iovation

2


© 2012



Table of Contents



Table of Contents

Risk Management in a Risky Business

Fraud Schemes Evolving

Device Identification as an Effective Fraud Deterrent

Case Study

Fraud Challenges

Solution Requirements

Results Using Device Reputation

Conclusion





Case Study ................................

Fraud Challenges ................................



Conclusion ................................



Fraud Schemes Evolving ................................


................................................................

................................

Solution Requirements ................................

Results Using Device Reputation ................................

................................................................

Risk Management in a Risky Business ................................

................................................................


................................

................................................................

................................................................

................................

................................

................................................................

................................

Device Identification as an Effective Fraud Deterrent ................................

................................................................

................................................................

................................

................................................................

................................................................

................................

................................................................

................................................................

................................................................

................................

................................................................

................................................................

................................................................

.............................................................

..................................................

................................

................................

................................................................

..........................................................

................................

................................

............................. 4

.................. 5

...................................... 5

...................................... 7

................................... 7

.......................... 7

........................................... 7

...................................... 7

3

4

5

5

7

7

7

7

7


© 2012




“It’s just about the riskiest type of loan you can make.” Such were the words of the Vice President of Risk

Strategies at one well

The short

and

short

Figure

Sources: Stephens Inc., Mercator Advisory Group

While credit risk

exposure for short

anonymity involved, i

the industry’s adoption of the internet as a major customer acquisition channel.

and other short

m





Strategies at one well

The short-term lending space, which in the last five years has expanded rapidly online, beyond the model of brick

and-mortar check cashing and payday lending locations, is indeed exposed to a great deal of risk. As the online

short-term lending industry has grown (Figure 1), so has its exposure

Figure 1: Online


While credit risk

exposure for short

anonymity involved, i


and other short-

mortar locations to the internet will continue

Bil

lio

ns

US

D




Strategies at one well-known online len

term lending space, which in the last five years has expanded rapidly online, beyond the model of brick

mortar check cashing and payday lending locations, is indeed exposed to a great deal of risk. As the online

ding industry has grown (Figure 1), so has its exposure

Online Short-Term Lending Volume 2007


While credit risk – the risk that a borrower will

exposure for short-term lenders has been a growing concern since the business has moved online.

anonymity involved, identity thieves and first


-term loan volume originated online

ortar locations to the internet will continue

$5.7

2006




known online lending business.




Term Lending Volume 2007

Sources: Stephens Inc., Mercator Advisory Group,

risk that a borrower will

term lenders has been a growing concern since the business has moved online.

dentity thieves and first


term loan volume originated online

ortar locations to the internet will continue

$6.7

2007

Online Short



ding business.




Term Lending Volume 2007–2011 (E)

, 2012

risk that a borrower will default on a loan


dentity thieves and first-party fraudsters have been target


term loan volume originated online in 2010

ortar locations to the internet will continue for the foreseeable

$7.1

2008

Online Short-Term Loan Volume





ding industry has grown (Figure 1), so has its exposure to fraud

2011 (E)

default on a loan – is remarkably high


party fraudsters have been target


in 2010, and the market share shift away from brick

foreseeable future.

$8.2

2009

Term Loan Volume




to fraud.

remarkably high in this industry


party fraudsters have been targeting online short

the industry’s adoption of the internet as a major customer acquisition channel. Roughly one quarter of payday

, and the market share shift away from brick

future.

$10.8

2010

Term Loan Volume




in this industry, fraud risk

term lenders has been a growing concern since the business has moved online. Due to the

ing online short-term lenders since

oughly one quarter of payday

, and the market share shift away from brick

$13.0

2011 (E)


term lending space, which in the last five years has expanded rapidly online, beyond the model of brick-


, fraud risk

Due to the

term lenders since

oughly one quarter of payday

, and the market share shift away from brick-and-

$13.0

2011 (E)

4

term lenders since


© 2012



Online lenders’ products are typically secured by the borrower’s future paychecks and the promise that funds will

be available in their checking accounts on a specific date. The l

reports and bank account validation services from so

but there are still those that try to game the system. Once the applicant has been approve

funds have been disbursed, the lender waits until the agreed upon date and debits the borrower’s bank account

via the Automated Clearing House to retrieve funds equal to the original loan amount plus interest.

comply with

demand deposit account

account number and whether the account is open,

funds will be accessible on the agreed upon date.

Fraud Schemes

It is during that period of time between disbursement and collection that a lender’s risk, if it wasn’t managed

adequate

successfully pass the underwriting test will simply take the money and run. By then, the lender has little choice but

to absorb the loss.

can routinely include

applications to a lender’s website

The manner of attacks aimed at lenders of all sorts (in credit card, HELOC,

achieved new levels of

able to leverage internet technology to automate a portion of the application process, so have fraudsters.

vulnerabilities have been identified, c

websites have

create t

hopes that some fraudulent loan application

Mobile devices have further complicated the issue, since many online lenders’ counter

upon the geolocation of an applicant’s Internet Protocol

this may wo

Schemes that involve several malevolent actors

equation.

Device

To augment the declining effectiveness of

have begun to implement functionality that reaches beyond the location of the user’s internet server

ex









comply with privacy laws,

demand deposit account



Fraud Schemes


adequately prior to loan origination, can quickly become realized as a fraud loss. Fraudsters whose applications


to absorb the loss.

can routinely include



achieved new levels of



websites have been exploited by organized criminals

create the potential for extremely high




this may work when tracking PCs, t


equation.

Device Identification



example, the use of proxy servers to mask a fraudster’s true location








privacy laws, the debit bureaus are prevented from validating

demand deposit account, and/





ly prior to loan origination, can quickly become realized as a fraud loss. Fraudsters whose applications


to absorb the loss. To exploit

can routinely include whole teams



achieved new levels of ingenuity



been exploited by organized criminals

he potential for extremely high




rk when tracking PCs, t


Identification



he use of proxy servers to mask a fraudster’s true location








the debit bureaus are prevented from validating

and/or whether or not funds are available in it. Since these services



Evolving




this weakness, fraud against short

whole teams of participants in multiple locations with multiple devices submitting loan

applications to a lender’s website, and then coordinating effo


ingenuity, too, as customer acquisition has moved to the Web. Just as le


vulnerabilities have been identified, computing scripts that enable automated application submission on lenders’

been exploited by organized criminals

he potential for extremely high-velocity attacks that seek to overwhelm underwriters with sheer volume in




rk when tracking PCs, tablets and smartphones


Identification as an Effective Fraud Deterrent

To augment the declining effectiveness of common tools in anti





reports and bank account validation services from so-called “debit bureaus” such as Early Warning Services or FIS,





or whether or not funds are available in it. Since these services

account number and whether the account is open, the lender is essentially taking the word of the borrower that





this weakness, fraud against short

of participants in multiple locations with multiple devices submitting loan

and then coordinating effo


, too, as customer acquisition has moved to the Web. Just as le


omputing scripts that enable automated application submission on lenders’

been exploited by organized criminals with reams of s

velocity attacks that seek to overwhelm underwriters with sheer volume in

hopes that some fraudulent loan applications get approved.


upon the geolocation of an applicant’s Internet Protocol (IP)

ablets and smartphones

Schemes that involve several malevolent actors can introduce additional complexity as more devices enter the

as an Effective Fraud Deterrent

common tools in anti




be available in their checking accounts on a specific date. The lender also screens applicants using credit bureau

called “debit bureaus” such as Early Warning Services or FIS,






the lender is essentially taking the word of the borrower that




this weakness, fraud against short-term lenders has


and then coordinating efforts once vulnerabilities have been determined





with reams of stolen or synthetic identities.


s get approved.


(IP) address to stop submissions from risky locales.

ablets and smartphones can help fraudsters to effectively hide their locations.

can introduce additional complexity as more devices enter the


common tools in anti-fraud solutions, such as


he use of proxy servers to mask a fraudster’s true location was the inspiration for the deployment of


ender also screens applicants using credit bureau





the debit bureaus are prevented from validating either the name associated with a






term lenders has become


rts once vulnerabilities have been determined

The manner of attacks aimed at lenders of all sorts (in credit card, HELOC, and others, not only short




tolen or synthetic identities.



to stop submissions from risky locales.

help fraudsters to effectively hide their locations.



fraud solutions, such as


was the inspiration for the deployment of




but there are still those that try to game the system. Once the applicant has been approved for a loan and the



the name associated with a

or whether or not funds are available in it. Since these services only confirm the





become organized.


rts once vulnerabilities have been determined

, not only short

, too, as customer acquisition has moved to the Web. Just as lenders have been



tolen or synthetic identities. Such exploits


Mobile devices have further complicated the issue, since many online lenders’ counter-fraud tactics

to stop submissions from risky locales.



fraud solutions, such as IP geolocation






d for a loan and the


In order to

the name associated with a

only confirm the





organized. Fraud rings


rts once vulnerabilities have been determined.

, not only short-term) has

nders have been

able to leverage internet technology to automate a portion of the application process, so have fraudsters. Once


Such exploits


fraud tactics have hinged

to stop submissions from risky locales. While



IP geolocation, lenders

have begun to implement functionality that reaches beyond the location of the user’s internet server. As an


5




While


© 2012



proxy piercing services such as iovation’s Real IP service. New generation device identification solutions take fraud

detection a step further by

device

operating system,

internet server.

Device identity and reputation

identity of the device that is involved in an online interaction, an

interactions themselves,

Then

involvement in fraud

iovation

customers of the vendo

between

In another example of how

a lender may track the velocity of web interactions on its site coming from unique

loan applications from potential borrowers using multiple identities.

to modify business rules to adapt to fraud schemes as they evolve

Other members of the online lending ecosystem

identification technology,

partner with short

identification

account

protect against lost revenue resulting from fraud as well as present more value to lending partners.




detection a step further by

device’s interaction with

operating system,

internet server.



interactions themselves,

Then, if the device

involvement in fraud

ovation, for example,

customers of the vendo

between customers across a wide range of industries

In another example of how





identification technology,

partner with short

identification as contractual obligations have arisen to allow lenders to share fraud los

account that has




detection a step further by both understanding the globally unique identity of a device and by

’s interaction with the lenders’ site.

operating system, IP address,



interactions themselves, a matrix of associations can be revealed that would otherwise remain hidden to analysis.

, if the device (or any device that it is related to in the association matrix)

involvement in fraud or abusive behaviors

, for example, maintains a unique shared database that is

customers of the vendor’s device

customers across a wide range of industries

In another example of how device identity and reputation can be valu





identification technology, such as

partner with short-term lenders

as contractual obligations have arisen to allow lenders to share fraud los

that has gone bad. Ensuring that leads represent solid, low




both understanding the globally unique identity of a device and by

the lenders’ site. This

IP address, default language, web br

Device identity and reputation is useful for fraud prevention in


a matrix of associations can be revealed that would otherwise remain hidden to analysis.

(or any device that it is related to in the association matrix)

or abusive behaviors, the

maintains a unique shared database that is

r’s device reputation

customers across a wide range of industries

device identity and reputation can be valu





such as marketing partners that fi

term lenders, credit card issuers, and other types of firms


bad. Ensuring that leads represent solid, low




This process includes analysis of

default language, web browser, and the time differential between the device and the

fraud prevention in




the lender can make immediate decisions on that information

maintains a unique shared database that is

reputation services. The database

customers across a wide range of industries using a secure online forum and social platform

device identity and reputation can be valu




Other members of the online lending ecosystem have also

marketing partners that fi

, credit card issuers, and other types of firms


bad. Ensuring that leads represent solid, low




includes analysis of

owser, and the time differential between the device and the

fraud prevention in multiple

identity of the device that is involved in an online interaction, and also understanding commonalities between the



can make immediate decisions on that information

maintains a unique shared database that is at the core of its service and is

The database exposes fraud and abuse that is shared

using a secure online forum and social platform

device identity and reputation can be valuable to the online fraud prevention process


loan applications from potential borrowers using multiple identities. iovation’s

to modify business rules to adapt to fraud schemes as they evolve.

also found success in combating fraud by using device

marketing partners that filter leads for lenders. Online marketing firms that

, credit card issuers, and other types of firms


bad. Ensuring that leads represent solid, low-risk prospects, marketing firms can both




includes analysis of attributes such as the device’s


multiple ways. By understanding the unique

understanding commonalities between the


(or any device that it is related to in the association matrix) has a previ


at the core of its service and is

exposes fraud and abuse that is shared


able to the online fraud prevention process

a lender may track the velocity of web interactions on its site coming from unique and related

iovation’s tools, as an

found success in combating fraud by using device

lter leads for lenders. Online marketing firms that

, credit card issuers, and other types of firms have become active users of device


risk prospects, marketing firms can both



both understanding the globally unique identity of a device and by looking

attributes such as the device’s


By understanding the unique



has a previous history of


at the core of its service and is accessible to



able to the online fraud prevention process

and related devices and decline

, as an example,



have become active users of device

as contractual obligations have arisen to allow lenders to share fraud losses with the originator of an




looking at the entire

attributes such as the device’s


By understanding the unique



ous history of

can make immediate decisions on that information.

accessible to


using a secure online forum and social platform.

able to the online fraud prevention process,

devices and decline

example, allow lenders



have become active users of device

e originator of an


6


at the entire




,

devices and decline

allow lenders

e originator of an


© 2012



Case Study

A

device reputation technology, s

Fraud Challenges

Fraud rings

Internal fraud tools were unable to stop sophisticated fraud initiated by various devices

and tablets

review queues for fraud analysts

processes


The lender needed r

loan products, and

by drilling down into fraud ring activity details

threats

Results Using Device

Wit

was presently active

using

other

Conclusion

Online lenders are in need of robust and cost

that have not already implemented them will likely experience greater losses as fraudsters migrate to the path of

least resistance.

short

credit product.

lenders should strongly consider incorporating



Case Study

A leading developer of next generation financial solutions prevents sophisticated loan fraud by utilizing


Fraud Challenges

Fraud rings targeted the lender,


and tablets. The inability to identify, investigate


processes.


The lender needed r

loan products, and


threats.

Results Using Device

Within twenty minutes of implementing iovation’s ReputationManager 360

was presently active

using comprehensive

other more pressing

Conclusion



least resistance.

short-term lending businesses, and in any instance when the Web is used as a customer acquisition channel for a

credit product.



Case Study

leading developer of next generation financial solutions prevents sophisticated loan fraud by utilizing


Fraud Challenges

targeted the lender,


The inability to identify, investigate



The lender needed real-time fraud detection that

loan products, and that reduce



minutes of implementing iovation’s ReputationManager 360

was presently active on its web

comprehensive device reputation tools

more pressing priorities

Conclusion



least resistance. Mercator Advisory Group recommends a layered approach to fraud risk management in online

nding businesses, and in any instance when the Web is used as a customer acquisition channel for a

credit product. Given the recent successes that device identification




device reputation technology, saving the firm $5M a

targeted the lender, daily creating hundreds of new


The inability to identify, investigate

review queues for fraud analysts on a daily basis, which negatively impacted the lender’s risk management


time fraud detection that

reduced manual review queues


Reputation


its website. The firm is n

reputation tools

priorities.



Mercator Advisory Group recommends a layered approach to fraud risk management in online


Given the recent successes that device identification



ing the firm $5M annually

creating hundreds of new


The inability to identify, investigate, and stop fraud activities in real

on a daily basis, which negatively impacted the lender’s risk management

time fraud detection that could handle

manual review queues. Analysts

by drilling down into fraud ring activity details, and to set up and adjust business rules on the fly to react to new


The firm is now saving $5 million in annual losses with early fraud detection

reputation tools. Real-time monitoring allows

Online lenders are in need of robust and cost-effective risk mitigation and fraud prevention




Given the recent successes that device identification

lenders should strongly consider incorporating this functionality into existing fraud prevention processes


nnually.

creating hundreds of new accounts with stolen


and stop fraud activities in real


could handle information

Analysts needed to

et up and adjust business rules on the fly to react to new


ow saving $5 million in annual losses with early fraud detection

time monitoring allows

effective risk mitigation and fraud prevention




Given the recent successes that device identification and reputation

this functionality into existing fraud prevention processes


accounts with stolen or synthetic


and stop fraud activities in real-time re


information from multiple bra

needed to be able to p


minutes of implementing iovation’s ReputationManager 360, the lender


time monitoring allows the firm’s fraud analysts to focus on

effective risk mitigation and fraud prevention




and reputation solutions have attained,



or synthetic identities

Internal fraud tools were unable to stop sophisticated fraud initiated by various devices, including smart phones

time resulted in extremely large


multiple brands, websites and

be able to perform forensic analysis


the lender stopped a fraud ring


fraud analysts to focus on

effective risk mitigation and fraud prevention solutions, and those




solutions have attained,


leading developer of next generation financial solutions prevents sophisticated loan fraud by utilizing iovation’s

identities.

including smart phones

sulted in extremely large


nds, websites and

erform forensic analysis


stopped a fraud ring that


fraud analysts to focus on

solutions, and those




solutions have attained,

this functionality into existing fraud prevention processes.

7


© 2012



Copyright Notice

External publication terms for Mercator Advisory Group information and data:

information that is to be used in advertising, press releases, or p

approval from the appropriate Mercator Advisory Group research director. A draft of the proposed document

should accompany any such request. Mercator Advisory Group reserves the right to deny approval of external

usage for any reason.

Copyright 201



Copyright Notice






Copyright 2012, Mercator Advisory Group, Inc. Reproduction without written permission is completely forbidden.


Copyright Notice






, Mercator Advisory Group, Inc. Reproduction without written permission is completely forbidden.













information that is to be used in advertising, press releases, or promotional materials requires prior written




External publication terms for Mercator Advisory Group information and data: Any Mercator Advisory Group

romotional materials requires prior written




Any Mercator Advisory Group





Any Mercator Advisory Group





8

managing fraud risk in o l - amazon s3 · default on a loan-party fraudsters have been target in...

Documents