Loading...

Fraud. When is frictionless not frictionless in a loan application?


In the race to attract new customers and lending opportunities, consumer credit firms are increasingly attracted to the solution of a frictionless journey. The journey is now expected to allow potential customers to apply, then quickly obtain funds or services without delay.

Technology, access to real-time API’s (Application Programme Interface),  data for credit bureau, fraud, scoring, e-identity, biometric and document validation are all available, so that lenders can ensure that they are not dealing with a fraudster, ensuring appropriate affordability and credit risk decisions.

Pre-qualification or soft searches can also be used to attract potential customers. Soft searches allow the applicant to make an initial check without leaving a credit footprint, giving an indication of the likeliness they may be accepted for credit.

These elements have sped up the application journey. However, there is often a tension between the product risk, applicant risk and availability of goods, services or cash. If the products and services proposed are not offered with instant access when the applicant moves through the journey, there is an increased chance of dissatisfaction and some may walk away.

Let’s have a look at a ‘traditional’ lending journey where it can offer a real-time, instant decision and pay-out within 24 hours of decision.

  1. Initial application data is entered by the applicant.
  2. Validation, pre-qualification and initial fraud checks are conducted by the lender. This could include device or behavioural fraud checks or matches to sets of fraud information.
  3. Credit bureau/affordability and/or existing customer behaviour are taken into consideration by the lender. These provide verification of an identity and high risk alerts of potential fraudulent activity.
  4. Bank account details are validated and verified by the lender.
  5. Detailed fraud checks are conducted including matching to previous applications, consortium matching (CIFAS as an example) and other fraud techniques such as social network analysis, machine learning and cluster analysis.
  6. The application is approved, and accepted. The customer is verified and authenticated.
  7. Peps/Sanctions/watch list and other regulatory screening is completed.
  8. The loan is released into the customer’s bank account within 24 hours.

Any of these steps could cause an applicant to be referred, therefore impacting the journey and possibly causing friction. If you take this same scenario with the need to deliver instant funds to the applicant, the journey doesn’t change. What changes is the time available to investigate, match and clear referrals.

Leaving the customer waiting means the fraud and regulatory screening referral decision can be taken offline. In this journey, there can be less friction to the end customer (apart from the final pay-out) because the decision to refer is taken outside of the journey. The customer never knows that they were referred for detailed fraud checks and you have time to manage this appropriately.

When funds are paid out immediately each element of the journey is essential to control risk. Each of the identity and fraud services need to be heavily optimised to reduce the referral rate. Whilst, at the same time, maintaining the effectiveness and core principles of the solution used to facilitate them.

Typically, each identity and fraud solution is optimised independent of the other, particularly when there are different technologies or third party providers involved. Compromises may need to be taken. For instance, only referring on high risk events that uses strong rules as a measure. Equally, implementing a ‘less-fuzzy’ matching approach for sanctions in order to reduce the potential number of matches that would require further investigation.

How to satisfy customers and manage risk

The alternative is a consolidated approach. Here you would use blended strategies or scores, which uses the results of each tool and the combination of services. Each set of data returned would be combined, giving you a multi-layered, agile platform to work from.

Potentially the incorporation of machine learning and artificial intelligence (AI) would also help (albeit not replace) this process – whether automating a referral rate or providing new referrals.

Note: Care needs to be taken in AI/machine learning and new general purpose data regulations. Particularly in the areas around consent, use of purely automated decisioning and the rights of individuals to not be subject to these. Also, potential issues on discrimination and fairness.

These could provide you with an appropriate balance of risk versus drop-out. In addition, automated referral tools could also be involved, such as interactive knowledge based authentication to allow the applicant to remain in control of their journey.

This is only one set of scenarios – there are many variables in the application journey which could also include:

  • When to call for data and decisions (and informing the applicant of the decision) – is it necessary for a large call or in separate, incremental steps?
  • The product and applicant risk – should the same level of checks be made for a small value product or loan versus a high value product?
  • Post application activity, for example, an instant access credit card (such as a card that joined to third party services such as apple pay) could be granted with a small credit limit until the physical card is provided and credit limit is then adjusted.

How digital identities change this journey

That’s now. What of the future? The Evolution of Identity whitepaper by Nick Mothershaw highlights the increasing creation and use of digital identities.

Where these are used can help you to make it entirely frictionless. How? By ensuring that the applicant is truly trusted, is fraud free and not subject to sanctions. But this relies on the identity provider maintaining levels of assurance outside of the application process.

Fraud controls and contra indicator checks are re-done at the point of logon to determine if there is any new risk associated with the digital ID. If so, these can be referred to the lender for assessment.

Let’s look at this journey again with a digital identity looking for a real-time, instant decision and pay-out within five minutes of decision.

  1. The customer shares their application details using a security token that confirms their identity and personal details.
  2. Validation of the customer, pre-qualification and initial fraud checks are completed by the lender.
  3. Credit bureau/affordability and/or existing customer behaviour checks are completed by the lender.
  4. E-identity and Bureau Fraud Model checks. This is no longer required in the case of identity theft, but may still be required in the case of unusual activity / anomaly checks
  5. The application is approved, and accepted. The customer is verified and authenticated.
  6. Detailed fraud checks. No longer needed as completed within the digital identity submission
  7. Peps/Sanctions/Watch list screening – In this scenario the indication that the subject has a match to watch lists could be part of the digital identity

Scenario 3 presents some ideas around future process with a core theme that a trusted identity, i.e. one that has already been validated by an identity provider, does not need the same level of identity and fraud checks as a non-trusted identity. Even when a non-trusted identity is used, if a trusted identity exists for that individual then that could also flag a potential impersonation attempt.

This creates a streamlined customer experience but is also likely to create a shift in fraud attempts to obtain the ‘key’ to unlock the streamlined process. If trusted identities become the norm, then this will increase the number of attacks on individuals, their networks and devices in order to obtain these tokens. As such, the process needs to ensure tokens presented are also from known and trusted devices.

New technology and data are changing the way applications can be processed with the right level of customer protection and risk management, while delivering the service expected. Digital identities offer another piece of the puzzle to protect customers and businesses. The challenge for organisations is to create the framework that allows them to be used, and optimised, as part of a multi-layered fraud strategy.

This article is about: APIs, lending