Fraud in the private sector

While much attention over recent years has focused on combating fraud at the point of application, less has been placed on looking for fraud within an organisation’s open book. While efforts have quite rightly been focused on keeping the enemy from the gates, there is a significant threat posed by those that are already inside the castle.

Put into context, Experian analysis of live data across a range of organisations indicates that, on average, around two percent of accounts in a portfolio show signs of suspicious activity and warrant further investigation. There are potentially millions of open accounts with UK financial institutions that could expose the organisations to significant financial loss.

There are many reasons why a financial institution should monitor for signs of fraud in its open account book. The first and perhaps most pressing is the threat of sleeper / bust-out fraud, a growing area of concern for the industry.

Frauds of this type usually involve an organised fraudster who may start by opening a new savings or current account. Over a period of time, typically two years, the fraudster will operate the account in the manner of a good customer, in order to build a good credit history with the organisation. Typically, customers of this nature will be attractive prospects for the organisation’s credit products and they may well be offered pre-approved credit facilities and generous credit payment terms.

At a point in time, the fraudster will suddenly increase their spending and acquire additional credit facilities, which they will then max out, and they will most likely withdraw all funds from the original accounts. They will also use all stockpiled cheques. Often this is the last activity the organisation might see.

Figure 12, which is based on Experian analysis of bust-out frauds in the US, demonstrates how bust-out occurs over time and shows some of the attributes that are correlated to bust-out behaviour. It also shows how these attributes change significantly right before the bust-out behaviour occurs.

Within the retail banking environment, sleeper / bust-out fraud involves a deliberate manipulation of current account behaviour. The fraudster simulates normal banking activities in order to inflate credit scores and in turn, fool credit systems and behavioural scores into granting additional lending.

The identification of sleeper / bust-out is difficult for many organisations; however, there are often signs indicating that an account may be suspicious, if the organisation is looking for them. Organised fraudsters will often run multiple scams at the same time, which provides an opportunity for organisations that share data on these matters to alert, or possibly be alerted by, its peers.

This was a threat that relatively few organisations had actually anticipated, and, as such, these facilities have historically not had the same level of checks as credit accounts.

Fraud data compiled around the point of application does not tell the full story in this area; however, it is potentially indicative of a shift towards more sleeper / bust-out fraud. Experian has witnessed a doubling of fraudulent current account applications since 2006 (Figure 13), with an increasing proportion being spotted post-application. Experian is seeing many more organisations looking to boost their defences in this area.

A second threat comes from first-party fraud. As previously mentioned, increasing numbers of consumers are inclined to ‘go bad’ when the economy takes a turn for the worse. Individuals who passed all checks when they first became a customer of an organisation may well have been honest at that point in time, however, if they later turned to fraud, the organisation would not have a clue. The use of shared data can help greatly. Should an individual try at first-party fraud against one bank, sharing that information with other organisations would limit their exposure and vice versa.

A third reason for monitoring for signs of fraud in the open account base is to satisfy anti-money laundering and anti-terrorist financing obligations. Organisations that take money on deposit are obliged to confirm the identity of potential customers in order to ensure that they are not unwittingly hiding a trail of ill gotten gains, or acting as a conduit for putting money in the hands of terrorists. Establishing a customer’s true identity at the point of application is absolutely vital. It is also good practice to ensure that regular checks are done to spot cases where new information becomes available, such as when an address or telephone number is flagged as being potentially suspicious by other organisations.

Finally, organised fraudsters are increasingly seeking to take over existing credit facilities to circumvent checks at the point of application. Organisations should not be reliant on their customers to spot unexplained items on their credit card or bank account statement – particularly in these days of paperless billing – and should be on the lookout for suspicious activity that suggests account takeover may have taken place. This includes the use of common addresses as takeover hubs, use of common contact details and sudden changes in account use behaviour.

With account takeover on the increase and millions of accounts showing signs of suspicious activity, the industry should ensure that it is focused on addressing the potential ticking time bomb within the open account base.

It is as vital to monitor for signs of fraud in deposit-taking accounts as it is for credit accounts, and in the open account base as it is at the point of application. By sharing data as widely as possible on a regular basis, organisations can ensure their records are up to date and that any potentially fraudulent accounts are flagged as soon as possible.