A fundamental shift has occurred as a result of the massive unemployment benefits fraud that necessitates a different approach when evaluating phone and related data to prevent identity theft at onboarding.
When it comes to phone numbers, most financial institutions look to associate that the phone number supplied in the application has historically been tied to a consumer's name (i.e. 222-555-9999 has ties to John Brown if this phone number is used in an application for John Brown).
But, the stolen credentials used by criminals to successfully open DDA accounts to launder the billions of dollars in stolen unemployment benefits funds has created a tidal wave of erroneous data being furnished to the credit records of identity theft victims.
Simply matching the phone number on an application with that on the consumer’s credit report (or data derived from this report) is inadequate today.
Even when the phone-name match is present, financial institutions should evaluate the following conditions.
This approach will not only catch more identity theft, but generate more approvals.
All phone numbers look alike, but the risk associated with the carriers who issue phone numbers varies widely. Carriers that are highly correlated with fraud can provide a signal that the phone-name match is potentially fraudulent.
Measuring the incidence of fraud across every carrier for every phone number is the foundation, but few financial institutions establish this insight. It requires ongoing validation of the incidence and evaluation of new carriers over time.
Each carrier can then be ranked from highest incidence of fraud to lowest incidence of fraud. These calculations can be factored into risk models, and a dashboard that ranks carriers can be created to be used by Risk Ops teams during manual review.
It’s not uncommon for identity thieves to use the same phone number across many stolen identities at different financial institutions. At SentiLink we recently detected one phone number issued in Georgia between Oct and Dec 2020 that was on 58 distinct identities.
Upon further review, we found 45% of applications with stolen credentials include a phone number that has been tied to an unrelated consumer within the 120 days preceding the application versus 4.1% of general applications.
This tells us two things. One, the importance of including phone velocity metrics when assessing consumers at onboarding. And, two, when FI’s don’t get it right and allow a fraudster to open an account with stolen credentials, the fraudulent phone number on the application gets furnished to the bureau and is subsequently tied to the victim.
If those same credentials and phone number are used at a different lender to open an account, it will appear that the fraudulent phone number actually belongs to the ID theft victim. If this new lender simply matches the phone number on the application with the phone number at the bureau or places that derive data from the bureau, they will find a match and will not suspect fraud. The bureaus will eventually remove this once the account gets flagged for fraud, but it could take over a month or more for this to happen. And, many id theft victims never realize an account has been opened in their name.
We looked at a small subset of data to get a sense for this phenomenon. We analyzed credit header data from June through December 2020 and found nearly 200K consumers had a phone number on their credit report that was shared with nine or more unrelated people.
As such, measuring phone velocity provides a more comprehensive view of risk than the simple phone match.
Matching area code with address is common practice in evaluating fraud risk on incoming apps. Going a step further and comparing the area code with the current AND prior address history can yield a more complete picture of risk.
An application where the area code doesn’t match the current address isn’t necessarily fraud. One where the area code doesn’t match the current OR prior address is likely to be fraud.
Armed with additional insight on fraud rate by carrier, phone velocity and geography, it’s possible to catch fraudulent applications that may have formerly been approved, as well as increase approval rates. Some financial institutions incorporate this insight as a signal for their fraud models, while others direct specific applications through a different verification flow for further identity verification.
Max Blumenfeld is Co-founder and COO of SentiLink. Prior to SentiLink, Max led Risk Operations and Fraud Data Science at Affirm. Max holds a degree in mathematics and economics from the University of Chicago and was named to Forbes’ 30 Under 30 list in 2020.