Document fraud detection and prevention

 
Featured Image

 

Fighting fraud is complex. Who is committing document fraud, the techniques being used to produce the fakes, the type of document, even the type of person or firm a fraudster is targeting are all variables that an anti-fraud plan must account for. Luckily, there's an equally broad array of fraud detection and prevention techniques available to companies today. When implemented properly and used in conjunction with one another, these methods can comprehensively detect fraud and make your service a much less appealing target to fraudsters in the first place.

Summary

    Conduct a fraud risk assessment

    Step one, before actually putting any fraud detection measures in place, is to develop a clear view of the specific challenges your company is currently facing and/or the risks your company expects to face as you grow. Usually this involves bringing together internal experts and stakeholders knowledgeable about how your product works, regional regulations, and how fraudsters think—people like product managers, compliance officers, the head of risk, MLROs, and even external anti-fraud specialists who have a comprehensive understanding of all aspects of document fraud. Together this brain trust should be able to identify potential vulnerabilities throughout your current systems and processes as well as your company's risk tolerance at the moment.

    It's important to note that, while it's vital to conduct a fraud risk assessment early on in the process of establishing your fintech or creating your product, effective fraud risk management also requires follow-up assessments on a regular basis. Fraudsters' methods evolve quickly and often, and they are specialists at exploiting even minor openings or finding workarounds that most of us would never imagine. Carefully evaluating your business's data will help you stay aware of new issues that may be cropping up.

    With your vulnerabilities and risk appetite established, it's then possible to select the tools that properly suit your needs. These will likely be multiple approaches and programs rather than a single overarching fraud detection solution, since different solutions have different strengths and weaknesses when it comes to the many possible fraud vectors you'll need to account for. Ideally, however, these different layers of fraud detection and prevention should result in a "Swiss cheese" model of defense, with different layers of countermeasures overlapping such that the strength of one layer makes up for the weakness of another. In this way you'll create a robust, flexible, mutually reinforcing fraud defense system, the individual components of which are described in greater detail below.

    KYC onboarding process

    The first line of defense that most online services put in place is a know your customer (KYC) or know your business (KYB) onboarding process, a multi-step document processing procedure that accepts inputs from the potential user, verifies the accuracy of that information as precisely as possible, and makes that information into digital records usable by the online service. On top of it all, this usually needs to take place as smoothly and as quickly as possible, meaning that all or most of the KYC onboarding process must be automated.

    Of course, this can be easier said than done: a workable automated KYC process involves stringing together intelligent document processors (IDPs), ID verifiers (IDVs), sanctions screenings, and even optical character recognition (OCR) programs. On top of the "gaps" that may inevitably pop up between these individual components, it's probable that none of them actually specialize in fraud detection.

    So instead of, say, trying to choose the one IDP or IDV that does most of what you ask of it with an acceptable level of security, it's again better to lean in to the modular, multi-layered mindset. Build or find a document intake process that is best suited to your business, find the OCR solution that works best in your industry, and then find the fraud detection solution that best counters the forensic degree of document forgery and alteration that characterizes today's fraud scene.

    Not only will adding a layer of purpose-built fraud detection into your onboarding process be the best way to weed out bad actors from the start, it will also help ease the costs and improve the results of downstream document processing components like OCR.

    Document fraud detection software

    As you go about selecting the right fraud-specific onboarding component, you'll find that detecting document fraud today has been supercharged thanks to artificial intelligence (AI) and machine learning. Simply put, computers are very good at analyzing metadata, checking for consistency in common document types, and in general looking for signs of forgery on a scale that would simply go unnoticed by humans. Good systems will compare incoming documents to templates of known legitimate documents, while the best document fraud detection technologies will go beyond pre-trained classification to detect general anomalies in any document.

    While anomaly detection should be a core mechanism of any fraud detection solution you choose, the very strongest systems will, again, help support other areas of your fraud screening. 

    For example, the output of a document forgery screening shouldn't just be an alert that the program found something. Instead, findings should be enriched with information about what kind of modification was found, where, and why it's so likely to be fraudulent. This sort of plain-English explanation helps manual reviewers make informed decisions when necessary, and can be drawn on if any questions arise in in the future.

    In addition, purpose-built fraud detection software should also process signals like customer submission behaviors, information included in forms, and other data sources. This sort of behavioral analysis is an often-overlooked way to dramatically increase the breadth of fraudulent activity that is detected without adding additional friction to the onboarding process.

    Manual review

    These days, relying on an AI-powered document fraud detection solution is a necessity: it's the only effective way to stop document alterations that are invisible to the human eye as well as mass-produced fakes that aim to overwhelm systems. What's more, opting for a high level of automation is a key way to provide a great customer experience and remain competitive.

    That said, completely removing humans from the process isn't a great idea either. Document fraud detection software should not be your only fraud detection method, nor should it be a replacement for humans. Instead, a technological tool should act as a primary filter that deals with straightforward cases and helps direct the traffic of your decision-making process.

    For example, fraud detection software should prevent slam-dunk fraud cases from landing on a manual reviewer's desk in the first place. After all, why take up an analyst's limited and valuable time with something that is obviously fraudulent from a number of angles? The opposite extreme can be true as well: if a customer's document clearly satisfies a customized set of parameters, AI can automatically accept that document, again easing pressure on a reviewer.

    Where manual reviewers can really benefit from AI fraud detection, though, is in the inevitable edge cases: the situations novel and/or complex enough to require the expertise, creativity, and deeper investigatory attention only a human can provide. Thanks to the explainable insights that a high-quality initial AI check should include when it flags a case for review, a human analyst will get a head start. They'll know more about what triggered the alert, which part of the document set off alarm bells, and the level of confidence that this is a sign of fraud.

    Even for systems with lower levels of automation—say, companies that want all cases to undergo manual review as a matter of course to refine their threat intelligence—these human-readable insights speed up the review process to previously unimaginable levels. As an added bonus, analysts will appreciate the stress reduction thanks to this technological leg up.

    Human and AI fraud reviews can become symbiotic in one final way. Human reviewers adjudicating whether difficult cases are or aren't fraudulent will teach the AI how it should handle future similar instances. In a self-reinforcing loop, this will make the fraud detection software more effective at automatically dealing with clear-cut fraud and will free up still more time for manual reviewers to stay on top of complicated cases and fraud trends.

    Continuous monitoring

    The bulk of document fraud detection takes place upfront as businesses and their users are initially establishing a relationship. But that isn't the only time in the customer life cycle where fraud can occur, and so it's not the only place fraud screening should be in place. Continuous monitoring, or perpetual KYC, protects your business on an ongoing basis, adding additional preventative layers to uncover threats that may have evaded fraud detection efforts elsewhere.

    One major way to ensure perpetual KYC is by comparing documents on a historical basis. This safeguards against reused documents, whether they are the products of identity theft or of serial fraud. This type of retrospective analysis primarily finds success as new documents come in, flagging duplicates that suggest that the current applicant may be a front identity used by a criminal attempting to open several fraudulent accounts and preventing them from gaining access to an online service.

    However, an even greater strength of continuous monitoring comes to light when document forensics is combined with transaction monitoring and behavioral analysis.

    Using these three streams of data together can uncover "sleeper accounts" throughout an existing customer database. Perhaps a fraudster's use of stolen or duplicate documents went undetected during onboarding. Or perhaps the bad actor took the first-party fraud route, using mostly legitimate personal information but exposing themselves as new, criminal behaviors emerged, such as signs of money laundering or an account takeover. Either way, the recursive application of document fraud detection principles to achieve continuous monitoring will inevitably bring to light distinct and very clear patterns of fraudulent activity, sometimes doubling the amount of fraud you're able to catch and kick out.

    This confirms why document fraud detection should, in fact, be one foundational part of a holistic "FRAML" approach to fighting financial crime—an integrated, ongoing strategy of fraud detection and anti-money laundering at every possible point across any online service.

     
     
    Photo of Matt Jones, author of the blog post
    Matt Jones, Content Manager