Online Lenders Band Together to Strike Back at Scammers


Online lenders’ struggle with fraud is driving them to join new networks designed to find links between fraudulent loan applications and signs of loan stacking.

Lending Club, Prosper Marketplace, Marlette Funding and Avant are among those that have joined such a group in the past month.

“The fraud problem is a problem you can’t solve on your own — 99 times out of 100, if they’re trying to commit fraud with you, they’re trying to commit fraud with others,” said Brad Pennington, chief risk officer at Prosper Marketplace. “We think we can get a lot of leverage working with competitors and peers in a network.”

Fraudulent applications are surging across the board, said Jerry Dixon, chief information security officer of the cybersecurity firm CrowdStrike.

“The problem contributing to this is all these data breaches at Yahoo! and others, which provide a treasure trove of account credentials, all the information you need to do new account fraud,” he said. “Criminals are using this information to create automated attacks to try to fill out these applications online.”

Just as much, if not more, of an issue for online lenders is loan stacking, where a borrower obtains loans from multiple online lenders at the same time, slipping through their automated systems due to hasty algorithmic underwriting and patchy reporting of the resulting loans to credit bureaus. This can result in online lenders making loans without the full picture of the borrowers’ obligations and deteriorating ability to pay.

Stackers aren’t necessarily fraudsters. They might be people in financial difficulty. In some cases, a person or business legitimately qualifies for more credit than one lender will offer. Judgment calls have to be made.

On the small-business side, fraud tends to come from people setting up fake businesses. This happens less frequently, but the loan amounts can be higher.

Fraud risk doesn’t just affect the purely online lenders like Lending Club and Prosper. It’s also a concern for any institution that takes loan applications online, including the likes of Goldman Sachs, SunTrust, and Wells Fargo.

Vendors are rushing to help. ID Analytics and TransUnion both announced in recent weeks fraud networks designed to provide visibility to online lenders. So if someone received a loan from Prosper and then applied at Lending Club, both companies would be notified (if they were both in the same network).

Impostors and Fabulists

For smaller loans, fraud is a volume game, said Joe DeCosmo, chief analytics officer at Enova, an online lender to near-prime consumers and to small businesses. “They’re submitting as many applications as they can in the hopes that a small percentage get through, then they start over the next day,” he said. “Or they move on to another lender the next day and try to get a batch of loans funded.”

“Most of the fraud we see is conducted using stolen or compromised identities as opposed to synthetic,” DeCosmo said, meaning identities that are made up, sometimes from bits and pieces of real ones. However, since the Social Security Administration went to randomly generated Social Security numbers, synthetic identities are definitely on the rise, he said. Online loan fraud with a synthetic ID takes longer and is harder to execute because you have to set up a bank account and establish a credit record with the synthetic identity to be successful.

Al Pascual, a senior vice president and research director at Javelin Strategy & Research, points out that it’s not just individuals and rings of people conducting fraud.

“Now you have bot attacks that are filling out applications over and over again, using stolen information, sometimes with minute variations on things like ID information to try to get new accounts opened,” he said. “If you have a process that’s very manual to do things like verify ID and you’re getting application volume hand over fist from these devices, you are at a significant disadvantage. Online lenders are not nearly as sophisticated or focused on managing that kind of fraud risk, so for them it’s got to be even harder.”

‘A Visibility Issue’

ID Analytics formed its Online Lending Network in late October and has recruited about a dozen online lender members, including Lending Club, Prosper Marketplace and Marlette Funding. It’s focused mainly on loan stacking.

The vendor’s technology is meant to thwart online application fraud of any kind, including credit cards or deposit accounts. Many of its clients are wireless providers, marketplace lenders and traditional online lenders.

“Loan stacking is a visibility issue,” said Patrick Reemts, vice president for credit solutions at ID Analytics. “There’s no visibility unto what the consumer is doing.”

In ID Analytics’ network, “as consumers apply for credit cards or wireless accounts or online loans, we’re putting that into our network in real time,” Reemts said. “Two seconds later, the very next application that’s submitted is informed by the one previous to it.”

A lender can use that information to delay its offer or application or contact the consumer to determine whether he intended to accept the other offer.

ID Analytics also tracks soft hits – consumer-initiated credit pulls that don’t show up on the credit report. Lenders are not allowed to see this activity, per the Fair Credit Reporting Act. But because ID Analytics’ tech platform was designed to solve fraud, the Gramm-Leach-Bliley Act allows it to collect that information and notify lenders of consumers who are receiving multiple offers, so they can slow down their decision-making process and prevent the consumer from getting three or four loans in seconds. ID Analytics also compares applicants against a repository of information about bad actors.

The company hopes that enough online lenders and wireless providers will join the network to provide a clear view of borrowers’ activity across the board (at least those who use their real identities). ID Analytics estimates that its online lending network currently sees two-thirds of marketplace lending volume.

TransUnion announced a similar fraud prevention network, Fraud Prevention Exchange, in early October that includes Lending Club and Avant. The effort is run by Pat Phelan, a senior vice president in the innovative solutions group at TransUnion, who founded an online identity verification company called Trustev that TransUnion acquired last December.

TransUnion puts code on each lender’s website that lets it look at things like behavior (e.g. how fast the loan application is filled out), IP address proxy, network location, operating system, and browser – a total of 600 attributes . It looks to see if the device or IP address has been seen anywhere in its network. The network also does data verification based on TransUnion data.

It then searches the network for other applications coming from the same identity and informs the lender of any risky behavior. It provides a risk score on each applicant’s physical and digital identity.

The network also looks for people shopping around at different lenders for loans. “While shopping around isn’t necessarily an indicator of bad behavior, high shopping around leads us to worry, and high completed applications for loans is certainly an indicator of bad behavior,” Phelan said.

Pascual sees these fraud networks as a partial answer.

“What if the identity information has never been seen before?” he said. “It’s not doing much for you to have that intelligence-sharing, you have to figure out other ways to manage for it.”


Apart from joining networks like these, there are things lenders can do to separate the real from the phony. Get as many data points as possible. Look at relationships – multiple fraudulent applications might go back to the same address or apartment building. Device fingerprinting is also helpful: sometimes a device will link to multiple fraudulent accounts that look completely different in all other attributes. And look at how many login attempts come from a particular user ID

“You can’t solve this with just data and algorithms, because by the time you get an algorithm trained to recognize a fraud MO, the professional fraudsters are already working on their next attack or their next MO, so you’re always playing catch up,” De Cosmo said. “If you’re only relying on third party data and models or algorithms, you’ll for sure miss some fraud, because fraud changes all the time.”

Penny Crosman, “Online Lenders Band Together to Strike Back at Scammers, Stackers” American Banker, November 1, 2016. Accessed via: