Matthew Cox, Managing Director EMEA, Fraud, Security & Financial Crime, at the analysis company in Silicon Valley FICO deals with strategies the UK government might consider in response to reports that bounce back loan fraud could cost the UK billions of pounds.
When the bounce back loan program was put in place, the UK government hurried because it needed it and it did not do all of the normal checks on loans at the bank level. For example, to qualify, a company had to be started before March 1st – I would have thought they would have made it a requirement that they be in business as of 2019 and earlier. Also, very little evidence of the company’s health was required. As a result, the fraud is estimated at £ 15 billion to £ 26 billion. As long as a simple fraud check has been carried out, the state, i.e. the taxpayer, is 100 percent liable for these loans.
From the fraud MO perspective, we see two things;
First party scams:
Each company should only be able to submit one bounce-back request, but there are no controls to restrict a company to one application. There are companies that have applied three, four or five times, so they get multipliers for the annual turnover of £ 50,000, or 25 percent, that they are supposed to get. Some business owners may be ready to pay off and could have received five loans for 125 percent sales.
I could pretend to be a director of your company and start making loan applications for your company. You may not even find this happened until you have to start paying next spring. Scammers will attempt to redirect companies to email so that company employees do not receive the credit confirmation email. However, since we are in lockdown, these loan repayment confirmations may be in empty offices. When people return to their offices, they may find a repayment letter. That means there is great potential for fraud when the payments are due next spring.
The program was a great success, but much remains to be cleaned up. The government must now consider having a consolidated collection process with the banks that issued the loans. Initially, the government asked the banks to pump out this money and now that they understand the potential scale of fraud and bad debt, they will turn to the banks to get that money back. It will be difficult to do much about identity fraud – that money will be gone and diverted into cryptocurrency, international payments, and cash.
What can be done now? If I were the government I would try to implement identity fraud detection network analytics across all UK banking applications. Don’t wait for payments to start – advanced link analysis can help you find all the links between loans, such as: B. common phone numbers or company names or addresses. Gather all of the data, use analysis to find everyone who has created more than one application, put all of these in a bucket, then start contacting them. The money may be gone, but no one can escape with it, they can’t even leave their house! Then do some first-party fraud definition for the rest of them and tell the suspicious accounts, “I need to talk to you.” Banks should consider using automated notifications such as SMS and App Push for account holders who have submitted an application.
Payments on these loans are not due in the first 12 months – this means potential fraud cases only fester for 12 months. It will be harder to get the money back in 12 months. The government should start working on this problem now instead of waiting a year.