Blog
Industry

Fighting fraud with bank statement sanity checks

Published:

Fraud is one of the most complex problems to deal with. It’s also an issue that never goes away. This post discusses how to continually enhance processes to combat fraud.

Fighting fraud with bank statement sanity checks

Fraud is one of the most complex problems to deal with. It’s also an issue that never goes away.

To make matters worse, every technological shift is more easily adopted by fraudsters than businesses.

The implication is clear: Testing and adopting new technologies is always worthwhile.

To use a wildlife analogy, fraudsters are looking for the weakest animals in the herd, those at the back of the pack. You don’t necessarily need to be the strongest, but you definitely can’t be a straggler when it comes to fighting off fraud!

What I want to make clear in this post, is that the best way to deal with fraud is to continually enhance the processes, as the job is never done.

The shape of the problem

Tradeoffs

Fraud has a few dimensions that make it complex.

One of the clearest: fraud policies impact the experience of both fraudsters and legitimate users alike.

Anything you do to make fraud prevention stricter is going to negatively impact the experience of your best customers!

It’s always a tradeoff: Deliberately adding friction that slows down fraudsters while fast-tracking recurring customers. Identifying honest mistakes and asking users to correct them, while flagging suspicious discrepancies for internal review.

All of these decisions can create inconvenience to legitimate users, weighed against the risk of the process not being sufficiently robust to fraudsters.

Reverse engineering

Another thing to consider, is that fraudsters can very easily run multiple applications with varyingly obvious fraudulent documents. This allows them to learn the system, understand what is scrutinised and what is not, find weaknesses, and then plan a larger exploit for maximum gain.

Regulation

A major aspect of fraud is government regulation. Know Your Customer (KYC) and Know Your Business (KYB) are requirements for most lenders.

These are defined as minimal prevention, implementing them is a regulated requirement, and therefore does very little to distinguish you from the pack of targets.

Supply chains

Lending businesses are a complex chain of dependencies. Your KYB provider, your staff, your IT providers.

These all form part of a complex link of weaknesses in a system, and this “supply chain” is often targeted.

Look at how a CTO almost falls for this scam. The human element is frequently the weakest link, and a break in the chain is easily exploited: https://x.com/SergioRocks/status/1920100911348613475

CTO scam

Exploiting trust

There is the much more subtle white-collar crime:

The way in which most white-collar crime works is by manipulating institutional psychology. That means creating something which looks as much as possible like a normal set of transactions. Vulnerability to crime tends to scale with the cognitive demands placed on the management of a business. The more things a manager has to pay attention to, the easier it becomes to carry out a commercial fraud. Professional fraudsters will aim to look as close to harmless as possible, and exploit the increasing cognitive demand on people.

(Quotes are from the excellent book Lying for Money by Dan Davies, with the excellent point “Understanding how to commit fraud is understanding how to manage something”).

Traditional solutions:

Traditional fraud systems roughly take the following shape:

  • Buy a KYC/KYB software that does identity validation and other regulated checks. Example KYC/KYB features include user, business address or document verification, and liveness checks.
  • Build a machine learning model based on known fraud, to start identifying high risk characteristics.
  • Hire a fraud ops team to do reviews of suspicious applicants.

The obvious problems

  • Buy: fraudsters are deeply familiar with these systems, and will frequently know how to beat them, this is because they know they need to look normal.
  • Build: transaction volume is usually too low, identified fraud is too sparse, and anything flagged will be the obvious (fraudsters getting the shape of the system…).
  • Ops: These teams are indeed the last line, but typically lack the resources, and are definitely cognitively overwhelmed.

Historically, it has been impossible to have intelligence-in-the-loop of every transaction, this is because cognitive overwhelm is exactly what fraudsters take advantage of.

Couple this with static fraud systems that cannot adapt in real time to emerging threats, and you start to fall towards the back of the pack!

What sea.dev is doing

We think bank statements are especially useful.

Across the world, bank statements are highly valuable for assessing business cashflows.

They are also a very useful way to verify a business, and to cross-reference the information provided in financials or business plans.

We enable this with the following capabilities:

  • Intelligence-in-the-loop review of bank statements and business documents, reducing cognitive burden and applying consistent checks to all documents.
  • Document validation, tamper checks and a number of proprietary techniques.
  • Data storage system, designed to enable the long term feedback loop required to beat fraud, by storing all data, not just the summary points.

With these capabilities in hand, using a bank statement, you can distinguish:

  • potential fraud 🔴
  • potential misrepresenting of the truth 🟠
  • potential mistakes in provided documents 🟢

This capability goes far beyond what traditional fraud detection and bank statement analytics typically can enable.

See below, where both a business plan and bank statement have a variety of validations run that are not possible without LLM intelligence.

flow

Here the system is checking balance integrity. All checks are cited, with the source of the check quickly validated.

flow

These are powerful checks, that can be easily adopted out of the box, and quickly adapted as time goes on.

Most lenders request bank statements, too many don’t look at them. This shouldn’t be the case, but document processing has always been complex and brittle.

Sea.dev changes all of this!

Next steps

Fraud is always a problem. Giving lenders the tools to prevent fraud is a key piece of the puzzle.

Our goal: enabling lenders to do deals with speed, accuracy, and conviction.

I’ll leave you with two questions:

  • Does your current Fraud prevention system automatically run any kind of reasoning on documents provided?
  • Does your current Fraud prevention system capture all the data about a borrower, from conversations, documents and emails, in order to learn from past mistakes?

DM me if these problems resonate, and we can get to work.

TAGS:

Get the latest insights from sea.dev

SHARE THIS POST ON:
Share this post on Facebook Share this post on X Share this post via email
Previous Article
Building fast feedback loops
Next Article
Processing deals from commercial brokers