How to Identify High-Risk Customers in Banking

by Jimmy Fong
For a customer, getting a loan used to be an exercise in red tape and resilience – and that’s if they had the credit to qualify. Now, online lenders deliver loans in minutes, even to underbanked markets. This high-speed, frictionless service is great for a growing loan industry, but it’s also opened the gates to high-risk customers.
Lenders have realized the immense market potential of loans to the underbanked. People who were traditionally seen as unsafe borrowers – such as those who don’t have proof of regular credit card or mortgage repayments – are now being presented with options to increase their personal spending power. The challenge is that without a credit history, they still present an underwriting risk.
Furthermore, lenders hoping to capture the emerging microloan market have to balance frictionless services with the need to block out defaulters. In this article, we help lenders understand how to capture growth while lowering default risk.
There are two types of high-risk loan customers: those without financial security (who are unable to repay loans) and fraudsters (who have no intention of doing so). Regardless of whether a customer represents an underwriting risk or a regulatory one, high-risk borrowers create the same distinct problems for lenders:
Fintech provider Solventa cut fraudulent transactions by 25% and boosted the accuracy of its risk modeling by 15% with SEON’s machine learning.
Read case study
Digital profiling provides an alternative source of credit information. It uses real-time data to understand whether customers are making regular payments now. This means it can give more accurate insights than historical, often outdated credit data while also being more affordable and attainable.
Using a customer’s phone number, email, or IP address and a lookup tool, such as SEON’s, lenders can find which online accounts a customer holds. We call these signals. These signals give proof of a customer’s online life, including regular payments and spending habits.
What does the typical borrower’s digital profile look like?
The typical borrower has around 10 online accounts, which each send a digital signal. The most common of which are from:
A drop of 40% or more represents a risk that the applicant may be a fraudster who is using a fake or stolen ID. We’ll explain more about those risks later in the article.
What does a reliable borrower’s digital profile look like?
Digging further into a borrower’s signals, you can find indicators of financial stability and regular payments. For example, if a borrower has an account with Spotify, they make low monthly payments.
SEON’s digital profiling assesses 90+ digital signals, including those used globally and those unique to certain countries. Our data tells us that the most common signals of a borrower’s financial stability across all regions are:
Apple: A premium product that indicates high income and regular payments
Spotify: Indicates low but regular monthly subscription payments
Amazon: Indicates purchase history and low but regular monthly subscription payments
These are just three of the 90+ digital signals SEON monitors. Finding a signal from one or more of these accounts will lower your customer’s default risk score and give you greater insight into their ability to repay debt.
The second type of loan default risk comes from fraudulent customers, who will try to beat your risk assessment by presenting a trustworthy face in one of two ways:
To find these high-risk fraudulent customers, lenders should ask:
Risk-based fraud prevention software like SEON does this in multiple ways:
If the IP location is in a high-risk area, fraud teams should dig deeper, and potentially, users should be blocked.
SEON’s end-to-end fraud prevention solution lets lenders set their own parameters to catch high-risk customers, and our customer service team helps you find the right way for you. Our custom rules can be adapted to match your risk appetite, markets, and customer data.
Here are three custom rules that our lending customers regularly use to filter out high-risk customers.
Loan fraudsters are aware their success depends on convincing lenders that they are who they say they are. A common tactic for a digital loan fraudster is to acquire or create an identity and then create a believable digital footprint that will roughly match that identity. As these false or stolen identities may be from anywhere in the world, many fraudsters may want to develop this footprint by spoofing an IP location near their falsified address or employing a nearby data center.
Device hashes are unique enough that risk rises when multiple users appear to be using the same device. Cookie hashes perform a similar fraud detection function for desktop users. Such instances should be manually reviewed or trigger a higher risk score.
This screengrab from SEON’s custom rule editor shows a rule that has been tailored to this specific case. Here, the rule is scanning for instances where multiple accounts are used on the same device within a day. This is a reliable sign that a fraudster is making several fraudulent loan applications coordinated from one device.
Fraudsters will often attempt to make their fake profiles look normal. This includes adding mobile phone numbers and social media accounts. However, building a realistic social media footprint is time-consuming, especially for fraudsters hoping to scale their crime and maximize illicit profits. It is unlikely that such fraudsters will have the resources to add more than one social media profile, if any.
In this screengrab, a custom rule has been set up to detect such anomalies. In this example, a lender is looking for specific social media signals that represent default risk within their customer base.
LinkedIn is a common social media account useful to a lender for signaling employment. However, for this reason, fraudsters are likely to set up false LinkedIn profiles to bypass social media presence checks. However, it’s unlikely that an email account only has a LinkedIn account associated with it, so fraud teams should look for a mix of account signals.
SEON’s custom rules can be used to detect the possibility of an account takeover. Although there may be any number of reasons why an already-onboarded customer might suddenly have a new IP and device hash (such as going on vacation with a new phone), this situation should raise interest in fraud teams with a well-defined risk appetite.
While online lenders democratize spending power through low-friction loans and BNPL, SEON’s goal is to democratize the fight against fraud. That means arming you with the tools you need not just to detect fraud, but to prevent it from ever happening.
In this article, we’ve discussed only a few of the functions within SEON’s end-to-end fraud prevention solution. Get in touch if you’d like to know more about how to Reduce Fraud Rates by 70–90% using digital profiling, whitebox machine learning, and advanced APIs.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, machine learning, and advanced APIs.
Ask an Expert
Showing all with `` tag
Click here
Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.
The top stories of the month delivered straight to your inbox