High-Risk Source of Application: How to Detect and Manage Them

To lower your rate of fraudulent applications, you need to look at both who and where they’re being sent from. Digging deep into the source of an application, such as your applicant’s IP, physical address, and PEP status, can give a crucial indication of how trustworthy – or indeed high-risk – they are as an applicant.

Taking a bird’s eye view across the many relevant data points gives you the means to stop things like money laundering and ID theft before they happen.

We discuss what to look out for and share some best practices to help businesses stay alert.

What Does High-Risk Source of Application Mean?

A “high-risk source of application” is a label assigned by risk management teams to flag potentially fraudulent applications for financial services, such as credit cards or loans. The term is mostly related to anti-money laundering regulations, such as 6AMLD (the 6th Anti-Money Laundering Directive), but it also applies to many other areas of fincrime prevention and cyber-security, such as insurance claims and account management.

A high-risk source refers to any individual, location, and/or context that raises concerns from the organization faced with the given application.

In other words, it’s not necessarily the applicant who triggered the label of “high-risk source”. Even a perfectly legitimate person may find their application is rejected if the following scenarios apply:

• They’re from a high-risk location, such as Russia
• Their IP and the address they claim to be from are different
• Their application had already been rejected before

Examples of High-Risk Sources of Application

Common actions that could be flagged as a high-risk source of application include taking out a loan, ordering a new credit card, or sending funds over a certain threshold. Let’s look at some more examples to better understand what else can be classed under this label:

• The user’s name appears on a PEP list: If a customer’s name is found on a politically exposed person (PEP) list, their actions are likely to be flagged as high-risk, especially in terms of money laundering.
  
  
• The user’s source of funds cannot be verified: Source of funds checks are key in ensuring that financial services do not help criminals launder money. How the company performs these checks may vary, but if an automated system cannot confirm the source of funds, an application may be flagged as high-risk.

• The user’s IP address points to a sanctioned country: This is a common scenario for financial services in Western countries that are banned from dealing with certain regions. For instance, an Iranian or Russian IP may be flagged by automated AML systems.

Which Countries Are Classified as High-Risk Sources?

Most countries classified as high-risk sources will be sanctioned countries, such as:

• Cuba
• Iran
• North Korea
• Syria
• Russia

The list may vary depending on which country your company is based in. However, the rules set by the Office of Foreign Assets Control (based in the US) tend to be followed by most countries around the world. Other regions sanctioned by OFAC include:

• Balkans
• Belarus
• Burma
• Central African Republic
• Ethiopia
• Iraq
• Lebanon
• Venezuela
• Yemen
• Zimbabwe

Organizations may have their own list of high-risk countries. These aren’t mandated by government regulators, but chosen internally after the staff members have taken stock of their own risk challenges. For instance, a neobank that has a historically high number of fraudulent applications from Italy may label the country as high-risk.

What to Do When You Detect a High-Risk Source

Your data can only be truly accurate when it’s been sense-checked, so consult other risk analysts and your fraud prevention system before rejecting an application. Make sure those you proceed with are filed in a suspicious activity report (SAR), which notifies government agencies of potential money launderering.

It’s also important to give those who are rejected a chance to appeal. Most will be sent an automated message with very limited information about why they’ve been declined. Connecting them to your customer service team and offering a chance to appeal should help to reassure legitimate customers who have been incorrectly considered high-risk. This will protect your customer satisfaction rates from the otherwise significant reputational damages of a false positive fraud check.

That said, you should be careful how much you tell a customer about why they have been rejected;  revealing too much information can help fraudsters learn how to cheat the system.

How to Detect More High-Risk Applications

Here are some actions you should take if your risk management software is struggling to catch high-risk applications:

• Deploy an AML module: Many fraud prevention solution’s AML modules can automatically look for names on PEP databases, flag sanctioned countries, and send suspicious transactions for manual review.
• Enrich data for better results: Static rules are fine for simple user actions, but in some cases, you may need to layer multiple risk rules to improve the precision of your flags. For instance, instead of simply blocking all IPs from certain countries, you could also look at whether the IP points to a VPN, or whether it’s coming from a suspicious ISP (internet service provider).
• Update your risk rules: AML rules are regularly updated by authorities, so your system should also let you edit risk rules to stay on top of the latest mandates. Make sure your system is agile enough to quickly update your risk rules without too much resource.
• Act on the value of machine learning: If you manage to feed enough high-risk application data to an ML system, it may be able to find patterns and suggest better risk rules. This is particularly useful when processing huge amounts of data and getting insights that may slip by a human analyst.

By applying these points to your risk management strategy, you can ensure your organization is safeguarded against fraudsters and in accordance with regulatory compliance.

SEON’s Tools To Manage High-Risk Sources of Application

As an end-to-end risk management solution, SEON comes with all the tools you need to detect high-risk sources of application, increase the precision of your current detection model, or even suggest new strategies thanks to machine learning.

Here are the key highlights:

• Full AML module: This solution helps you flag PEPs, sanctioned countries, crime watchlists, and monitor transactions.
• Label API: Reduce not only your false positives, but your false negatives too. With SEON’s label API, you tell the solution when it’s produced both successful and unsuccessful checks – so it becomes increasingly adept at spotting both low- and high-risk sources of all kinds.
• Real-time alerts and monitoring: Instantly know when a high-risk application is detected.
• Flexible rulesets: SEON lets you manually update rules from a user-friendly dashboard, so you can stay on top of the latest requirements without going through a developer.
• Device fingerprinting and data enrichment modules: Get a 360 view of users, transactions, and applications thanks to device fingerprinting and data enrichment tools. For instance, a single email address could help you increase the precision of your risk scoring by looking at the user’s social media networks.

All of the above are available via short-term, cancel-anytime plans, flexible APIs – or even in the form of a separate app for Shopify.