How Fraudsters Take Out Loans with Stolen IDs (And How To Stop Them)

How Fraudsters Take Out Loans with Stolen IDs (And How To Stop Them)

Author avatar

by SEON

As an online lender, it pays to understand why customers default and how to weed out those applicants. A big part of that is understanding fraud. In the UK alone, 11% of approved loans have been obtained fraudulently. Online lending offers opportunities for criminals to acquire cash quickly – and because fraudsters can be hard to distinguish from legitimate customers, they often go undetected. 

At SEON, we tackle online fraud by getting inside the mind of a fraudster; it helps us spot patterns of behavior, predict their next move, and stop them before they make it. 

In this article, we delve into how fraudsters apply for a loan with a stolen ID. We’ll walk you through each step they take – and, most importantly, how to stop them in their tracks.

Step 1: Install the Tor Browser 

Like with many other illegal online activities, loan fraud with stolen IDs starts with the dark web. The dark web’s main appeal is that it provides anonymity; It’s where you find most illegal marketplaces. The first thing a fraudster will do is install the Tor Browser and head to a known darknet marketplace. With it, they can visit special .onion addresses that are only accessible via its hidden service protocol. Alternatively, fraudsters can use I2P, which makes use of a peer-to-peer-like routing structure.

Even if they are not familiar with these, detailed instructions published on searchable websites and forums will point them in the right direction. Along with it, they can find a stash of beginner guides to fraud.

Screenshot from darknet selling tutorial for payday loan fraud
An example of beginner guide on fraud


Here’s How to Stop Them: Fraud prevention software uses browser and device fingerprinting, which identifies whether the applicant is using Tor. SEON analyzes the individual’s IP address to alert customers to whether they are using what is called a Tor Exit Relay, whose IPs are well known.

Step 2: Buy Fullz

Fraudsters have coined the term fullz, to refer to a full combination of personal ID details that can be used to extract money from lenders. They usually include a first name, last name, ID documents, and optionally a credit card number.

Buying a full combination of personal data on darknet
Two examples of fullz available

Here’s How to Stop Them: A fraudster using stolen fullz will typically not have access to the victim’s email account. Instead, they will sign up for a new email address on Gmail or another free provider that seems to match the fullz they have bought. SEON’s Email API examines the digital footprint linked to an email address, which means that it is able to detect that this email is new. New email addresses with very little activity are a common indicator of fraud.

Reduce fraud rates by 70–99%

Partner with SEON to reduce fraud rates in your business with digital profiling, whitebox machine learning, and advanced APIs.

Ask an Expert

Step 3: Purchase Credit Information

Traditionally, lenders protect their bottom line by deploying credit scoring systems. However, fraudsters have a way around this. They simply purchase credit information on people with pre-existing high credit scores and use that stolen ID for their loan applications. They will even pay for this using stolen cards, to avoid being tracked.
Some of the savvier cybercriminals will use Social Security Numbers stolen from children because they have clean credit records. From it, they’ll create a synthetic identity, which combines some stolen and some invented information. 

Here’s How to Stop Them:
SEON’s social profiling can be used to map the digital footprint of the loan applicant, using just the email they applied with. A typical email address is linked to multiple social apps and accounts whereas a fraudster will likely have none because it’s simply not economical to set them up. 

Fraudsters are likely to make up several attempts in a short period of time using the same stolen ID. Velocity checks will catch when fraudsters are ‘multi-accounting’ in this way.

Step 4: Deploy OPSEC Tools

At step four, the criminal will set up a series of tools to hide their real location in the form of their IP address, as well as spoofing innocent-looking devices.

Another aspect of fraudster OPSEC involves blocking IP lookup tools and software. Fraudsters often purchase a validated IP address or spoof it using proxies, emulators, Tor, and other tools.

Here’s How to Stop Them: Fraud prevention software truly shines when it comes to catching the tools fraudsters, cybercriminals, and experienced fraudsters tend to use to hide their identities. Using sophisticated device fingerprinting, SEON will add points to the risk score of every applicant who seems to be spoofing their device, as well as their location.

Step 5: Get a Bank Account

Fraudsters need a bank account to receive their loan, which of course won’t be linked to their real identity. Instead of setting up a new account, fraudsters may conduct an account takeover on a lending platform or purchase a hacked account from a dark marketplace.  

Here’s How to Stop Them: Banking is one of the many industries SEON supports. We help both challenger and legacy banks shut down fraud throughout the entire customer journey, from sign-ins to onboarding and transactions. 

Step 6: Generate a Verified Phone Number

Multi-factor authentication is everywhere these days, especially in fintech. Often using a one-time password to authenticate the account owner, this system presents another challenge for fraudsters. 

As the fraudster is mimicking the behavior of a legitimate applicant, they need to present the lender with a real phone number to link to their application. 

Unfortunately, fraudsters can easily download specialized tools from the App Store or Play Store to generate numbers on a burner phone – designed not to leave a trace of their real identity or location. There are similar tools for PCs.Here’s How to Stop Them: Using just an applicant’s phone number, SEON can help you map an applicant’s digital footprint and from it determine their likelihood to default. Our machine learning algorithms get more sophisticated at detecting fraud the more you use them, and our customizable data rules help you adapt SEON’s default risk score to suit your company’s risk appetite.

Phone Analysis
Learn how SEON helped SunFinance

“We had a feeling social media presence could help validate a user identity,” says Kaspars Magaznieks, Head of Fraud at SunFinance “But SEON was really what we needed to establish that correlation… We now use the returned data both to confirm identities and as a debt collection tool to contact non-paying customers.”

Read more

Step 7: Use Photoshop to Pass KYC

At this time, fraudsters have deployed all the tools they need to conceal their real identity. However, as a lending company, you should have identity verification software and tools both to protect you from fraud and to fully comply with KYC regulations. This means loan applicants will be asked to share proof of their name, address, and sometimes age.

The method fraudsters have to overcome this step is either to buy fullz, (which includes such ID documents) or simply pay someone to create convincing documents that reflect the false identity.

Several services exist online that will help criminals with this pursuit, no questions asked. 

Here’s How to Stop Them: SEON does not provide document verification services. However, our customers use our solutions to save on their KYC costs by running pre-KYC filtering. Thanks to SEON’s end-to-end fraud prevention solution, obvious fraudsters can be filtered out of the system before they reach KYC, so our customers only need to run these expensive checks on users that are more likely to be approved.

Step 8: Apply for the Loan

Once all the above preparation is in place, the fraudster is ready to apply for the loan. It is not unusual for criminals to target loan companies that cater to specific demographics, have less meticulous affordability checks and due diligence procedures, or even come with higher premiums, as they will not be paying them anyway. 

In reality, no lender is safe – from banks to those who cater to the underbanked, payday loan companies and other short-term lending institutions.

Here’s How to Stop Them: SEON can provide hundreds of alternative data points for credit scoring, and help underwriters make more informed choices. All of the aforementioned solutions and more will work together to provide a granular risk score backed up by fully explainable logic for each applicant.

Step 9: Cash Out via Crypto Exchange

Once their loan has been approved, the lender deposits the funds into the bank account acquired in Step 5. Now, it’s time to cash the money.

Technology has unfortunately made it easier for fraudsters to claim their money, which now usually involves sending it to a cryptocurrency exchange, where they can buy untraceable bitcoins or other currencies, these can be used to continue purchasing goods or more fraud tools. 

Here’s How to Stop Them: Cashing out in crypto is a fraudster’s preferred choice because it is less easy to track, and in general terms, crypto anti-money laundering laws aren’t as strict as banking. However, SEON does work closely with several crypto brands to stop fraud and help stay compliant with AML legislation, including CoinCash, which saw a 90% drop in the need for manual reviews and a 60% drop in fraud with our solution.

Catch Stolen IDs and Fraudulent Applicants

Partner with SEON to reduce risk for your lending operations with real-time data, whitebox machine learning, and advanced APIs.

Speak with an Expert

How to Protect Your Business from Loan Fraud

At every step of our research, we were amazed by how easy it would be even for a newbie to start defrauding online lenders. No wonder it is one of the most targeted verticals by fraudsters. 

But the good news is, there are plenty of ways to stop them. Using a combination of tools and processes, you should already have enough data to create a tight net to catch criminals.

While some points are falsifiable, it’s almost impossible to cheat all of them all of the time. By checking the connections between data points, a good integrated system can find red flags that would otherwise go unnoticed


Staying on top of fraud trends will also go a long way in understanding attack patterns and preventing them. SEON’s machine learning looks for patterns and proposes rules that apply to your business. Fine-tuned with your feedback, it adapts to your risk tolerance, giving you more accuracy and speed. Offering all of the above in tandem with modular APIs, unique insights, and a customer success team made up entirely of fraud analysts and managers, means SEON is a valuable partner for lenders looking to stop fraudsters.

Sources

Reduce fraud rates by 70–99%

Partner with SEON to reduce fraud rates in your business with real-time data, whitebox machine learning, and advanced APIs.

Speak with an Expert

Frequently Asked Questions

How can I tell if someone has taken a loan out in my name?

If you develop a suspicion that someone has stolen your identity and then taken out a loan, the most definitive way to check is by monitoring your credit history. Services like Experian, Equifax, and Transunion all offer comprehensive credit reports, and many free online credit sources exist as well. Furthermore, be suspicious of unexpected financial or credit communications you may receive. Depending on the source of the unauthorized loan, you may receive calls or other digital communications with details about the terms of the loan, or even requests for reimbursement.

What should I do if someone has taken out a loan in my name?

Report the incident to your bank as soon as possible and tell them what has happened. The bank will be wary of these situations, and require confirmation of your own identity, as well as any evidence you have that the loan was taken out by a fraudster. Gather any documents that relate to crime, such as letters from the bank detailing the terms of the loan, as well as any communications, including online conversations, you have with the bank to help prove your situation. When possible, cross reference information your bank has under your name with your own documents and note any discrepancies, including accounts, loans, and communications that you were not involved in.

Can someone use you as a loan co-signer without your permission?

This form of loan fraud can be trickier to navigate, as it may be as simple for the fraudster as committing forgery. A bank may approve the data provided by the original loan applicant, but in order to get a better rate, or even saddle their co-signer with the entire reimbursement, they may add a co-signer. This can have huge consequences on your credit score, impacting your own ability to get a loan later.

Share article

Speak with a fraud fighter.

Click here

Author avatar
SEON


Sign up for our newsletter

The top stories of the month delivered straight to your inbox