Advertisement
Keeping customers after a complaint
We haven't got time for the pain: Fraud and identity theft in the mortgage industryJay Meadows and Ray Pettafraud, identity theft, predatory lending, virgin data, pre-funding tool
Do you know with whom you are doing business? The U.S.
government now places more responsibility than ever on financial
institutions to know their borrowers and customers. The current
focus on fraud, identity theft and predatory lending has been
driven by reactionary government regulations as well as large fraud
losses. In some ways, this focus has benefited the mortgage
industry and caused the creation of fraud prevention tools to help
alleviate the pain in an environment with an ever-growing fraud
problem. Regardless of how you view the current regulations, the
fact remains that fraud is real and must be stopped at its
root.
Identity checks, once compliance mandates, are now increasingly
being viewed as simply good business sense. Regulations aside, a
thorough understanding of how private consumer information breaches
are affecting the mortgage industry, as well as realizing the
impact of fraud prevention tools and the use of consumer data, has
become unavoidable for all industry players. With recent reports
such as the FBI's May 2005 Financial Crimes Report announcing that
mortgage fraud statistics doubled from 2003 to 2004, the role of
fraud prevention tools at the pre-funding stage will only increase
in importance.
As reported in the April 2005 study by the Aite Group, "ID
Verification: In Quest of a New Paradigm," the United States ranks
as the most vulnerable to identity theft. Statistics indicate that
identity theft occurs seven times more frequently in the United
States than in other developed countries. The Aite Group suggests
that the identity theft conundrum is largely tied to businesses'
and financial institutions' reliance on tradable consumer data,
commenting, "Financial institutions' use of credit bureaus and
information brokers is a built-in incentive for criminals to steal
data from those providers."
To reduce the current level of identity theft, the Aite Group
continues, "Financial institutions need to shift the ID
verification paradigmrely less on credit bureaus and information
brokers, and rely more on third parties whose core business is
fraud management and ID verification, and who do not trade consumer
data. Given the fact that a majority of the current stream of
mortgage fraud involves at least one insider, the use of a third
party is essential to the insulation of the data being obtained. In
the meantime, since ID verification is a cross-industry phenomenon,
financial institutions should encourage their vendors to expand
across product lines and across industries."
While the full reach of identity theft within the mortgage
industry is difficult to quantify, both professionals and law
enforcement officials agree it is significant. Most statistics are
not mortgage industry specific; instead, they target consumer
credit card or financial account issues. Even so, identity theft is
the fastest growing segment in the fraud arena. Consider these
reports from the 2003 Federal Trade Commission Top 10 Fraud
Complaints:
•Approximately 680,000 people became victims of identity
theft in the 12 months prior to July 2002, breaking down to 1,863
per day, 77 per hour and 1.29 per minute.
•By July 2003, approximately seven million people became
victims of identity theft in the prior 12 months. That equals
19,178 per day, 799 per hour and 13.3 per minute.
•The FTC estimates the number of identity theft victims
could be as high as 10 million annually. Thus, mortgage lenders can
anticipate receiving their share of identity fraud.
•The FBI reported that through the first nine months of
2004, mortgage companies and banks reported more than 12,100
instances of suspicious activity, compared to 4,220 in 2001, a 288
percent increase. As lenders typically report only a fraction of
the suspicious activity they identify, we can estimate the number
of unreported cases are rising at a rate similar to that of
reported cases.
•Data collected by MortgageFraud.org, encompassing FBI and
U.S. Department of Justice press releases plus a large number of
newspaper and Internet articles, revealed that of the 584 mortgage
fraud-related convictions and indictments discovered, one in eight
involved some form of identity theft.
Considering the aforementioned reports, what can the mortgage
industry do? Consumer data, when used properly, can be an effective
instrument for stopping fraud. But data comes from two different
"sources": harvested, or self-confessed, and virgin, or
authenticated. Credit reporting agencies process harvested data,
which is information provided by the borrower at the time he or she
seeks to open a trade line. Since the information source is the
individual, credit reporting agencies are dependent on the
integrity of the individual. Most data appearing on credit reports,
driver's licenses, mortgage records and bank account applications
is supplied by the individual, and may or may not be accurate.
Virgin data, however, is information about an individual obtained
from public or quasi-public sources, such as the Social Security
Administration (SSA), Internal Revenue Service (IRS) or a state
Department of Vital Statistics. Authenticated data includes birth
certificates, Social Security card information supplied by the SSA,
tax information supplied by the IRS and early school records.
Because the source of authenticated data is not the individual, it
is considered to be more reliable than harvested data.
In the past, the financial industry has relied on harvested data
such as credit sources for identity verification because it was the
only data available. As we can see, this policy is not curbing the
appetite for fraud. It should be emphasized that the use of
harvested data, without the inclusion of virgin data, could be more
harmful than good, as the creative criminal can easily manipulate
harvested data with the opening of a simple credit card
account.
Virgin data is effective alone, as the very nature of this data
removes the criminal's ability to use the data in his or her favor.
The exclusive use of harvested data subjects the lender to maximum
risk, while using both data types in a conjunctive effort
accentuates and magnifies each othervirgin data allows harvested
data to become more useful. For example, an identity check using
the combination of virgin data sources such as the SSA, the
government's Death Master list, the U.S. Treasury Department's
Office of Foreign Assets Control and harvested credit header
information (which provide additional names, previous addresses,
and the validity of the Social Security number) can be extremely
effective for spotlighting fraud. Statistical data obtained from
the Rapid Reporting Verification Company on the incidence when the
borrower-provided data did not match the data within the SSA
database provided the following results: A sampling of 282,144
transactions submitted to Rapid Reporting by clients revealed:
•136,880 (48.51 percent) requested SSA
authentication
•6,077 (4.43 percent) No Match from SSA (input errors not
included)
•896 (.65 percent) SSA Death Master hits
•6,973 (5.1 percent) Total Negative Hits of sample processing
SSA authentication
This report suggests that 5.1 percent of all applicants are not
who they say they are. Thus, fraud tools that incorporate a focus
on authenticating data against databases that cannot be
manipulated, such as the SSA and the IRS, are a definitive way to
locate and try to stop fraud before it starts. Lenders can say they
know their brokers or that fraud only happens in other shops, but
the reality is that if lenders do not look, they will not find
their fraud.
Previously, lenders would audit a random sampling of a
designated percentage of closed loans as part of their quality
control process. But fraud detection is being, and should continue
to be, pushed closer to the point-of-sale. When the IRS committed
to turning around the 4506 (tax transcript request) within a
24-hour period, for example, income verification became utilized as
a pre-funding tool. The SSA has provided another powerful
pre-funding tool by allowing the authentication of the borrower's
Social Security number. By embedding fraud detection tools up
front, such tools are no longer viewed as an impediment; instead,
they are speeding up and increasing the effectiveness of the
underwriting process and allowing cost savings to be passed on to
the borrower. Insurance companies are also starting to recognize
the effectiveness of pre-funding tools and are reducing premiums on
loans that contain identity and income verification. Additionally,
the use of pre-funding tools adds value to the portfolio and can
enable a better rate in the secondary market. Identifying fraud
before the loan is funded reduces risk and also prevents
underwriting resources from being wasted on "bad loans," while
acting as a deterrent for criminals looking for the path of least
resistance.
The use of virgin data is proven to catch and reduce fraud at
inception. Consider a comparison to killing fire ants: Harvested
data merely sends the criminal from one shop to another, in a
similar way that some ant poisons merely cause the ants to relocate
from one side of the fence to the other. But if we employ harvested
and virgin data in combination, we are able to kill the ants at the
queen. Hence, we are able to halt fraud and prevent it from
spreading.
Since the statistics are real and the losses are mounting, it is
time for the mortgage industry to take a proactive stance. If we
know that 19,178 identities are being stolen per day, if we know
that 13 identities are being stolen every minute, it is naïve
to believe that none of these people are trying to fund mortgages.
The question is, then, why wait for the pain of fraud losses? Why
continue to allow fraud when the antidote exists? With the use of
virgin and harvested data in a pre-funding tool, solutions are
available. It's time to "kill the queen"let's prevent fraud from
spreading instead of causing it to relocate.
Jay Meadows is co-owner, chief executive officer and
president of Rapid Reporting. Ray Petta is co-owner and chief
operating officer. They can both be reached at (888) 749-4411, or
e-mail [email protected]
or [email protected].
About the author