LOUISVILLE, Ky. (February 1, 2006) - Identity thieves have gained deserved notoriety for turning the lives of individual victims upside down. But there's another target far less apt to get attention from law enforcement officials, lawmakers or the media: victimized businesses. Companies that rely on business-to-business transactions must make countless judgments on whether to extend credit to other businesses. Whether the credit grantor is a financial institution, captive finance company, leasing company or manufacturer, it's often difficult to tell good credit risks from bad, much less real businesses from fraudulent businesses.
Nationwide, business fraud tosses are mounting. Typical business fraud tosses dwarf consumer fraud; on average, they are three to 10 times larger. Moreover, "soft" fraud tosses most likely make the toll worse than can be measured. Industry experts say approximately 30 percent of all commercial credit tosses can be attributed to some type of misleading or fraudutent information. Some experts put the number as high as 40 percent. That means a significant chunk of bad debt could be mitigated with a toot to identify false information in the application process.
However clear the threat, a recent poll of business executives suggests that business has been surprisingly stow, and in many cases unsophisticated, in responding to this trend. Over 70 percent of more than 120 business credit executives potted at a recent conference reported that fraud is a concern to their company, naming four main categories of importance:
- False or misleading application information
- First-time payment default (for reasons that cannot be identified)
- Fictitious identity of a business
- Identity theft of a business
But when asked what their companies do to guard against fraud, the answer is: surprisingly tittle. Most companies still rely on a manual review of the toots used for credit underwriting, perhaps looking at a single source such as the credit report. About 40 percent check with public records such as secretary of state files, but those are easily compromised because incorporation papers rarely are independently checked for accuracy and can be easily falsified. Some manual checks may mean simply looking at the applicant's own website to ensure that it's consistent, which is not much of a check at all. Remarkably, some 15 percent reported having no fraud processes whatsoever. And while 70 percent said it's important to automate the fraud detection process, fewer than 5 percent of respondents reported their companies actually have an automated process.
Meanwhile, a number of factors appear to be driving thieves away from consumer fraud and toward business fraud. Credit companies handling consumer transactions have deployed sophisticated fraud solutions and fraud toots for years, pushing thieves toward the less secure business-to-business world. White some jurisdictions require police to investigate consumer identity theft, there's rarely any such requirement for business. Business fraud is sometimes perceived as a victimless crime--and companies may find themselves on their own, without interest or assistance from law enforcement agencies.
Some thieves have discovered it is relatively easy to steal a business identity. It's so easy, in fact, that all some thieves do is take information from yellow pages ads or steal a legitimate company's information off of the side of its own delivery truck. Posing as legitimate businesses, some fraudulent companies set up incorporation papers, procure a telephone number and establish an address at a storefront postal center.
From the point of view of a person reviewing an application for credit, it's hard to distinguish between a legitimate start-up business emerging in the marketplace and a ruse. From a credit perspective, the legitimate business start-up and the fraudulent operation cut similar profiles. And white many legitimate businesses use multiple addresses; fictitious, "doing business as" names; and multiple guarantors, those practices amount to handy toots for fraudulent operators seeking to conceal their true identities and motives. Lastly, thieves are finding that, all too often, business fraud pays more than consumer fraud--much more. Against this backdrop, companies need an efficient way to authenticate credit applications and fight commercial fraud.
The best tools for authenticating B2B credit applications validate and verify information about business applicants and the personal guarantors from a variety of data sources. This multifaceted view helps ensure that the application information is both accurate and truthful Effective authentication took should look at both business and individual application data and validate it for accuracy using criteria such as the following:
- Business information, including names, addresses and phone numbers
- Consumer data such as name, address, social security number and date of birth
- Address data, including address sequences, U.S. Postal Service[R] deliverable addresses and changes of address
- High-risk address and phone data
- Business tax identification data
- Social Security Administration information
- Phone number data
- Driver's license data
- The client's own historical application data.
To understand the true depth of the fraud problem, one cannot look only at what has been identified as fraud. It's important to understand the depth of the problem and identify the types of fraud triggers hidden in bad debt files.
Experian[R] recently conducted a study on approximately 17,000 bad debt commercial accounts to unearth new telltale fraud patterns. (Bad debt was defined as more than 90 days delinquent or worse reported within the last 30 days.) These accounts represented almost $620 million in total losses. The average bad debt balance analyzed was more than five times greater than the average current account balance reported by these same companies. The analysis tested the validity of bad debt account information such as the business name, address and the phone data to search for patterns that might indicate fraudulent or misleading information. The study then compared the bad debt results with a similar analysis conducted on good-performing accounts.
To check the account information for accuracy, the accounts were processed through multiple databases and proprietary processes. For example, telephone and area code data was used to analyze the business names and address information. This helps identify when a thief is hiding his or her true location and identity. U.S. Postal Service[R] address standardization and delivery sequencing helped evaluate when an address is a nonexistent building or suite number or a vacant lot or if the city, state and ZIP Code[TM] do not match. Another process uniquely evaluated the legitimacy of the business name, address and telephone data by verifying the account information against business data compiled from multiple third-party corroborated sources. Checking application information against business data verified by two independent sources makes it much harder for fraudulent businesses to create the appearance of a legitimate business.
Additionally, the good and bad accounts were run against addresses and phone numbers deemed high risk based on client surveys and industry intelligence. For example, fraudulent operators frequently use false-front addresses such as storefront marl-receiving facilities, drug rehabilitation homes or bars--making these high-risk addresses worth investigating. Similarly, phone numbers often are associated with false-front types of activity.
The results were startlingly clear. A great deal of fraud does indeed go unidentified and ultimately ends up misclassified as bad debt. High-risk addresses and phone numbers were found to be key indicators of potential fraud. When the address was identified as high risk, the average bad debt balance was six times higher than on similar good accounts. When the phone number was identified at a high-risk address, the findings were even more significant. The average loss with that indicator is more than $85,000--more than double the average loss and almost 23 times greater than the average good account balances with the same indicator.
The phone number proved to be a valuable indicator in other ways. When the business name fails to match the phone number listed for the business, the average bad debt balance exceeds $150,000 and is four times greater than the average for all other bad debt. In addition, those triggers corresponded with a very small balance on the good accounts in this category, making it a key indicator of risk. Entities trying to deceive often provide information that on the surface looks plausible. Yet, when that information is closely analyzed or compared with other application data for verification, other potential fraudulent indicators start to emerge. The best authentication tools look for these anomalies where the information supplied is not adding up.
Such anomalies were found in the study. Some of the fraud indicators that surfaced are obvious, such as business addresses given that were identified as vacant lots. Other anomalies are subtle. Some address numbers for fraudulent businesses did not exist on the street given, or street name, city, state and ZIP Code[TM] mismatches emerged. Comparing the business data elements against each other produced even more suspicious-activity triggers, such as when the phone prefix does not match the same geographic area as the ZIP Code[TM] on the address. Some of these anomalies again produced dramatic results. One indicator revealed an average bad debt balance 88 times greater than the average good account balance in that same category.
To have a truly robust B2B fraud and authentication solution, similar analysis and processes should be done on all available applicant identification data. It is not uncommon for B2B transactions to provide multiple addresses. These addresses on the application may appear as additional business locations, billing addresses or ship-to locations. Many midsize to small businesses have personal guarantors, which requires an additional level of verification. These applications frequently have both business tax identification numbers and the guarantors' personal social security numbers. When these additional elements are available for scrutiny, the indicators of potential fraud become more refined and powerful.
One can further refine the analysis by discerning clusters of fraud triggers--guideposts that indicate the precise blend of characteristics separating good and bad accounts. Experian's study revealed that these clusters of fraud triggers provide a significant separation. The lowest 10 percent of the total population analyzed showed more than 28 percent of all bad debt reviewed could be isolated into less than 15 such clusters. Including personal guarantor data only strengthens these already-dramatic results.
The challenges of effectively mitigating fraud and authenticating all business application information without compromising customer service historically have been hurdles for the industry. When coupled with the migration of consumer to business fraud and increasing sophistication of fraudsters, these challenges seem daunting. Thanks to the advent of new fraud and authentication tools that can address the complexities of business application data, this challenge is more easily managed.
Let's face it, though--one size does not fit all The best results are likely to come from a custom commercial fraud analysis. Hard-won experience shows that individual fraud triggers often vary based upon a company's specific product line, target market and customer acquisition methods. The goat is simple: screen out a high percentage of bad debts white compromising the least revenue possible on good accounts. After a quality automated screen is implemented, staff can be focused on only those applications that warrant manual review to make judgments on whether they are worthy--or worth avoiding. In an increasingly risky world for business-to-business credit providers, an automated antifraud toot is money well spent.
Carolyn Hardin-Levine is Director of Commercial Fraud Solutions for Experian. She may be reached at 216.774.1052, or by e-mail at firstname.lastname@example.org.