Financial lender cuts third-party fraud by more than 80% with layered detection
SAS helps identify fraud trends in real time while reducing false positives.
Millions of dollars saved
Axcess Financial uses SAS® Identity 360 on Microsoft Azure to dramatically reduce fraud losses and boost customer satisfaction
Life can change in an instant. Maybe your car breaks down while you’re driving to work. Maybe your child suddenly becomes sick and needs medical treatment. Maybe you started a new job and you’re waiting for your first paycheck to arrive – but rent and utility bills are due now. For all those maybes – and many more – people can turn to payday loan providers to make ends meet.
That’s precisely what Axcess Financial does. For more than 25 years, Axcess Financial and its affiliates have helped people from all walks of life obtain the money they need when they need it. Today it operates 1,000 retail stores and has a growing online presence.
While the majority of people who request loans do so legitimately, not all applicants have good intentions. As business grew, so did the number of fraudulent applications, resulting in substantial monetary losses. Axcess Financial needed a better way to detect and adapt to new identity fraud trends in real time. That’s where SAS came into play. After all, life can be unpredictable – but fraud shouldn’t be.
Speed, accuracy and the ability to detect new attacks quickly are essential for being effective in the digital space. SAS gives us the ability to do that. Rick Cooney Fraud Director Axcess Financial
The many faces of fraud
With 50 million loans on the books, Axcess Financial and its affiliates had traditional fraud detection measures in place. But its legacy system wasn’t designed to handle today’s sophisticated and coordinated attacks. The company relied on a single detection method to generate alerts.
The key challenge in this approach is that once criminals learn the system, they can exploit it. “A lot of fraudsters can reverse-engineer fraud processes,” says Rick Cooney, Fraud Director at Axcess Financial. “And if they figure it out, they’ll come in below your score every time.”
According to Cooney, there are three types of common fraud at financial institutions:
- Third-party fraud – also known as identity theft – when someone uses your identity to take out a loan in your name.
- First-party fraud – when a criminal manipulates his personal information to create multiple identities for himself.
- Synthetic fraud – when someone creates a wholly fictitious identity for the purpose of committing fraud.
“In each case, criminals are trying to borrow money they’ll never pay back,” Cooney says. “Identity theft gets the most headlines, but the riskiest of the three is first-party fraud, followed closely by synthetic because they're very much alike.”
Layered fraud detection
Before partnering with SAS, Axcess Financial and its affiliates received several thousand fraudulent applications a month. Distinguishing bogus applications from honest ones became a top priority for the company.
“When I looked at the problem, I realized very quickly it isn’t detecting fraud, it’s establishing a person’s identity,” Cooney explains. “When you can identify the applicant and apply the appropriate level of friction in the application process, you shouldn’t have identity theft.”
After evaluating solutions from several fraud technology vendors, Axcess Financial chose SAS Identity 360, the first in SAS’ identity analytics solutions line. The cloud-based software-as-a-service (SaaS) offering enables organizations to bring together multiple authentication data providers for rapid, centralized authentication of digital users.
With the SAS solution in place, Cooney and his team immediately began segmenting transactions to determine whether someone is committing first-party, third-party or synthetic fraud. By pinpointing what type of fraud is occurring, they could mount the appropriate defenses.
Then came orchestrating a layered approach to fraud detection. No longer was Axcess Financial stuck with a single detection method. By aggregating data from seven different sources using analytics from SAS, the company can now quickly weed out fraudsters using various methods such as KYC screenings, negative files, fraud rules, behavioral biometrics, device printing and anomaly detection via machine learning. As results are fed into the system, accuracy increases.
Cooney likens the layered approach to human senses. “We have sight, smell, hearing, taste and touch – all to evaluate the world around us. Similarly, an effective fraud system must take in all the data to determine who you are from a digital standpoint.”
Axcess Financial– Facts & Figures
A dramatic drop in losses
Within just a few months of implementation, fraud losses dropped dramatically.
“As of right now, we've identified and dealt with about 70% of our fraud problem in that we've gotten better at synthetics and first-party fraud, and we've virtually eliminated third-party fraud,” Cooney says. “With SAS, we’ve slashed third-party fraud by 80%.”
Justin Butterfield, Fraud Identity Process Manager at Axcess Financial, offered the following before-and-after example:
“Prior to SAS, we identified a group of people applying for loans using the same name. They sent us 55 different applications over two weeks with bogus Social Security numbers and various addresses – all in the same state – using one of four different bank accounts. They managed to reset their device ID fingerprints, so they were always coming in on new devices that we hadn’t identified before. We had to detect these fraudulent applications by manually checking our system every few hours.”
This process was cumbersome and time-consuming. And once Axcess Financial identified fraud, it became a game of cat and mouse, with the fraudsters modifying their tactics to go undetected to secure other loans. But all that was about to change.
“The minute our SAS fraud solution went live, the attackers failed every single time,” Butterfield says. “They never got an additional loan from us. Their hit rate went from 30% to 0%.”
Improving the customer experience
Axcess Financial also reduced friction in the application process. Previously, a number of good customers were being inconvenienced by a slow authentication process and false positives. By using SAS to identify users, Axcess Financial allows legitimate customers to glide through the application process. False positives have dropped off, and 10% of loan seekers don’t need to authenticate at all.
“In our business, we rely on repeat business,” says Butterfield. “It's not just one customer, one transaction. That’s the reason why we built our fraud platform this way. We don’t want to decline good customers – we want them to count on us when they need us.”
The whole process is also much faster. By running the SAS solution on Microsoft Azure, Axcess Financial can process loan applications – and apply the necessary fraud screenings – in under three seconds. These real-time decisions lead to a great user experience for customers who need loans quickly.
Similarly, internal agents can quickly investigate claims of identity fraud in five minutes, which previously took several hours. “By using SAS to see how users authenticate, we can determine if someone is attempting credit cleanup or debt avoidance versus having their identity stolen,” Butterfield says. “This turns out to be the case in about 70% of claims.”
Building the future of fraud defense
SAS Identity 360 allows for easy layering of technology via APIs. “This allows us to adapt to new technologies quickly,” Cooney says. “If someone builds a better mouse trap, I can test it and implement it in 30 days as opposed to one year. That level of speed and control is critical.
“And that’s why Axcess Financial wanted a platform to support the whole analytical life cycle. Speed, accuracy and the ability to detect new attacks quickly are essential for being effective in the digital space. SAS gives us the ability to do that.”
Les résultats présentés dans cet article sont spécifiques à des situations, problématiques métiers et données particulières, et aux environnements informatiques décrits. L'expérience de chaque client SAS est unique et dépend de variables commerciales et techniques propres, de ce fait les déclarations ci-dessus doivent être considérées dans un contexte. Les gains, résultats et performances peuvent varier selon les configurations et conditions de chaque client. SAS ne garantit ni ne déclare que chaque client obtiendra des résultats similaires. Les seules garanties relatives aux produits et services de SAS sont celles qui sont expressément stipulées dans les garanties contractuelles figurant dans l’accord écrit conclu avec SAS pour ces produits et services. Aucune information contenue dans le présent document ne peut être interprétée comme constituant une garantie supplémentaire. Les clients ont partagé leurs succès avec SAS dans le cadre d’un accord contractuel ou à la suite de la mise en œuvre réussie du progiciel SAS. Les noms de marques et de produits sont des marques déposées de leurs sociétés respectives.