Lessons from the largest fraud in a generation

The first charges against Payment Protection Program fraud were filed in May 2020 — barely a month after the Coronavirus Aid, Relief and Economic Security (CARES) Act was passed. The man in question was seeking over half a million dollars in fraudulent loans for businesses that did not exist or had long closed before COVID-19.

Since then, small and midsize business (SMB) lending fraud has increased by 8.3%. At least 100 individuals have been charged and no one, not even celebrities, have been spared. Some estimate that $80 billion was stolen in PPP fraud schemes, about 10% of the money disbursed via 21 million PPP loans. Experts say this may be the single largest fraud in our generation. How did this happen?

A survey by LexisNexis Risk Solutions found that COVID-19 accounts for 37% of the increased fraud and costs. The disease and the social measures instituted created a perfect storm, triggering an economic crisis and accelerating digitalization in the financial services industry. Small businesses were in desperate need for financing, and banks and credit unions opened their digital channels more widely to remote access. In the midst of desperate need and inadequate checks, security was bound to give.

Financial services fraud continues to grow rapidly. Banks with $10 billion or more in assets have seen the largest year-over-year increase at 32.6%, even though lending fraud made up just 6.1% of annual revenues in 2021. As a cost of doing business, it doesn’t account for the money spent on new technologies or additional labor to try to counter the fraud.

Fintechs and larger banks expect to increase investment in fraud detection and prevention. While banks prioritize growing fraud prevention staff and prevention initiatives, pivoting to multilayered, technology-based solutions may be increasingly necessary as lending fraud becomes more complex. Know Your Customer and anti-money laundering solutions offer advanced identity authentication and transaction verification, making compliance and regulatory adherence easier.

As with many technology adoptions, banks are hedging and fintechs are jumping on the bandwagon. The same LexisNexis survey revealed that 64% of fintechs and digital lenders increased specialized solutions spending between 2020 and 2021. Compared to banks, fintechs led in several categories across basic and advanced identity authentication and verification methods like two-factor authentication, email/phone risk and verification, geolocation and real-time transaction scoring.

Lenders can also turn to direct data access via APIs to bolster their anti-fraud mechanisms. Instead of submitting data manually or via PDF, potential borrowers can grant read access to their bank account and online accounting system via APIs. Having direct access to these systems and records where they live and operate makes it much harder for bad actors to misrepresent themselves or their financials.

Business accounting data can also indicate fraud or suspicious activity. If there’s a $1,000 invoice coming in from somebody whose typical billing is less than $100, that might suggest fraud. Right now, underwriters comb for this kind of fraud manually via banking portals, documents and emails. In lieu of a multi-step, stare-and-compare process, direct data connections can significantly reduce the workload and the strain on underwriters by cross-referencing and validating accounting data automatically.