November 13, 2020

COVID-19 has caused disruption on a global scale, putting not only lives at risk, but also impacting livelihoods as the lockdown environment fuels a shift in how consumers buy goods and services. As unemployment soars and economies start to rebuild, there has been efforts from the UK Government to help its citizens ‘bounce back’ from the effects of the pandemic.

Fraudsters, however, have seen opportunity in this lifeline from the government. In this blog, Tom Garner shares insights on why fraudsters are targeting these schemes, how they are bypassing security defenses and how a Consortia can help detect this kind of fraudulent activity.

Bounce Back Loan scheme – What is it?

In response to the COVID-19 pandemic and the resulting impact on revenue and cashflow for many businesses, the UK Government introduced a new scheme designed to provide businesses with access to finance.

The scheme seeks to provide financial support to small and medium size businesses across the UK. It’s been designed to keep businesses that are losing revenue running, by offering quick and easy access to funds via a group of accredited lenders.  

As part of the scheme, a company can apply for a six-year loan from £2,000 up to 25% of turnover (max £50,000), with the borrower not having to make any payments on the unsecured loans for the first 12 months. After this period, the borrower is then required to make 60 monthly payments, with early repayment allowed. The borrower remains liable for the debt whilst the scheme provides a full government backed guarantee to the accredited lenders.

Opportunity for fraudsters

At the start of August, over 1.1 million loans with a value of £34 billion have been approved for small businesses which had been established before 1st March 2020. 

The application itself is fairly straightforward in order to ensure financial aid is received by small businesses quickly. A short application form is required which checks the eligibility of the business – effectively self-certification – whilst relevant Anti-Money Laundering (AML) and Know Your Customer (KYC) checks are completed. For the majority, this quick and simple process has allowed the funds to be in their account within 48 hours –  providing the help they need to continue to run during the pandemic.

The value of the scheme is clearly evident, but with a simple application process in place, it is no surprise that this has provided an opportunity for fraudsters to take advantage of the UK Government scheme. As always when a new opportunity arises, fraudsters have been quick to react and have used various approaches to ensure they can try to maximize the funds they can fraudulently obtain. 

The majority of headlines have been reserved for those who have abused the scheme to use loans as deposits for ‘flashy’ cars or to invest in buy-to-let properties. However, there are more examples that have been identified in the industry, which highlight the need to combat the financial crime element of the scheme from a 1st party and 3rd party perspective. 

Dormant commercial accounts already controlled by fraud rings are being used to apply for loans, with funds then being dispersed through mule networks. Shell companies are being purchased with the companies incorporated before the 1st March cut off, therefore ensuring they can meet the criteria to apply for loans, again using mule networks already in place to receive and disperse the ill-gotten funds. There have also been reports of people being recruited to set up fake companies and bank accounts to ensure the successful laundering of money. 

From a 3rd party perspective, a social engineering approach is being used which manipulates a genuine account holder to complete an authorised push payment. The fraudster applies for the loan using a genuine company’s credentials, with the funds deposited into the unwitting company’s account. To gain access to these funds, the fraudster is then required to coerce the account holders to transfer the funds back out, on the basis that an accredited lender has incorrectly deposited the funds.

It takes a network to fight a network

As the cyber landscape continues to evolve and influence the global economy, new opportunities arise for organised fraudsters to target customers and businesses using sophisticated means. To combat these evolving threats, businesses must adapt and innovate to ensure strong controls and strategies are in place. A key strategy which can enable businesses in tackling these risks is via the sharing of information and coordinating action at an industry level. By creating a network that shares intelligence, an industry can effectively strengthen its controls.  

LexisNexis® ThreatMetrix® Consortium members already collectively share information related to confirmed fraud, with additional trust and context, which allows participating organisations to identify further high-risk patterns and behaviors, augmenting intelligence from the global LexisNexis® Digital Identity Network®. This provides the opportunity to build up a network view of fraudulent activity. 

The Bounce Back loan scheme has provided a perfect opportunity to use Consortium functionality to share information, allowing members to identify and protect against the misuse of the loan scheme by identifying the mule networks used. Where fraudsters have bypassed security defenses, the shared information enables members to strengthen their near real-time risk decisions using the LexisNexis® Dynamic Decision Platform to help protect against a new and emerging threat, leveraging the industry-level networks created.

Tom Garner

Tom Garner is responsible for working closely with clients to ensure they maximize the effectiveness and value that LexisNexis Risk Solutions offer. His role is to deliver a range of services post deployment, from strategic planning to ongoing solutions optimisation and tailoring the range of Fraud & Identity capabilities to a client’s business requirements and priorities whilst solving fraud problems across the fraud landscape.

Prior to joining LexisNexis Risk Solutions in 2018, Tom has over 10 years’ experience in banking including roles at Lloyds Bank, TSB and banking startups, holding a number of fraud related roles where he was responsible for managing digital fraud and security, application fraud and card fraud.