Fake Online Lenders and A New Check Fraud Scheme

Even old forms of payments get new forms of fraud.
It starts with a person signing up to receive a payday loan from an online vendor. Little does that person know, the site is a front for a criminal. The “online payday lender” tells the applicant that, in order to receive their loan, they must demonstrate “good faith”. The person seeking the loan is instructed to enroll in online banking at their financial institution. Typically the person’s bank account does not have much activity, was recently activated, or has an extremely low balance.
To demonstrate their good faith, the customer gives the payday vendor their online banking login information. The payday loan company then enrolls the customer in mobile banking and deposits checks through the customer’s account. The customer is instructed to go to the bank, withdraw the funds and send the money back to the payday loan company through an alternative system, such as Western Union.
By demonstrating this “ability to pay” the customer will then supposedly receive their payday loan. No big surprise but the deposited checks are fraudulent, the money is gone, and the victimized account holder has zero ability to repay as they are waiting to receive their payday loan.
Initially the amount of the checks has been right below either the $500 mark or the $1,000 mark, as those are typically review levels for mobile deposits. In some cases the fraudster was able to deposit two checks in the amount of $2,450 each, and even attempted a third one in the same amount, although the third one was denied because it exceeded the daily limit for mobile deposits.
Some approaches to detecting this scheme:

  • Monitor the IP address used to access online banking for unusual activity. In one case, the FI noted 28 logins in a 24-hour period from 4 different IP addresses
  • Monitor mobile deposits for unusual frequency, amounts, device, speed of registration to deposit usage
  • Review the endorsement used on  the check deposited. In these attacks, the endorsement is usually abnormally correct – there is a full name endorsement (usually including middle names), the endorsement is not a signature but a printed name, there’s a full account number, and it includes the verbiage “for mobile deposit only.”  The typical (legitimate) account holder does not provide such a textbook endorsement.