Beyond Identity: The Multifaceted Nature of Application Fraud with Frank McKenna
Today I want to talk about application fraud detection and what it looks like when fraud at onboarding stops being a simple identity problem and starts becoming a much broader risk problem.
Because that is really the issue here.
A lot of teams are still treating application fraud like it begins and ends with identity verification.
It doesn’t.
In this episode of Fraudology, I welcome back Frank McKenna to talk through the sharp rise in application fraud targeting digital banking and lending.
We dig into research from Visa showing that financial institutions are seeing growing losses as criminals exploit digital platforms with identity theft, document forgery, bots, and increasingly convincing deepfake biometric fraud.
We also talk about why application fraud has surged so sharply, including data breach-driven application fraud, first-party application fraud, third-party application fraud, and the way digital lending environments make it easier to submit large volumes of fraudulent applications.
And this matters.
Because application fraud detection now depends on seeing much more than the identity claim sitting in front of you.
What you’ll hear in this episode
- Why application fraud detection has become a much bigger priority for digital banking and lending teams
- How synthetic identity application fraud, identity theft in lending, and bot-driven loan applications are driving losses
- What the rise in digital document forgery detection and deepfake biometric fraud means for onboarding risk
- Why layered fraud detection for onboarding matters more than relying on identity checks alone
- How credit washing fraud schemes reveal the broader creativity fraudsters bring to application abuse
You should listen to this episode if you
- Work in fraud, lending, onboarding, or fintech risk and need to improve application fraud detection
- Want a better understanding of digital banking application fraud and fraud prevention for digital lending
- Need insight into synthetic identity application fraud, first-party application fraud, and third-party application fraud
- Are reviewing document verification for lenders, KYC for application fraud prevention, or banking onboarding fraud controls
- Want practical context on bust-out fraud detection, credit washing fraud schemes, and account opening fraud detection
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
Application fraud detection has moved far beyond identity verification
Let me break this down.
One of the biggest mistakes teams still make is assuming that if the identity looks real, the application risk must be low.
That used to be survivable.
Not anymore.
Application fraud detection now has to account for a much wider set of signals because fraudsters have become very good at making the identity layer appear clean enough to pass.
Frank and I talk through why identity theft in lending is only one part of the picture.
Synthetic identity application fraud, first-party application fraud, and third-party application fraud all introduce different types of risk.
Some applicants are using stolen identities.
Some are using manipulated identities.
Some are using their real identity with no intention of repaying the loan.
Different mechanics. Same financial damage.
That is why fraud signals beyond identity verification are so important.
If teams only ask whether the identity is real, they miss the much more important question.
What behavior, intent, and surrounding signals exist around that identity?
- Application fraud detection must evaluate more than whether an identity appears legitimate
- First-party application fraud and third-party application fraud require different detection strategies
- Synthetic identity application fraud blends real and fake elements to appear legitimate
- Layered fraud detection for onboarding begins by recognizing identity is only one part of the story
Digital lending has made scale easier for fraudsters
Digital lending is obviously more convenient for legitimate applicants.
But it is also more convenient for criminals.
Once application flows move online, fraudsters can automate, test, and repeat abuse at scale in ways that were much harder in traditional branch-driven systems.
Frank highlights research showing that roughly one in fifteen digital loan applications is now fraudulent.
That is dramatically higher than typical transaction fraud rates.
That gap tells us something important.
The application stage has become one of the primary pressure points in fraud.
Bot-driven loan applications, data breach-driven application fraud, and mass submissions using stolen identity data are all easier to execute in digital-first onboarding systems.
- Digital banking application fraud grows when onboarding prioritizes speed without layered controls
- Bot-driven loan applications allow criminals to scale testing and exploitation
- Data breach-driven application fraud provides the raw identity data needed for mass submissions
- Fraud prevention for digital lending depends on controlling both speed and exposure at onboarding
Documents and biometrics are under increasing pressure
Another major theme we discuss is the growing abuse of documents and biometric verification.
Frank and I talk about a 244 percent surge in digital document forgeries and a 40 percent increase in deepfake biometric fraud attempts.
That is a serious problem.
At first glance, document verification and selfie checks appear to be strong controls.
And sometimes they are.
But as fraud tactics evolve, these controls can become easier to manipulate than teams expect.
Digital document forgery detection and deepfake biometric fraud are no longer fringe threats. They are active pressure points in application fraud.
This is where layered defense becomes essential.
If a bank or lender relies too heavily on a single signal, fraudsters only need to defeat that one control.
- Digital document forgery detection is increasingly important as forgeries become more scalable
- Deepfake biometric fraud puts pressure on selfie verification and remote identity checks
- Document verification for lenders should be paired with behavioral and device analysis
- KYC for application fraud prevention works best when no single control carries the entire burden
First-party fraud and credit washing complicate detection
Another important point we cover is first-party application fraud.
This is often underweighted in many fraud programs.
Not every fraudulent application involves a fake identity.
Sometimes the identity is real, the documents are real, and the applicant understands the process perfectly.
The problem is intent.
First-party application fraud occurs when a legitimate individual applies for credit without intending to repay.
Traditional identity controls may not detect that behavior because the identity itself is valid.
We also talk about credit washing fraud schemes.
These involve exploiting consumer protection laws intended to help victims of human trafficking by removing negative credit history.
Unfortunately, some fraudsters are manipulating those protections to reset their credit profiles and apply for new loans.
- First-party application fraud can bypass controls designed for stolen identities
- Bust-out fraud detection becomes important when accounts are opened with future abuse planned
- Credit washing fraud schemes demonstrate how policy protections can be exploited
- Fintech application risk management must evaluate both identity risk and intent risk
Layered onboarding controls are now the baseline
The bigger lesson from this conversation is clear.
Application fraud detection cannot rely on a single signal anymore.
Not identity alone.
Not documents alone.
Not biometrics alone.
Effective onboarding now requires layered fraud detection that evaluates multiple signals together.
Identity, documents, device signals, behavioral patterns, application velocity, funding sources, and historical data all contribute to the full risk picture.
Account opening fraud detection should be treated as a strategic control point, not just a compliance step.
Fraudsters have already moved beyond simple identity abuse.
Fraud detection has to move beyond identity-only thinking as well.
- Layered fraud detection for onboarding should combine identity, behavior, device, and application context
- Banking onboarding fraud controls must reflect how modern application fraud actually works
- Account opening fraud detection is a strategic fraud control, not just an operational task
- Application fraud detection improves when teams evaluate the entire context of an application
Final thoughts
The bigger theme in this episode is that application fraud is multifaceted.
The incentives are high.
The tools are better.
And the digital environment makes scale easy.
Frank McKenna explains why banks and lenders are under increasing pressure and why application fraud detection has to evolve beyond identity-only thinking.
For fraud teams, that means asking harder questions during onboarding, building layered controls, and treating application abuse as one of the most critical risk fronts in digital financial services today.
