Understanding & Detecting Sleeper Fraud

Understanding & Detecting Sleeper Fraud

The analysis of fraud trends during 2007 by CIFAS, the UK's Fraud Prevention Service, reveals an escalation in most types of fraud - 185,003 cases were identified by the organisation during the year, up from 171,488 in 2006 . No-one in the credit industry can deny what a huge problem fraud poses for the UK and for the credit industry in particular.

So it's vital the industry uses the tools it has at its disposal to combat fraud as effectively as possible. One tool that can complement the efforts of lenders is Callcredit's GeoFraud, a statistical model in which each postcode is given an index which points to the likelihood of fraud occurring in that area. It can even aid the detection of some of the most difficult types of fraud, including "sleeper fraud", which the rest of this article will discuss.

With no precise legal definition of fraud existing within the UK, attempting to define sleeper fraud is even more problematic. Driven mainly by organized criminal gangs with a desire to defraud financial institutions, the 'sleeper' is prepared to play the waiting game before gaining their financial windfall.

Exact statistics to quantify this problem within the UK are hard to come by but if we look to the US, a $2trillion problem for the banking industry was estimated for 2005. Estimates within the UK are that over £1.3billion of the total bad debt charge for the UK retail lending sector is in reality fraud, of which a significant of that due to sleeper activity.


With many banking credit systems set up to reward good behaviour, the 'sleeper' takes advantage of these highly automated processes by mimicking the actions of a low risk customer. Current accounts are opened at an early stage of the sleeping cycle and are operated in a normal manner for a number of months - regular payments are made, transactions take place in the normal manner and the customer remains up to date with their account. During this time, traditional behavioural scoring systems running on a monthly basis assess this performance via statistical models and strategies. Scores increase to recognize the performance of the customer, leading to limit increases on current accounts and credit cards, pre-approved mailings for loans and preferential customer processing. After all, these customers are seen as low risk.

In some cases, sleepers will operate alone but the majority will work within a sophisticated network, more than likely across a number of lenders all co-ordinated to a point in time known as 'bust out'. This is the point when the fraudster and indeed the whole syndicate will gain their financial reward. Limits on revolving facilities are maximized, cheques are cashed and large unsecured loans are taken immediately prior to the event. The first thing a lender knows about this is when payments are missed and the 'customer' is no longer contactable at which point the sleeper has long gone. Losses in each individual customer case are often over the £50k mark.


In order to understand how this type of fraud can be detected, it is important to understand the detail around how the data is built up as the sleeper operates.

Imagine the following scenario whereby Mr A applies for a current account at address A with Bank A while Mr B applies for a credit card at address B with Bank B. At this stage there is no 'link' between the two people.

Moving forward a couple of months however and both apply for a personal loan with Banks C & D and use the same work phone number. Again, nothing too suspect at this stage about two people from the same company applying for a loan.

Roll forward another three months however and another link is created when they both apply for another current account, both at different addresses but with the same home phone number. Rolling this forward over a number of months and indeed years then more links are built between the two that would not be picked up by traditional fraud systems. As more 'sleepers' join the network and each individual increases their own product holdings then the total exposure increases to one of significant size.

However the perfect crime is difficult to execute and it is these data trails that allow solutions to be built to detect this kind of fraud. Companies such as Detica have based their solutions on the theory of social networks and they use the credit data from across the customer lifecycle. Information from credit applications including names, addresses, dates of birth, phone numbers and email addresses are amalgamated with account data and transactional histories to build up a series of links between individuals. Links occur naturally as people move addresses and legitimate financial links are obviously created (e.g. joint accounts) but with this kind of fraudulent activity, non-normal links and networks are created. By combining the information from statistical models such as GeoFraud with the analysis of these vast amounts of complex data, the power of the information allows fraud investigators to easily interact with underlying data and apply their own understanding.

Armed with this powerful analytical capability, investigation teams can then act quickly to shut down fraud rings earlier in their lifecycle and indeed more efficiently through lower false-positive rates. It is also possible to automatically spot sleeper networks as they grow, using a real time application checking module lenders can prevent the accounts being opened and block credit.

In summary, sleeper fraud is a continuously evolving problem for the financial services industry and highlights some of the disadvantages of automated credit systems. The industry is beginning to tackle these problems however and the power of credit data and analysis tools underpins these efforts.