4.11 Fraud databases and device intelligence
What this layer does
Section titled “What this layer does”Detect identity fraud, application fraud, and recurring-actor patterns that single-data-source underwriting misses.
Signals and sources
Section titled “Signals and sources”Internal blacklist
Section titled “Internal blacklist”- Borrowers, PANs, mobiles, bank accounts, devices, emails, addresses that have defaulted, been involved in fraud, or hit confirmed flags.
- Built over time; first-party data.
- Critical that internal blacklist is segregated from analyst’s view (no informal sharing) and used in decisioning explicitly.
Bureau dedupe
Section titled “Bureau dedupe”- Bureau enquiries reveal whether the same PAN has been applied at multiple lenders recently; velocity signal.
Device fingerprinting
Section titled “Device fingerprinting”- Browser / mobile fingerprint identifies same device across applications.
- Flags: same device → multiple PANs; same device → multiple submissions; emulator detected; rooted device.
Vendor
Section titled “Vendor”- Bureau (
bureau.id), Lokyata (lokyata.com), TruValidate (TransUnion).
Phone / email intelligence
Section titled “Phone / email intelligence”- Phone number age, history of association, SIM-recency, mobile network.
- Email age, history, domain reputation.
Vendor
Section titled “Vendor”- TruValidate, Bureau, Whitepages, IPQS, Karza.
Litigation
Section titled “Litigation”- Court-case checks via vendor scraping or paid databases.
Vendor
Section titled “Vendor”- Probe42, Karza, Tofler.
GST cancellation / suspension
Section titled “GST cancellation / suspension”- Periodic monitoring via GSP.
MCA strike-off / under-process
Section titled “MCA strike-off / under-process”- Via MCA APIs (Karza / Probe42 / Tofler).
Wilful defaulter
Section titled “Wilful defaulter”- RBI maintains a list of wilful defaulters; CICs publish.
- CIC suit-filed / wilful-defaulter list — pull periodically.
Consortium feeds (industry-shared)
Section titled “Consortium feeds (industry-shared)”- Some industry bodies and vendors operate consortium fraud feeds where member lenders share known fraud actors.
- Hunter (RSA / Experian) used in some markets.
- Adoption in India growing but uneven.
Pricing
Section titled “Pricing”- Internal blacklist: free; storage cost only.
- Device fingerprint: per check
₹1 – ₹5. - Phone / email intel: per check
₹1 – ₹10. - Litigation: per check
₹50 – ₹200. - Consortium feeds: subscription / volume.
Implementation complexity
Section titled “Implementation complexity”- Internal blacklist: Build (small).
- Device fingerprint: Buy vendor SDK.
- Phone / email: Buy vendor API.
- Litigation: Buy at need; expensive per-check, so use selectively.
- Consortium: Buy subscription.
Compliance
Section titled “Compliance”- DPDP — fraud data is personal data; basis: legitimate interest / consent.
- Bureau — wilful-defaulter pulls per CICRA.
- Outsourcing MD — vendors governed.
Build vs buy
Section titled “Build vs buy”- Internal blacklist: Build (it’s your first-party data).
- Device fingerprint: Buy.
- Phone / email intel: Buy.
- Litigation: Buy at need.
- Consortium: Buy / join.
- Fraud-decision rules: Build (your scorecard).