Fraud Attack Guidance – Alloy

What to do if you’re under a fraud attack!

I have a CSM

If you received an email that you are under a fraud attack, you can expect your CSM to reach out with an analysis outlining:

Why the alert was triggered
1. The leading Indicators behind the fraud attack (e.g. IP fraud ring)
Contributing Entities
1. Entities with shared attributes that contributed to the attack (e.g. these 15 distinct entities shared the same IP address)
2. Which shared attributes appeared in conjunction with each other (e.g. these 30 entities had the same IP address and phone number)
Near-term and short-term recommendations
1. Immediate recommendations to stop the bleed e.g. routing applicants through DocV or temporarily tightening IEV on the leading indicator (e.g. in the above example we’d tighten IEV on IP velocity).
  1. Reroute to your safety Journey/Workflow if you have it set up already!
2. Long-term policy recommendations to prevent this type of attack from impacting your FI in the future

While you wait for your CSM to reach out, you can navigate to the Alloy dashboard > Workflow Analytics tab to:

View the leading Indicators of the fraud attack
Filter the Application Queue by the fraud attack timeframe to see which entities came in during that period
Check to make sure you’re decisioning on IEV! This is the lowest hanging fruit for stopping PII velocity based fraud attacks (most common)

You can navigate to the Alloy dashboard to:

Understand why the alert was triggered
1. Navigate to the Workflow Analytics tab
2. View the leading Indicators of the fraud attack, shown in order from highest to lowest
Contributing entities
1. Filter the Application Queue by the fraud attack timeframe + leading indicators to see which entities came in during that period
Check to make sure you’re decisioning on IEV! This is the lowest hanging fruit for stopping PII velocity based fraud attacks (most common)
1. If you’re not, here’s how we recommend setting up IEV

Related to