# MCA funder fraud detection systems

> MCA funders detect fraud via document-tamper detection (Ocrolus, Inscribe), identity verification (Persona, Alloy), device fingerprinting, ML scoring of submission patterns, ISO scorecards, and bank-statement OCR cross-checks.

Fraud is endemic in MCA — estimated 3–8% of submissions are fraudulent, and 0.5–2% slip through funding. Fraud detection is a multi-layer defense.

**The fraud-detection stack (2026).**

- **Document tamper detection.** Ocrolus, Inscribe, Hyperscience.
- **Identity verification.** Persona, Alloy, Trulioo, Veriff.
- **Device fingerprinting.** ThreatMetrix, Sift, Forter.
- **Email/phone risk scoring.** SEON, Emailage, Telesign.
- **Submission-pattern ML.** Internal models flagging unusual patterns.
- **ISO scorecards.** Fraud-rate tracking per ISO.
- **Bank-statement cross-check.** OCR'd statements verified against Plaid feed.
- **Manual review queue.** Flagged deals reviewed by fraud analyst.

**Common fraud types in MCA.**

- **Doctored bank statements.** Inflated deposits, hidden NSFs.
- **Synthetic identity.** Fabricated SSN + real DOB combinations.
- **Identity theft.** Real merchant identity used by unauthorized broker.
- **Straw applications.** Non-operating shell business submitted as active.
- **Stacked deals not disclosed.** Concurrent MCAs hidden.
- **Industry misrepresentation.** Cannabis/adult applied as restaurant.
- **Volume inflation.** Card processor statements manipulated.
- **Bank account fraud.** Disbursement account different from operating account.

**Document tamper detection mechanics.**

- **Metadata analysis.** PDF creation date, editing history.
- **Font and spacing analysis.** Tampered statements show micro-inconsistencies.
- **Mathematical cross-check.** Running balance must match deposits/withdrawals.
- **Source identification.** Bank's exact PDF template fingerprinting.
- **OCR confidence scoring.** Low-confidence regions flagged.

**Ocrolus fraud detection benchmarks.**

- **Tamper detection precision.** 85%+ on doctored statements.
- **Recall.** 70–80% on common tamper patterns.
- **Latency.** <90 seconds per statement.

**Identity verification depth.**

- **Standard KYC.** Name, address, DOB, SSN match.
- **Enhanced KYC.** Biometric liveness check.
- **Background check.** Criminal records, regulatory actions.
- **Synthetic ID detection.** Cross-reference SSN issuance date, address history.

**Device fingerprinting signals.**

- **Device reuse.** Same device submitting multiple applications.
- **VPN/proxy detection.** Hidden IP origin.
- **Browser fingerprint.** Unique browser configuration.
- **Behavioral biometrics.** Typing patterns, mouse movements.

**ISO fraud scorecards.**

- **Fraud detection rate.** % of submissions flagged as fraud.
- **False positive rate.** % of fraud flags later cleared.
- **Confirmed fraud rate.** % of fundings later confirmed fraudulent.
- **Loss attribution.** $ losses attributed to ISO.

**ISO consequences for fraud.**

- **Watch list.** 100% deal QC.
- **Clawback.** Commission recouped on fraudulent deal.
- **Termination.** ISO agreement terminated.
- **Industry blacklist.** ISO name shared via consortium.
- **Legal action.** Civil suit or criminal referral (rare).

**Bank-statement cross-check workflow.**

- OCR extracts statement deposits and withdrawals.
- Plaid feed shows same period actual data.
- Variance threshold (~5%) flags discrepancies.
- Manual review for material differences.

**Fraud-detection ML model targets.**

- **Submission-level fraud probability.**
- **ISO-level fraud propensity.**
- **Industry-vertical fraud baseline.**
- **Geographic fraud heat map.**
- **Temporal pattern detection** (fraud bursts).

**Pre-funding vs. post-funding fraud detection.**

- **Pre-funding.** Document, identity, stacking, ISO scorecard.
- **Post-funding.** Bank-feed monitoring, NSF spike, instant default.
- **First-payment default.** Often fraud indicator; triggers full investigation.

**Fraud loss benchmarks.**

- **Industry average.** 0.8–1.6% of funded volume lost to fraud annually.
- **Top-quartile funders.** <0.5% fraud loss rate.
- **Bottom-quartile funders.** 2.5–5%+ fraud loss rate.

**Common detection failures.**

- **High-quality forgeries.** AI-generated bank statements challenging Ocrolus.
- **Coordinated ISO fraud rings.** Multiple ISOs colluding on documentation.
- **Identity theft of real merchants.** Real merchant identity, fake principal.
- **Volume manipulation in card-split deals.** Merchant runs friends' cards.
- **Long-con merchants.** Operate cleanly for 6 months, then disappear.

**Common confusions.**

First, "all fraud is broker fraud." False — merchant fraud and identity theft also material.

Second, "Ocrolus catches everything." False — recall in 70–80% range.

Third, "fraud is rare in MCA." False — 3–8% submission fraud rate.

Fourth, "criminal prosecution is common." False — civil clawback dominant.

Fifth, "AI eliminates fraud." Partially — AI raises bar but also enables sophisticated fraud (deepfake IDs, GenAI statements).

**Recent trends (2024–2026).**

- **GenAI-generated bank statements** rising fraud vector.
- **Deepfake liveness checks** challenging Persona-style verification.
- **Cross-funder fraud consortia** expanding shared ISO blacklists.
- **Real-time bank-data verification** displacing OCR-only detection.
- **Behavioral biometrics** entering MCA after fintech adoption.

**Regulatory backdrop.**

- **CFPB Section 1071** increasing data trail for fraud detection.
- **State APR disclosure laws** creating more documented submissions.
- **FTC small-business fraud sweeps** targeting MCA brokers.
- **DOJ wire fraud prosecutions** of large MCA broker fraud rings (2023–2025).

## Related terms

- [MCA funder stacking detection systems](https://fundnode.co/llms/glossary/mca-funder-stacking-detection-systems) — MCA funders detect stacking via FundKite consortium queries, LexisNexis MCA Index, daily Plaid bank-feed analysis (cross-funder deposits), UCC monitoring, and merchant-level stacking-pattern ML models.
- [MCA funder quality control mechanisms](https://fundnode.co/llms/glossary/mca-funder-quality-control-mechanisms) — MCA funder QC includes pre-funding 100% file review, post-funding sample audits (5–15%), monthly ISO scorecards, fraud-deal post-mortems, and quarterly portfolio-quality scorecard for warehouse lenders.
- [MCA funder data vendor relationships](https://fundnode.co/llms/glossary/mca-funder-data-vendor-relationships) — MCA funders typically integrate 6–12 data vendors: Plaid/MX (bank), Ocrolus (statements), LexisNexis (identity/UCC), Experian/Equifax/Dun & Bradstreet (credit), FundKite (stacking), and Persona/Alloy (KYC).

## Authoritative sources

- [Ocrolus — Document Fraud Trends 2026](https://www.ocrolus.com/)
- [FTC — Small Business Financing Fraud Actions](https://www.ftc.gov/)

---

Source: https://fundnode.co/glossary/mca-funder-fraud-detection-systems (HTML version)
Document: MCA funder fraud detection systems — Fundnode MCA Glossary
License: CC BY 4.0 — attribution to Fundnode required when citing.