Skip to main content
All CollectionsApplications
AI Fraudulent App Detection
AI Fraudulent App Detection
Michael Stephenson avatar
Written by Michael Stephenson
Updated over a month ago

AI Fraudulent App Detection is available as a free preview for all institutions on our Engage package until May 1, 2025.

Overview

The AI Fraudulent App Detection feature, powered by BoltAI , identifies and flags potentially fraudulent applications by analyzing multiple risk factors. Using an advanced AI engine, BoltAI evaluates indicators such as submission timing, email validity, IP address behavior, and more to assign each application an overall risk assessment.

Key Features + Considerations:

  • Powered by BoltAI: Utilizes an LLM-based reasoning engine that analyzes behaviors, patterns, and data points to flag applications and provides in-depth reasoning.

  • Flagging System: Each application meeting fraud detection criteria (detailed below) is flagged at least as “low risk.” These flags are available for human review, allowing you to confirm or dismiss the flag manually.

  • Three Risk Categories: Risk is classified into three levels—low, medium, and high.

  • Permissions for Access:

    • View Application Fraud Status: Allows users to see the flag and its reasoning.

    • Update Application Fraud Status: Allows users to mark applications as fraudulent or legitimate.

  • Segment and Filter Capabilities: Filter flagged applications in the Decisions and People modules for focused review.


Which Applications Are Evaluated for Fraud?

  • Element451 Applications: Fraud detection runs immediately after a decision is created.

  • Imported Applications: Fraud detection applies in these cases:

    • Submission via Workflows + Rules: If a decision is created using the “Register Application in Decisions” action.

    • Login and Submit: If an applicant logs into the application site to submit.

If essential data (like IP address or submission time) is missing from an imported application, those specific items will not be evaluated. For example, submission timing won’t be assessed without submission time data.


Fraud Detection Factors

BoltAI evaluates fraud risk by analyzing multiple indicators, ensuring no single factor disproportionately affects the fraud score. Here are the key factors assessed:

Expand each section to read more about the specific factors within each category.

Timing

  • Time to Submit: A very short time to complete the application might indicate the use of automated tools or bots.

  • Local Submission Time: Submitting an application in the middle of the night, based on the applicant’s local time, could signal unusual behavior.

Duplicate Applications

  • Number of Duplicate Users: Multiple similar accounts suggest that someone may be trying to bypass the system.

  • Applications from Duplicates: If many applications are submitted by these duplicates, it can indicate coordinated fraudulent activity.

Email Address Analysis

  • Validity Score: A scoring system rates how likely the email address is to be invalid, from 0 (low risk) to 100 (high risk).

  • Email Status: We classify emails as valid, risky, or invalid.

  • Disposable Emails: Temporary or throwaway emails are often used for fraudulent purposes.

  • Bounces: We verify whether emails to this address have bounced in the past, signaling a fake or inactive email.

  • Blocked Access: If the email address is linked to suspicious activity, it will be flagged here.

IP Address Analysis

  • Other IP Addresses Used: We track multiple IPs associated with the same user, which can suggest location masking.

  • Shared IPs: Multiple users applying from the same IP can indicate coordinated activity.

  • IP Risk Score: An external service assigns a risk score from 0.01 (low risk) to 99 (high risk) to assess the IP’s credibility.

  • VPN Detection: We check whether the applicant is using a VPN, which can mask their true location.

  • Location Consistency: We compare the IP address to the applicant’s provided home address. A large discrepancy could indicate fraud.

Location Analysis

  • Distance from Home: We analyze the distance between the applicant’s IP address and their stated home address.

  • Distance from School: We also compare the distance between the IP address and the location of the school they’re applying to. Large distances or mismatches could signal fraudulent intent.

Phone Number Analysis

  • Phone Validity: We check if the provided phone number is valid and active.

  • Line Type: Identifies whether the phone is a mobile, landline, or VoIP. Internet-based numbers are sometimes used for fraudulent activities.

  • Carrier and Risk Assessment: The phone’s carrier is assessed for risk levels, as some carriers are more prone to fraudulent activity.

  • Identity Match: We compare the phone number with the applicant’s name and address. A low match score can suggest the number doesn’t belong to the applicant.


Reviewing + Resolving Fraud Flags

All evaluated applications include a fraud flag category: low risk (green), medium risk (yellow), and high risk (red). These flags require human review, allowing you to confirm or dismiss the flag manually. We encourage you to use the resolution feature to mark applications as legitimate or fraudulent, helping to improve the accuracy of the AI-powered tool.

Accessing the Flag

  • All Decisions List (Medium + High Risk): On the All Decisions page/list, an icon to the right of the applicant's name denotes if the application was flagged with medium or high risk. Low-risk applications are not denoted in this view.

  • Decision Header:

    • Chip (All Risks): When viewing an individual decision, a color-coded chip is under the score, indicating whether the application fraud risk is low (gray), medium (orange), or high (red).

    • Banner (Medium + High Risk): In addition to the chip, a banner is displayed under the header for medium and high-risk flags to increase visibility.

Reviewing Flag Reasoning + Resolving Flags

Each flag contains a detailed reasoning for the category that was assigned to it. This reasoning breaks down the factors contributing to the risk, helping you understand why the application was flagged and whether it warrants further investigation.

To review and resolve flags:

  1. Click on the chip in the header (or the banner if it's a medium or high-risk flag).

  2. The Fraud Detection side sheet will open, where you can review the reasoning.

  3. After your review, if you determine:

    • the application is fraudulent, select "Mark as Fraudulent."

    • the application is legitimate, select "Mark as Legitimate."


Filtering + Segmenting by Fraud Flags

To make reviewing flagged applications easier, you can use filtering:

  • Decisions Module: In the Decisions module (Applications > Decisions > All Decisions), you can filter applications based on the fraud flag to quickly see which ones may require attention.

  • People Module: In the People module, you can use Decision Filters to isolate applicants with certain fraud risk levels, helping you focus on specific subsets of applicants.

You can also leverage the Import + Export module to export fraud flag data and the reasoning behind the flags. This allows you to review the data offline or share it with your team for further analysis.

Did this answer your question?