In this case study, we explore a Mexico digital lender that faced organized fraud rings & how TrustDecision helped combat interconnected fraud schemes and saved 1 million financial loss.
March 18, 2025
6 minutes
Yuqi Chen, Elaine Cheong
Fraudsters operate by impersonating legitimate users and presenting misleading information to deceive decisioning systems. Simply analyzing this data without verifying its authenticity is a waste of effort.
Digital lending in Mexico has undergone significant transformation over the past decade, driven by technological advancements, increasing internet penetration, and a growing demand for accessible financial services. The first major boom in digital lending occurred around 2015-2017, when fintech startups began to fill the gap left by traditional banks, particularly for underserved populations. According to the International Trade Administration, the sector saw rapid growth, with over 650 fintech companies operating in the country, making Mexico the third-largest fintech market in Latin America after Brazil and Colombia.
One unique characteristic of Mexico's digital lending market is the prevalence of short-term loans, with repayment periods typically ranging from two weeks to one month. This trend is largely driven by the needs of borrowers who require quick access to cash for emergencies or immediate expenses, as well as the relatively lower risk appetite of lenders in a market with high levels of informality and credit uncertainty.
In this dynamic landscape, one digital lending company has adopted a dual-brand strategy to cater to diverse customer segments while maintaining operational efficiency. The company operates two distinct lending platforms, each tailored to meet specific market needs:
Focused on quick, small-ticket loans with repayment periods of up to two weeks. This platform targets borrowers in urgent need of cash for emergencies, offering a streamlined application process and rapid disbursement.
Designed for slightly larger loans with repayment terms of up to one month. This platform appeals to borrowers with more stable income streams who require funds for short-term projects or expenses.
However, the dual-brand strategy, while effective in capturing market share, also complicates fraud management. The company faced significant challenges, particularly in combating loan application fraud — fraudsters often target both platforms simultaneously, exploiting similarities in their systems. This interconnected risk highlights the need for a thorough risk investigation and a unified approach to fraud prevention.
In this case study, we’ll explore how TrustDecision empowers this company to untangle the interconnected fraud risks across its dual platforms, paving the way for sustainable and healthy business growth.
Through our risk analysis, we identified a clear and recurring pattern of fraud ring activity targeting both lending platforms. These organized fraud networks operate systematically, exploiting gaps in identity verification, loan approval processes, and cross-platform risk assessments to extract funds at scale. Their ability to manipulate borrower profiles, devices, and application patterns presents a major challenge for this digital lender.
To execute fraud at scale, fraudsters rely on devices to facilitate their operations. Instead of purchasing multiple devices, they often manipulate device attributes to make a limited number of devices appear unique—an approach that is both cost-effective and harder to detect.
Through our investigation, we found that fraud rings deploy malicious malware like VPNs, device emulators, and automation tools that manipulate borrower signals to disguise fraudulent intent. We identified patterns of s such as frequent IP switching, multi-operating systems, altered system parameters, and missed SIM card, etc., all indicators of fraudsters attempting to evade standard risk controls.
With the necessary tools in place, the next step is to generate new identities to gain access to the platform.
Rather than acting alone, fraudsters operate as part of structured networks, leveraging shared resources such as phone numbers, email addresses, and devices to scale their operations.
Fraud rings rely on synthetic identities, stolen credentials, and shared infrastructure to orchestrate large-scale fraud. By cycling through multiple identities linked to the same devices, they bypass detection mechanisms designed to identify individual fraud attempts. Our analysis uncovered clusters of accounts exhibiting synchronized activity, where minor variations in personal details—such as slightly modified email addresses or recycled phone numbers—enabled fraudsters to appear as separate borrowers.
The shorter repayment cycle and lower risk preference in Mexico have provided a fertile ground for fraudsters to quickly apply for loans and cash out. In this case, we found that fraud rings frequently apply for loans across platforms within short timeframes, leveraging the absence of real-time data sharing in between.
In several cases, the same identity was used to apply for loans on both platforms within 24 hours, maximizing their borrowing capacity before risk signals could propagate across systems. This tactic, known as loan stacking, significantly increases default risk and financial exposure.
Last but not least, it’s important to note that fraud rings not only exploit weaknesses in the credit assessment stage, but also make efforts to exploit every loophole in the registration, login, and identity verification processes to establish legitimacy before executing loan fraud. While risk assessments were primarily focused on the loan disbursement stage, many high-risk applications had already passed earlier verification steps, making fraud prevention reactive rather than proactive. In some cases, accounts that initially appeared legitimate were later linked to broader fraud networks, revealing the limitations of single-point risk assessments.
Without a comprehensive fraud ring detection framework, these challenges threaten the long-term sustainability of digital lending platforms, leading to increased defaults, operational inefficiencies, and reputational risks. A more advanced approach—incorporating network analysis, behavioral modeling, and real-time fraud intelligence—is essential to identifying and dismantling fraud rings before they cause significant financial damage.
To combat the sophisticated tactics employed by fraud rings, TrustDecision’s Application Fraud Detection (AFD) solution provides a multi-layered defense strategy that detects fraudulent behaviors in real time, focusing on shorter timeframes to capture anomalies before fraudsters can fully exploit lending platforms. By analyzing identity elements, device attributes, and behavioral patterns, our solution effectively uncovers fraud ring activities that traditional risk models often overlook.
Fraudsters operate by impersonating legitimate users and presenting misleading information to deceive decisioning systems. Simply analyzing this data without verifying its authenticity is a waste of effort. With this in mind, TrustDecision goes beyond surface-level analysis, leveraging advanced fraud detection capabilities to cut through deception and expose hidden risks.
By using device fingerprinting technology, it assigns each device a unique and persistent identifier that remains unchanged even if the device is manipulated or its operating system is altered. Our research shows that in Mexico, mobile devices tend to be used for longer periods before being discarded. As a result, when we conducted our analysis, we found that older devices—manufactured before a certain year—are more susceptible to tampering for fraudulent activities.
Based on this risk preference, TrustDecision analyzes abnormal device activities including:
By recognizing these risk indicators in real time, lenders can proactively prevent fraud rings from exploiting device-based verification processes.
Fraud rings manipulate identities and devices to bypass verification processes. In tackling this, TrustDecision analyzes the user pattern of identity elements and devices interaction, identifying high-risk behaviors such as:
Fraud rings rarely operate in isolation. By restoring the true device ID, detecting proxy IPs, and analyzing suspicious contact points, we ensure a more accurate foundation for network analysis.
Once fraudulent disguises are penetrated, we maps out the connections between applicants, devices, phone numbers, and applications, uncovering hidden relationships that signal fraud collusion.
This approach allows lenders to proactively block fraud rings instead of reacting to individual fraudulent applications.
Combing the local risk preference and repayment period, instead of relying on long-term transaction trends, TrustDecision strategically focuses on detecting suspicious activities within short timeframes where frauds are most active. Our system monitors rapid application submissions, device re-use patterns, and unusual login behaviors, allowing lenders to intercept fraud before disbursement.
By combining real-time analysis, behavioral monitoring, and fraud ring detection, we help the lender strengthen their defenses, reduce financial losses, and maintain platform integrity.
By implementing a full-process sequential analysis model, terminal risk identification, and network analysis, TrustDecision significantly enhanced fraud detection efficiency and accuracy:
Achieved a 300% improvement in identifying high-risk applications flagged by the AFD decisioning model, ensuring more fraudulent applications were intercepted.
Reduced manual review costs by 30%, streamlining the risk assessment process.
$1 million in direct financial losses could have been prevented, as shown by backtesting on historical samples.
As fraud tactics in Latin America become more structured and adaptive, digital lenders face increasing pressure to detect risks early and act decisively. By implementing TrustDecision’s Application Fraud Detection (AFD) solution, the lending platform uncovered hidden fraud networks, blocked fraudulent loan attempts, and strengthened its risk framework. Shorter-term anomaly detection and network-based analysis played a critical role in identifying coordinated fraud ring activity that would have otherwise gone undetected.
With fraudsters continuously refining their methods, a static approach is no longer enough. By focusing on real-time risk signals, device integrity, and behavioral patterns, TrustDecision helps lenders build a more resilient fraud defense—one that adapts as fast as the threats themselves.
Let’s chat!
Let us get to know your business needs, and answer any questions you may have about us. Then, we’ll help you find a solution that suits you