Hi Missy,

We’ve noticed this as well and have already caught several cases this semester through the application review process in Slate. From what we understand, Slate is developing a new ID-verification feature that should help identify these issues. We’re holding tight until that feature is fully released, but for now we’re watching for red flags—such as missing Social Security numbers, out-of-state applicants who aren’t from bordering states, and inconsistencies in academic history.

We got hit pretty hard last fiscal year, so we had to put mitigating efforts into place, which helped a lot. The key is to try and detect those fraudulent accounts early.

We work with Voyatek to identify fraudulent applicants. Voyatek now uses Socure, an AI-powered identity verification tool that confirms users are real and reduces fraud. Suspected applicants receive an email to verify their identity through Socure.

We created a hold (IVN (Identity Verification Needed) and a FA Privacy flag that prevents Financial Aid from being disbursed.

We report known fraudulent accounts to the Office of the Inspector General

All new degree-seeking applicants must upload a photo before meeting with an advisor or registering. Our upgraded MyPhoto5 tool now uses real-time facial recognition to compare student photos with government IDs, detects issues like hats or closed eyes, and offers a smoother upload experience.

We created a form that allows our staff to report, and review suspected fraudulent students that was not flagged through the Voyatek/Socure system. Verified cases must complete digital identity verification before registering or if already enrolled, complete identity verification to continue in classes.

Hi Missy,

This definitely seems to be an issue nationwide, and we have seen our fraudulent cases rise as well. We have been involving many different departments as they are being identified at various stages of the fraudulent activity. When a student is suspected of fraud, we add to a tracking sheet and Admissions adds a newly created hold code that identifies these students as a suspected fraud case. Once they are confirmed as fraud, a different code is used and all access to the account is shut off. 

We are currently working through our process as the number of cases increases. We are creating a workflow in Salesforce that will be notifying each department of the suspected fraud so each can do their part to mitigate. It's in the beginning stages, but things like the fraud specific hold will still be utilized. We are also shopping around for fraud detection software to help with the identifying of some of these cases. 

Financial aid has been using FA holds as well when fraudulent students are found to ensure aid is not awarded. This is a fine line though until the fraud is confirmed though. 

My biggest issue has been the timing of discovery. There are times when a student has been suspected of fraud after FA has been disbursed and a refund has been issued via direct deposit. I am working with our bank to at least try to get some of those funds back, but I know that is not a likely scenario. They have also attempted to pay via ACH with one bank account, then drop courses in a specific timeframe to receive a refund in a different bank account via direct deposit. This was fixed by letting an ACH payment settle longer before issuing a refund and reviewing all of our particularly large ACH payments. 

There is still more work to be done as this continues to increase, and their tactics are always evolving. 

Unfortunately, we have had this issue for years. Last year, we implemented the SAFE software, which has helped flag potential fraudulent applications. We have a few reports we created and review regularly that pull all online-only students so we can review and look for commonalities (e.g., same address, phone number). If we suspect someone of fraud, we put a VERIF hold on their PERC screen (we are a Colleague school). The VERIF hold is a special restriction that our IT department created. It blocks the student from the portal, TouchNet, and Blackboard. The student is then emailed and informed they have to come in to the Records Office to verify their identity. The student must show up, bring a valid ID, and sign a form stating they are who they say they are. Once the form is signed, we lift the VERIF hold. If the student fails to come in by the deadline, they are dropped from their classes. If at any point, we feel like the ID is a fake or is not for the person, we send it to our police department to review. We send all fraudulent accounts to OIG, but our police also investigates anything that resulted in a loss to the College. 

When I worked for a community college district, we had a fraud ring who enrolled in online courses, applied for financial aid.  The state waives fees for financial aid-eligible students, so they received sizeable checks.  It exploded with constantly changing names, addresses, enrollments, etc.  The district now requires government id (not student id) and requires the student to appear in person to pick up the first financial aid check.  I'm not sure if they still do this given privacy and identity concerns but they also kept a copy of the id with the financial aid file.  https://www.governmentattic.org/13docs/ED-OIGweeklyRpts_2011-2014.pdf, page 14 - Sharrieff.  This is only the federal side.  State aid (Cal Grants) were much higher. 

Our institution has also seen an uptick in fraudulent students. It was such a large scope that we put together a fraud committee of staff across the college to handle these on a daily basis. Sharing our process below:

1) Scope & Principles

·         Protect access: Prevent fraudulent accounts from obtaining credentials or benefits.

·         Minimize harm: Stop financial loss (fees, books, refunds) and system abuse.

·         Rapid triage: Daily cadence with clear hand‑offs and authority to act.

·         Reversible actions: Allow reactivation if an applicant is later verified authentic.

·         Privacy by design: Keep PII in secure systems; summaries remain non‑PII.

2) Roles (Examples)

Fraud Response Group: Cross‑functional coordination, daily triage, and process adherence.

Admissions & Records: Apply provisional review holds; manage enrollment drops when appropriate.

Financial Aid: Flag suspicious aid activity and potential identity misuse.

Business Office: Monitor chargebacks/returned payments; coordinate with payment processor.

CRM/Data Team: Maintain purge inputs; deduplicate contacts; tag suspected fraud in CRM.

Information Security: Disable confirmed fraudulent accounts; manage directory and access controls.

3) Daily Detection Workflow (System‑Agnostic)

1.       Collect new applications (automated extract or report).

2.       Apply provisional review holds to suspicious records (e.g., “Under Review”).

3.       Review on a shared master list where each department marks Fraud/Authentic with notes.

4.       If confirmed fraud → assign “Confirmed Fraud” classification and notify Information Security.

5.       Information Security disables accounts and adjusts directory groups accordingly.

6.       CRM/Data team publishes a “Purge” list to remove fraudulent contacts and protect metrics.

7.       Business Office tracks exposure (fees, books) and coordinates refunds/drops per policy.

4) Indicators & Signals (Examples)

·         Email patterns (numeric runs, known bad roots).

·         Phone numbers reused across multiple distinct applicants.

·         Submission bursts at unusual hours; clusters by location/time.

·         Improbable age/DOB combinations; repeated ID numbers.

·         Previously flagged IDs or records in CRM/Data systems.

5) Master List Structure

Recommended tabs: REVIEW — under review; CONFIRMED FRAUD — finalized decisions; AUTHENTIC — cleared after review.

·         Core fields: applicant ID, contact info (limited), location, program.

·         Department columns: Admissions, FA, BO, CRM, InfoSec — each marks Yes/No and notes.

·         Status fields: review hold applied/removed; confirmed fraud group assigned.

·         Financial tracking: fees, books, chargebacks indicators (no PII in the shared summary).

6) Communications Cadence

·         Daily post summarizing reviewed counts, confirmed fraud, holds applied, and account actions.

·         Information Security reply confirming disables/moves completed.

·         Admissions/Advising confirmations for identity checks and hold removals when verified.

·         Business Office note on any chargeback or multi‑use card anomalies (via processor report).

7) Metrics to Track

·         Applicants reviewed per day; confirmed fraudulent; cleared authentic.

·         Review holds applied/removed; confirmed fraud classifications.

·         Account disables/moves; time‑to‑action.

·         Financial exposure and recovery (directional counts, not PII).

8) Governance & Improvement

·         Establish a governance group to steer policy, tooling, and vendor evaluations.

·         Coordinate with payment processor on daily multi‑use card reporting.

·         Adjust application, identity verification, and email issuance policies to reduce risk.

·         Document reactivation path when an applicant is verified authentic.

9) Privacy & Retention

·         Keep PII in secure systems; share only aggregate/non‑PII summaries externally.

·         Maintain audit trail of decisions and account actions in internal systems.

·         Define retention periods for review artifacts consistent with institutional policy.

Appendix — Weekly Report Skeleton (Non‑PII)

·         Executive Summary (3–5 bullets).

·         Key Decisions (what/owner/when; references to internal artifacts, not public links).

·         Actions & Owners (owner/due/status).

·         Volumes & Indicators (reviewed/confirmed/cleared; notable clusters).

·         Artifacts (generic descriptions; omit sensitive links).

·         Risks/Blocks/Escalations.

·         Next‑Week Focus.