Secrecy around lending decisions, credit scores & other nonsense


(Andre Borie) #1

Anyone fed up with the secrecy around lending decisions, including from Monzo?

Is there any reason preventing lenders from clearly disclosing the lending criteria, so that people can tell with certainty whether they’d be eligible, instead of relying on snake oil & black magic like fake credit scores? :crystal_ball:

Something like “you need X monthly income, have no more than Y% of that as credit elsewhere, and so on. Sounds like a good fit? Apply now!”.

Surely this would benefit both the lenders and their customers, since they will be able to find each other better and do business more efficiently. :thinking:


( surohpotsirhC) #2

No. As they described, they need to keep certain elements secret to stop people gaming the system.


(Andre Borie) #3

How can the system be gamed though? It’s reasonably hard to insert a history of good fake data into a CRA, and if you could somehow do it then surely just mimicking an average financial history should get you through most lenders anyway right?


#4

Secrecy is frustrating, I’ve had huge rant at other places in the past on not being given the actual reason for not being able to open an account.

Often the sheer blurness of replies is the frustration. I understand why they need to, just frustrating.


(Dan) #5

I think the secrecy really is to hone down on fraud. If a financial institution reveals its criteria, then fraudsters will probably do whatever it takes to identify the people that fit within this criteria and then make £££££££££££££.

The people it hurts is of course us: the genuine legitimate customer. We have no way of knowing what to work towards or how to accurately improve our chances. It’s reeeeeallly frustrating.


(Adam Williams) #6

https://cwe.mitre.org/data/definitions/656.html

With enough data you can probably make inferences about how it works anyway.


(Andre Borie) #7

You beat me to it; if secrecy is the only thing preventing the system from being gamed then it’s a broken system to begin with, not to mention that insider knowledge will end up leaking anyway and fraudsters would have an amazing day; so the fact this hasn’t happened suggests there are other reasons.


(Adrian Hardy) #8

I guess part of it might be that a lender might want to be able to easily flex their criteria to respond to internal business conditions such as how much funding they have themselves.

Having to publish when they’re running a bit short and need to tighten up a bit might make them a bit sensitive.

Not so much an issue for overdrafts and credit cards I don’t think, but it certainly happens with things like mortgages.

The other part of it is likely a complaint/customer service contact reducing exercise - not publishing allows a lender to just say ‘sorry, we don’t want to lend to you’ and that’s the end of it - if you publish the criteria you’ll spend ages arguing the toss with people you reject about how you’ve applied those criteria.


(Adam Williams) #9

One of the things I try and distinguish between is secrecy and obscurity… I do agree that relying on the obscurity of a mechanism is a bad idea but there are many systems reliant on secrecy (JWTs, cookie based session systems, MIFARE cards etc) to provide security - with a public algorithm - and this is perfectly fine because the degree of secrecy is measureable in terms of information entropy (maybe I have a 64 bit key for some encryption). As another example, TLS relies on a session key which is negotiated between the client and server and assumed to be held secret.

It’s a semantic nitpick and I don’t mean to detract from your point, but a distinction worth making IMO.


(Jonathon) #10

Some companies publish some things, like American Express have (or had) a minimum salary published. Would it be great if they said “XYZ score minimum”? Yes. It won’t happen tho.

I guess I don’t need a total criteria listed but what I do want is clarity on why I was rejected for something.

The overdraft issue I’m having is just a lack of understanding what’s going on. Whenever I explain to the in app chat they think I’m asking why I was rejected and I’m not - I’m asking why that specific response that they can’t find my file has been given. Lend to me or don’t lend to me but as my bank I would be alarmed if you cannot find me on a credit bureau when everyone else can.

I tried to ask again and was given the same copy/paste reply I was 2 months ago. I had to ask to be put to the lending team to get anywhere and I’m still waiting back.

Simply “our information might not match up” is not good enough. Monzo are my main bank, they hold more information about me than any other company and yet when I ordered a prescription online for Boots they ran a soft check and found me fine. How is that possible?


#11

This post was flagged by the community and is temporarily hidden.


(l8n.me) #12

This post was flagged by the community and is temporarily hidden.


(Alex Sherwood) #14

To suggest that security through obscurity isn’t a thing is typical of a ‘black & white’ perspective that’s detached from the real world. Monzo doesn’t share information about their fraud rules because it would undermine them. That same principle applies in other areas too.

Having said that, they have said that they’ll share more information with users about why they’ve not offered them overdrafts so give them time. Just don’t expext them to explain aboaolutely everything.


(Jack) #15

At the end of the day Monzo are still a bank, being a bank means that certain things can’t be disclosed. Just because monzo are transparent about a lot of things doesn’t mean they can be about everything.


(MikeF) #16

I like the Yes Minister line in these instances :-

“There’s Open Government, Bernard, and then there’s gaping…” (or something like that).


(Adam Williams) #17

I don’t believe anyone claimed it “wasn’t a thing”, but from my own experience its effectiveness is questionable at best and at worst it can be actively harmful to the actual security of the system and to the experience of users.

We’re seeing here the consequences of being completely opaque and fobbing off legitimate customers with non-answers as to why they have been denied credit. Is it really that hard to publish something along the lines of “We won’t offer overdraft facilities if you are subject to an undischarged bankruptcy or have an unpaid CCJ on file” and let customers know why they were refused credit? How does that help someone commit fraud?


(Gareth) #18

Even if they published lending guidelines, they can rarely guarantee anything, and then customers get frustrated because they “met the guidelines” (maybe with a white lie about income, which isn’t on the reports), but still got rejected or got a worse rate.

And in a similar vein, you lose customers that you would’ve taken on but didn’t quite make the spec so they didn’t apply.

And then there’s the less tangible stuff like financial links - joint accounts tie you to someone such that their credit status may impact yours.


(MikeF) #19

I suspect the no one will provide an answer as to how that would help fraud be committed, just in case it helped fraud be committed!

I’m generally perfectly willing to believe something is true even though I don’t understand it personally. There’s so much in the world that I don’t understand that if I limited myself in that way there wouldn’t be much to do.


(Richard Cook) #20

2 posts were split to a new topic: Removed Posts - 9/7/18


#21

I agree with what you said there. The only reason I am using Monzo is their ethical stance, transparency and human approach to the unbanked and underbanked. Other than this, I could live without some of Monzo features and rely on other fintech start-ups as there is plenty to choose from in the UK. Having this approach to banking and running a forum means that you might be occassionally exposed to criticism, especially when you made a mistake, like they did by removing some users’ overdrafts (my opinion!). But if you admit what you got wrong, try to mitigate the impact on those affected and move forward without repeating the same mistake, users might be willing to forgive and forget. Just don’t exclude those with different views for the sake of harmony!