Reporting Fraudulent Applications/Accounts to SBCTC
Purpose: This document provides information about managing Applications for Admission that have been determined as fraudulent.
Audience: College staff responsible for reporting fraudulent accounts.
Student accounts that have been identified as fraudulent should remain in their current state to capture the history and status of the account up to the point of fraudulent identification. All prior and current applications, enrollment, and/or financial aid records should not be removed. Colleges should take the necessary action to ensure financial aid/refunds are not disbursed.
To see detailed Institutional Practices and Reporting Obligations visit the MITIGATING ENROLLMENT FRAUD: INSTITUTIONAL PRACTICES & REPORTING OBLIGATIONS document for additional information.
Below is a list of potential flags that could indicate that the applications/accounts are fraudulent. Please understand that this is NOT an exhaustive list, as we are dealing with criminals committing fraud and potentially using stolen identities. Therefore, as soon as we identify their patterns they are likely to change. However, here are some items that have been seen in association with Fraudulent Applications:
- Multiple applications submitted at the same time
- Multiple submissions from same IP address or IP addresses outside of the normal countries
- Last four digits of credit card numbers with multiple payments on the same day or within a few days for different accounts
- Atypical DOB for usual population of students
- SSNs beginning with 1234
- Multiple students with the same address or phone number
- Missing phone numbers
- Addresses outside the normal service area for the college
- Addresses with missing apartment numbers
- Addresses to houses/buildings/lots for sale
- Outlook emails
- Email with random digits in between characters
- Emails with random digits/characters at the end
We recognize real applicants and accounts may share commonalities with this list and it is imperative that college staff reach out to applicants to help avoid reporting real applicants as fraudulent.
If the college suspects a fraudulent account/application, the following steps must be taken by the college:
- College applies the SXI Service Indicator to the student's account as they investigate. The college needs to:
- Contact the student to schedule an in-person or virtual meeting to validate their identity
- Have the student submit additional documentation to clarify their identity. This documentation may include, but not limited to:
- Providing Driver's License or State Issued Identification Card
- Official transcripts from any other institution of high education or high school the student has attended previously
- Proof of residency at the address listed on the student's college records
- Employment Authorization Documents
- If the college verifies the account is not fraudulent, the college will follow the steps in the QRG Reporting Verified Student.
When a college assigns the SXI Service Indicator, a nightly job run by ctcLink Support copies the SXI Service Indicator across all institutions. If a student is reported as verified, another overnight job will auto-remove any SXI Service Indicators from the student's record that were added prior to the verification. The query QCS_SR_FRAUD_INDICATOR_LIST can be run to determine which college the original Service Indicator was associated with.
If no response is obtained or insufficient information is provided from the applicant/student, the college needs to proceed forward with documenting this as a fraudulent account/application. The following steps must be taken by the college:
- College Local Security Administrator (LSA) locks the account on the Distributed User Profile (General tab):
- If the account exists in HCM, locking it within this pillar will also lock it in other pillars.
- If the account does not exist in HCM, lock the account in the CS pillar.
- College applies SXF Service Indicator to student accounts they have identified as fraudulent.
- College files a ticket that includes the EMPLID(s) involved and specifies the criteria you determined the application/student to be fraudulent.
- Ticket request type: ctcLink Support > Campus Solutions > CS Fraudulent Accounts.
- Colleges can report multiple fraudulent accounts in a single ticket. This helps SBCTC as we work through the next steps in the process to lock these accounts. When submitting multiple fraudulent accounts in a single ticket, please include an Excel spreadsheet with various columns listing the EMPLIDs, any applicable data you want to share, as well as the criteria used to determine fraud.
- If SBCTC receives a fraudulent ticket for a student who already has an SVR “Student Verified” Service Indicator on their record, SBCTC will connect the applicable colleges for additional research and review before SBCTC makes any changes to the student.
- The CS Core Support team will change the EMPLID(s) to begin with “XF” to further identify the EMPLID as fraudulent and will lock down the OAAP account.
When a college assigns the SXF service indicator, a nightly job run by ctcLink Support copies the SXF service indicator across all institutions and removes any SXI service indicators from the student's record. If a student is later reported as verified, another overnight job will auto-remove the SXF and/or SXI service indicators from the student's record that were added prior to the verification. The query QCS_SR_FRAUD_INDICATOR_LIST can be run to determine which college the original Service Indicator was associated with.
If your college reviewed a suspended application and believes it is fraudulent, perform the following steps:
- College updates the Constituent Status to Canceled (See 9.2 OAAP Suspense Management).
- College files a ticket to SBCTC that includes the Application Number and specifies the criteria used to determine fraud (Ticket request type: ctcLink Support > Campus Solutions > CS Fraudulent Accounts). Since the application was canceled before an EMPLID was created, SBCTC will need the Application Number to take action on this ticket.
- SBCTC will lock down the OAAP account associated with the reported Application Number.
You must also set these SACR Security permissions:
- CS 9.2 SACR Security: Basic Requirements for Staff
- CS 9.2 SACR Security - Service Indicator Security
If you need assistance with the above security roles or SACR settings, please contact your local college supervisor or IT Admin to request role access.
Colleges can run query QCS_SR_SHARED_RPT_FRAUD_STDNTS to return a list of their students who were processed as fraudulent accounts.
This query has an optional checkbox prompt to return students that have an SXF Service Indicator assigned by your college. Leaving this prompt unchecked will return a list of students who do not have an SXF Service Indicator assigned by your college. If the student does not have an SXF Service Indicator assigned by your college, it is an indication that you share this student with another college (or colleges) who reported the student as fraudulent to SBCTC.
The query returns high-level Yes/No information if the student has any enrollment activity, student financial activity, and/or has an ISIR at your college. Colleges will need to utilize other queries or search methods within ctcLink to find detailed information in these areas. The query will also return a list of shared institutions the student also has activity at but does not display details of that activity.
Please note this query does not identify students you need to report to SBCTC as fraudulent. The students being returned in this query have already been reported as fraudulent to SBCTC and have been processed as fraudulent (i.e., EMPLIDs have been updated, to begin with, XF, User Profiles are locked, OAAP Accounts are locked, and applicable Okta Accounts have been suspended).
If you are unable to find and run this query, it is likely because you do not have one or more of the required security roles. College staff should consult their supervisors if they believe they should be able to run this query and are currently unable to do so.
For additional information on the query records and fields, please refer to metaLink.
With the implementation of the ctcLink Support job to copy SXI and SXF Service Indicators to other colleges, colleges may no longer see accounts with a missing SXF Service Indicator depending on when the query is run in relation to when the job runs.