Below is a list of potential flags that could indicate that the applications/accounts are fraudulent. Please understand that this is NOT an exhaustive list, as we are dealing with criminals committing fraud and potentially using stolen identities. Therefore, as soon as we identify their patterns they are likely to change. However, here are some items that have been seen in association with Fraudulent Applications:

• Multiple applications submitted at the same time
• Multiple submissions from same IP address or IP addresses outside of the normal countries
• Last four digits of credit card numbers with multiple payments on the same day or within a few days for different accounts
• Atypical DOB for usual population of students
• SSNs beginning with 1234
• Multiple students with the same address or phone number
• Missing phone numbers
• Addresses outside the normal service area for the college
• Addresses with missing apartment numbers
• Addresses to houses/buildings/lots for sale
• Outlook emails
• Email with random digits in between characters
• Emails with random digits/characters at the end

If the college suspects a fraudulent account/application, the following steps must be taken by the college:

• College applies the SXI Service Indicator to the student's account as they investigate. The college needs to:
  • Contact the student to schedule an in-person or virtual meeting to validate their identity
  • Have the student submit additional documentation to clarify their identity. This documentation may include, but not limited to:   
    • Providing Driver's License or State Issued Identification Card 
    • Official transcripts from any other institution of high education or high school the student has attended previously
    • Proof of residency at the address listed on the student's college records 
    • Employment Authorization Documents
• If the college verifies the account is not fraudulent, the college will follow the steps in the QRG Reporting Verified Student.

If no response is obtained or insufficient information is provided from the applicant/student, the college needs to proceed forward with documenting this as a fraudulent account/application. The following steps must be taken by the college:

1. College Local Security Administrator (LSA) locks the account on the Distributed User Profile (General tab):
   • If the account exists in HCM, locking it within this pillar will also lock it in other pillars.
   • If the account does not exist in HCM, lock the account in the CS pillar.
2. College applies SXF Service Indicator to student accounts they have identified as fraudulent.
3. College files a ticket that includes the EMPLID(s) involved and specifies the criteria you determined the application/student to be fraudulent.
   • Ticket request type: ctcLink Support > Campus Solutions > CS Fraudulent Accounts.
   • Tickets must specify the criteria by which the accounts were determined to be fraudulent. For each ticket, attach a spreadsheet with the EMPLIDs and names of up to 500 accounts that your college has determined to be fraudulent.
   • If SBCTC receives a fraudulent ticket for a student who already has an SVR “Student Verified” Service Indicator on their record, SBCTC will connect the applicable colleges for additional research and review before SBCTC makes any changes to the student.
4. The CS Core Support team will change the EMPLID(s) to begin with “XF” to further identify the EMPLID as fraudulent and will lock down the OAAP account.

If your college reviewed a suspended application and believes it is fraudulent, perform the following steps:

1. College updates the Constituent Status to Canceled (See 9.2 OAAP Suspense Management).
2. College files a ticket to SBCTC that includes the Application Number and specifies the criteria used to determine fraud (Ticket request type: ctcLink Support > Campus Solutions > CS Fraudulent Accounts). Since the application was canceled before an EMPLID was created, SBCTC will need the Application Number to take action on this ticket.
3. SBCTC will lock down the OAAP account associated with the reported Application Number.

Colleges can run query QCS_SR_SHARED_RPT_FRAUD_STDNTS to return a list of their students who were processed as fraudulent accounts.

This query has an optional checkbox prompt to return students that have an SXF Service Indicator assigned by your college. Leaving this prompt unchecked will return a list of students who do not have an SXF Service Indicator assigned by your college. If the student does not have an SXF Service Indicator assigned by your college, it is an indication that you share this student with another college (or colleges) who reported the student as fraudulent to SBCTC.

The query returns high-level Yes/No information if the student has any enrollment activity, student financial activity, and/or has an ISIR at your college. Colleges will need to utilize other queries or search methods within ctcLink to find detailed information in these areas. The query will also return a list of shared institutions the student also has activity at but does not display details of that activity.

Please note this query does not identify students you need to report to SBCTC as fraudulent. The students being returned in this query have already been reported as fraudulent to SBCTC and have been processed as fraudulent (i.e., EMPLIDs have been updated, to begin with, XF, User Profiles are locked, OAAP Accounts are locked, and applicable Okta Accounts have been suspended).

If you are unable to find and run this query, it is likely because you do not have one or more of the required security roles. College staff should consult their supervisors if they believe they should be able to run this query and are currently unable to do so.

For additional information on the query records and fields, please refer to metaLink.