Fighting fraud
Every applicant had to clear multi-vendor screening before reaching a lender.
An application reached a lender only after the applicant cleared a layered set of third-party identity, bank, and document checks, built to catch fakes rather than wave them through.
Identity verification: Persona, plus OFAC and additional vendors
Womply did not build its own identity system; it layered established third-party vendors. Through Persona, Womply checked the applicant’s SSN, date of birth, name, and address, and matched a government ID against a live video selfie, with Womply staff manually reviewing flagged selfies for signs of deepfakes or tampering. Womply ran that alongside OFAC sanctions screening and additional identity checks, including DocuSign Knowledge Based Answers (KBA), powered by LexisNexis. An identity fake had to defeat several independent vendors at once.
Bank verification: Plaid
Womply verified the applicant’s bank account through Plaid, alongside email and phone verification. Connecting a real, controlled bank account was required, not optional.
Document and disbursement checks
Womply ran real-time tax-document validation, flagging applications where the name and EIN were valid but the financial figures appeared falsified. Controls did not stop at submission: Womply could stop or invalidate the ACH transfer before disbursement, and ask the receiving bank to freeze funds when fraud surfaced late.
What screening could and couldn’t catch
Together these gates stopped more than 1.1 million suspicious or ineligible applications before they reached a lender. But one limit was built into the program itself: without IRS verification of self-certified income, a well-made fake and a genuine document can look identical. That is why Womply urged the SBA to verify income against IRS records and require an IRS Form 4506-T from every applicant — one of seventeen recommendations in its May 2021 fraud-prevention memo to the SBA and FBI.
How Womply reported fraud to the government → The data Womply gave investigators →Common questions
Did Womply build its own identity-verification system?
No. Womply layered established third-party vendors rather than building its own system — identity checks ran through Persona, with OFAC sanctions screening and a DocuSign Knowledge Based Answers (KBA) check powered by LexisNexis. An identity fake had to defeat several independent vendors at once.
What did an applicant have to clear before reaching a lender?
An application reached a lender only after the applicant cleared layered identity, bank, and document checks: a Persona identity check matching a government ID to a live video selfie (with staff manually reviewing flagged selfies), OFAC screening, Plaid bank-account verification, and real-time tax-document validation.
How many applications did Womply’s screening stop?
Together these gates stopped more than 1.1 million suspicious or ineligible applications before they ever reached a lender.
Could Womply stop fraud discovered after an application was submitted?
Yes. Controls did not stop at submission — Womply could halt or invalidate the ACH transfer before disbursement and ask the receiving bank to freeze funds when fraud surfaced late.
What was the main limit on screening?
One limit was built into the program itself: without IRS verification of self-certified income, a well-made fake and a genuine document can look identical. That is why Womply urged the SBA to verify income against IRS records and require an IRS Form 4506-T from every applicant.