Fraud detection agent overview

Overview

Gem’s fraud detection agent helps you identify potentially fraudulent job applications so you can review them before taking action. When the fraud detection agent is enabled for a job, Gem analyzes incoming applications and highlights those with fraud risk signals for review.

The fraud detection agent works by scanning applications submitted via Tofu, an AI-powered fraud detection platform. This platform reviews multiple signals and assigns a risk level to each application with 90% accuracy, which recruiters can review individually and at the aggregate level.

Requirements

• The fraud detection agent must be enabled for your team. To upgrade your account to include Gem’s fraud detection agent, contact your Customer Success Manager or support@gem.com.
• Your team must have purchased fraud detection checks. To purchase additional checks or add fraud detection to your account, contact your Account Manager or sales@gem.com.
• Your team must use one of the following as your ATS:
• Gem ATS
• Greenhouse
• iCIMS
• SuccessFactors
• Workday
• Applications must include a first and last name, phone number, email address, and an attached resume for the fraud detection agent to assess risk signals.

Permissions

Only Admins can enable or disable the Auto-detect suspicious applications toggle on any job.

Standard users can run on-demand fraud checks on individual applications, but can’t enable or disable the automated fraud detection toggle on a job.

How it works

Fraud detection identifiers (“risk signals”)

When the fraud detection agent runs on an application, it investigates the following identifiers for “risk signals”. These determine if the application is flagged as a high fraud risk, a medium fraud risk, or no fraud detected.

• Resume metadata: Document properties, editing patterns, and file characteristics.
• Email address: Domain reputation and email address validity.
• Phone number: Number authenticity, carrier information, and geographic consistency.
• LinkedIn profile verification: Profile age, connection patterns, and activity history.
• Person verification: Identity validation across multiple data sources.
• IP address (Gem ATS only): Location consistency and access patterns.
• Device ID (Gem ATS only): Device fingerprinting and access patterns.

How data is collected

Our fraud detection agent only uses application data that candidates provided and the risk signals available at the time of application. This includes the following:

• LinkedIn profile
• Resume metadata
• Email address
• Phone number
• Candidate name
• IP address (Gem ATS only)
• Device ID (Gem ATS only)

Gem collects this data from the candidate’s application form and resume. Gem doesn’t collect additional personal information or biometric data for fraud detection.

How Gem assigns fraud risk

After the fraud detection agent reviews an application, Gem works with Tofu’s machine learning model to evaluate this data. Tofu’s model analyzes all risk signals against billions of data points from the 5M+ applicants it’s seen before.

Instead of only flagging a single suspicious email address or IP address, Gem assigns a risk level that indicates the likelihood that an application is fraud.

Gem uses this information to assign a color-coded risk level:

• Red (high fraud risk): Multiple risk signals are present. Review this application before taking action.
• Yellow (medium fraud risk): Some risk signals are present, but not enough to confidently flag this as suspicious. Review the risk signals before moving forward.
• Green (low fraud risk): No risk signals were detected based on the information available in the application.

Recruiters can review the signals that contributed to each risk level so they can make an informed decision.

Duplicate candidates (real vs. fraud)

The fraud detection agent runs on applications, not candidates. If a candidate applies to a job after a fraud application using that candidate’s information was previously flagged, the new application from that candidate won’t be flagged as fraud. If the same person applies to multiple jobs, each application is assessed separately.

This is because the fraud risk is based on the full set of identifiers included in the application, including the email address, phone number, IP address, and more. Fraud candidates include fake contact information in the application as part of the fraud attempt.

Run the fraud detection agent on a job

After the fraud detection agent is enabled, Admins can select which jobs to run fraud detection on. The steps to run fraud detection on a job differ based on which ATS you’re using.

In Gem ATS

To run the fraud detection agent on a job in Gem ATS:

1. Select the Jobs option in the main sidebar under the ATS header.
2. Search or filter for the job you’d like to review flagged applications on.
3. Select the job title to open the job details page.
4. Select the Job settings tab in the top menu.
5. In the Fraud detection section, select the Auto-detect suspicious applications toggle to turn it ON.

The page updates to confirm that the fraud detection agent has been enabled for this job. After a few minutes, processing completes and applications for this job include the application’s fraud risk.

In another ATS

To run the fraud detection agent on a job in an ATS that’s not Gem ATS:

1. Select the Talent Pipeline option in the main sidebar.
2. Search or filter for the job you’d like to review flagged applications on.
3. Select the Action menu (three dots) to the right of the Start reviews button.
4. Select the Auto-detect suspicious applications toggle to turn it ON.

Run fraud detection on multiple applications in bulk

If you don’t want to run the fraud detection agent on every application, you can submit applications in bulk from any job stage. This is useful when:

• You want to run checks later in the process, such as at the phone screen stage.
• Applications skip the stage where auto-detection typically runs, such as referrals or direct-sourced candidates that are fast-forwarded.
• Applications were already in process before fraud detection was enabled, and you want to check them.

Before running the fraud detection agent in bulk, please note the following:

• On-demand fraud detection agent checks automatically skip applications that already have a fraud risk score. This means you can select all applications without re-scoring previously scored applications.
• Bulk checks work with filters in Application Review. For example, you can filter for applications with an AI score above 50%, then select all results and run a fraud detection check. This lets you prioritize checks for applications likely to advance.

Steps to submit applications for fraud detection checks in bulk:

1. Select the Jobs option in the main sidebar under the ATS header.
2. Search or filter for the job you’d like to review flagged applications on.
3. Select the job title to open the job details page.
4. Select the Start reviews button.
5. Select the job stage that includes the applications you want to check.
6. Select the checkbox next to each application you want to run the fraud detection agent on.
7. Select the Fraud check button.
8. In the pop-up that appears, select the Run fraud checks button.

The page updates to confirm the fraud detection agent is running on these applications. After the process is complete, these applications update with a fraud risk level on each application.

Review flagged applications for a job

After the fraud detection agent has been enabled to run on a job, fraud detection automatically runs on all applications submitted for that job to assess the application for risk signals.

To review flagged applications for a specific job:

1. Select the Jobs option in the main sidebar under the ATS header.
2. Search or filter for the job you’d like to review flagged applications on.
3. Select the job title to open the job details page.
4. Select the Start reviews button. This button is displayed in the top navigation next to the Add application dropdown and in the applications section.

5. Flagged applications are automatically ranked at the top of the application review column.

6. Select any flagged candidate name from the application review column to open up their application details, then select the See more option beneath the fraud risk summary to see the full list of identifiers that determined this application’s risk level.

Filter applications by fraud risk

To filter applications by fraud risk, from the application review page for a job, select the Fraud risk dropdown, then select the level of risk you’d like to see applications for.

The page automatically updates to only display applications that match this risk level. The dropdown also updates to display the count of applications that match that risk level.

To update or reset this filter, reopen the Fraud risk dropdown and select or deselect the checked boxes.

Confirm an application as fraud

You can manually confirm applications as fraud regardless of if they were previously flagged or unflagged as fraud. You can also list this as the rejection reason for reporting purposes.

Steps to manually confirm an application as fraud:

1. Select any candidate name from the application review column to open up their application details.
2. Confirm the application as fraud in one of the following ways:
1. If the application is already flagged as fraud, in the fraud risk area, select the Confirm button.

2. If the application isn’t flagged as fraud, select the No fraud detected option, then select the Disagree button at the bottom of the fraud report.

3. Enter a description of how you confirmed this application as fraud into the pop-up that appears. For example, if you scheduled a video call with the candidate, and a person with different identifiers joined the call, you can add those details here.
4. Select the Mark as fraud button.

The page updates with the application confirmed as fraud. The description you provided is displayed in the fraud details section.

Clear an application flagged as fraud

If you’ve reviewed a candidate flagged as fraud and determined they’re a real candidate, you can manually unflag and advance the candidate in the hiring process.

Steps to clear an application flagged as fraud:

1. Select any candidate name from the application review column to open up their application details.
2. In the fraud risk area, select the Disagree button.

3. Enter a description of how you confirmed this application as legitimate into the pop-up that appears. For example, if you completed a video call with the candidate, and they proved their identity on the call, you can add those details here.
4. Select the Submit button.

The page updates with the application cleared as fraud. The description you provided is displayed in the fraud details section.

Best practices for assessing fraud risk

Use the best practices below to help you decide whether to reject an application flagged as fraud or continue the hiring process.

Confirm whether a candidate is being impersonated

Impersonators often use a real person’s details, such as a real LinkedIn profile, but include their own contact information, such as a different email address or phone number.

If an application includes a mix of high-risk and low-risk contact information, try contacting the candidate using the low-risk options first. For example, if the application includes a LinkedIn profile that appears legitimate, message the candidate on LinkedIn to confirm whether they applied.

Source the real profile if you find an impersonator

If you catch an impersonator using a qualified person’s LinkedIn profile, consider sourcing that real profile and adding the person to Gem.

If the real person applies to the job later, the previous fraudulent application does not affect the new application’s fraud risk assessment.

Review your team’s fraud detection agent usage

Admins can monitor fraud detection check usage from the Fraud checks usage page.

To get to this page:

1. Select your account at the bottom of the main sidebar, then select the Admin settings option in the dropdown.
2. Select the Fraud checks usage header.

This page shows:

• How many fraud detection checks your team has run.
• Which jobs those checks ran on.
• How many applications were flagged per job.

If your team is running low on fraud detection checks, a banner appears with a warning. this includes contact information so you can purchase more checks.

Additional resources

To learn more about ways to assess application credibility in Gem, check out the following resources.

Relevant articles

• Enable CAPTCHA for Gem ATS job applications and forms
• Gem integrations: Certn
• Gem integrations: Checkr
• Gem integrations: Sterling

Have any issues or questions on this topic? Please feel free to contact your dedicated Gem Customer Success Manager directly or our Support team at support@gem.com.

• Overview
• Requirements
• Permissions
• How it works
• Fraud detection identifiers (“risk signals”)
• How data is collected
• How Gem assigns fraud risk
• Duplicate candidates (real vs. fraud)
• Run the fraud detection agent on a job
• In Gem ATS
• In another ATS
• Run fraud detection on multiple applications in bulk
• Review flagged applications for a job
• Filter applications by fraud risk
• Confirm an application as fraud
• Clear an application flagged as fraud
• Best practices for assessing fraud risk
• Confirm whether a candidate is being impersonated
• Source the real profile if you find an impersonator
• Review your team’s fraud detection agent usage
• Additional resources
• Relevant articles