Frequently asked questions.

General

  • Plum’s models detect foreign and domestic fraud by identifying aberrant applicant behaviors and techniques; including the use of bots, mules, drop houses, and stolen and synthetic identities.

  • No. Plum is designed to complement and sit in front of your existing fraud detection systems which are likely more expensive and invasive than Plum’s analytics. This includes human intervention and investigation. Plum detects fraudulent behavior and risky identities during the initial application process as well as subsequent agency-constituent interactions such as re-certifications and account modifications, in which fraudsters may attempt account takeovers of existing, legitimate constituents. Plum is designed as a "front door" at the time of application deterrent solution.

  • When your constituents interact with your system by filling out an application, recertifying their status, or modifying their profiles, Plum's proprietary data capture program (which is referenced by your application via a script tag) captures literally thousands of data points during the interaction. These data points include information on how the user fills out the form, navigates through the form, the location and details of the device, and other pertinent information. This data is sent, along with hashed content data, to Plum's servers in real-time. The data is then run through Plum's fraud detection models which generate an applicant risk score. It is up to you how you would like to incorporate that risk score into your business processes.

  • No. You interact with your Plum Management Console through a secure web browser connection.

  • Plum's data scientists continue to monitor emerging technologies and fraud methods to offer you regular fraud prevention model updates. As bad actors continue to develop new technology and fraud schemes, Plum continues to identify their nascent methods before they significantly impact your program.

  • Our risk scores are a composite rating, based on all of your active models. Mid-range scores indicate that an application triggered concerning behavior in more than one category. High range scores indicate that an application triggered concerning behavior in many categories. You can set which thresholds meet your own levels of comfort to require a secondary validation process or to deny an application.

  • No. The data point capture on the web browser is light-weight and works asynchronously. All of the analytics are performed on the Plum cloud as opposed to your application processing system. Risk scores are returned to you in near real time via a single API call, allowing you to incorporate the risk score into your workflow.

Hashing

  • Hashing maps data into unique fixed length values. The process is irreversible and transfers the data set into a scramble of information which is of no use to bad actors and incomprehensible to even a skilled code decipher.

  • No. Hashing is a one-way cryptographic function, as hashing is irreversible. The output of the hash does not allow you to recreate the contents of the file.

  • Plum’s models work on irreversible hashed data only. We do not need or collect Personally Identifiable Information, even to identify multiple uses of the same social security number, address, email, bank account or other applicant data.

Security

  • To start, Plum doesn't digest or store any Personally Identifiable Information (PII). All data is transformed into an unrecognizable, irreversible hashed data set, before leaving the application user's own device. The data is then re-hashed with a double keyed secure salt before resting on Plum's secure server on a FedRAMP certified cloud environment.

  • No. Plum’s databases and algorithms were all designed with the express intent to use zero PII. Plum uses secure hashing algorithms, within your computing environment, to scramble PII data before transporting it to Plum's systems. We will not ask for and will not receive, use, or store PII.

  • While it is theoretically possible to breach our hashed database, in practice it is nearly impossible. We hash PII data within the client's computing environment prior to transporting to Plum's systems. We then salt it (add random numbers of additional characters) and pepper it (randomly scramble the data). Finally, we provide a second security key to our cloud provider that would have to be used in conjunction with Plum's key to unhash the data. This is as secure a data environment as we can provide and far less likely to be breached than other fraud detection services that still use your constituents' PII.

Getting Started

  • Point the Plum application to the form your constituents use to apply for your program, and load a single line of code to your application server.

  • Click on Plum's "Free Trial" to access our quick set up wizard.

  • It typically takes less than an hour to set Plum up on your applications. Our wizards step you through the entire process. Of course, you always have the ability to modify your set-up after your initial implantation.

  • Yes. With Plum’s free trial, you can review the results of our algorithms and the composite applicant risk score prior to incorporating them into your workflow. If you chose to, you can simply run it “alongside” your approval processes before incorporating them into your approval processes.

  • You have the option to discontinue the use of Plum or continue to use with a full license. Even after purchasing, you can discontinue at any time. We do not require long term contracts. At Plum, we believe it is our responsibility to continue to deliver value, which will encourage you to continue using the system.