Carrier identity fraud: the brokers defense playbook

Carrier identity fraud has gone from edge-case risk to industry-wide problem in three years. Industry estimates commonly cite annual brokerage losses to identity fraud and double brokering well into the hundreds of millions, with the line trending up sharply. Most of that loss falls on brokerages that thought they had vetting under control. The fraud patterns have evolved faster than most brokerages' defenses.

This article gives you the playbook. The fraud patterns we see most often, the signals that catch them, the workflow that blocks them at the right point, and what to do when one slips through.

The four common fraud patterns

Most carrier fraud at brokerages falls into one of four patterns. Knowing which one you're seeing changes how you respond.

Pattern 1: MC hijacking

A bad actor takes over an existing MC's identity. They get the MC number, the carrier's banking info, the dispatch contact info. Then they use that legitimate-looking identity to book loads, take payments, and disappear.

The legitimate MC owner often doesn't know it's happening until they get calls about loads they didn't haul.

Pattern 2: Double brokering

A bad actor poses as a legitimate carrier, books a load with the brokerage, then re-brokers the load to a real carrier at a lower rate. The real carrier hauls the load and expects payment, the brokerage pays the bad actor (who disappears), and the real carrier comes back to the brokerage demanding payment.

Pattern 3: Brand-new MC fraud

A bad actor registers a brand-new MC, presents themselves as a small operator looking for loads, and runs a fast scam. They may complete one or two loads to build trust, then disappear with payment for a larger third load.

This pattern exploits brokerages that have looser vetting on new MCs.

Pattern 4: Cargo theft via fraudulent dispatch

A bad actor presents as a dispatcher for a real carrier. They book a load with the brokerage using the carrier's identity but route the load to their own driver. The cargo gets stolen at delivery (or earlier) and the legitimate carrier denies any knowledge.

This pattern is especially damaging because it overlaps cargo loss with reputation damage with the customer.

Where each pattern shows up in the workflow

Different patterns get caught at different points if you know what to look for.

Onboarding

The first defense layer. New MC submissions, COI submissions, banking info changes, contact info updates. This is where brand-new MC fraud and MC hijacking should get caught.

Booking

The second layer. Carrier requests for loads, rate negotiation, booking confirmation. Double brokering signals start to appear here.

Dispatch

The third layer. Driver assignment, pickup confirmation, in-transit updates. Fraudulent dispatch and cargo theft patterns surface here when the assigned driver doesn't match expected patterns.

Payment

The fourth layer. Invoice processing, banking verification, payment release. Last chance to catch hijacked MCs whose banking info was changed mid-relationship.

The detection signals that catch each pattern

For each fraud pattern, there's a set of signals. Knowing them lets you build a detection layer that doesn't rely on any single check.

MC hijacking signals

• Banking info change request shortly after onboarding completion
• Banking info change requested by phone or email rather than through a verified portal
• Phone number in carrier records doesn't match the number on the MC's FMCSA registration
• Email domain doesn't match the carrier's official domain (Gmail/Yahoo when the carrier has a corporate domain)
• Person calling for the carrier doesn't match dispatcher names on the carrier's recent activity
• Dramatic change in posted rates from this carrier compared to historical norms

Double brokering signals

• Carrier accepts unusually high rates without negotiation (they have margin to give to a sub)
• Truck number isn't in the carrier's fleet records
• Pickup actually happens but check calls go to a phone that isn't the assigned driver's
• BOL or POD signature doesn't match the assigned driver's name
• MC historically ran specific lanes and suddenly switched to completely different lanes

New-MC fraud signals

• MC registered within the last 60 days
• No or minimal history with other brokerages
• Insurance issued by a carrier known to issue and cancel quickly
• Insurance policy number doesn't match insurer's database
• Banking info routes through an unusual bank or fintech
• Multiple MCs sharing the same dispatcher contact, address, or phone

Fraudulent dispatch signals

• Dispatcher name not previously associated with the MC
• Dispatcher email domain doesn't match the carrier's known domain
• Dispatch from an unusual time zone or geographic location
• Carrier's actual driver pool is small but dispatcher claims many trucks available
• Pickup driver doesn't have the carrier's branding or proper driver identification

A real fraud detection layer monitors for many of these signals simultaneously. No single signal is conclusive. The combination is what catches the pattern.

The defense workflow

Build the workflow in layers, with the right checks at the right point.

Onboarding layer

Every new MC submission should run through:

• FMCSA authority check (active, not revoked)
• SAFER score and out-of-service rate
• Insurance verification with the actual insurer (not just COI parsing; call or API the insurer)
• Banking verification through bank account verification services
• Phone number verification (the number on file matches FMCSA records)
• Email domain verification (does the carrier have a corporate domain; if so, do they use it for this rep?)
• Cross-check against industry fraud watchlists (Carrier411, Highway, RMIS, MyCarrierPackets shared lists)
• Address verification (is the registered address a real commercial address; satellite imagery checks help)
• Officer/contact verification (matching contact names against MC officer records)

For new MCs (under 90 days old), add:

• Higher scrutiny on the officer's history (have they had previous MCs that got revoked?)
• Monitor mode for the first 5 to 10 loads (additional check calls, driver verification, rate confirmation requirements)

Pre-booking layer

Before booking each load with an existing carrier:

• Confirm the dispatcher name matches expected pattern for this MC
• Confirm the email domain is consistent with the MC's history
• If the rate is significantly above the carrier's historical norms, flag for review
• If the carrier has any open exceptions or claims, route to a human

At-booking layer

When the load is being booked:

• Match truck and trailer numbers to the carrier's known fleet
• Verify driver's CDL and the truck's IFTA registration
• Cross-reference with current ELD data when available

Dispatch and pickup layer

At pickup:

• Confirm pickup location matches the assigned driver's location (via ELD if available)
• Verify driver identification on arrival (name, photo if available)
• Confirm BOL signature matches assigned driver's name
• For high-value loads, require photo confirmation of driver and truck

Payment layer

Before releasing payment:

• Verify banking info hasn't changed since the load was booked
• If banking changed, require additional verification (call to a verified phone number, not the email or phone associated with the change)
• Cross-check against any carrier-side fraud reports filed in the meantime

What gets caught at each layer

A real-world fraud attempt typically gets caught at one of three points. The earlier, the better.

Onboarding catch

Most fraud at well-defended brokerages gets caught here. The fraudster tries to onboard, signals trip, the onboarding gets flagged, the human reviewer asks follow-up questions, the fraudster disappears.

Pre-booking catch

When a carrier whose onboarding looked clean tries to book a load, the dispatcher name or email domain mismatch flags the booking. A human gets involved before the load is committed.

Pickup catch

Last-mile defense. The driver who shows up doesn't match. The truck has wrong markings. The brokerage holds the load, contacts the carrier directly through verified channels, and resolves before cargo moves.

What to do when fraud slips through

Some fraud will slip through any defense. Here's the response playbook.

Step 1: Lock down the carrier

The moment you detect or suspect fraud, lock the carrier in your TMS. Block any pending bookings, holds on payments, and freeze the carrier record.

Step 2: Confirm with the legitimate carrier

If the fraud pattern is MC hijacking or fraudulent dispatch, contact the legitimate MC through verified channels (the phone number on FMCSA records, not the one in your carrier file). Confirm whether the recent activity was theirs.

Step 3: Document everything

Pull all communications (emails, call recordings, text messages) involving the fraudulent identity. Pull the rate confirmations, BOLs, and PODs. The documentation matters for both insurance recovery and any criminal investigation.

Step 4: File the fraud report

Report to FMCSA, the relevant state attorneys general, and industry fraud reporting services (Carrier411, Highway, RMIS, MyCarrierPackets). The faster you file, the less damage the fraudster does to other brokerages downstream.

Step 5: Notify your insurer and customer

If cargo was lost, notify your cargo insurer immediately. If a customer load was affected, communicate proactively. Customers who hear about fraud from you respect you. Customers who hear from someone else don't.

Step 6: Recover what you can

Bond claims if the carrier had a legitimate bond. Litigation against the fraudster (rarely productive but documents the loss). Recovery from your insurer.

Step 7: Audit and improve

After resolution, do a post-mortem. Which signals existed but weren't caught? What workflow change would have caught it? Update your playbook.

What changes with AI fraud defense

A few things become possible at scale that aren't possible manually.

Multi-signal detection in real-time

A human onboarding rep can check 8 to 12 signals on a new MC. AI checks 40 to 60 simultaneously. The combination of signals that indicates fraud often only shows up when you look at many of them together.

Continuous re-verification

AI re-vets continuously. Banking info change? Re-vet. Dispatcher contact changes? Re-vet. Major rate posting change from this carrier? Re-vet.

Pattern recognition across loads

A single fraudster often hits multiple brokerages in sequence using different MCs but similar patterns. AI watching cross-load patterns (similar dispatcher styles, recurring fraud markers, common bank accounts) catches patterns that are invisible to any single onboarding rep.

Automatic action on signals

When fraud signals trip, the AI can automatically place holds, route to humans for review, request additional verification, or block bookings. Speed matters because fraudsters work fast.

What we have seen in deployment

The most concrete reference point is Fura Freight. In the first month of Ten8 running across voice, email, and the back-office layer, the system caught three confirmed fraud or theft attempts that would have otherwise made it through. Full case study: ten8.ai/case-study/fura.

Three saves in one month came from one client, on one workflow set, at the start of a deployment. This is a single data point, not a portfolio benchmark. The reason it happened is straightforward: cross-checking dispatcher names, email domain consistency, banking changes, and rate posture against historical norms is the kind of pattern recognition an operator handling 50 active threads cannot do at the same time. A system that does it on every interaction catches things human attention misses.

What the brokerage owner should do

Three actions to take this quarter.

Run the fraud audit

Pull your last 12 months of carrier fraud incidents (including near-misses you caught at the last minute). Document which signals existed before the incident and which ones weren't being checked. Build a heatmap of where your defenses have gaps.

Tighten the onboarding workflow

Most fraud is preventable at onboarding if the workflow is comprehensive. If you're not running insurance verification with the actual insurer, banking verification with the bank, and cross-checks against industry watchlists, fix that this month.

Add continuous re-verification

If your carrier records get vetted at onboarding and never again, you're vulnerable to MC hijacking. Continuous monitoring of banking info changes, dispatcher changes, and contact info changes catches the patterns that develop after onboarding.

How Ten8 fits

Ten8 deploys AI Coworkers across the workflows where fraud actually shows up — inbound carrier calls, outbound carrier qualification, MC verification handoff, and the back-office banking-change layer. We do not replace your compliance person; we run the routine signal-checking continuously so your compliance person handles the cases that genuinely need their judgment.

The signal-to-action design means that when a pattern emerges (banking change after long quiet period, dispatcher-name mismatch, MC age under 60 days combined with aggressive rate behavior), the AI flags it and routes it to the right human with full context. The reaction window goes from "next time someone notices" to seconds.

Pricing is outcome-based — you pay per fraud signal caught before payment release, not per platform seat or per minute of inference. If we do not catch anything, you do not pay.

If you want to see the fraud defense layer on your carrier network, book a demo. Two-week onboarding. Outcome-based pricing.