On February 22, 2024, a man walked into a Chevrolet dealership in the San Gabriel Valley and signed a 36-month lease on a brand-new Corvette Stingray. It was a 2024 C8, mid-engine, 490 horsepower — the kind where the V8 rumbles behind the seats with enough thrust to hit 60 mph in under 3 seconds.

When he signed the lease, the odometer read 7 miles. Before he drove off, he made the first payment and covered the usual stack of fees. Grand total to leave in a $90,000 car: $2,779.05.

It was the last money the lender would ever see.

What happened next is auto lending’s worst-case scenario: the letters and phone calls go unanswered, and repo agents return empty-handed. So the lender sues in civil court. The borrower doesn’t show up there either; the sheriff and the process servers can’t find him. Nobody can find the car. Eventually, the case is dismissed, and the lender takes the write-off.

The Corvette case is a flashy example of a dull-sounding legal phenomenon: replevin, sometimes called claim and delivery. It’s what happens when a lender asks a court to help recover collateral – in this case, a car – from a borrower who has stopped paying and won’t give it back. Replevin actions aren’t rare; hundreds of them are filed in U.S. state courts every year, according to our analysis of public court filings. They aren’t always fraud — in some states they’re a routine part of the repo process — but typically they come after the usual tactics have failed.

But the Corvette case also belongs to a narrower category that we, as fraud trackers, consider useful: cases where the borrower can’t be found, the car is never recovered, and the original loan or lease survives in the public court record. These cases offer something rare in first-party fraud research: a public way to look backward from the loss to the application that made it possible.

So we decided to go digging. Reviewing court records, we found a total of 25 unrecovered-car cases, along with copies of their original loan and lease agreements. That let us ask the question at the center of this story: if we reconstructed those applications as they looked on the day the cars left the lot, would the warning signs already be there?

A public version of a private study

First-party fraud is difficult to study: The applicant isn't impersonating someone else, as in identity theft, or inventing a synthetic identity from scratch. They are using their own names, Social Security numbers, and enough other real information to look, on paper, like an ordinary borrower who later defaults.

The difference is intent: An honest borrower meant to repay and then can’t. First-party fraudsters never intended to honor their contracts. In that way, they misrepresent themselves (and also often in other material ways, such as lying about personal information such as their income, address, or employment). The fraud begins at the application.

Typically, we study first-party fraud through private retrostudies with our partners, where the lender provides a large batch of applications, including some it has labeled as fraud, and we look back at what the applications showed at origination. Those studies are rich, but the labels still involve judgment, and the data and results stay confidential.

Here, the lost-car replevin subset gives us a chance to do a public version of the work. These cases don’t prove first-party fraud, of course. But they do offer very strong signals of it: a borrower who evades service, a vehicle that can’t be recovered, and in some cases, the borrower is sued more than once by multiple lenders. And it comes with the original paperwork.

From courthouse records to a dataset

We set out to build a small, high-quality sample of replevin actions as an initial study. Searching court records via Unicourt, a courthouse database, we identified replevin actions from the past ten years, then filtered for cases where the plaintiff was clearly a corporate lender and the defendant was a private individual.

We then focused on the cases with the strongest first-party fraud signals: the borrower was never located and personally served, and the court record showed no evidence that the vehicle was recovered. Next we made sure the original loan or lease agreement was available in the public file.

We limited the sample to California because that is where most of the usable cases were, and because California gave us a clean benchmark: more than 26,000 auto-loan applications from the general California population that we had already analyzed for first-party fraud for two major auto lenders. For borrowers who appeared in multiple cases, we kept only the earliest case in our date range.

That left 25 replevin cases — our 25 missing cars.

The $1.8 million parking lot

The sample was small; the losses were not. Together, the unrecovered cars represented almost $1.8 million in unpaid balances. The set skewed toward luxury and performance vehicles: 6 BMWs, 4 Porsches, 3 Mercedes-Benzes, 3 Chevrolets — including the Corvette — and 2 Land Rovers. The remaining vehicles were one each from Bentley, Dodge, Ford, Jeep, Kia, Tesla, and Toyota.

Most of the contracts, which were originated between February 2015 and June 2024, were leases rather than loans (18 of the former, 7 of the latter). Monthly payments ranged from $348 for a 2012 Ford Edge SEL financed in early 2015, to $2,500 for a 2024 Porsche Panamera. The median payment was $972 a month for a 2023 Chevy Blazer

Balances owed at default were just as wide. The median was $58,882 (also the Blazer). At the high end was the same 2024 Panamera: roughly $133,000 owed, and no car returned.

What the model saw

By the time these cases reached court, of course, the borrowers and cars were long gone. We wanted to wind back the clock.

Using the documents attached to each case, we reconstructed each application the way it would have appeared the day a lender first received it. Then we ran each one through SentiLink's First-Party Fraud model, which returns a number from 1 to 999 representing the likelihood that an applicant is misrepresenting themselves in the application.

The contrast was stark. In our benchmark of 26,180 California applications, the median score was 95, indicating very low first-party fraud risk. Among the 25 applications for the unrecovered cars, the median score was 758 — the 96th percentile of the benchmark. More than a third scored above 900, a level reached by only about 1% of the benchmark cases.

The model wasn't perfect — four of the 25 came in under 300, indicating a low likelihood of fraud. But the overall picture is unmistakable: to the model, the overwhelming majority of these applicants looked like people misrepresenting their true credit identity at the time of application.

But why?

To us, this is one of the most fascinating parts of the work.

None of the individual application data is exotic. Our models rely mostly on basic identifying information that people scribble down on loan applications: address, phone number, social security number, email —humdrum vitals that don't, at first glance, seem to tell you whether someone is being honest about who they are.

But together those details form patterns, and machine learning is very good at noticing when ordinary facts combine in unusual ways.

To investigate our model’s behavior with these lost-car cases, we peeked under the hood using a tool called SHAP. Think of it as a way to put tiny red flags and green flags on every part of the data: What data made the application look riskier for fraud? Which made it look more ordinary? And how much did each one matter?

First we look at SHAP values in big groups – not enough to tell us much yet, but enough to give us a map of where to look.

The biggest separation comes from the SentiLink cluster, the record of everywhere an application identity’s phone number, email, address, and IP have turned up across our network of 500+ partners. Ordinary applications are reassuringly repetitive, with the same details used again and again at a slow and steady pace. Something about the lost-car cases was different.

The above chart has other clues that surface fraud risk: unusual patterns of fraud alerts and similar fraud codes associated with the application identity, and phone numbers that were new, recently ported to a new carrier, or tied to multiple identities. There were also missing green flags, like long-running ownership of the same phone number and steady bank-account history (a slow “demand deposit account velocity” in industry argot).

All of that influenced the score. But since the biggest gap is in the cluster, let’s dig there.

Simply put, the lost-car identities were newer and busier. The typical benchmark identity had been in the cluster for more than five years; the typical lost-car identity, only 2.4. Benchmark applicants applied for credit about once every 90 days. The lost-car identities applied at nearly four times that rate. The identities attached to the lost-car replevin actions also applied to more different institutions than the average – about 5 compared to 3.

None of this proves fraud, of course. People switch banks. They shop for credit. But the model is reacting to a shared set of patterns that says “hey, something about these identities is out of the ordinary. Slow down. Take a closer look.”

That’s the broad view. Now let’s get specific and look at that Corvette.

The Corvette, under the hood

The model scored the Corvette application high at 762.

The Corvette case is a more intense version of the average lost-car replevin case. In the 90 days before the application, the same name, date of birth, and Social Security number had appeared in six applications — against the lost-car replevin average of 3.7 and the California benchmark of around 1. While the typical replevin identity had applied for accounts at five different institutions in the past year, the Corvette driver’s identity had applied at five different lenders in the past 60 days. Put together, the score was not about the car being flashy. The model did not know the borrower, or that the V8 was behind the seats. It saw a different kind of horsepower: an identity moving fast through applications, across institutions, with discernible signals of elevated fraud risk.

You can learn more about SentiLink’s approach to detecting elevated first-party fraud risk at the point of application here.