What Is “Backdooring” in Alternative Finance — and Why Should the Industry Care?
In alternative business finance, “backdooring” refers to the theft and resale of merchant documents and data.
There are two types: internal and external backdooring. Neither requires a complex scheme, and that is part of the problem. At its core, it comes down to technical vulnerability: data is extracted from company systems and forwarded externally with little to no oversight or safeguards. As much as people like to believe strong relationships with merchants and partners are enough, they are not.
Backdooring usually shows up in two ways:
- Bulk data is exported as CSV or Excel files.
- Submission packages are extracted, forwarded, and resold. This is the most common.
A submission package, often called a loan package or “pack,” includes a credit application and business bank statements. Its purpose is to evaluate a legitimate business funding request. On any given day, hundreds of these packages can be found for sale, often by individuals or data providers flipping packages for a profit.
Who Is Buying?
- Brokers
- Funders
- Lead resellers
- Data providers
Internal Backdooring
As a standard practice, brokers originate submission packages. The problem starts when someone inside the company takes that information from company systems and sends it to someone outside the company for financial gain.
Typically, packages are downloaded or forwarded from a company email, CRM, or equivalent. Once extracted, they log into a personal email account and send files to themselves, or directly to their buyers. Unless you are monitoring, deterring, and auditing, this often goes undetected.
External Backdooring
Brokers will send the same deal to multiple funders, another normal practice. Once a funder receives a submission, external individuals and systems gain access and brokers lose control.
In most instances, the backdooring is done by a rogue individual without the knowledge of the funding company. In less common but more serious cases, a funding company may systematically use broker-submitted files for its own benefit. This typically takes two forms: bypassing the original broker to fund the deal in-house without paying a commission, or secretly brokering the deal out to competing funders.
Why Do People Do It?
Financial gain, survival, incompetence.
Alternative finance has limited barriers to enter, and for most products, brokers do not need a license or specialized credentials to operate. A number of states are starting to require different forms of registration, though not fast enough and not in a way that enforces meaningful non-compliance consequences.
At the same time, one transaction can generate thousands in commission in a single day. Combined, it has created a crowded market where everyone is competing for the same finite deal flow.
Lead origination is harder, more expensive, and more competitive. That does not excuse backdooring, but it helps explain why the “pack market” exists. Buying backdoored files is cheaper than generating leads, faster than building relationships, and easier than doing the work.
Why It Matters
It harms business owners. Their data leaks, then the calls start. Suddenly they are being pressured and misled by multiple companies, leading to excessive stacking and in extreme cases, putting businesses out of business.
If your company is doing things the right way, backdooring still affects you. Because of its scale, it weakens broker-funder trust, hurts portfolio performance and industry perception, and makes responsible companies harder to distinguish from everyone else.
How Do You Stop It?
You can’t prevent it all, but you can make it harder. Limit who can access systems, control downloads, watermark documents, maintain audit logs, monitor personal email forwarding, block browser access to personal email accounts. These are standard DLP controls. Once the industry starts expecting them as a condition of doing business, bad actors have fewer places to hide.
My Final Thoughts
If you go back a decade, you’ll find backdooring. It has only gotten worse and largely accepted as part of doing business. The industry does not need to solve everything overnight, but it does need to start somewhere. Secure Broker and Secure Funder give companies an independent way to take that first step. And over time, the companies doing things the right way will be the easiest to find.