The VETT Framework: How We Check Businesses Using Public Data

Every day, people make high-stakes decisions about businesses with almost no real information. Hiring a contractor. Choosing a daycare. Picking a moving company. Selecting a property manager. The stakes are real. Your money, your time, your family's safety. But the tools available to evaluate these businesses before committing are either expensive, shallow, or nonexistent.

A Google search might surface a star rating. A friend might have a recommendation. A website might claim the business is "licensed and insured." But none of these answers the fundamental question: what does the full public record actually show about this business?

That is the question the VETT Framework was built to answer.

Why Existing Approaches Fall Short

Most ways of checking on a business fall into one of four categories, each with significant blind spots.

Enterprise risk scoring (Dun & Bradstreet, LexisNexis) uses payment histories, financial statements, and credit data to predict business failure. Even consumer-facing tools like business credit scores measure likelihood of paying debts, not whether a business operates honestly or delivers quality work. These tools are designed for banks, insurers, and compliance departments. They cost thousands of dollars annually and require expertise to interpret. The average consumer hiring a contractor or choosing a daycare will never see this data.

Single-source checks (BBB ratings, Google reviews, Yelp) offer one data point in isolation. A business can have a 4.8-star Google rating while simultaneously facing multiple federal lawsuits. A BBB accreditation tells you the business paid a membership fee, not that it has clean court records.

Self-reported credentials (website claims of "licensed," "insured," "certified") are unverifiable without cross-referencing independent databases. Research from Resistant.ai has documented systematic fake licensing across multiple industries.

Government licensing and oversight creates what may be the most dangerous false confidence of all. The implicit assumption is binary: a business is either licensed or it isn't, and a license means the government has verified its legitimacy. This is a false dichotomy. A license verifies that paperwork was filed and fees were paid. It does not verify that the business operates as described, treats customers honestly, or even has real customers. Every facility in the Feeding Our Future scheme was licensed by the state of Minnesota. They passed inspections. They had addresses and phone numbers on file with regulators. They were, by every official measure, legitimate. The $250 million fraud ran for years within a fully licensed, government-overseen system. Licensing is a necessary baseline, not a substitute for independent verification.

The gap is clear: no consumer-accessible tool combines these sources into a clear, honest picture of a business.

The VETT Framework: Verified Evidence Through Triangulation

Triangulation is a well-established methodology in research and investigation. The principle is straightforward: when multiple independent sources point to the same conclusion, confidence increases. When they diverge, or when most sources return nothing at all, that divergence is itself a finding.

We built our system on this principle. Internally, we started calling it the VETT Framework: Verified Evidence Through Triangulation.

The VETT Framework differs from existing approaches in two important ways.

First, it evaluates what we don't find, not just what we do find. A legitimate business leaves a footprint across multiple independent public sources: customer reviews, news mentions, court records, social media, community discussions. The absence of that footprint is a signal. Not proof of wrongdoing, but a measurable gap between what a business claims and what can be independently verified. This is the opposite of how most systems work. Traditional checks look for the presence of bad signals. We also look for the absence of good ones.

Second, it cross-references multiple independent public data sources and evaluates whether they tell a consistent story. Any single data source can mislead. Reviews can be faked. Court records can reflect frivolous suits. News coverage can be absent for reasons that have nothing to do with the business. But when you triangulate across all of them, patterns emerge that no single source reveals on its own.

Current Sources

The VETT Framework is designed to be source-agnostic. The principle of triangulation holds regardless of which specific databases are checked. Today, every report evaluates the following:

Legal & Courts

Source	What It Reveals
Federal court records	Lawsuits, bankruptcies, liens, judgments from federal courts nationwide
State & local court records	Small claims, evictions, local litigation across hundreds of millions of case records

Consumer Protection

Source	What It Reveals
CFPB complaint database	Formal consumer complaints filed with the federal Consumer Financial Protection Bureau
State attorney general complaints	Consumer complaints filed with state AG and consumer protection offices — the state-level equivalent of CFPB

Reviews & Community

Source	What It Reveals
Google Reviews	Customer sentiment, review volume, rating patterns
Google News	Investigations, regulatory actions, fraud coverage
Reddit discussions	Organic community sentiment, warnings

Licensing & Registration

Source	What It Reveals
State licensing databases	Professional and trade license status (active, expired, revoked)
Business entity registration	Secretary of State records — formation date, entity type, active/dissolved status
Childcare facility records	State childcare licensing, inspections, violations, and quality ratings

Workplace & Environmental

Source	What It Reveals
OSHA workplace inspections	Federal workplace safety inspections, violation types, and penalties assessed
DOL Wage & Hour violations	Department of Labor enforcement actions for wage theft, FLSA violations, and back wages owed
EPA compliance (ECHO)	Environmental compliance history, Clean Air/Water Act violations, enforcement actions

Digital Footprint

Source	What It Reveals
Web presence analysis	Domain age, website quality, social media profiles, trust claims

Each source has limitations. Court records don't cover every jurisdiction. CFPB complaints are self-reported and unverified. Google reviews can be manipulated. An estimated 18% of Google Reviews across small businesses were flagged as potentially fraudulent in 2024, up from 12% in 2022 (Online Reputation Institute). News coverage is uneven across geographies. State-sourced data (licenses, complaints, entity records, childcare) varies in coverage by state — not all states publish to the same databases, and absence of a record does not mean the business is unlicensed or unregistered.

The power is in the triangulation. When court records, reviews, complaints, workplace inspections, and regulatory filings all converge on the same conclusion, confidence is high. When they conflict, or when data is absent from most sources, that tells us the business has left very little verifiable public footprint. With this many independent data sources, the likelihood that a consistent pattern across multiple sources is misleading is low.

Two Dimensions: Quality Grade and Fraud Risk

Every VETT report evaluates a business on two separate dimensions, because a bad business and a fake business are not the same thing.

The Grade: A Through F

The overall grade reflects the quality and trustworthiness of a business based on the full picture across all sources. A contractor with hundreds of positive reviews, a clean court record, and a decade-old web presence earns a high grade. A company with patterns of consumer complaints, multiple lawsuits, and poor review scores earns a low one.

The grade answers: "Based on everything in the public record, how does this business look?"

• A: Clean records across sources, strong review history, established and verifiable presence.
• B: Generally solid with minor concerns. Perhaps a few complaints relative to volume, or thin in one area but strong in others.
• C: Mixed signals. Some positive indicators alongside notable gaps or concerns. More investigation may be warranted.
• D: Significant red flags found. Patterns of complaints, lawsuits, poor reviews, or very thin verifiable presence across most sources.
• F: Severe and consistent negative findings across multiple independent sources.

Grades are subject to data sufficiency rules. A business cannot receive a top grade without a minimum threshold of verifiable customer evidence. Zero Google reviews after years of supposed operation does not earn an A simply because nothing negative was found. The absence of data is not the same as positive data.

Fraud Risk: Four Levels

Separately, each report assesses fraud risk on a four-level scale. This is where the VETT Framework draws on established fraud detection research: the ACFE Fraud Diamond, which models how fraud arises from the intersection of pressure, opportunity, rationalization, and capability; Moody's Analytics shell company indicators, which identify entity-level patterns like shared addresses, no online presence, and vague business descriptions; and FTC consumer fraud pattern data.

Low (1 of 4). Multiple independent data sources confirm the business is established and active. Strong review volume, years of operation, clean records across sources. The triangulation of signals is consistent with a legitimate, operating business.

Medium (2 of 4). Some verification gaps exist but nothing overtly suspicious. Perhaps thin in one area (no website but has reviews), or a couple of minor inconsistencies. Worth noting but not alarming.

High (3 of 4). Multiple fraud indicators present simultaneously. The combination of signals is concerning: very thin data across multiple sources, unverifiable claims, patterns consistent with shell companies or fraudulent operations.

Critical (4 of 4). Serious fraud indicators detected. Direct evidence such as fraud-related court cases, arrest news, or federal complaints. Or a cluster of strong indirect indicators that together raise significant questions about whether this business operates as represented.

The distinction matters. A daycare with genuine safety complaints but real customers is a quality problem (low grade, low fraud risk). A daycare with no customers and no public footprint is a different category of concern entirely (low grade, high fraud risk). The VETT Framework surfaces both.

Eleven Indicators

Based on established fraud detection frameworks and our analysis of thousands of business reports, the VETT Framework assesses the following indicators for every business. They fall into three categories.

Digital Footprint

These indicators measure whether a business leaves the kind of public trail that real, operating businesses naturally produce.

1. Customer footprint. Does anyone appear to have actually used this business? Zero reviews after years of supposed operation is suspicious. The ACFE notes that active detection methods outperform passive ones. We apply the same principle to customer evidence.

2. Web presence maturity. Domain age is a well-documented credibility signal. Research from multiple security firms has found that over 40% of newly registered domains are associated with fraudulent activity. We check WHOIS data, website content quality, and historical consistency.

3. Operational indicators. Is the business listed as permanently closed? Are there no posted business hours? Does the Google Places listing show signs of active operation?

4. Review authenticity. Beyond star ratings, we look for patterns consistent with review manipulation: sudden spikes in volume, polarized rating distributions (all 1-star and 5-star with nothing in between), and suspicious language patterns. Google's own systems catch approximately 75% of fake reviews before publication, but that leaves a significant gap.

Entity Verification

These indicators evaluate whether the business is what it claims to be.

5. Identity consistency. Does the business name, address, phone number, and website tell a consistent story? OpenCorporates researchers found that overlaying state-registry filings onto operational data routinely uncovers networks of shell entities that transaction monitoring alone misses.

6. Trust claim verifiability. If a business website claims "licensed and insured" but no license record exists in the relevant state database, that is a measurable gap between claims and evidence.

7. Business name patterns. Moody's shell company research and law enforcement case studies consistently show that generic names ("Quality [Service] Center," "Best [City] [Service]") are statistically overrepresented among fraudulent operations. This is one indicator among many, not dispositive on its own.

8. Address legitimacy. A residential address for a business claiming commercial operations, a virtual office address, or an address shared with many unrelated businesses. These are all patterns documented in the OpenCorporates and Moody's research. We verify using Google Places metadata.

Legal and Public Record

These indicators surface what courts, regulators, and the public have documented about the business.

9. Court record patterns. We distinguish between routine commercial litigation (common for large businesses operating over decades) and fraud-specific cases: deceptive trade practices, consumer protection violations, fraud convictions. Volume is contextualized against business age and size.

10. Complaint patterns. CFPB complaints mentioning fraud, unauthorized charges, or deceptive practices carry different weight than billing disputes. We assess both volume and nature.

11. News coverage. Articles about investigations, arrests, regulatory actions, and fraud allegations are direct signals. We filter for relevance. An obituary mentioning the business name is noise. An FTC enforcement action is signal.

What We Found: The "No News Is Good News" Problem

During validation testing across thousands of businesses, we discovered a systematic bias in our own grading system. The discovery illustrates a broader problem in business evaluation, and it shaped how the VETT Framework works today.

There is a common assumption in business reputation analysis that online feedback skews negative, that customers are more motivated to post after a bad experience than a good one. Research supports this to a degree. Negative experiences do generate disproportionate review activity. The natural conclusion is that a business with no complaints is probably fine.

Our AI grading engine had internalized this assumption. It was treating the absence of negative evidence as positive evidence. A business with a Google listing but zero customer reviews, no website, and no mention on any public platform was receiving a clean bill of health. Not because the data showed it was trustworthy, but because no one had complained yet.

But the negativity bias in reviews actually cuts the other way. If dissatisfied customers are the most motivated to post, then a business with zero reviews after years of operation has not even generated enough customer interaction for anyone to complain. The question is not "why hasn't anyone complained?" The question is "has anyone used this business at all?"

This is the same logical error that enabled Feeding Our Future. The fraud persisted for years precisely because oversight systems treated the absence of red flags as evidence of compliance.

The lesson is general. No data is not the same as good data. A business with zero customer reviews after years of supposed operation is not "clean." It is unverifiable. A business with no web presence is not private. It is invisible. And invisibility, as Moody's shell company research documents, is one of the strongest indicators that an entity may not operate as represented.

We corrected this bias by implementing data sufficiency rules: a business cannot receive a top grade without a minimum threshold of verifiable customer evidence, regardless of the absence of negative findings.

Why Triangulation Works: The Combination Principle

The most important insight from this work is that no single indicator is reliable in isolation. Review content alone can reflect disgruntled employees rather than fraud. A new domain could belong to a legitimate startup. A court record could be a frivolous suit that was dismissed.

But signals compound. A business with zero customer reviews, a domain registered six months ago, no social media presence, a residential address, and a generic name presents a pattern that is difficult to explain as anything other than a very thin, or potentially fictitious, operation.

Conversely, a business with 400 genuine reviews, a 14-year-old domain, active social media across multiple platforms, and industry association memberships presents a pattern that is extremely difficult to fabricate.

This is consistent with how professional fraud examiners work. The ACFE's methodology relies on what they call "red flag clusters," where individual anomalies that may be innocent become significant when they appear together. The VETT Framework applies this same principle to publicly available data, making it accessible to everyone rather than limiting it to enterprise compliance departments.

Why This Matters

The tools and methodologies to properly evaluate a business have existed for decades. They work. The problem is that none of them were built for the person who actually needs them most: the parent choosing a daycare, the homeowner hiring a contractor, the small business owner selecting a vendor.

These decisions involve real money, real trust, and real consequences when they go wrong. Until now, the options have been to spend thousands on enterprise risk tools, rely on a single source like Google reviews, or simply hope for the best. The VETT Framework exists to close that gap. Not to replace professional due diligence, but to give everyone access to the same kind of multi-source analysis that professionals use, applied to public data, delivered in plain language, at a price point that makes it practical to check before you commit.

We are publishing this framework and our methodology because transparency is the point. If we are asking consumers to trust our assessments, they deserve to understand exactly how those assessments are made. We will continue to publish our findings as we apply the VETT Framework across industries and geographies.

Methodology

The VETT Framework draws on the ACFE Fraud Triangle and Diamond, Moody's Analytics shell company indicators, FTC consumer fraud patterns, and review authenticity research. The assessment is applied to publicly available data from multiple independent sources and is generated by AI analysis. The AI does not produce a black-box risk score. It is given the specific framework indicators described above and evaluates each one against the collected evidence, then explains its reasoning in plain language within the report.

Grades and fraud risk levels represent patterns in the public record and are Vett.us's analytical opinion. They are not determinations of actual fraud or business quality guarantees. The absence of negative indicators does not guarantee that problems do not exist. The presence of concerning indicators does not prove wrongdoing. Our goal is to surface patterns that warrant attention, so that consumers can make more informed decisions.

---

Sources cited:

• ACFE Report to the Nations 2024. Association of Certified Fraud Examiners.
• FTC Consumer Sentinel Network Data Book 2024. Federal Trade Commission.
• FBI IC3 Annual Report 2024. Federal Bureau of Investigation.
• Moody's Analytics: Seven Indicators of Shell Company Risk.
• OpenCorporates: How Bulk Registry Data Uncovers Corporate Fraud (2025).
• Cressey, D.R. (1950). The Criminal Violation of Financial Trust.
• Wolfe, D.T. & Hermanson, D.R. (2004). The Fraud Diamond: Considering the Four Elements of Fraud.
• FBI: Dozens Charged in $250 Million COVID Fraud Scheme (2022).
• Online Reputation Institute: Google Review Fraud Statistics (2024).