By Christina Luttrell, Senior Vice President, IDology
Synthetic identity fraud (SIF) is one of the fastest growing and most sophisticated forms of fraud in the United States today. The Federal Trade Commission estimates that SIF costs American businesses $50 billion each year and, unfortunately, it’s difficult to detect and even harder to stop.
First things first, are you up to speed on SIF?
While traditional identity theft involves a criminal targeting and assuming an individual’s entire identity, with SIF perpetrators combine real and/or fictitious information, such as Social Security numbers (SSN) and names, to create identities that they then use to defraud financial institutions, government agencies or individuals over time. At first glance, a synthetic identity appears unremarkable, and that’s the point. SIF criminals are in it for the long haul, which is why it’s sometimes called “sleeper fraud.” The longer an artificial identity remains “in play,” the larger the credit profile becomes and the greater the potential for criminals to profit. Successful synthetic identity fraud schemes evolve over months and sometimes even years before the criminal decides to “bust out,” cashing in on the identity and leaving the credit provider to foot the bill.
How did we get here?
When businesses in the United States adopted EMV chips in credit and debit cards, criminals were forced to channel their fraud efforts online. That migration, paired with large-scale data breaches, loosening credit standards and the exploitation of legacy credit creation practices and systems, laid the groundwork for certain forms of fraud to flourish, hence the recent exponential rise in SIF. In 2016 alone, SIF cost lenders $6 billion. Today, it’s also responsible for 20 percent of credit losses, with an average charge of $15,000.
There are several other factors that are contributing to the increase in SIF:
Social Security Number Randomization. Beginning on June 25, 2011, the Social Security Administration (SSA) changed how it issued SSNs. According to the SSA, randomization helps protect the integrity of SSNs as well as extend the lifespan of the nine-digit system. However, randomization eliminated the ability of legacy fraud detection solutions to use the information embedded within an SSN to determine its veracity.
Vulnerabilities of Legacy, Static Fraud Detection Tools.Along withthe challenges created by SSN randomization, many firms are also still utilizing conventional identity verification systems. These systems use simple, single-layer matching processes that are configured for yesterday’s fraud schemes. Criminals are constantly collaborating and innovating, and they have adopted more sophisticated cons that legacy systems can’t detect.
Difficulty of Detection.Because a synthetic identity looks and acts like a real identity, companies often do not realize they’re dealing with a fraudster.
Relaxed Credit Standards and More Authorized Users.After the “Great Recession” ended, tight credit standards loosened up and financial services firms aggressively sought more revenue to make up for less fee income. As a result, lenders enabled more authorized users on accounts. Fraudsters exploit this by recruiting and “piggybacking” off of legitimate card holders with good credit, adding themselves to the account as an authorized user, then building up the synthetic identity’s credit score. Making matters worse, they may also add new synthetic authorized users to their previously established synthetic identities, thereby extending and amplifying the scheme.
SIF Protection and Prevention
The first step in combating SIF is acknowledging that traditional, static approaches to detecting identity theft are insufficient. These legacy systems are geared toward matching an established identity and credit history belonging to a real person. As we’ve mentioned, that’s not how SIF works.
To protect against SIF, technologies and processes should be put into place that offer:
Multi-Layered Identity Verification.With consumer data accessible on the dark web, detecting and preventing SIF schemes demands an intelligent, multi-layered approach that pulls together an array of location, activity, device, digital and other identity attributes to validate customers. Predicated on a risk-based approach, powerful algorithms coupled with robust data sourcing and mining capabilities can provide companies with detailed analyses of the relationships and characteristics of identity data that far exceed the rudimentary matching of data elements with public records.
Dedicated Synthetic Identity Fraud Analytics and Tools.Deploying synthetic fraud tools requires big data analysis to identify the relationships between the identity attributes, as well as their veracity. While synthetic identities may appear as a complete and existing identity, the identity is ultimately an amalgam of disparate identity attributes.With a relational analysis of those attributes, inconsistencies that may indicate a synthetic identity can be identified and escalated for additional verification early in the process.
Photo Identity Document Verification.Real consumers usually have “proof of life” documents on hand, such as a driver’s license and passport. They also have smartphones. Synthetic identities may not have such credentials. Document verification and matching a “selfie” with a driver’s license or passport photo can differentiate a real customer from an artificial one. It also offers a way to onboard customers with much less friction.
Cross-Industry Collaborative Networks.Detection also depends on access to a collaborative network of companies united in the fight against identity theft. Mitigating SIF requires companies and industries to share data. By flagging data elements such as phone numbers, addresses and SSNs connected to previous fraud schemes and making such information available collaboratively, companies can receive access to real-time, actionable fraud data.
Synthetic identity fraud schemes exist due to inherent weaknesses in the processes that institutions establish and consumers follow to establish and build credit profiles. Until the credit creation and maintenance process changes, criminals will continue to manufacture identities with the goal of committing fraud. Given SIF’s reliance on both real and fake data, preventing it depends on being able to analyze multiple layers of an identity in order to determine the account holder’s actual existence and intent.