Written by: David Zhou
A vast majority of financial institutions have experienced identity fraud. Over the past few years, a new form called synthetic identify fraud has become more prevalent and is now one of the biggest threats faced by financial institutions. Synthetic identity fraud is the combining of fictitious and partially real personal information to create new identities to deceive financial institutions. Unlike traditional identity scams, malicious actors use synthetic identity fraud to create a false new identity instead of fraudulently using an existing real identity. The specific methods include fake identity, identity manipulation, or identity compilation.
The New Identity Fraud Trend
The use of false synthetic identities for financial fraud has become increasingly rampant in the United States. Fraudsters use false new identities to apply for credit cards and defraud bank loans to illegally collect money, causing significant losses. The ‘ghost’ presence of fraudsters is challenging for financial institutions and law enforcement agencies.
There are loopholes in U.S. credit procedures that allow fraudsters to establish a synthetic identity. Fraudsters uses new synthetic identities to apply for a loan from a financial institution. Although the financial institution usually rejects the loan application based on a lack of credit history, a credit institution often creates an automatic profile for this new applicant. This credit profile becomes evidence of the existence of the synthetic identity. When fraudsters apply for loans from different financial institutions and are approved, the credit institution will determine that this identity is legal and valid. Fraudsters are using this loophole to establish credit records for synthetic identities, accumulating credit lines for months or even years. As the credit score improves, fraudsters can obtain higher credit extensions until they declare bankruptcy and disappear, ultimately achieving their goal of monetary gain.
Due to the impact of the pandemic, the digital transformation of financial institutions has accelerated, and identity authentication through remote channels has gradually become commonplace. If remote identity authentication is too complicated, it will often reduce the user experience. A streamlined and barrier-free remote identity authentication experience is what many financial institutions strive to provide, and could become a strong mitigation tactic against synthetic identify fraud.
The Spread of Synthetic Identity Fraud
The use of Social Security Numbers (SSNs) as the paramount identifier in the U.S. has created vast opportunity for fraudsters. An SSN is a unique identifier that doesn’t usually change during an individual’s lifetime. Therefore, SSNs have become the only identifier commonly used by financial institutions. However, many societal factors have made SSNs more vulnerable. According to Identity Theft Resource Center, between 2017 and 2018, more than 446 million personally identifiable information (PII) records were exposed to a data breach. Additionally, over-sharing personal information and other risky behaviors on social media platforms increase the risk of exposure, where criminals can easily exploit PII.
Synthetic identity fraud typically combines real data elements (such as valid SSNs) with fabricated data (such as names and contact information). The result is an entirely new individual, who exists only on paper. This is difficult to identify and nearly impossible to track down once funds are dispersed.
The Impact of Synthetic Identity Fraud on Financial Institutions
It’s estimated that more than 50% of synthetic identity fraudsters apply for credit cards online. According to research conducted by the Federal Reserve, some fraudsters who use synthetic identities will also personally appear in financial institutions and provide false information to prove their identities. Once the fraudster applies for credit, the financial institution will investigate one or more credit bureaus and may receive a report that the identity doesn’t have a credit history. Usually, the financial institution will reject this credit application. However, this initial query will create a credit record for the synthetic identity, even if the application is rejected.
Fraudsters continue to apply for various credit in different financial institutions until they receive approval. In some cases, this preliminary approval is granted by a high-risk lender. Fraudsters will use this credit limit and create timely repayment records to cultivate a higher credit limit.
Most of the costs that result from synthetic identity fraud are often borne by financial institutions. According to research, approximately 20% of all credit losses are now due to synthetic identity fraud. But because of the inconsistency of synthetic identity evaluation and identification standards, as well as the lack of relevant investigations and risk reports, the true cost of synthetic identity payment fraud is difficult to quantify.
How to Prevent Synthetic Identity Fraud
Faced with this type of situation, many financial institutions try to improve the identity verification process to prove that the actual user is the same as the user in the application. However, by using cross-channel intelligence including multi-source data and external data sources, financial institutions can protect themselves and their customers without making the verification process too complicated for consumers. These are some controls that can help identify and prevent synthetic identity fraud:
- Use strong analysis methods (manual and automatic) to determine identities
- Combine and analyze basic personal information (such as name, SSN, date of birth, and address) with other data sources to confirm the identity of the applicant
- Use a “strong connection” analysis process, including examining debit and credit accounts, checking accounts, and other financial instruments
- Filter multiple account applications originating from the same IP address or device, and detect the identity information displayed as authorized users in multiple accounts
- Conduct synthetic identity link analysis on service providers of interbank users
It’s recommended that financial institutions share information across product lines to discover the identities of synthetic identity fraudsters, because criminals will often open multiple accounts in the same organization including credit cards, direct deposit accounts, credit lines, and auto or mortgage loans.
In practice, these are extremely difficult to implement successfully with manual procedures or without collaboration across institutions. Fintech organizations are stepping in to provide this functionality.
Synthetic identity fraud is a serious threat, affecting consumers, enterprises, financial institutions, government agencies, the medical industry, and other social systems. Due to the difficulty of detection, low cost of crime, and the ever-increasing degree of digitalization of financial systems, these financial frauds may remain prevalent for years to come. To combat these threats, all stakeholders in the financial institution industry must work together to understand, detect, and mitigate synthetic identity fraud.