The role of the Social Security number in fraud prevention

The value of the Social Security number (SSN) in the fraud prevention process is an oft-debated topic. Some companies put a great deal of emphasis on the SSN, while others feel the value of it has been lost. Those in the latter category may not even request it from their customers in the application process. The position is that the value they get from the SSN for fraud prevention does not outweigh the customer experience principles they are working to achieve.

The use of Social Security numbers in authentication and fraud prevention has been a constant topic for the media in terms of how this process impacts a person’s privacy. Recent policy changes by the Social Security Administration (SSA) have affected the availability of SSN data. The most notable change took place in July 2011. This is when the SSA started issuing Social Security numbers by random versus issuing them in a range by state and date. In November 2011, the SSA announced that it would no longer include death records obtained from protected state records in the Public Death Master File (Public DMF), used by many as a means to prevent the use of deceased SSNs. This change creates additional challenges for quickly and accurately confirming an individual’s Social Security number, which is something consumers have come to expect.

Despite these new challenges, the SSN is still a critical component when it comes to fraud prevention and risk assessment. Older fraud alerts tied to the SSN often are not predictive of fraud as a standalone element. Criminals are well-versed in the application process, so they typically use a valid and issued Social Security number when attempting to perpetrate fraud. Interestingly, despite low fraud find rates, it’s still considered a common best practice to flag and review any application where a deceased SSN has been used. The next level of fraud prevention involves the common practice of data matching. For example, does the SSN match to the individual’s name and address? This tactic provides better fraud separation than the older SSN alerts but still creates some challenges. For example, when you look at SSN matches to name (meaning the full name matched but the address did not) in a sample population, 40 percent of the frauds had this match. The challenge is that 25 percent of the goods also had this message. There is clearly some separation of fraud here, but probably not enough to use this message independently for fraud prevention.

Given these challenges, is the SSN really an important piece in the fraud prevention puzzle? Despite some of the limitations, the power of analytics tells us yes.

Analytics takes in the variables of the basic SSN alerts and the matching components and blends these with other data to develop highly predictive fraud scores. Other variables tied to the SSN that lead to predictiveness in the models are the velocity indicators tied to the SSN — for example, how many times the SSN has been used in a certain period of time. There also are more sophisticated rules tied to the SSN such as if the SSN is being used by multiple parties via recent inquiries, indicating that the SSN may have been compromised and actively is being used for fraud.

To be clear, SSN information is only one part of the larger picture of risk that is composed by today’s fraud prediction models.  That said, it remains a key piece of information in providing strong fraud detection and separation. The use of analytics provides the opportunity to find the majority of fraud while impacting a manageable number of cases that are not fraud. Strong scores can find approximately 60 percent or more of identity theft in a review population of 10 percent based on model validations.

So what is the bottom line? Capture and use the SSN for use in fraud prevention if you can. There is value realized by the use of analytics that really can help drive workable review rates. This approach creates the best balance between stopping fraud and keeping the customer experience “friendly.”

  1. No comments yet.

  1. No trackbacks yet.