Tag: synthetic identity fraud

Sometimes, the best offense is a good defense. That’s certainly true when it comes to detecting synthetic identities, which by their very nature become harder to find the longer they’ve been around. To launch an offense against synthetic identity fraud, you need to defend yourself from it at the top of your new customer funnel. Once fraudsters embed their fake identity into your portfolio, they become nearly impossible to detect. The Challenge Synthetic identity fraud is the fastest-growing type of financial crime in the United States. The cost to businesses is hard to determine because it’s not always caught or reported, but the amounts are staggering. According to the Aite Group, it was estimated to total at least $820 million in 2017 and grow to $1.2 billion by 2020. This type of theft begins when individual thieves and large-scale crime rings use a combination of compromised personal information—like unused social security numbers—and fabricated data to stitch together increasingly sophisticated personas. These well-crafted synthetic identities are hard to differentiate from the real deal. They often pass Know Your Customer, Customer Identification Program and other onboarding checks both in person and online. This puts the burden on you to develop new defense strategies or pay the price. Additionally, increasing pressure to grow deposits and expand loan portfolios may coincide with the relaxation of new customer criteria, allowing even more fraudsters to slip through the cracks. Because fraudsters nurture their fake identities by making payments on time and don’t exhibit other risk factors as their credit limits increase, detecting synthetic identities becomes nearly impossible, as does defending against them. How This Impacts Your Bottom Line Synthetic identity theft is sometimes viewed as a victimless crime, since no single individual has their entire identity compromised. But it’s not victimless. When undetected fraudsters finally max out their credit lines before vanishing, the financial institution is usually stuck footing the bill. These same fraudsters know that many financial institutions will automatically settle fraud claims below a specific threshold. They capitalize on this by disputing transactions just below it, keeping the goods or services they purchased without paying. Fraudsters can double-dip on a single identity bust-out by claiming identity theft to have charges removed or by using fake checks to pay off balances before maxing out the credit again and defaulting. The cost of not detecting synthetic identities doesn’t stop at the initial loss. It flows outward like ripples, including: Damage to your reputation as a trusted organization Fines for noncompliance with Know Your Customer Account opening and maintenance costs that are not recouped as they would be with a legitimate customer Mistakenly classifying fraudsters as bad debt write offs Monetary loss from fraudsters’ unpaid balances Rising collections costs as you try to track down people who don’t exist Less advantageous rates for customers in the future as your margins grow thinner These losses add up, continuing to impact your bottom line over and over again. Defensive Strategies So what can you do? Tools like eCBSV that will assist with detecting synthetic identities are coming but they’re not here yet. And once they’re in place, they won’t be an instant fix. Implementing an overly cautious fraud detection strategy on your own will cause a high number of false positives, meaning you miss out on revenue from genuine customers. Your best defense requires finding a partner to help you implement a multi-layered fraud detection strategy throughout the customer lifecycle. Detecting synthetic identities entails looking at more than a single factor (like length of credit history). You need to aggregate multiple data sets and connect multiple customer characteristics to effectively defend against synthetic identity fraud. Experian’s synthetic identity prevention tools include Synthetic Identity High Risk Score to incorporate the history and past relationships between individuals to detect anomalies. Additionally, our digital device intelligence tools perform link analyses to connect identities that seem otherwise separate. We help our partners pinpoint false identities not associated with an actual person and decrease charge offs, protecting your bottom line and helping you let good customers in while keeping false personas out. Find out how to get your synthetic identity defense in place today.

Last month, Kenneth Blanco, Director of the Financial Crimes Enforcement Network, warned that cybercriminals are stealing data from fintech platforms to create synthetic identities and commit fraud. These actions, in turn, are alleged to be responsible for exploiting fintech platforms’ integration with other financial institutions, putting banks and consumers at risk. According to Blanco, “by using stolen data to create fraudulent accounts on fintech platforms, cybercriminals can exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.” Fintech executives were quick to respond, and while agreeing that synthetic IDs are a problem, they pushed back on the notion that cybercriminals specifically target fintech platforms. Innovation and technology have indeed opened new doors of possibility for financial institutions, however, the question remains as to whether it has also created an opportunity for criminals to implement more sophisticated fraud strategies. Currently, there appears to be little evidence pointing to an acute vulnerability of fintech firms, but one thing can be said for certain: synthetic ID fraud is the fastest-growing financial crime in the United States. Perhaps, in part, because it can be difficult to detect. Synthetic ID is a type of fraud carried out by criminals that have created fictitious identities. Truly savvy fraudsters can make these identities nearly indistinguishable from real ones. According to Kathleen Peters, Experian’s SVP, Head of Fraud and Identity, it typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to “bust out” – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. These types of fraud attacks are concerning to any company’s bottom line. Experian’s 2019 Global Fraud and Identity Report further details the financial impact of fraud, noting that 55% of businesses globally reported an increase in fraud-related losses over the past 12 months. Given the significant risk factor, organizations across the board need to make meaningful investments in fraud prevention strategies. In many circumstances, the pace of fraud is so fast that by the time organizations implement solutions, the shelf life may already be old. To stay ahead of fraudsters, companies must be proactive about future-proofing their fraud strategies and toolkits. And the advantage that many fintech companies have is their aptitude for being nimble and propensity for early adoption. Experian can help too. Our Synthetic Fraud Risk Level Indicator helps both fintechs and traditional financial institutions in identifying applicants likely to be associated with a synthetic identity based on a complex set of relationships and account conditions over time. This indicator is now available in our credit report, allowing organizations to reduce exposure to identity fraud through early detection. To learn more about Experian’s Synthetic Fraud Risk Level Indicator click here, or visit experian.com/fintech.

It’s Halloween time – time for trick or treating, costume parties and monsters lurking in the background. But this year, the monsters aren’t just in the background. They’re in your portfolio.  This year, “Frankenstein” has another meaning. Much more ominous than the neighbor kid in the costume.   “Frankenstein IDs” refer to synthetic identities — a type of fraud carried out by criminals that have created fictitious identities. Just as Dr. Frankenstein’s monster was stitched together from parts, synthetic IDs are stitched together pieces of mismatched identities — some fake, some real, some even deceased.   It typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to "bust out" – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. That means fraudsters are investing money and time to build numerous tradelines, ensure these "fake" identities are in good credit standing, and ultimately steal the largest amount of money possible.   “Wait Master, it might be dangerous . . . you go, first.” — Igor   Synthetic identities are a notable challenge for many financial institutions and retail organizations. According to the recently released Federal Reserve Board White Paper, synthetic identity fraud accounts for roughly 20% of all credit losses, and cost U.S. businesses roughly $6 billion in 2016 with an estimated 41% growth over 2 years. 85-95% of applicants identified as potential synthetic are not even flagged by traditional fraud models.   The Social Security Administration recently announced plans for the electronic Consent Based Social Security Number Verification service – pilot program scheduled for June 2020. This service is designed to bring efficiency to the process for verifying Social Security numbers directly with the government agency. Once available, this verification could be an important tool in the fight against the elusive “Frankenstein” identity monster.   But with the Social Security Administration's pilot program not scheduled for launch until the middle of next year, how can financial institutions and other organizations bridge the gap and adequately prepare for a potential uptick in synthetic identity fraud attacks? It comes down to a multilayered approach that relies on advanced data, analytics, and technology — and focuses on identity.   Any significant progress in making synthetic identities easier to detect could cost fraudsters significant time and money.   Far too many financial institutions and other organizations depend solely on basic demographic information and snapshots in time to confirm the legitimacy of an identity. These organizations need to think beyond those capabilities. The real value of data in many cases lies between the data points. We have seen this with synthetic identity — where a seemingly legitimate identity only shows risk when we can analyze its connections and relationships to other individuals and characteristics.   In addition to our High Risk Fraud Score, we now have a Synthetic Fraud Risk Level Indicator available on credit profiles. These advanced detection capabilities are delivered via the simplicity of a straightforward indicator returned on the credit profile which lenders can use to trigger additional identity verification processes.   While there are programs and initiatives in the works to help financial institutions and other organizations combat synthetic identity fraud, it's important to keep in mind there's no silver bullet, or stake to the heart, to completely keep these Frankenstein IDs out.   Oh, and don’t forget… “It’s pronounced ‘Fronkensteen.’ ” — Dr. Frankenstein

Experian is excited to have been chosen as one of the first data and analytics companies that will enable access to Social Security Administration (SSA) data for the purposes of verifying identity against the Federal Agency’s records. The agency’s involvement in the wake of Congressional interest and successful legislation will create a seismic shift in the landscape of identity verification. Ultimately, the ability to leverage SSA data will reduce the impact of identity fraud and synthetic identity and put real dollars back into the pockets of people and businesses that absorb the costs of fraud today. As this era of government and private sector collaboration begins, many of our clients and partners are breathing a sigh of relief. We see this in a common question our customers ask every day, “Do I still need an analytical solution for synthetic ID now that eCBSV is on the horizon?” The common assumption is that help is on the way and this long tempest of rising losses and identity uncertainty is about to leave us. Or is it? We don’t believe it’s the end of the synthetic ID storm. This is the eye. Rather than basking in the calm light of this moment, we should be thinking ahead and assessing our vulnerabilities because the second half of this storm will be worse than the first. Consider this: The people who develop and exploit synthetic IDs are playing a long game. It takes time, research, planning and careful execution to create an identity that facilitates fraud. The bigger the investment, the bigger the spoils will be. Synthetic ID are being used to purchase luxury automobiles. They’re passing lender marketing criteria and being offered credit. The criminals have made their investment, and it’s unlikely they will walk away from it. So, what does SSA’s pending involvement mean to them? How will they prepare? These aren’t hard questions. They’ll do what you would do in the eye of a storm — maximize the value of the preparations that are in place. Gather what you can quickly and brace yourself for the uncertainty that’s coming. In short, there’s a rush to monetize synthetic IDs on the horizon, and this is no time to declare ourselves safe. It’s doubtful that the eCBSV process will be the silver bullet that ends synthetic ID fraud — and certainly not on day one. It’s more likely that the physical demands of the data exchange, volume constraints, response times and the actionability of the results will take time to optimize. In the meantime, the criminals aren’t going to sit by and watch as their schemes unravel and lose value. We should take some comfort that we’ve made it through the first half of the storm, but recognize and prepare for what still needs to be faced.

Experian has been named one of the 10 participants, and only credit bureau, in the initial rollout of the SSA's new eCBSV service.