#Article

Synthetic Identity Theft: A Serious Risk for Financial Institutions


Synthetic Identity Theft: A Serious Risk for Financial Institutions

Fraudsters combine stolen data with fake names to secure credit, maxing it out and making off with the profits.

According to the US Federal Trade Commission, synthetic identity theft is the fastest growing type of ID fraud, constituting an estimated 85 per cent of all identity fraud today. Fraudsters combine stolen data with fake names to open accounts and lines of credit, maxing them out and making off with the profits.

Financial institutions are stuck footing the bill after the criminals stop making payments, but that's not the worst part. Because synthetic identity theft uses real information, it can be hard to detect, even with the most innovative technology.

Identity theft is sometimes a part of a bigger money laundering scheme. Learn about money launderers' motivations and methods in this webinar.

What is Synthetic Identity Theft?

Synthetic identity theft occurs when fraudsters create a brand new identity combining real, stolen data and fabricated data. Often, scammers will swipe a real Social Security number and pair it with a fake name and address in order to open bank accounts and lines of credit.

People who commit synthetic identity fraud play the long game.

After opening accounts under their false identity, they spend months or even years playing by the rules to avoid suspicion. They build an online-only credit history and boost their credit score by making payments on time. After nurturing the fake consumer's credit file for awhile, they disappear in a “bust-out” scheme, draining bank accounts, maxing out all their lines of credit and ceasing to make payments.

Those who use little to no credit are the most likely targets for synthetic identity theft. Unhoused people and older people often fall victim to the scam because their social security numbers are not being actively used. However, children are by far the most targeted group, with two-thirds of identity theft victims under age eight and another twenty per cent ages eight to 12.

The Rise of Synthetic Identity Fraud

Synthetic identity theft accounts for more than $6 billion every year, which is about 20 per cent of banks' total annual credit losses. Why has this type of fraud become such a problem recently? A few factors have led to an increase in fake identity schemes.

Credit grantors have become less strict with their standards as the economy continues to improve. Looser restrictions on who can open financial accounts and how have allowed fraud to flourish.

The 2011 decision to randomize Social Security numbers also makes synthetic identity fraud easier to pull off. In the past, Social Security numbers were determined by the person's place of birth. While the change helps to protect privacy, randomized numbers make it difficult for financial institutions confirm if an account holder's identity matches their SSN.

Brian Gill, co-founder of Gillware Data Recovery says that technology is to blame. "Synthetic Identity fraud has become a growing trend ever since credit card companies began using EMV chips, which make it far more difficult to hack a credit card," he says. "So, if credit card hacking has become so difficult, the next logical choice for criminals is to open bank accounts with synthetic identities."

In addition, Gill notes, "It’s becoming easier to obtain social security numbers, either through hacking or simply by purchasing them on the Dark Web." Financial institutions must quickly update their security and privacy measures if they want to combat this type of crime.

RELATED: Fraud Investigation Tips for Loss Recovery

The Costs of Synthetic Identity Theft

Because it is so difficult to detect and investigate, synthetic identity theft costs financial institutions and businesses billions of dollars annually. But the ramifications of failing to address this type of fraud are not just monetary.

Synthetic identity theft undermines Know Your Customer (KYC), as realizing the fraudsters' identities are fabricated can be almost impossible. Distributed ledger technology (DLT), a peer-to-peer network of data shared and synchronized across multiple sites or countries is designed to make cybercrime more difficult. Because the criminals appear to be real consumers, though, DLT can't usually detect this type of crime.

While some fraudsters work alone, fraud rings do major damage. For instance, a group of criminals based in New Jersey created 7,000 synthetic identities, stealing $200 million from different financial institutions between 2003 and 2013.

Banks, online retailers, credit card companies, and even car dealerships, face such high losses due to this type of fraud that innovating faster than the scammers is essential.

Learn how case management software can help you combat fraud.

Investigating Synthetic Identity Fraud

Investigating synthetic identity fraud is tough but not totally undetectable. In 2017, the US Department of Justice recovered a total of $3.7 billion under the False Claims Act. Compliance and fraud investigators can take steps to ensure that number (and the percentage attributed to synthetic identity theft recoveries) continues to grow.

Some red flags of synthetic identity theft include:

  • A Social Security number that is young (kids can't apply for credit)
  • An address change made soon after opening an account
  • Little or no credit use for years followed by frequent use or requests for large credit limit increases
  • A credit file with a rapidly increasing FICO score
  • No other information or history for the client's name

Financial institutions should start by establishing fraud prevention methods like performing checks on potential clients. If they do suspect synthetic identity theft, hiring a fraud investigator is the next step. Cases with larger scopes may then be investigated by higher authorities like the FBI.

Synthetic Identity Theft Prevention

Improving your financial institution's KYC process is the key to combatting fraud. The best way to do that in our digital age is hard to determine, though, especially for organizations with millions of clients.

One option is to require customers to visit a physical branch in order to open an account. This would make verifying clients' identities much easier but to the detriment of customer experience.

AI and machine learning techniques would allow institutions to search through digital data to find information that corroborates clients' identities. For example, does their Facebook page indicate that they live where they claim? Is someone by the name on the account actually a resident of the town where they say they live? Unfortunately, this approach may raise privacy concerns.

As an alternative, some institutions are taking advantage of technological advances. Voice recognition for phone calls and geolocation to determine the location of the device used for a transaction can help investigators catch fraudsters in the act. Banks and credit card companies are also looking into how blockchain can provide a solution to synthetic identity fraud.