Tag: synthetic ID
The sharp uptick in fraud that coincided with the digital evolution made it clear that banks, credit unions, and fintechs need to invest in a strategy that utilizes identity layers to keep their customers and their finances safe. The steady rise in fraud over the last several years spiked—payment fraud rose 70% last year and is expected to increase by 95% in 2021—making it more challenging than ever to address the fraud threat while meeting increasing customer expectations. The rising fraud threat 2020 saw a rapid influx of customers using digital channels and the amount of data flowing into financial systems. There’s been a seismic shift, and we’re not going back. According to a recent study, 80% of consumers now prefer to manage their finances digitally, leaving the door open for fraudsters to take advantage of digital newbies. The increase in online activity corresponded with criminal activity. The rates of synthetic identity, account opening, and account takeover fraud have risen as fraudsters’ tactics have evolved. 80% of fraud losses now come from synthetic identities In 2020 the rate of new account credit card fraud attempts rose 48% Account takeover accounted for 54% of all fraud attacks in 2020 Fraudsters will continue to take advantage of current conditions, moving from stimulus-related fraud back to more traditional forms of financial theft, and financial institutions must adapt in turn with robust identity layers. Resolving the identity threat In our recent white paper, developed in partnership with One World Identity, we explore how businesses can address the fraud threat. It requires a multilayered identity proofing strategy for both onboarding and ongoing authentication. By doing this, financial institutions can gain a holistic view of consumers and their associated risks, decreasing friction while enabling robust fraud protection. To learn more, download our “Improving Fraud by Increasing Identity Layers” white paper. Download white paper
For the last several months, Experian has participated as the only credit bureau in the pilot of the electronic Consent Based Social Security Number (SSN) Verification (eCBSV) service. As we move forward to general rollout and expanded availability later this year, it’s time to review the benefits of eCBSV and how it helps businesses prevent synthetic identity fraud. Service and program overview The eCBSV service combats synthetic identity fraud by comparing data provided electronically by approved financial institutions against the Social Security Administration’s (SSA) database in real time. This service helps financial institutions verify SSNs more efficiently and enables improved experiences for identifying legitimate or possibly synthetic identities applying for your products. The verification process begins with consent from the SSN holder – and with eCBSV this consent is provided electronically rather than via a wet signature. Then, the SSN is checked against the SSA database to validate the SSN, name, and date of birth combination are or are not a match. The verification will also indicate if the SSN is listed as deceased with the SSA. Together, these factors can help flag whether or not an identity is synthetic. By managing this process electronically, it is faster, more secure, and more efficient than before, offering an improved experience for consumers and the financial institutions that service them. Layering solutions While eCBSV is an excellent step forward in the fight against the rising threat of synthetic identity fraud, a layered fraud mitigation strategy is still necessary. It’s only by layering solutions that financial institutions can accurately identify different types of fraud and provide them with the correct treatment, which is especially important when it comes to rooting out fraud when it’s already embedded in a portfolio. To learn more about how Experian is helping to combat synthetic identity fraud and how eCBSV can benefit your financial institution, request a call. Request a call
Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity. Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility. Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out. More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don\'t appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue. How does synthetic identity fraud impact me? As mentioned, when synthetic identities bust out, businesses are stuck footing the bill. Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1 Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies. Solving the synthetic identity fraud problem Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle. During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities. Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience. With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses. To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud. Contact us Download whitepaper 1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020
Synthetic identity fraud, otherwise known as SID fraud, is reportedly the fastest-growing type of financial crime. One reason for its rapid growth is the fact that it’s so hard to detect, and thus prevent. This allows the SIDs to embed within business portfolios, building up lines of credit to run up charges or take large loans before “busting out” or disappearing with the funds. In Experian’s recent perspective paper, Preventing synthetic identity fraud, we explore how SID differs from other types of fraud, and the unique steps required to prevent it. The paper also examines the financial risks of SID, including: $15,000 is the average charge-off balance per SID attack Up to 15% of credit card losses are due to SID 18% - the increase in global card losses every year since 2013 SID is unlike any other type of fraud and standard fraud protection isn’t sufficient. Download the paper to learn more about Experian’s new toolset in the fight against SID. Download the paper
The CU Times recently reported on a nationwide synthetic identity fraud ring impacting several major credit unions and banks. Investigators for the Federal and New York governments charged 13 people and three businesses in connection to the nationwide scheme. The members of the crime ring were able to fraudulently obtain more than $1 million in loans and credit cards from 10 credit unions and nine banks. Synthetic Identity Fraud Can’t Be Ignored Fraud was on an upward trend before the pandemic and does not show signs of slowing. Opportunistic criminals have taken advantage of the shift to digital interactions, loosening of some controls in online transactions, and the desire of financial institutions to maintain their portfolios – seeking new ways to perpetrate fraud. At the onset of the COVID-19 pandemic, many financial institutions shifted their attention from existing plans for the year. In some cases they deprioritized plans to review and revise their fraud prevention strategy. Over the last several months, the focus swung to moving processes online, maintaining portfolios, easing customer friction, and dealing with IT resource constraints. While these shifts made sense due to rapidly changing conditions, they may have created a more enticing environment for fraudsters. This recent synthetic identity fraud ring was in place long before COVID-19. That said, it still highlights the need to have a prevention and detection plan in place. Financial institutions want to maintain their portfolios and their customer or member experience. However, they can’t afford to table fraud plans in the meantime. “72% of FI executives surveyed believe synthetic identity fraud to be more challenging than identity theft. This is due to the fact that it is harder to detect—either crime rings nurture accounts for months or years before busting out with six-figure losses, or they are misconstrued as credit losses, and valuable agent time is spent trying to collect from someone who doesn’t exist,” says Julie Conroy, Research Director at Aite Group. Prevention and Detection Putting the fraud strategy discussion on hold—even in the short term—could open up a financial institution to potential risk at time when cost control and portfolio maintenance are watch words. Canny fraudsters are on the lookout for financial institutions with fewer protections. Waiting to implement or update a fraud strategy could open a business up to increased fraud losses. Now is the time to review your synthetic identity fraud prevention and detection strategies, and Experian can help. Our innovative new tool in the fight against synthetic identity fraud helps financial institutions stop fraudsters at the door. Learn more
In 2015, U.S. card issuers raced to start issuing EMV (Europay, Mastercard, and Visa) payment cards to take advantage of the new fraud prevention technology. Counterfeit credit card fraud rose by nearly 40% from 2014 to 2016, (Aite Group, 2017) fueled by bad actors trying to maximize their return on compromised payment card data. Today, we anticipate a similar tsunami of fraud ahead of the Social Security Administration (SSA) rollout of electronic Consent Based Social Security Number Verification (eCBSV). Synthetic identities, defined as fictitious identities existing only on paper, have been a continual challenge for financial institutions. These identities slip past traditional account opening identity checks and can sit silently in portfolios performing exceptionally well, maximizing credit exposure over time. As synthetic identities mature, they may be used to farm new synthetics through authorized user additions, increasing the overall exposure and potential for financial gain. This cycle continues until the bad actor decides to cash out, often aggressively using entire credit lines and overdrawing deposit accounts, before disappearing without a trace. The ongoing challenges faced by financial institutions have been recognized and the SSA has created an electronic Consent Based Social Security Number Verification process to protect vulnerable populations. This process allows financial institutions to verify that the Social Security number (SSN) being used by an applicant or customer matches the name. This emerging capability to verify SSN issuance will drastically improve the ability to detect synthetic identities. In response, it is expected that bad actors who have spent months, if not years, creating and maturing synthetic identities will look to monetize these efforts in the upcoming months, before eCBSV is more widely adopted. Compounding the anticipated synthetic identity fraud spike resulting from eCBSV, financial institutions’ consumer-friendly responses to COVID-19 may prove to be a lucrative incentive for bad actors to cash out on their existing synthetic identities. A combination of expanded allowances for exceeding credit limits, more generous overdraft policies, loosened payment strategies, and relaxed collection efforts provide the opportunity for more financial gain. Deteriorating performance may be disguised by the anticipation of increased credit risk, allowing these accounts to remain undetected on their path to bust out. While responding to consumers’ requests for assistance and implementing new, consumer-friendly policies and practices to aid in impacts from COVID-19, financial institutions should not overlook opportunities to layer in fraud risk detection and mitigation efforts. Practicing synthetic identity detection and risk mitigation begins in account opening. But it doesn’t stop there. A strong synthetic identity protection plan continues throughout the account life cycle. Portfolio management efforts that include synthetic identity risk evaluation at key control points are critical for detecting accounts that are on the verge of going bad. Financial institutions can protect themselves by incorporating a balance of detection efforts with appropriate risk actions and authentication measures. Understanding their portfolio is a critical first step, allowing them to find patterns of identity evolution, usage, and connections to other consumers that can indicate potential risk of fraud. Once risk tiers are established within the portfolio, existing controls can help catch bad accounts and minimize the resulting losses. For example, including scores designed to determine the risk of synthetic identity, and bust out scores, can identify seemingly good customers who are beginning to display risky tendencies or attempting to farm new synthetic identities. While we continue to see financial institutions focus on customer experience, especially in times of uncertainty, it is paramount that these efforts are not undermined by bad actors looking to exploit assistance programs. Layering in contextual risk assessments throughout the lifecycle of financial accounts will allow organizations to continue to provide excellent service to good customers while reducing the increasing risk of synthetic identity fraud loss. Prevent SID
To combat the growing threat of synthetic identity fraud, Experian recently announced the launch of Sure ProfileTM, a revolutionary change to the credit profile that gives lenders peace of mind with Experian’s commitment to share in losses that result from an identity we’ve assured. “Experian has always been a leader in combatting fraud, and with Sure Profile, we’re proud to deliver an industry-first fraud offering integrated into the credit profile that mitigates lender losses while protecting millions of consumers’ identities,” said Robert Boxberger, President of Decision Analytics, Experian North America. Synthetic identity fraud is expected to drive $48 billion in annual online payment fraud losses by 2023. Between opportunistic fraudsters and a lack of a unified definition for synthetic identity theft it can be nearly impossible to detect—and therefore prevent—this type of fraud. This breakthrough solution provides a composite history of a consumer’s identification, public record, and credit information and determines the risk of synthetic fraud associated with that consumer. It’s not just a fraud tool, it’s a comprehensive credit profile that utilizes premium data so lenders can make positive credit decisions. Sure Profile leverages the capabilities of the Experian Ascend Identity PlatformTM and uses Experian’s industry-leading data assets and data quality to drive advanced analytics that set a higher level of protection for lenders. It’s powered by newly-developed machine learning and AI models. And it offers a streamlined approach to define and detect synthetic identities early in the originations process. Most importantly, Sure Profile differentiates between real people and potentially risky applicants so lenders can increase application approvals with greater assurance and less risk. “Experian can confidently define and help detect synthetic fraud. That\'s why we can help stop it,” said Craig Boundy, CEO of Experian North America. “Experian stands behind our data with assurance given to our clients. It’s better for lenders and it’s better for consumers.” Sure Profile is a complement to our robust set of identity protection and fraud management capabilities, which are designed to address fraud and identity challenges including account openings, account takeovers, e-commerce fraud and more. This first-of-its kind profile is the future of underwriting and portfolio protection and it’s here now. Read press release Learn More About Sure Profile
This week, Experian released a new version of our CrossCore® digital identity and fraud risk platform, adding new tools and functionality to help businesses quickly respond to today’s emerging fraud threats. The ability to confidently recognize your customers and safeguard their digital transactions is becoming an increasing challenge for businesses. Fraud threats are already rising across the globe as fraudsters take advantage of the global health crisis and rapidly shifting economic conditions. CrossCore combines risk-based authentication, identity proofing and fraud detection into a single cloud platform, which means businesses can more quickly respond to an ever-changing environment. And with flexible decisioning orchestration and advanced analytics, businesses can make real-time risk decisions throughout the customer lifecycle. “Now more than ever, businesses need to lean on capabilities and technology that will allow them to rapidly respond in these challenging times, increase identity confidence in every transaction, and provide a safe and convenient experience for customers,” said E.K. Koh, Experian’s Senior Vice President of Global Identity & Fraud Solutions in a recent press release. “This new CrossCore release enables businesses to easily leverage best-in-class, pre-integrated identity and fraud services through simple self-service.” This new version of CrossCore features a cloud architecture, modern user interface, progressive risk assessments, faster response times, self-service workflow configuration, and a transactional volume reporting dashboard. These enhancements give you a simpler way to manage how backing applications are utilized, allow you to analyze key performance indicators in near real-time, and empower you to catch more fraud faster - without impacting the customer experience. “Recent Aite Group research shows that many banks have seen digital channel usage increase 250% in the wake of the pandemic, so ensuring a seamless and safe customer experience is more important than ever,” said Julie Conroy, Research Director at Aite Group. “Platforms such as CrossCore that can enable businesses to nimbly respond to changing patterns of customer behavior as well as rapidly evolving attack tactics are more important than ever, as financial services firms work to balance fraud mitigation with the customer experience.” CrossCore is the first identity and fraud platform that enables you to connect, access, and orchestrate decisions across multiple solutions. With the newest version, Experian enhances your ability to consolidate numerous fraud risk signals into a single, holistic assessment to improve operational processes, stay ahead of fraudsters, and protect your customers. Read Press Release Learn More About CrossCore
One of the most difficult parts of combating fraud is the ability to distinguish between the variety of fraud types. To properly manage your fraud efforts, you need to be able to differentiate between first party fraud and third party fraud so you can determine the best treatment. After all, if you’re treating first party fraud as though it’s third party fraud, the customer you’re contacting for verification will give whatever information they need to in order to continue their criminal actions. So how do you verify each type of fraud without adding additional overhead or increasing the friction experienced by your customers? Combating Fraud During an Economic Downturn Particularly in times of economic uncertainty, the ability to detect and identify individual fraud types allows you to work to prevent them in the future. Through proper identification, you can also apply the correct treatments to maximize the effectiveness of your fraud response teams, since the treatment for first and third party fraud is different. During the economic upswing, first party fraud was a secondary concern. Businesses were easing friction to help continue growth. Now, the same customers that businesses thought would drive growth are hurting and unable to help offset the losses caused by bad actors. Now is the time to revisit existing fraud prevention and mitigation strategies to ensure that fraud is properly identified, and the correct treatments are applied. Introducing Precise ID® Model Suite Experian’s Precise ID Model Suite combines identity analytics with advanced fraud risk models to: Protect the entire customer journey again fraud – across account opening, login, maintenance and transactions Distinguish first-party, third-party, and synthetic identity fraud to determine the best next action Enable agility during changing market conditions Maintain regulatory compliance (including: KYC, CIP, GLBA, FCRA, FFIEC, PATRIOT Act, FACTA, and more) Improve overall fraud management strategies and reduce losses Precise ID Model Suite allows you to detect and distinguish types of fraud with a single call – enabling your business to maximize efficiency and eliminate redundancy across your fraud prevention teams. By accurately recognizing risk, and in particular, recognizing that first party fraud is in fact a type of fraud distinct from credit risk, you’re able to protect your portfolio and your customers. Learn more
This is the next article in our series about how to handle the economic downturn – this time focusing on how to prevent fraud in the new economic environment. We tapped two new experts—Chris Ryan, Market Lead, Fraud and Identity and Tischa Agnessi, Go-to-Market Lead, Decisioning Software—to share their thoughts on how to keep fraud out of your portfolio while continuing to lend. Q: What new fraud trends do you expect during the economic downturn? CR: Perhaps unsurprisingly, we tend to see high volumes of fraud during economic downturn periods. First, we anticipate an uptick in third-party fraud, specifically account takeover or ATO. It’ll be driven by the need for first-time users to be forced online. In particular, the less tech-savvy crowd is vulnerable to phishing attacks, social engineering schemes, using out-of-date software, or landing on a spoofed page. Resources to investigate these types of fraud are already strained as more and more requests come through the top of the funnel to approve new accounts. In fact, according to Javelin Strategy & Research’s 2020 Identity Fraud Study, account takeover fraud and scams will increase at a time when consumers are feeling financial stress from the global health and economic crisis. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships. We also expect that first party fraud (including synthetic identity fraud) will trend upwards as a result of the deliberate abuse of credit extensions and additional financing options offered by financial services companies. Forced to rely on credit for everyday expenses, some legitimate borrowers may take out loans without any intention of repaying them – which will impact businesses’ bottom lines. Additionally, some individuals may opportunistically look to escape personal credit issues that arise during an economic downturn. The line between behaviors of stressed consumers and fraudsters will blur, making it more difficult to tell who is a criminal and who is an otherwise good consumer that is dealing with financial pressure. Businesses should anticipate an increase in synthetic identity fraud from opportunistic fraudsters looking to take advantage initial financing offers and the cushions offered to consumers as part of the stimulus package. These criminals will use the economic upset as a way to disguise the fact that they’re building up funds before busting out. Q: With payment stress on the rise for consumers, how can lenders manage credit risk and prevent fraud? TA: Businesses wrestle daily with problems created by the coronavirus pandemic and are proactively reaching out to consumers and other businesses with fresh ideas on initial credit relief, and federal credit aid. These efforts are just a start – now is the time to put your recession readiness plan and digital transformation strategies into place and find solutions that will help your organization and your customers beyond immediate needs. The faceless consumer is no longer a fraction of the volume of how organizations interact with their customers, it is now part of the new normal. Businesses need to seek out top-of-line fraud and identity solutions help protect themselves as they are forced to manage higher digital traffic volumes and address the tough questions around: How to identify and authenticate faceless consumers and their devices How to best prevent an overwhelming number of fraud tactics, including first party fraud, account takeover, synthetic identity, bust out, and more. As time passes and the economic crisis evolves, we will all adapt to yet another new normal. Organizations should be data-driven in their approach to this rapidly changing credit crisis and leverage modern technology to identify financially stressed consumers with early-warning indicators, predict future customer behavior, and respond quickly to change as they deliver the best treatment at the right time based on customer-specific activities. Whether it’s preparing portfolio risk assessment, reviewing debt management, collections, and recovery processes, or ramping up your fraud and identity verification services, Experian can help your organization prepare for another new normal. Experian is continuing to monitor the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help financial institutions differentiate legitimate consumers from fraudsters and protect their business and customers. Learn more About Our Experts [avatar user=\"ChrisRyan\" /] Chris Ryan, Market Lead, Fraud and Identity Chris has over 20 years of experience in fraud prevention and uses this knowledge to identify the most critical fraud issues facing individuals and businesses in North America, and he guides Experian’s application of technology to mitigate fraud risk. [avatar user=\"tischa.agnessi\" /] Tischa Agnessi, Go-to-Market Lead, Decisioning Software Tischa joined Experian in June of 2018 and is responsible for the go to market strategy for North America’s decisioning software solutions. Her responsibilities include delivering compelling propositions that are unique and aligned to markets, market problems, and buyer and user personas. She is also responsible for use cases that span the PowerCurve® software suite as well as application platforms, such as Decisioning as a ServiceSM and Experian®One.
Sometimes, the best offense is a good defense. That’s certainly true when it comes to detecting synthetic identities, which by their very nature become harder to find the longer they’ve been around. To launch an offense against synthetic identity fraud, you need to defend yourself from it at the top of your new customer funnel. Once fraudsters embed their fake identity into your portfolio, they become nearly impossible to detect. The Challenge Synthetic identity fraud is the fastest-growing type of financial crime in the United States. The cost to businesses is hard to determine because it’s not always caught or reported, but the amounts are staggering. According to the Aite Group, it was estimated to total at least $820 million in 2017 and grow to $1.2 billion by 2020. This type of theft begins when individual thieves and large-scale crime rings use a combination of compromised personal information—like unused social security numbers—and fabricated data to stitch together increasingly sophisticated personas. These well-crafted synthetic identities are hard to differentiate from the real deal. They often pass Know Your Customer, Customer Identification Program and other onboarding checks both in person and online. This puts the burden on you to develop new defense strategies or pay the price. Additionally, increasing pressure to grow deposits and expand loan portfolios may coincide with the relaxation of new customer criteria, allowing even more fraudsters to slip through the cracks. Because fraudsters nurture their fake identities by making payments on time and don’t exhibit other risk factors as their credit limits increase, detecting synthetic identities becomes nearly impossible, as does defending against them. How This Impacts Your Bottom Line Synthetic identity theft is sometimes viewed as a victimless crime, since no single individual has their entire identity compromised. But it’s not victimless. When undetected fraudsters finally max out their credit lines before vanishing, the financial institution is usually stuck footing the bill. These same fraudsters know that many financial institutions will automatically settle fraud claims below a specific threshold. They capitalize on this by disputing transactions just below it, keeping the goods or services they purchased without paying. Fraudsters can double-dip on a single identity bust-out by claiming identity theft to have charges removed or by using fake checks to pay off balances before maxing out the credit again and defaulting. The cost of not detecting synthetic identities doesn’t stop at the initial loss. It flows outward like ripples, including: Damage to your reputation as a trusted organization Fines for noncompliance with Know Your Customer Account opening and maintenance costs that are not recouped as they would be with a legitimate customer Mistakenly classifying fraudsters as bad debt write offs Monetary loss from fraudsters’ unpaid balances Rising collections costs as you try to track down people who don’t exist Less advantageous rates for customers in the future as your margins grow thinner These losses add up, continuing to impact your bottom line over and over again. Defensive Strategies So what can you do? Tools like eCBSV that will assist with detecting synthetic identities are coming but they’re not here yet. And once they’re in place, they won’t be an instant fix. Implementing an overly cautious fraud detection strategy on your own will cause a high number of false positives, meaning you miss out on revenue from genuine customers. Your best defense requires finding a partner to help you implement a multi-layered fraud detection strategy throughout the customer lifecycle. Detecting synthetic identities entails looking at more than a single factor (like length of credit history). You need to aggregate multiple data sets and connect multiple customer characteristics to effectively defend against synthetic identity fraud. Experian’s synthetic identity prevention tools include Synthetic Identity High Risk Score to incorporate the history and past relationships between individuals to detect anomalies. Additionally, our digital device intelligence tools perform link analyses to connect identities that seem otherwise separate. We help our partners pinpoint false identities not associated with an actual person and decrease charge offs, protecting your bottom line and helping you let good customers in while keeping false personas out. Find out how to get your synthetic identity defense in place today.
Last month, Kenneth Blanco, Director of the Financial Crimes Enforcement Network, warned that cybercriminals are stealing data from fintech platforms to create synthetic identities and commit fraud. These actions, in turn, are alleged to be responsible for exploiting fintech platforms’ integration with other financial institutions, putting banks and consumers at risk. According to Blanco, “by using stolen data to create fraudulent accounts on fintech platforms, cybercriminals can exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.” Fintech executives were quick to respond, and while agreeing that synthetic IDs are a problem, they pushed back on the notion that cybercriminals specifically target fintech platforms. Innovation and technology have indeed opened new doors of possibility for financial institutions, however, the question remains as to whether it has also created an opportunity for criminals to implement more sophisticated fraud strategies. Currently, there appears to be little evidence pointing to an acute vulnerability of fintech firms, but one thing can be said for certain: synthetic ID fraud is the fastest-growing financial crime in the United States. Perhaps, in part, because it can be difficult to detect. Synthetic ID is a type of fraud carried out by criminals that have created fictitious identities. Truly savvy fraudsters can make these identities nearly indistinguishable from real ones. According to Kathleen Peters, Experian’s SVP, Head of Fraud and Identity, it typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to “bust out” – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. These types of fraud attacks are concerning to any company’s bottom line. Experian’s 2019 Global Fraud and Identity Report further details the financial impact of fraud, noting that 55% of businesses globally reported an increase in fraud-related losses over the past 12 months. Given the significant risk factor, organizations across the board need to make meaningful investments in fraud prevention strategies. In many circumstances, the pace of fraud is so fast that by the time organizations implement solutions, the shelf life may already be old. To stay ahead of fraudsters, companies must be proactive about future-proofing their fraud strategies and toolkits. And the advantage that many fintech companies have is their aptitude for being nimble and propensity for early adoption. Experian can help too. Our Synthetic Fraud Risk Level Indicator helps both fintechs and traditional financial institutions in identifying applicants likely to be associated with a synthetic identity based on a complex set of relationships and account conditions over time. This indicator is now available in our credit report, allowing organizations to reduce exposure to identity fraud through early detection. To learn more about Experian’s Synthetic Fraud Risk Level Indicator click here, or visit experian.com/fintech.
It’s Halloween time – time for trick or treating, costume parties and monsters lurking in the background. But this year, the monsters aren’t just in the background. They’re in your portfolio. This year, “Frankenstein” has another meaning. Much more ominous than the neighbor kid in the costume. “Frankenstein IDs” refer to synthetic identities — a type of fraud carried out by criminals that have created fictitious identities. Just as Dr. Frankenstein’s monster was stitched together from parts, synthetic IDs are stitched together pieces of mismatched identities — some fake, some real, some even deceased. It typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to \"bust out\" – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. That means fraudsters are investing money and time to build numerous tradelines, ensure these \"fake\" identities are in good credit standing, and ultimately steal the largest amount of money possible. “Wait Master, it might be dangerous . . . you go, first.” — Igor Synthetic identities are a notable challenge for many financial institutions and retail organizations. According to the recently released Federal Reserve Board White Paper, synthetic identity fraud accounts for roughly 20% of all credit losses, and cost U.S. businesses roughly $6 billion in 2016 with an estimated 41% growth over 2 years. 85-95% of applicants identified as potential synthetic are not even flagged by traditional fraud models. The Social Security Administration recently announced plans for the electronic Consent Based Social Security Number Verification service – pilot program scheduled for June 2020. This service is designed to bring efficiency to the process for verifying Social Security numbers directly with the government agency. Once available, this verification could be an important tool in the fight against the elusive “Frankenstein” identity monster. But with the Social Security Administration\'s pilot program not scheduled for launch until the middle of next year, how can financial institutions and other organizations bridge the gap and adequately prepare for a potential uptick in synthetic identity fraud attacks? It comes down to a multilayered approach that relies on advanced data, analytics, and technology — and focuses on identity. Any significant progress in making synthetic identities easier to detect could cost fraudsters significant time and money. Far too many financial institutions and other organizations depend solely on basic demographic information and snapshots in time to confirm the legitimacy of an identity. These organizations need to think beyond those capabilities. The real value of data in many cases lies between the data points. We have seen this with synthetic identity — where a seemingly legitimate identity only shows risk when we can analyze its connections and relationships to other individuals and characteristics. In addition to our High Risk Fraud Score, we now have a Synthetic Fraud Risk Level Indicator available on credit profiles. These advanced detection capabilities are delivered via the simplicity of a straightforward indicator returned on the credit profile which lenders can use to trigger additional identity verification processes. While there are programs and initiatives in the works to help financial institutions and other organizations combat synthetic identity fraud, it\'s important to keep in mind there\'s no silver bullet, or stake to the heart, to completely keep these Frankenstein IDs out. Oh, and don’t forget… “It’s pronounced ‘Fronkensteen.’ ” — Dr. Frankenstein
Experian is excited to have been chosen as one of the first data and analytics companies that will enable access to Social Security Administration (SSA) data for the purposes of verifying identity against the Federal Agency’s records. The agency’s involvement in the wake of Congressional interest and successful legislation will create a seismic shift in the landscape of identity verification. Ultimately, the ability to leverage SSA data will reduce the impact of identity fraud and synthetic identity and put real dollars back into the pockets of people and businesses that absorb the costs of fraud today. As this era of government and private sector collaboration begins, many of our clients and partners are breathing a sigh of relief. We see this in a common question our customers ask every day, “Do I still need an analytical solution for synthetic ID now that eCBSV is on the horizon?” The common assumption is that help is on the way and this long tempest of rising losses and identity uncertainty is about to leave us. Or is it? We don’t believe it’s the end of the synthetic ID storm. This is the eye. Rather than basking in the calm light of this moment, we should be thinking ahead and assessing our vulnerabilities because the second half of this storm will be worse than the first. Consider this: The people who develop and exploit synthetic IDs are playing a long game. It takes time, research, planning and careful execution to create an identity that facilitates fraud. The bigger the investment, the bigger the spoils will be. Synthetic ID are being used to purchase luxury automobiles. They’re passing lender marketing criteria and being offered credit. The criminals have made their investment, and it’s unlikely they will walk away from it. So, what does SSA’s pending involvement mean to them? How will they prepare? These aren’t hard questions. They’ll do what you would do in the eye of a storm — maximize the value of the preparations that are in place. Gather what you can quickly and brace yourself for the uncertainty that’s coming. In short, there’s a rush to monetize synthetic IDs on the horizon, and this is no time to declare ourselves safe. It’s doubtful that the eCBSV process will be the silver bullet that ends synthetic ID fraud — and certainly not on day one. It’s more likely that the physical demands of the data exchange, volume constraints, response times and the actionability of the results will take time to optimize. In the meantime, the criminals aren’t going to sit by and watch as their schemes unravel and lose value. We should take some comfort that we’ve made it through the first half of the storm, but recognize and prepare for what still needs to be faced.
Experian has been named one of the 10 participants, and only credit bureau, in the initial rollout of the SSA's new eCBSV service.
Learn More Image
