Tag: synthetic identity fraud
The response to the coronavirus (COVID-19) health crisis requires a brand-new mindset from businesses across the country. As part of our recently launched Q&A perspective series, Jim Bander, Market Lead of Analytics and Optimization and Kathleen Peters, Senior Vice President of Fraud and Identity, provided insight into how businesses can work to mitigate fraud and portfolio risk. Q: How can financial institutions mitigate fraud risk while monitoring portfolios? JB: The most important shift in portfolio monitoring is the view of the customer, because it’s very different during times of crisis than it is during expansionary periods. Financial institutions need to take a holistic view of their customers and use additional credit dimensions to understand consumers’ reactions to stress. While many businesses were preparing for a recession, the economic downturn caused by the coronavirus has already surpassed the stress-testing that most businesses performed. To help mitigate the increased risk, businesses need to understand how their stress testing was performed in the past and run new stress tests to understand how financially sound their institution is. KP: Most businesses—and particularly financial institutions—have suspended or relaxed many of their usual risk mitigation tools and strategies, in an effort to help support customers during this time of uncertainty. Many financial institutions are offering debt and late fee forgiveness, credit extensions, and more to help consumers bridge the financial gaps caused by the economic downturn. Unfortunately, the same actions that help consumers can hamstring fraud prevention efforts because they impact the usual risk indicators. To weather this storm, financial institutions need to pivot from standard risk mitigation strategies to more targeted fraud and identity strategies. Q: How can financial institutions’ exposure to risk be managed? JB: Financial institutions are trying to extend as much credit as is reasonably possible—per government guidelines—but when the first stage of this crisis passes, they need to be prepared to deal with the consequences. Specifically, which borrowers will actually repay their loans. Financial institutions should monitor consumer health and use proactive outreach to offer assistance while keeping a finger on the pulse of their customers’ financial health. For the foreseeable future, the focus will be on extending credit, not collecting on debt, but now is the time to start preparing for the economic aftermath. Consumer health monitoring is key, and it must include a strategy to differentiate credit abusers and other fraudsters from overall good consumers who are just financially stressed. KP: As financial institutions work to get all of their customers set up with online and mobile banking and account access, there’s an influx of new requests that all require consumer authentication, device identification, and sometimes even underwriting. All of this puts pressure on already strained resources which means increased fraud risk. To manage this risk, businesses need to balance customer experience—particularly minimizing friction—with vigilance against fraudsters and reputational risk. It will require a robust and flexible fraud strategy that utilizes automated tools as much as possible to free up personnel to follow up on the riskiest users and transactions. Experian is closely monitoring the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help financial institutions manage their portfolios and protect against losses. Learn more About Our Experts: [avatar user=\"jim.bander\" /] Jim Bander, Market Lead, Analytics and Optimization, Experian Decision Analytics, North America Jim joined Experian in April 2018 and is responsible for solutions and value propositions applying analytics for financial institutions and other Experian business-to-business clients throughout North America. He has over 20 years of analytics, software, engineering and risk management experience across a variety of industries and disciplines. Jim has applied decision science to many industries, including banking, transportation and the public sector. [avatar user=\"kathleen.peters\" /] Kathleen Peters, Vice President, Fraud and Identity, Experian Decision Analytics, North America Kathleen joined Experian in 2013 to lead business development and international sales for the recently acquired 41st Parameter business in San Jose, Calif. She went on to lead product management for Experian’s fraud and identity group within the global Decision Analytics organization, launching Experian’s CrossCore® platform in 2016, a groundbreaking and award-winning new offering for the fraud and identity market. The last two years, Kathleen has been named a “Top 100 Influencer in Identity” by One World Identity (OWI), an exclusive list that annually recognizes influencers and leaders from across the globe, showcasing a who’s who of people to know in the identity space.
For the last several years, as the global economy flourished, the opportunities created by removing friction and driving growth guided business strategies governing identity and fraud. The amount of profitable business available in a low-friction environment simply outweighed the fraud that could be mitigated with more stringent verification methods. Now that we’re facing a global crisis, it’s time to reconsider the approach that drove the economic boom that defined that last decade. Recognizing how economic changes impact fraud At the highest level, we separate fraud into two types; third party fraud and first party fraud. In simple terms, third party fraud involves the misuse of a real customer’s identity or unauthorized access to a real customer’s accounts or assets. First party fraud involves the use of an identity that the fraudster controls—whether it’s their own identity, a manipulated version of their own identity, or a synthetic identity that they have created. The important difference in this case is that the methods of finding and stopping third party fraud remain constant even in the event of an economic downturn – establish contact with the owner of the identity and verify whether the events are legitimate. Fraud tactics will evolve, and volumes increase as perpetrators also face pressure to generate income, but at the end of the day, a real person is being impersonated, and a victim exists that will confirm when fraud is taking place. Changes in first party fraud during an economic downturn are dramatically different and much more problematic. The baseline level of first party fraud using synthetic, manipulated and the perpetrator’s own identity continue, but they are augmented by real people facing desperate circumstances and existing “good” customers who over-extend while awaiting a turn-around. The problem is that there is no “victim” to confirm fraud is occurring, and the line between fraud (which implies intent) and credit default (which does not) becomes very difficult to navigate. With limited resources and pressures of their own, at some point lenders must try to distinguish deliberate theft from good customers facing bad circumstances and manage cases accordingly. The new strategy When times are good, it’s easier to build up a solid book of business with good customers. Employment rates are high, incomes are stable, and the risks are manageable. Now, we’re experiencing rapidly changing conditions, entire industries are disrupted, unemployment claims have skyrocketed and customers will need assistance and support from their lenders to help them weather the storm. This is a reciprocal relationship – it behooves those same lenders to help their customers get through to the other side. Lenders will look to limit losses and strengthen relationships. At the same time, they’ll need to reassess their existing fraud and identity strategies (among others) as every interaction with a customer takes on new meaning. Unexpected losses We’ve all been bracing for a recession for a while. But no one expected it to show up quite like it did. Consumers who have been model customers are suddenly faced with a complete shift in their daily life. A job that seemed secure may be less so, investments are less lucrative in the short term, and small business owners are feeling the pressure of a change in day-to-day commerce. All of this can lead to unexpected losses from formerly low-risk customers. As this occurs, it becomes more critical than ever to identify and help good customers facing grim circumstances and find different ways to handle those that have malicious intent. Shifting priorities When the economy was strong, many businesses were able to accept higher losses because those losses were offset by immense growth. Unfortunately, the current crisis means that some of those policies could have unforeseen consequences. For instance – the loss of the ability to differentiate between a good customer who has fallen on hard times and someone who’s been a bad actor from the start. Additionally, businesses need to revise their risk management strategies to align with shifting customer needs. The demand for emergency loans and will likely rise, while loans for new purchases like cars and homes will fall as consumers look to keep their finances secure. As the need to assist customers in distress rises and internal resources are stressed, it’s critical that companies have the right tools in place to triage and help customers who are truly in need. The good news The tools businesses like yours need to screen first party fraud already exist. In fact, you may already have the necessary framework in place thanks to an existing partnership, and a relatively simple process could prepare your business to properly screen both new and existing customers at every touchpoint. This global crisis is nowhere near over, but with the right tools, your business can protect itself and your customers from increased fraud risks and losses of all sorts – first party, stolen identities, or synthetic identities, and come out on the other side even stronger. Contact Experian for a review of your current fraud strategy to help ensure you’re prepared to face upcoming challenges. Contact us
Sometimes, the best offense is a good defense. That’s certainly true when it comes to detecting synthetic identities, which by their very nature become harder to find the longer they’ve been around. To launch an offense against synthetic identity fraud, you need to defend yourself from it at the top of your new customer funnel. Once fraudsters embed their fake identity into your portfolio, they become nearly impossible to detect. The Challenge Synthetic identity fraud is the fastest-growing type of financial crime in the United States. The cost to businesses is hard to determine because it’s not always caught or reported, but the amounts are staggering. According to the Aite Group, it was estimated to total at least $820 million in 2017 and grow to $1.2 billion by 2020. This type of theft begins when individual thieves and large-scale crime rings use a combination of compromised personal information—like unused social security numbers—and fabricated data to stitch together increasingly sophisticated personas. These well-crafted synthetic identities are hard to differentiate from the real deal. They often pass Know Your Customer, Customer Identification Program and other onboarding checks both in person and online. This puts the burden on you to develop new defense strategies or pay the price. Additionally, increasing pressure to grow deposits and expand loan portfolios may coincide with the relaxation of new customer criteria, allowing even more fraudsters to slip through the cracks. Because fraudsters nurture their fake identities by making payments on time and don’t exhibit other risk factors as their credit limits increase, detecting synthetic identities becomes nearly impossible, as does defending against them. How This Impacts Your Bottom Line Synthetic identity theft is sometimes viewed as a victimless crime, since no single individual has their entire identity compromised. But it’s not victimless. When undetected fraudsters finally max out their credit lines before vanishing, the financial institution is usually stuck footing the bill. These same fraudsters know that many financial institutions will automatically settle fraud claims below a specific threshold. They capitalize on this by disputing transactions just below it, keeping the goods or services they purchased without paying. Fraudsters can double-dip on a single identity bust-out by claiming identity theft to have charges removed or by using fake checks to pay off balances before maxing out the credit again and defaulting. The cost of not detecting synthetic identities doesn’t stop at the initial loss. It flows outward like ripples, including: Damage to your reputation as a trusted organization Fines for noncompliance with Know Your Customer Account opening and maintenance costs that are not recouped as they would be with a legitimate customer Mistakenly classifying fraudsters as bad debt write offs Monetary loss from fraudsters’ unpaid balances Rising collections costs as you try to track down people who don’t exist Less advantageous rates for customers in the future as your margins grow thinner These losses add up, continuing to impact your bottom line over and over again. Defensive Strategies So what can you do? Tools like eCBSV that will assist with detecting synthetic identities are coming but they’re not here yet. And once they’re in place, they won’t be an instant fix. Implementing an overly cautious fraud detection strategy on your own will cause a high number of false positives, meaning you miss out on revenue from genuine customers. Your best defense requires finding a partner to help you implement a multi-layered fraud detection strategy throughout the customer lifecycle. Detecting synthetic identities entails looking at more than a single factor (like length of credit history). You need to aggregate multiple data sets and connect multiple customer characteristics to effectively defend against synthetic identity fraud. Experian’s synthetic identity prevention tools include Synthetic Identity High Risk Score to incorporate the history and past relationships between individuals to detect anomalies. Additionally, our digital device intelligence tools perform link analyses to connect identities that seem otherwise separate. We help our partners pinpoint false identities not associated with an actual person and decrease charge offs, protecting your bottom line and helping you let good customers in while keeping false personas out. Find out how to get your synthetic identity defense in place today.
Last month, Kenneth Blanco, Director of the Financial Crimes Enforcement Network, warned that cybercriminals are stealing data from fintech platforms to create synthetic identities and commit fraud. These actions, in turn, are alleged to be responsible for exploiting fintech platforms’ integration with other financial institutions, putting banks and consumers at risk. According to Blanco, “by using stolen data to create fraudulent accounts on fintech platforms, cybercriminals can exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.” Fintech executives were quick to respond, and while agreeing that synthetic IDs are a problem, they pushed back on the notion that cybercriminals specifically target fintech platforms. Innovation and technology have indeed opened new doors of possibility for financial institutions, however, the question remains as to whether it has also created an opportunity for criminals to implement more sophisticated fraud strategies. Currently, there appears to be little evidence pointing to an acute vulnerability of fintech firms, but one thing can be said for certain: synthetic ID fraud is the fastest-growing financial crime in the United States. Perhaps, in part, because it can be difficult to detect. Synthetic ID is a type of fraud carried out by criminals that have created fictitious identities. Truly savvy fraudsters can make these identities nearly indistinguishable from real ones. According to Kathleen Peters, Experian’s SVP, Head of Fraud and Identity, it typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to “bust out” – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. These types of fraud attacks are concerning to any company’s bottom line. Experian’s 2019 Global Fraud and Identity Report further details the financial impact of fraud, noting that 55% of businesses globally reported an increase in fraud-related losses over the past 12 months. Given the significant risk factor, organizations across the board need to make meaningful investments in fraud prevention strategies. In many circumstances, the pace of fraud is so fast that by the time organizations implement solutions, the shelf life may already be old. To stay ahead of fraudsters, companies must be proactive about future-proofing their fraud strategies and toolkits. And the advantage that many fintech companies have is their aptitude for being nimble and propensity for early adoption. Experian can help too. Our Synthetic Fraud Risk Level Indicator helps both fintechs and traditional financial institutions in identifying applicants likely to be associated with a synthetic identity based on a complex set of relationships and account conditions over time. This indicator is now available in our credit report, allowing organizations to reduce exposure to identity fraud through early detection. To learn more about Experian’s Synthetic Fraud Risk Level Indicator click here, or visit experian.com/fintech.
It’s Halloween time – time for trick or treating, costume parties and monsters lurking in the background. But this year, the monsters aren’t just in the background. They’re in your portfolio. This year, “Frankenstein” has another meaning. Much more ominous than the neighbor kid in the costume. “Frankenstein IDs” refer to synthetic identities — a type of fraud carried out by criminals that have created fictitious identities. Just as Dr. Frankenstein’s monster was stitched together from parts, synthetic IDs are stitched together pieces of mismatched identities — some fake, some real, some even deceased. It typically takes fraudsters 12 to 18 months to create and nurture a synthetic identity before it’s ready to \"bust out\" – the act of building a credit history with the intent of maxing out all available credit and eventually disappearing. That means fraudsters are investing money and time to build numerous tradelines, ensure these \"fake\" identities are in good credit standing, and ultimately steal the largest amount of money possible. “Wait Master, it might be dangerous . . . you go, first.” — Igor Synthetic identities are a notable challenge for many financial institutions and retail organizations. According to the recently released Federal Reserve Board White Paper, synthetic identity fraud accounts for roughly 20% of all credit losses, and cost U.S. businesses roughly $6 billion in 2016 with an estimated 41% growth over 2 years. 85-95% of applicants identified as potential synthetic are not even flagged by traditional fraud models. The Social Security Administration recently announced plans for the electronic Consent Based Social Security Number Verification service – pilot program scheduled for June 2020. This service is designed to bring efficiency to the process for verifying Social Security numbers directly with the government agency. Once available, this verification could be an important tool in the fight against the elusive “Frankenstein” identity monster. But with the Social Security Administration\'s pilot program not scheduled for launch until the middle of next year, how can financial institutions and other organizations bridge the gap and adequately prepare for a potential uptick in synthetic identity fraud attacks? It comes down to a multilayered approach that relies on advanced data, analytics, and technology — and focuses on identity. Any significant progress in making synthetic identities easier to detect could cost fraudsters significant time and money. Far too many financial institutions and other organizations depend solely on basic demographic information and snapshots in time to confirm the legitimacy of an identity. These organizations need to think beyond those capabilities. The real value of data in many cases lies between the data points. We have seen this with synthetic identity — where a seemingly legitimate identity only shows risk when we can analyze its connections and relationships to other individuals and characteristics. In addition to our High Risk Fraud Score, we now have a Synthetic Fraud Risk Level Indicator available on credit profiles. These advanced detection capabilities are delivered via the simplicity of a straightforward indicator returned on the credit profile which lenders can use to trigger additional identity verification processes. While there are programs and initiatives in the works to help financial institutions and other organizations combat synthetic identity fraud, it\'s important to keep in mind there\'s no silver bullet, or stake to the heart, to completely keep these Frankenstein IDs out. Oh, and don’t forget… “It’s pronounced ‘Fronkensteen.’ ” — Dr. Frankenstein
Experian is excited to have been chosen as one of the first data and analytics companies that will enable access to Social Security Administration (SSA) data for the purposes of verifying identity against the Federal Agency’s records. The agency’s involvement in the wake of Congressional interest and successful legislation will create a seismic shift in the landscape of identity verification. Ultimately, the ability to leverage SSA data will reduce the impact of identity fraud and synthetic identity and put real dollars back into the pockets of people and businesses that absorb the costs of fraud today. As this era of government and private sector collaboration begins, many of our clients and partners are breathing a sigh of relief. We see this in a common question our customers ask every day, “Do I still need an analytical solution for synthetic ID now that eCBSV is on the horizon?” The common assumption is that help is on the way and this long tempest of rising losses and identity uncertainty is about to leave us. Or is it? We don’t believe it’s the end of the synthetic ID storm. This is the eye. Rather than basking in the calm light of this moment, we should be thinking ahead and assessing our vulnerabilities because the second half of this storm will be worse than the first. Consider this: The people who develop and exploit synthetic IDs are playing a long game. It takes time, research, planning and careful execution to create an identity that facilitates fraud. The bigger the investment, the bigger the spoils will be. Synthetic ID are being used to purchase luxury automobiles. They’re passing lender marketing criteria and being offered credit. The criminals have made their investment, and it’s unlikely they will walk away from it. So, what does SSA’s pending involvement mean to them? How will they prepare? These aren’t hard questions. They’ll do what you would do in the eye of a storm — maximize the value of the preparations that are in place. Gather what you can quickly and brace yourself for the uncertainty that’s coming. In short, there’s a rush to monetize synthetic IDs on the horizon, and this is no time to declare ourselves safe. It’s doubtful that the eCBSV process will be the silver bullet that ends synthetic ID fraud — and certainly not on day one. It’s more likely that the physical demands of the data exchange, volume constraints, response times and the actionability of the results will take time to optimize. In the meantime, the criminals aren’t going to sit by and watch as their schemes unravel and lose value. We should take some comfort that we’ve made it through the first half of the storm, but recognize and prepare for what still needs to be faced.
Experian has been named one of the 10 participants, and only credit bureau, in the initial rollout of the SSA's new eCBSV service.
Learn More Image
