Skip to content
Compliance & Risk

Everything financial institutions need to know about synthetic identity fraud

Lukayn Hunsicker  Vice President of Solutions Product Management for Feedzai

· 5 minute read

Lukayn Hunsicker  Vice President of Solutions Product Management for Feedzai

· 5 minute read

Few people are perhaps aware that the fastest growing type of financial crime in the U.S. is synthetic identity fraud. Yet, according to the Federal Reserve, synthetic identity fraud cost U.S. lenders $6 billion in a single year with the average charge-off coming in around $15,000 in 2016.

Synthetic identity fraud combines real and fake data to create a fictitious identity for the purpose of committing financial crime. In traditional identity fraud, a criminal steals a real person’s information and uses that information to commit financial crime — in essence, pretending to be a real person. In synthetic identity fraud, however, the criminal uses parts of a real person’s identity and fabricates the rest in what has become known as “Frankenstein fraud.”

Unfortunately, with the proliferation of data breaches, criminals need only take a quick trip to the dark web to easily acquire real data and use it to create convincing fake identities.

Why synthetic identity fraud is so dangerous

Synthetic identity theft is one of the most difficult financial crimes to detect. With traditional identity theft, victims notice and report unusual activity on their accounts; but with synthetic identity theft, there often isn’t a real victim in the traditional sense, which means there’s no one to report the fraud — a criminal’s dream come true.

You can join Thomson Reuters for a webinar, The Anatomy of Synthetic Identity Fraud, conducted with the Association of Certified Fraud Examiners, on Dec. 9.

Further, financial institutions often struggle with synthetic identity fraud as well. That’s because fraudsters often open accounts with synthetic IDs to establish credit, and behave as stellar customers for months or even years before they use those accounts to defraud financial institutions. Once the criminals use the accounts for fraud (often called bust-out fraud), it can take several missed credit card payments or suspicious chargebacks for financial institutions to close the account. By that time, criminals have usually pilfered tens of thousands of dollars.

How the pandemic helps spread synthetic identity fraud

Not surprisingly, the ongoing pandemic has exacerbated the problem of synthetic identity fraud by fast-tracked digital payments and commerce. Because of social distancing guidelines and lockdowns, consumers from every age group, socio-economic background, and digital adeptness have increasingly turned to online banking and payments. And this behavior is expected to continue even after the pandemic is finally over.

Indeed, the pandemic created a perfect storm for synthetic identity fraud for three chief reasons:

1. Volume of transactions — The exponential rise in digital payments made it easier for criminals to slip through with the sheer volume of transactions occurring.

2. Lack of authentication — Financial institutions focus on reducing customer friction, and with good reason. In an incredibly competitive landscape, excellent customer experiences are essential for growth. Still, organizations need to find the right balance between safety and customer experience. Identity authentication at inception helps secure payments, and skipping this step can increase fraud risk.

3. Government pandemic relief fraud — There’s no shortage of paycheck protection programs loan scam stories out there. In Florida, two men were charged with using 700 synthetic identities to scam COVID-19 relief programs. Hannibal Ware, the Inspector General of the Small Business Administration, claims a fraud rate of 41% for the Economic Industry Disaster Loan Program — the highest recorded rate of fraud for any government program.

How financial institutions can fight synthetic identity fraud

With the proliferation of synthetic identities and an environment ripe for fraud, the fight against this type of crime might feel impossible, but it’s not. Financial institutions can take steps to detect and prevent synthetic identity fraud. The key is to layer in identity authentication in with fraud detection and prevention. Here are just a few measures to consider:

      • Account behavior — Look for signs of manipulation such as one account controlling the actions of a number of other accounts or multiple accounts using one email address.
      • Develop granular risk profiles — Create risk profiles that describe customer behavior at any point in time. This enables the system, investigators, and analysts to spot and stop abnormal behavior before it affects your business.
      • Use Link Analysis analysis — Applying Link Analysis analysis can assist institutions in understanding networked, coordinated actions by nefarious actors. For example, organized rings can exhibit characteristics of classic ‘one to many, many to one’ behavior, such as a single account controlling a number of others.
      • Seek due diligence in enhanced credit — Taking a page from anti-money laundering efforts, it’s important to know your customer. Consider custom-segmented workflows for new customers that allow organizations to create personalized application processes based on risk assessment and to perform step-up authentication as necessary to reduce customer friction while preventing fraudulent activity.
      • Participate in the electronic Consent-Based Social Security Number Verification (eCBSV) service — The Social Security Administration recently launched a new service, eCBSV, for financial institutions to help with fraud protection data. While the enrollment period for the first phase is over, stay informed about the program and participate when it becomes available.

The paradox of catching a criminal who doesn’t technically exist seems par for the course in a year filled with seemingly unending uncertainty. But as challenging as synthetic identity fraud is, there are tools and technologies that can and do detect these fake accounts — and the very real fraudsters who run them.