Taken from the blog of Ray Graber, SVP, Member Engagement, NEACH
According to the White Paper produced by the Federal Reserve near the end of 2018, the typical victims of ‘synthetic identity fraud’ are children, the elderly, or the homeless. We are all familiar with identity fraud in one way or another, but what is synthetic identity fraud?
It seems that the U.S. is a better target due to the static nature of our identities because we rely on personally identifiable information (PII) like Social Security numbers. In the past this type of fraud was perpetrated face-to-face but has grown due to the Internet. McKinsey estimates that it is America’s fastest growing financial crime even though it is hard to track and often unreported. To make matters worse, in 2011 the Social Security Administration (SSA) began randomly assigning new Social Security Numbers (SSN). This randomization took away the identifying area number (first three numbers) and made it more difficult for financial institutions to track down the culprits.
Here’s how it works:
The synthetic fraudster creates a new identify rather than taking over yours. They will create an identity without any PII (identity fabrication), modify an existing identity (identity manipulation), or use a combination of real and fake PII (identity compilation).
This example is given in the white paper:
Sam is a 30-year old copywriter, married with 2 children. He is using an SSN from a 5-yearold child obtained through a data breach. He has created a synthetic identity using a fictitious name and date of birth. However, he has a ‘real’ SSN, a P.O. Box as an address social media accounts with images of real people and using fictitious identify documents.
Cleverer and cleverer……
The report also outlines how fraudsters use the credit process to reinforce a synthetic identity. By applying for a loan with the synthetic identity the credit bureau “automatically creates a new credit profile, since the applicant is considered new.” This profile becomes a ‘proof of existence’ for future credit applications. Once a credit application is approved, the goal is to increase the credit limit as fast as possible, draw out the funds, and disappear.
A network of fraudsters, over a 10-year period in 28 states and 8 countries, developed a cache of over 7,000 synthetic identities. They used 1,800 ‘drop addresses’ (P.O. boxes, etc.), unissued SSNs, and fake personal information. In 2013, 18 people were arrested and charged with conspiracy to commit fraud but not before over $200 million was stolen.
Unfortunately, financial institutions are generally responsible for the losses. Auriemma Group estimates that U.S. lenders were hit with about $6 billion in synthetic identity fraud losses in 2016 with the average charge-off at more than $15,000.
What you can do:
There are three major steps in the payments lifecycle; enrollment, transaction, and reconciliation. Your institution should bolster each of these.
- Synthetic identities usually pass a generic Know Your Customer (KYC) step so create explicit ‘traps’ for this step. Also, look for fake businesses that back up the fraudster’s ‘story’.
- Add steps in the transaction phase to be watchful for sharp increases in amounts, activity, and ‘liquid’ purchases.
- Establish a reporting process after the loss to clearly identify it as a synthetic identity theft and reinforce steps 1. And 2.
Synthetic identity theft requires the attention of all financial services and payments industry participants. Audits and risk analyses in all sectors of payments should be conducted, comments taken to heart and procedures enhanced and followed. In addition, occurrences and prevention models should be shared to defeat this enemy.
Source: Payments Fraud Insights, July 2019, The Federal Reserve FedPayments Improvement white paper; Synthetic Identity Fraud in the U.S. Payment System, A Review of causes and Contributing Factors.