When the COVID pandemic hit, U.S. federal and state government agencies acted decisively. They quickly passed new legislation and took other emergency measures to put a variety of financial safety nets in place for citizens, especially vulnerable ones. Due to the pressing needs, these programs were hastily conceived, structured, funded, and rolled out.
These well-funded but flawed programs presented tremendous opportunities for online fraudsters and other cybercriminals. And if there’s one thing that online crooks have in common, they never let a good opportunity go to waste.
In FiVerity’s webinar, Defining the Synthetic Identity Fraud Threat, a representative from the Federal Reserve’s secure payments group described the impact of “rushed digital transformation” with government programs developed in the past year to help folks in need. “What that also has done has allowed synthetics to be created at the same time. And now they're just cultivating, they're out there, they're ready for use.”
Source: FTC (February 2021). Consumer Sentinel Network Report 2020.
Let’s take as an example the Paycheck Protection Program (PPP), which is administered by the U.S. Small Business Administration (SBA). According to Security Magazine, the SBA’s PPP fraud hotline received fewer than 800 calls in 2019. By August of 2020 however (the most recent data available), that same fraud hotline handled over 42,000 calls.
In March of this year, the DOJ announced updated results of its expanded crackdown on COVID-19 fraud. The agency had publicly charged 474 defendants with criminal, pandemic-related offenses involving efforts to steal by fraudulent means more than $569 million from the U.S. government and individuals.
Eight defendants in California used synthetic identity fraud (SIF) to apply for 142 PPP and EIDL loans seeking over $21 million. The fraudsters used stolen and fictitious identities, as well as sham companies to perpetuate the fraud.
The full-scale and actual financial losses stemming from this COVID-related PPP fraud may never be known.
The bottom line is that many cyber fraudsters are utilizing the best available technology in order to maximize their chances of success. The financial services industry needs to “fight fire with fire” by adopting machine learning and other tools to defeat fraudsters before they get a foothold into the payments system.