SIFting Out

SIFting Out
Fraud Intelligence
October 20, 2021

According to McKinsey & Company, synthetic identity fraud (SIF) is one of the fastest-growing financial crimes — largely due to its ability to evade banks’ traditional fraud detection systems. Once a single loan is approved, criminals are on their way to a staggering amount of theft. 

​​A review of tens of thousands of SIF accounts within FiVerity’s Cyber Fraud Network helps us to understand the full scope of this problem:

• SIF cost U.S. financial institutions an estimated $20 billion in 2020
• SIF is now responsible for up to 25% of fraudulent consumer loan losses
• SIF losses are 4.6 times higher than the average credit loss

SIF begins with the creation of a synthetic identity. Here, criminals use automation to mine social media and the dark web—where 3.4 billion identities have been exposed over the past three years (ITRC’s 2020 Annual Data Breach Report). This includes everything from driver’s license numbers, bank account information, passport numbers, email addresses, and more.

If the social security number isn’t stolen, fraudsters will simply make one up. This has become more common since the US Social Security Administration began randomizing numbers in 2011, which removed a layer of geographical checks used for identity verification.

A newly completed SIF profile looks surprisingly good, which may help explain why fraudsters are able to set up accounts with multiple banks in a short period of time. FiVerity’s analysis suggests recently created SIF accounts have:

• A High Credit Rating: The average FICO® Score, the go-to source for credit ratings, is 742. That’s higher than the average score of 698.
• Multiple Accounts: A typical SIF profile has five accounts open, typically at different banks.
• A High Total Credit Limit: The average credit limit for a new SIF profile is between $65,000 - $70,000 across accounts. That’s significantly higher than the $22,751 average of credit available to Americans today as reported by Experian.
• A Good Track Record: Fraudsters maintain a low account balance (under $5,000) and make their payments on-time.

SIF’s effectiveness stems from a number of factors:

1. Automation: This allows fraudsters to quickly create millions of profiles and apply for a ton of loans.
2. Sophistication: The volume of synthetic identities (in the millions) and its success at evading traditional identity verification systems strongly suggests that machine learning (ML) plays a crucial role in its development. One study found that likely SIF profiles are able to slip past traditional fraud detection systems more than 85% of the time. As Imperium General Manager Tim McCarthy noted in a recent article, “adding deepfake and synthetic AI tech into the mix just makes it easier for the perpetrators to build up more detailed synthetic IDs that lead to more serious levels of fraud.”
3. Starting Small: To stay under the radar, fraudsters start with applications for small loans — typically under $15,000. Some start with cash cards that involve very low risk for banks, attracting even less attention. The goal of this activity is simply to get a foothold in the payments system.
4. Patience: While traditional identity fraud requires criminals to act fast before getting shut down, SIF profiles look like normal, upstanding customers. They pay their bills promptly and build up credit over time. This process will go on for six to 18 months, over which time they methodically build-up their credit limit.

 Needless to say, these actions aren’t aimed at a single bank. Using the same SIF profile coupled with automation, fraudsters replicate the process, opening numerous accounts with different companies in multiple jurisdictions. Then, when the time is right, they strike, maxing out their credit and busting out with $81,000 to $97,000.

 So how do we catch them? It starts by accepting the fact that legacy systems for fighting fraud are no longer sufficient.

These “top down” solutions start with a picture of what a fraudulent application looks like, with rules that indicate suspicious activity — like a high volume of credit inquiries or multiple addresses over a short time period. The more boxes that are checked, the higher the fraud score. By reviewing rejected loan applications, the fraudster’s ML essentially figures out what the thresholds are for each of the fraud detection “rules,” and gets better at generating profiles that will evade them.

In the end, the answer is to copy the fraudsters’ use of ML. That’s right. The same technology that allows fraudsters to create millions of synthetic identities and commit fraud across a range of banks, e-commerce sites and government agencies is the industry's best bet to fight off these attacks.

 Artificial intelligence approaches like ML turns things upside down… literally. Instead of simply checking for traditional indicators of suspicious activity, it takes a bottom-up approach, searching for patterns that match those of recently confirmed fraudsters. This is critical for detecting profiles that quickly evolve.

Right now, criminals are creating profiles that traditional systems are largely incapable of detecting. This is why they’re able to walk away with a significant prize and why ML is the key to stopping them. In fact, it may be the only way the financial industry can counter the threats and stay ahead — or at least catch up — with SIF.