SIFting Out
Fraud Intelligence
October 20, 2021
According to McKinsey & Company, synthetic identity fraud (SIF) is one of the fastest-growing financial crimes — largely due to its ability to evade banks’ traditional fraud detection systems. Once a single loan is approved, criminals are on their way to a staggering amount of theft.
A review of tens of thousands of SIF accounts within FiVerity’s Cyber Fraud Network helps us to understand the full scope of this problem:
SIF begins with the creation of a synthetic identity. Here, criminals use automation to mine social media and the dark web—where 3.4 billion identities have been exposed over the past three years (ITRC’s 2020 Annual Data Breach Report). This includes everything from driver’s license numbers, bank account information, passport numbers, email addresses, and more.
If the social security number isn’t stolen, fraudsters will simply make one up. This has become more common since the US Social Security Administration began randomizing numbers in 2011, which removed a layer of geographical checks used for identity verification.
A newly completed SIF profile looks surprisingly good, which may help explain why fraudsters are able to set up accounts with multiple banks in a short period of time. FiVerity’s analysis suggests recently created SIF accounts have:
SIF’s effectiveness stems from a number of factors:
Needless to say, these actions aren’t aimed at a single bank. Using the same SIF profile coupled with automation, fraudsters replicate the process, opening numerous accounts with different companies in multiple jurisdictions. Then, when the time is right, they strike, maxing out their credit and busting out with $81,000 to $97,000.
So how do we catch them? It starts by accepting the fact that legacy systems for fighting fraud are no longer sufficient.
These “top down” solutions start with a picture of what a fraudulent application looks like, with rules that indicate suspicious activity — like a high volume of credit inquiries or multiple addresses over a short time period. The more boxes that are checked, the higher the fraud score. By reviewing rejected loan applications, the fraudster’s ML essentially figures out what the thresholds are for each of the fraud detection “rules,” and gets better at generating profiles that will evade them.
In the end, the answer is to copy the fraudsters’ use of ML. That’s right. The same technology that allows fraudsters to create millions of synthetic identities and commit fraud across a range of banks, e-commerce sites and government agencies is the industry's best bet to fight off these attacks.
Artificial intelligence approaches like ML turns things upside down… literally. Instead of simply checking for traditional indicators of suspicious activity, it takes a bottom-up approach, searching for patterns that match those of recently confirmed fraudsters. This is critical for detecting profiles that quickly evolve.
Right now, criminals are creating profiles that traditional systems are largely incapable of detecting. This is why they’re able to walk away with a significant prize and why ML is the key to stopping them. In fact, it may be the only way the financial industry can counter the threats and stay ahead — or at least catch up — with SIF.