The Rise of ‘Frankenstein ID’: Tackling SIF
Financier Worldwide Magazine
By Fraser Tennant
Synthetic identity fraud (SIF) – whereby malicious actors leverage a combination of real and fake personal information to fabricate an identity and commit fraud – is the fastest-growing financial crime in the US.
Also known as ‘Frankenstein ID’, fraudsters’ use of synthetic identities has gained particular traction over the past 12 to 18 months, with US financial institutions (FIs) reporting losses of $20bn in 2021 compared to $6bn in 2016.
Certainly, SIF is a fraud like no other. According to Fiverity’s ‘2021 Synthetic Identity Fraud Report’, while SIF bears some similarity to ‘traditional’ identity theft (essentially a fraudster using a different (but actual) person’s identity to improperly receive goods and services), its development, behaviour and impact is entirely unlike earlier generations of financial crime, for the reasons outlined below.
First, it has scalability. Bringing scale to fraudulent theft has accelerated the growth of SIF as a major financial crime, with criminals using automation to scrape identity elements from the dark web and assemble millions of synthetic profiles.
Second, evasion. Fraudsters combine a detailed understanding of the US payments system with sophisticated software to create profiles that are extremely difficult to detect. Moreover, unlike traditional identity theft, there is no victim that will notice a fraudulent charge and alert their bank.
Third, virality. Once a SIF profile is able to establish a moderate amount of credit, it quickly opens five trade lines on average, typically at different banks. By ‘piggybacking’ additional SIF profiles to an account as authorised users, criminals are on their way to developing their next set of synthetic identities.
Finally, harm. Global fraud rings and rogue states behind cyber fraud funnel proceeds into weapons proliferation, human trafficking and other serious crimes.
“SIF is the dominant mode of identity fraud and accounts for an estimated 70 to 80 percent of all such fraud,” says Dr Stephen Coggeshall, adjunct professor at the University of Southern California (USC). “SIF was substantially enabled due to the US Social Security Administration’s (SSA’s) change to issuing new social security numbers (SSN) using a random series of digits starting in summer of 2011.
“Up until then, one could look at an SSN and immediately see if it was possibly valid, and along with a date of birth (DOB), one could eliminate many of the synthetic identity thefts,” he continues. “Now virtually any nine-digit number has the potential to be a valid SSN, making fraud prevention much harder to detect.”
Moreover, compounding detection is the pandemic-accelerated move toward online banking. “To accommodate the increase in online activity, FIs were forced to accelerate their digital transformation efforts,” states the Fiverity report. “Legacy identity verification systems that reliably caught traditional identity fraud were largely helpless in the face of new threats, missing 85 to 95 percent of likely SIF profiles.”
With the tactics deployed by sophisticated fraudsters allowing them to stay one step ahead, it is imperative that FIs, businesses and payments industry stakeholders work together, jettisoning legacy systems and modernising their fraud detection efforts.
“Organisations that deal with identity verification and authentication have a number of tasks required and a wide variety of effective tools,” attests Dr Coggeshall. “Certainly, good data management and protection practices internally are a must. Internal fraud tools should include good data cleaning and matching processes.
“Additional tools are algorithms for authentication and fraud checks,” he continues. “Best practices for SIF mitigation require the use of data visibility wider than your company, which emphasises the need to use third-party tools for authentication and fraud scores.”
In the view of Fiverity, silos between fraud detection and cyber security teams within FIs should be removed to help improve fraud detection. “These teams historically focused on different threats from different types of criminals, so collaboration was not a priority,” states the Fiverity report. “However, an effective partnership requires both departments to get educated on the criminal organisations and individual hackers working against them, combine defensive playbooks, jointly evaluate new technologies and coordinate reporting with law enforcement.”
In terms of consumer behaviour, Dr Coggeshall recommends being careful about giving out identity credentials, particularly SSN and DOB information, as well as being suspicious of any unsolicited contact. Other options include requesting a credit bureau report and enrolling in an identity protection service.
In a world slowly emerging from significant, pandemic-related disruption, a mix of systemic issues and technological developments are likely to drive the SIF threat, requiring preventers to anticipate future fraud approaches.
“Fraud is and always will be with us,” concludes Dr Coggeshall. “Fraudsters invent new methods of attack as we continue to evolve and improve our defences, so prevention continues to be a race between perpetrators and preventers. We tend to do well at catching the low-hanging fruit, but the sophisticated fraudsters and criminal rings are able to operate with fractional success that can provide substantial wealth.”
Ultimately, the ability to create an unlimited number of identities, coupled with how challenging they are to detect, makes SIF a popular choice among fraudsters – a crime that is growing exponentially but which remains extremely difficult to detect.
© Financier Worldwide