The Federal Reserve released several White Papers educating the payments industry on synthetic identity fraud (SIF), one of the fastest-growing financial crimes in the U.S.[i] In their White Paper, Synthetic Identity Fraud in the U.S. Payments System, they tackle the contributing factors to SIF's rapid growth.
So, why is SIF increasing?
1. Reliance on SSNs
Unlike some countries, the U.S. lacks a centralized “source of truth” for its citizens’ identities. Companies have long relied on Social Security Numbers to identify individuals, and it’s far from a perfect system.
The Social Security Administration’s move to randomized SSNs in 2011 removed a layer of geographical checks that banks, credit unions, and other credit providers had used as part of their application checking processes. This change opened the door wider for fraudulent activity - according to ID Analytics, nearly 40 percent of synthetic identity fraud incidents involve the use of a random SSN.
2. PII data breaches
Although the U.S. has experienced a decline in data breaches, fraudsters still have plenty to work with. Over the past three years alone, more than 3.4 billion identities were exposed.[ii] This personally identifiable information (PII) can be bought on the dark web, with a SSN costing only $1.[iii] In synthetic identity fraud, criminals combine this widely available personal information from different people to create an entirely new identity.
3. No (traditional) victim
Unlike traditional identity fraud, SIF doesn’t involve a single victim that’s likely to notice a suspicious charge and alert their bank. Since fraudsters only steal one element from a person’s identity, it’s difficult for victims to know their PII was compromised.
Criminals also target the personal data of homeless people, children, and the elderly - who are all less likely to access their credit information. While traditional fraudsters must work fast, cyber fraudsters can take their time.
4. It’s successful
Success breeds imitation, and SIF is incredibly profitable. Although it requires patient nurturing of an account for months or years, the average “bust out” of $15,000 isn’t too shabby.[iv]
5. It’s scalable
Unlike traditional forms of fraud, criminals can automatically create thousands of fraudulent identities. After curating these profiles, criminals repeatedly apply for loans, eventually obtaining approval.
6. It bypasses legacy systems
Because fraudsters build their credit to maximize their eventual payout, many SIF accounts don’t look suspicious. In fact, 70% of SIF accounts look like legitimate customers with typical payment patterns.[v] Because of this, current rules-based systems are largely unable to effectively detect this fraud, with 85-95% of SIF accounts sailing through.
7. Limited info sharing
Despite legislation meant to encourage banks to share information on financial crimes, these efforts have stalled. The biggest factors triggering this hesitation are 1) fear of violating data privacy and security requirements 2) losing competitive advantage by sharing customer information 3) basic questions about the logistics for sharing.
Luckily, technologies like double-blind encryption are providing new solutions to these problems.
8. Credit process gaps
When a fraudster applies for a loan and is rejected, a credit profile is still created. This profile alone makes the synthetic identity look more legitimate. Further, fraudsters are often the first applicant using a particular SSN, as they target children, the elderly, and the homeless. This strategy allows fraudsters to avoid further authentication and increase their chances of approval.
9. Fraudsters play the victim
After busting out with a five or six-figure theft, fraudsters have the audacity to claim they were the victims of identity theft! This strategy was inadvertently helped by the FTC’s decision to drop requirements for identity theft victims to submit a police report.
Knowing that banks have a limited window of time to review fraud disputes, criminals will disrupt the process by overwhelming banks with claims. When fraudsters are successful, banks reverse the charges and reopen credit lines.
10. They’re hard to catch
Like other cyber-attacks, it’s notoriously difficult to track down the criminal organizations behind SIF. Although there are arrests like the New York fraud ringleader that scammed $200 million, most SIF attacks are conducted by groups outside of the U.S. They’re even harder to identify and prosecute when they’re based in a country that’s hostile to the U.S. government. Finally, you can't track down a person that doesn't exist.
But there's hope:
While all these factors contribute to SIF, organizations can still fight back. With sophisticated AI solutions and the multilayered approach found in SynthID Detect, financial institutions can prevent losses to synthetic identity fraud. FiVerity's cutting-edge technology is constantly improving, so as fraudsters evolve, our machine-learning does too.
To better protect your institution from SIF:
[i] McKinsey & Company, “Fighting back against synthetic identity fraud.” January 2019.
[ii] Identity Theft Resource Center, “2020 in Review: Data Breach Report.” January 2021.
[iii] Experian, “Here’s How Much Your Personal Information Is Selling for on the Dark Web.” December 2017.
[iv] Auriemma Group, “Synthetic Identity Fraud Cost Banks $6 Billion in 2016.” 2018.
[v] TransUnion, “Synthetic Fraud Myths: Are All Identities Created to Charge-off?” September 2018.