While identity theft has been in the modern lexicon for decades, a newer, more insidious and faster-growing variant of identity fraud is taking hold in the U.S.—and it’s costing U.S. financial institutions billions of dollars and keeping fraud executives
awake at night.
Unlike traditional identity theft where an unwitting victim’s financial identity, including SSN, name, address, and accounts are breached and taken over to either deplete existing accounts of funds or establish new accounts, synthetic “Franken” identities
are built, most typically, by conjoining real information garnered from multiple identities—and sometimes augmented with fabricated information. For example, a legitimate SSN (often stolen from a child or elderly person), another person’s real name, another
person’s address and phone number and a new email account controlled by the fraudster may be used to create an “authentic enough” personal identity.
Armed with this identity and enough legitimacy to slip through a bank’s or credit union’s Know Your Customer (KYC) controls, the fraudster is now in a position to establish and bleed fraudulent lines of credit.
The long, slow game
Synthetic ID fraud is the fastest growing financial crime in the U.S., according to McKinsey & Company, accounting for
as much as 15 percent of charge-offs in typical unsecured lending portfolios.
What makes synthetic ID fraud so insidious is that it is very difficult to detect—even after huge financial losses occur. Financial institutions (FIs) are often not even aware they’ve been attacked by operators deploying synthetic ID fraud, instead assuming
credit losses are simply due to consumers unable or unwilling to repay and then writing off the losses as per the standard procedure.
The fact that, on the surface, these fraudulent customers pass the initial identity sniff test is just one troublesome aspect leading to high financial losses. The other is that synthetic ID fraudsters can take as long as five years to nurture fraudulent
account identities, building a certain level of trust with financial institutions before deploying what is known in the industry as a “bust out” where credit lines have been maxed out and then abruptly abandoned.
The stakes are high. Aite Group estimates losses from unsecured credit products resulting
from synthetic ID fraud will reach $2.42 billion by 2023. Bank and credit union fraud executives are keenly aware of the problem and the gap in their current fraud detection capabilities. Aite Group’s recent survey of financial services fraud executives shows
that synthetic ID fraud is the vulnerability gap they are most concerned with within their institution’s current fraud controls.
So, what can financial institutions do to combat synthetic identity fraud?
A multi-pronged approach
Experts agree the best defense is a multi-layered approach that leverages a wide range of available information—from in-house sources, public records and the digital footprint. Elements from accessible data sources, including financial history, property
records, social media accounts, data analytics services, mobile phone number ownership, email address history and more can all be used to build a complete picture of the person presenting themselves to the financial institution and compared against the information
presented at account opening. Each piece of information that doesn’t point back to the account originator should be further examined.
Of course, the challenges, as always, are time, staff, and financial resources as well as risking friction that puts good customers and members off the idea of opening an account or applying for a loan.
How, then, can financial institutions minimize the risk of falling victim to synthetic ID fraud while providing a delightful experience to legitimate applicants?
Halt fraudsters, not progress. Be sure to select a partner who's solution checks all the right boxes when it comes to defeating fraud while staying compliant.