Financial crimes cost businesses and consumers billions of dollars each year. According to the Seattle, Washington division of the US Federal Bureau of Investigation (FBI), identity theft complaints submitted to the FBI’s Internet Crime Complaint Center (IC3) have risen 361% during the first nine months of 2021 (41,984 IC3 complaints between January-September 2021) compared with 2019 (15,519 IC3 complaints). Adding to this sobering statistic, in 2020, the FBI identified synthetic identity fraud (SIF) as the fastest growing type of financial crime. This article aims to explain what SIF is, why it matters, and what companies can do to prevent it.
Synthetic identity fraud is a relatively new type of fraud but has quickly gained attention due to the losses financial institutions have incurred, most recently estimated at more than USD 6 billion annually in the US alone.
The US Federal Reserve started an effort in 2018 to shine a light on SIF across the financial services sector. To help promote better understanding within the industry and more consistent reporting, the Federal Reserve convened a focus group with a dozen industry members to create a standard definition of SIF. The group defined SIF as ‘the use of a combination of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.’
Essentially, a synthetic identity is ‘cobbled together’ by the fraudster and may contain both real and fake elements. For example, a synthetic identity used to apply for a line of credit in the US could contain a made-up name, a legitimate address, a social security number belonging to a person not associated in any way with the address, and a bogus phone number. With vast swaths of PII available for sale on the dark web due to a myriad of data breaches in recent years, it is easier than ever for criminals to create new identities.
How is this fraud perpetrated?
SIF begins with a fraudster applying for a new credit card, loan, or another line of credit with a synthetic identity. With no credit history tied to this profile, either the request may be declined, or an introductory limit is granted. If denied, the fraudster will then apply elsewhere until they are approved. Fraudsters typically make smaller purchases and pay promptly to build enough ‘good’ credit history to subsequently request higher limits and new credit lines. Once the fraudster has access to a substantial credit line, they will max out the synthetic’s available credit and vanish.
As social security numbers have been used for decades as identifiers for banking and financial services in the US, these entities are especially vulnerable to SIF. Social security numbers belonging to children and the elderly are particularly attractive to fraudsters, especially since kids are unlikely to have established credit and seniors are less likely to routinely review their credit reports.
Companies with inadequate fraud detection systems may not properly distinguish between a synthetic identity and a new customer, giving the fraudster who created the synthetic identity easy access to credit. When a synthetic identity racks up bad debt, the financial institution is generally left holding the bag because there is not a legitimate consumer to initiate collections.
What actions can be taken to combat synthetic identity fraud?
To mitigate and ultimately prevent SIF, companies need to do more than merely validate individual pieces of PII; more precisely, they must examine the legitimacy of the relationship between PII elements. For example, does the applicant’s full name match with the social security number, address, and phone number? If the information provided does not match completely, is there a partial match?
An article posted on Forbes in 2019 estimates that synthetic identity fraud results in an average loss of USD 10,000 per account. Spending as little as one dollar per account on electronic identity verification (eIDV) through a service like GDC’s Worldview platform can prevent SIF. This same investment in eIDV can also generate hundreds of dollars in customer lifetime value on legitimate accounts by ensuring a friction-free onboarding process. Identifying and preventing SIF at onboarding is critical in stopping criminals from perpetrating this rampant and rapidly growing threat to companies everywhere.
Additional information on unlocking missed LTV can be found in GDC’s most recent Whitepaper.
This editorial is part of The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.
About Markus Bergthaler
Markus brings over 13 years of risk, fraud, and payments knowledge to GDC. He previously spent over 6 years as the Global Director of Programs at the Merchant Risk Council and lead Risk, Fraud, and Payments departments at Wizards of the Coast, E. Breuninger, and Amazon.
About FBI
The Federal Bureau of Investigation (FBI) is an intelligence-driven and threat-focused national security organisation with both intelligence and law enforcement responsibilities that is staffed by a dedicated cadre of more than 30,000 agents, analysts, and other professionals who work around the clock and across the globe to protect the US from terrorism, espionage, cyberattacks, and major criminal threats, and to provide its many partners with services, support, training, and leadership.
About GDC
Global Data Consortium (GDC) is a leader in electronic identity verification. We leverage verified data sources in established and emerging markets to bridge the gap between consumer onboarding and financial service provider compliance requirements. We believe in the balance between preventing fraud and providing a seamless verification process via a single API.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now