In the US, financing decisions are based on a credit score. The higher the score, the larger the line of credit extended. The only way to increase a credit score is to buy things on credit and repay it as often as possible.
Credit scores are built on a social security number (SSN). A fraudster will use the SSN of someone with no credit history to apply for a loan or credit card. These SSNs are often referred to as ‘credit invisible,’ and they account for 1 in 10 adults. They may be elderly or homeless people – unlikely to be checking their history regularly. Fraudsters also use the SSNs of children or fabricate numbers that look genuine. The fake personality is completed with address, phone number, and sometimes additional personal details.
When the ‘new’ SSN is provided, the credit bureau cannot unequivocally know whether the individual applying for a loan is real. All they can say is whether they have a record of the details or not. They just assume that the application is legitimate, generate a record based on those details, et voilà! They create a Synthetic ID without realising it.
A fraudster only needs a small amount to begin. They borrow USD 200 and pay it back. They do it again. This looks great to the financial system! To reward this upstanding consumer behavior, the credit score builds, and more credit is extended.
The next step in the process is referred to as ‘busting out.’ The fraudster gains a significant amount of credit (say, USD 20k) and maxes it out. Then they pay their balance with a fake check to ‘cover’ the credit. By the time the check fraud has been determined, the fraudster has already maxed the credit card again and doubled their money. They either disappear or claim identity theft, which reinstates their credit line so they can max it out one more time.
Of course, financial institutions follow Know Your Customer (KYC) processes to confirm a customer’s identity. Based on SSNs and PII, these measures fulfill legal, regulatory, and internal policy requirements that enable them to maintain compliance and mitigate risk. But they are limited, and those limits are exploited by bad actors.
A full validation of an SSN at the Social Security Administration (SSA) requires written consent on a specialised form. This is too time-consuming for the business and can potentially drive away customers, so it’s not often utilised. Instead, investigations and validations focus on what’s more readily available: profiling though open-source information such as social media accounts and online documentation. But these types of ‘proof’ are easy for fraudsters to fabricate.
It may seem like the odds are stacked against stopping Synthetic Identity fraud. But mitigation begins with awareness.
Risk and credit analysts and onboarding agents must be educated about Synthetic ID, its prevalence and scope, and the tactics employed to perpetuate these scams. Once they know what they are looking for, they have a significantly increasing chance of catching it.
Then comes cooperation. The intel and best practices should be shared with fellow payments professionals across organisations, advancing mitigation efforts throughout the industry for a greater scale of impact.
The next step is innovation. Traditional machine learning models that predict identity fraud do not usually catch the ‘long game’ play of Synthetics. But AI is continually evolving and can be trained to detect the unique differences between Synthetic IDs, real debtors, and other fraud schemes such as identity theft.
EverC is focused on powering growth for the ecommerce ecosystem. Our automated AI-driven, cross-channel risk management solution rapidly detects high-risk merchants, transaction laundering, and illicit products, and provides ongoing monitoring to uncover evolving risks. Our team comprises domain experts in risk intelligence, open-source, deep, and dark web, and online fraud detection. Learn more at www.everc.com!
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now