The House of Representatives passed a bill that, if signed by Trump, will not only eliminate a wide range of regulations on banks, it will also enable banks to validate Social Security information provided in loan applications with the Social Security Administration. This opinion piece in American Banker indicates a lot more needs to be done to eliminate synthetic fraud:
“Synthetic fraud is one of the fastest-growing and hardest-to-detect forms of identity fraud that enterprises face today, which makes the law relevant and timely.
But as the law stands, it doesn’t go far enough to protect consumers or lenders.
Section 215 of the law focuses on reducing identity fraud by directing the Social Security Administration to facilitate the verification of consumer information upon request by a certified financial institution. The proposed service will validate a consumer’s name, social security number and date of birth in real time or via batch. It requires gathering consent from a consumer, but no longer requires the collection and submission of hard-copy wet signature on an SSA consent form, which is a major obstacle to using current SSA services. Electronic consent will allow financial institutions to verify identities more quickly and at scale in connection with a credit transaction.”
The problems identified include these:
“Yet while this regulation has the long-term potential to significantly reduce synthetic identity fraud, the final rules are subject to an SSA implementation process, and current reading of the law presents three potential concerns.
First, there are concerns that some divisions within a bank could be blocked from using the service. Use of the system is restricted to cases described under Section 604 of the Fair Credit Reporting Act, which establishes permissible purposes to provide a consumer report. When it comes to detecting financial fraud, the most relevant intended use relates to the proposed extension of credit. But absent an approved use case, certain noncredit arms of financial institutions could arguably be blocked from using the service. For example, the opening of a demand deposit account or an investment account could be excluded, despite know-your-customer regulations.
Second, the requirement that a consumer provide an explicit consent to run the check would preclude a financial institution from performing portfolio validation of already-opened accounts. Short of going back to current customers with a request to obtain consent, no action can be taken to identify existing fraudulent accounts. Setting aside the logistical implications of obtaining the authority to proceed with evaluating current accounts, one could reasonably expect that fraudsters would be most unlikely to give their consent. In other words, fraudsters could remain undetected.
Finally, many key parties in the financial reporting system are excluded, including telecommunications companies, fintech providers and nonbank lenders. This creates a loophole for synthetic fraudsters to build credit histories through institutions unable to verify identities through the SSA. Consider one example: A fraudster uses a synthetic identity to open a cell phone account and take out several online loans. He maintains a positive payment history for a few years and builds up a solid credit report. The presence of a credit history and the cost of the verification might drive financial institutions to elect not to run the SSA check for what appears to be a legitimate, low-risk consumer. Even if they do run the check and decline the application as fraudulent, other lenders without access to this service will remain unaware of the fraud, with continuing impact to enterprises, consumers and other participants who rely on accurate credit reporting.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group