Podcast: Play in new window | Download
Of all the fraud vectors plaguing the payments industry, synthetic identity fraud is one of the most concerning. Unlike card-present fraud, which is on the decline due to the widespread adoption of EMV technology, synthetic fraud is on the rise. Worse yet, traditional fraud models are ill-equipped to even identify it.
Also concerning is that children are often the victims of this type of fraud. In fact, an estimated 40% of identified synthetic identities were constructed using information stolen from children born after 2011, according to a recent white paper from GIACT, a leading fraud prevention company.
The paper went on to note that this fraud vector is being driven by the prevalence of data breaches: In 2018, 446 million consumer records were exposed in data breaches, a 126% increase from 2017. The rise of synthetic identity fraud is costing the payments industry considerably.
For instance, the credit card industry alone lost $6 billion due to this type of fraud in 2016, according to GIACT’s white paper, The Hidden Costs of Synthetic Identity Fraud.
In light of such alarming statistics, and to learn more about what synthetic data fraud is and how to stop it, PaymentsJournal sat down with David Barnhardt, Chief Experience Officer at GIACT, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.
During the discussion, Barnhardt and Sloane defined what synthetic identity fraud is, sketched out the contours of the issue, and discussed how GIACT’s fraud products can enable companies to fight back.
Understanding synthetic identity fraud
Synthetic identity fraud occurs when criminals combine real and fake identity information to make a new, fake identity. By combining some real elements with fake ones, the ensuing profile is harder to detect as being fraudulent.
Sloane explained that criminals are turning towards this type of fraud for two main reasons. First, with all the personal information that has been compromised in data breaches, stealing someone’s personal information has never been easier. Social security numbers, addresses, account usernames, and passwords can be readily purchased on the dark web.
Second, EMV chip technology has made card-present fraud increasingly harder to get away with. In response, fraudsters have turned to cyber fraud as an easier and more lucrative alternative.
Synthetic identity fraud schemes usually come in two flavors. The first one is when the criminal cashes out immediately. For example, the fraudster may open a fake account and immediately purchase something before abandoning the profile.
The second approach is more sophisticated, harder to identify, and significantly more costly. The criminal will open a synthetic account and then behave like a normal consumer. They’ll make purchases, make payments, and work to build up their credit. Sloane noted that a common version of this approach is called piggybacking, “which is taking other criminals and adding them to the account to help others establish a solid credit line.”
Once the fraudster has the desired level of credit, they’ll bust out, meaning they commit the fraud and abandon the account. About 50% of synthetic identities utilize piggybacking, explained Sloane.
Statistics like that indicate how “fraud operators are becoming increasingly more sophisticated in how they carry out synthetic identity frauds,” said Barnhardt. He cited a Federal Reserve report, which estimated that as many as 85% to 95% of synthetic identities were not flagged as high risk by the existing fraud models.
This clearly indicates that traditional identity verification solutions are simply not working, said Barnhardt.
“Anywhere you turn regarding synthetic identity fraud, it wracks up costs.”
At its core, synthetic identity fraud is a vehicle through which criminals can effectively steal goods, services, or money. As discussed above, one common area where criminals use synthetic identities is to open credit card accounts.
This approach is nothing new, as criminals have been using false identities for years to get credit cards. What is new, however, is how criminals are building credit.
“They’re making purchases and making payments, and they’re building enough credibility and aging the account long enough to obtain higher credit line increases,” Barnhardt explained. The higher the credit limit, the bigger the payout when the criminals eventually orchestrate the bust out.
According to the Federal Reserve, the average charge-off balance was more than $15,000 for each instance of synthetic identity fraud in 2016.
Banks and businesses aren’t the only parties getting hurt by synthetic identity fraud. This type of fraud is also hurting consumers. Consumers are often the ones having to clean up the mess because there “could be some type of collection or some type of demand payment reported to their credit,” explained Barnhardt.
In many instances, their social security number, or that of their kid’s, has been compromised. This can make it hard for them to unlink themselves from the fraudulent behavior.
“Anywhere you turn regarding synthetic identity fraud, it wracks up costs,” said Barnhardt.
GIACT’s approach to fighting back
Unlike traditional identification solutions that only assess a handful of data points to verify an identity, GIACT’s approach is more comprehensive.
“We like to say that the devil is in the details,” said Barnhardt. “To detect today’s more sophisticated identity crimes, the employment of detailed traditional and nontraditional data elements is a must.”
GIACT’s gIDENTIFY solution triangulates across numerous diverse data sources to ensure that each data point is both accurate and timely. For example, gIDENTIFY can determine if the social security number being used for a specific account belongs to somebody else. Similarly, the product can verify other important aspects of an account’s identity, such as address, date of birth, email, and phone number.
Another important feature that GIACT offers is the ability to verify if a person is alive or dead. It’s very common for criminals to make an account using the information of a deceased individual.
By combing and verifying all these data points, GIACT can create the digital DNA of a consumer, so to speak. This makes it hard for hackers to fake a similar profile because they will struggle to fake the profile down to the nontraditional elements that GIACT checks.
Sloane noted that an approach such as GIACT’s is essential to stopping fraud. “It really comes down to having the ability to analyze verifiable and accurate data that’s available pretty much in real time,” he said. “And the broader and more accurate that data is to analyze, the better off the analytics can be in detecting the fraud.”
With its robust analytic capabilities, the gIDENTIFY product from GIACT makes it possible to keep up with the ever-changing face of cyber fraud.