When it comes to fraud in the payments industry, there has been both good news and bad news.
With the widespread adoption of EMV chip cards, there has been a drastic reduction of card-present fraud cases. But as the saying goes, when a door closes, a window opens, and when it comes to fraud, fraudsters are increasingly embracing another method that’s harder to identify and combat: synthetic identity fraud.
The rise in synthetic identity fraud, combined with the dangers it poses, has drawn the notice of major players in the payments industry. In July, the Federal Reserve published a white paper detailing the causes of synthetic identity fraud. Others in the payments space, from analysts at Mercator Advisory Group to thought leaders at PSCU, have also published content chronicling the rise of synthetic identity fraud.
What is synthetic identity fraud and why are leaders in the payments industry raising alarm about it?
Synthetic identity fraud is worse than the traditional identity fraud
Synthetic identity fraud is best understood when compared to traditional identity fraud.
Traditional identity fraud is when a criminal uses a real person’s identity to get credit. It is easier to detect because the victim usually experiences a direct financial hit; they may notice the fraudulent charges on their card, for instance.
In contrast, synthetic identity fraud is when a criminal combines some information from a real person, such as a social security number, with fake information, such as an imaginary name. This process results in a “synthetic identity” because the created identity is a combination of real and fake information.
The issue is significantly worse in the United States than other countries because the United States relies heavily on static personally identifiable information (PII) to identify people, including Social Security numbers. Relying on static PPI is risky because it can be easily compromised.
With more than 446 million records exposed due to data breaches, the number of exposed PII records increased by 126% between 2017 and 2018, according to the Identity Theft Resource Center.
It is typical for the criminals to use the social security numbers of particularly vulnerable populations, such as children or the elderly. One study found that 1 million children were victims of identity fraud in 2017.
These synthetic profiles are hard to detect because often times the person who had their information stolen is not directly impacted. And as Jack Lynch, the Chief Risk Officer of PSCU, noted in a blog post on the topic, criminals using synthetic identities typically “behave like great credit union members—always paying on time and getting credit-line increases as a reward.”
Taken together, these factors make this type of fraud particularly hard to detect. In fact, ID Analytics estimates that 85% to 95% of applicants who were identified as synthetic identities were not identified as high risk by traditional fraud models that normally detect traditional identity theft.
Despite the victim not feeling a direct impact and the criminal initially acting like a great customer, synthetic fraud can have a substantial, negative impact.
The damage of synthetic identity fraud
Once the criminal builds up enough credit, they cease acting like a model customer and instead max out their credit cards and disappear, leaving financial institutions on the hook for the missing money.
“Many industry stakeholders have told us synthetic identity payments fraud is a major concern for their organizations,” said Kenneth Montgomery, first vice president and chief operating officer at the Federal Reserve Bank of Boston.
According to the Federal Reserve’s white paper, synthetic identity fraud is the “fastest growing type of financial crime in the United States.” As the fastest growing financial crime, it is costing companies considerable amounts of money. Auriemma Group estimates that lenders in the U.S. incurred $6 billion in costs related to synthetic identity fraud in 2016 alone, accounting for 20% of all issuer credit losses.
These figures, however, are likely an underestimate because of how hard it is to identify synthetic identity fraud. The Federal Reserve notes that there is often a lack of investigation into whether unpaid credit accounts are a result of synthetic identity theft. “It’s oftentimes written off as bad debt because it looks like a legitimate account that’s defaulted,” said Montgomery.
Equally problematic is that there is a lack of awareness and reporting on synthetic identity fraud, making it even harder to grasp the extent of this type of crime.
What companies can do about it
Although synthetic identity fraud is becoming more prevalent and its detection remains challenging, there are some strategies to combat its spread.
For its part, The Federal Reserve is focused on raising awareness about the issue while working with industry leaders to arrive at a shared definition of what synthetic identity fraud means. Once the industry has a shared framework, understanding the scope of the problem and implementing remedies will become easier.
Others in the payment industry are advocating for companies to apply more scrutiny to people opening new accounts. “Credit unions should not rely on one tool or database to validate the identity of the person opening the account,” wrote Lynch, PSCU’s chief risk officer, in a recent blog post. “From PSCU’s perspective, combined intelligence from multiple channels is key — which is why we’re seeing such positive outcomes from our Linked Analysis tool, the most powerful weapon in our fraud-mitigation arsenal of solutions.”
As the name implies, the Linked Analysis tool combines intelligence from multiple channels with machine learning to analyze transactions and other events. For example, if multiple credit unions have accounts open under different names but sharing the same address, Linked Analysis can flag this suspicious activity. As a result, PSCU can act preemptively to stop fraud from occurring.
Experts in the payment industry believe that approaches such as PSCU’s Linked Analysis tool are viable methods at stopping synthetic fraud.
“If proper attention is paid during account opening, synthetic fraud can be stopped in its tracks,” said Tim Sloane, VP of Payments Innovation at Mercator Advisory Group. “Of course this requires a deeper investigation into the individual’s identity across more data sources which will increase onboarding costs,” said Sloane.
However, he was quick to point out that services like this often pay for themselves in the long run. By avoiding fraud and all the high costs associated with it, companies can actually save money.
According to Lynch, PSCU’s Linked Analysis tool has already saved companies millions of dollars. “Since the PSCU Fraud Intelligence team was formed a little more than a year ago, we’ve been able to leverage Linked Analysis and machine learning capabilities to save over $22 million that credit unions would have otherwise lost from this emerging type of fraud,” wrote Lynch.
PSCU’s Linked Analysis tool is part of a wide range of products that are available to businesses focused on combatting emerging fraud patterns. “Multiple payment networks and identity verification services [are] beginning to make the technology available to banks and other businesses so a risk metric can be applied to each individual they interact with, existing customer or not,” said Sloane.
With synthetic identity fraud only expected to become more common, it’s important for companies in the payment space to keep up with emerging fraud trends and use technology to stay ahead of the fraudsters.