Let’s get real about synthetic identity fraud

What is synthetic identity fraud?

Synthetic identity fraud is the phenomenon by which an identity can be manufactured using credentials of a real individual and merging that with fictitious details. In the US, where synthetic identities are a burgeoning problem, it can take the form of an identity that is a combination of a real Social Security Number, false name, address, and date of birth, an example of one among many combinations of real and manufactured credentials.

Fraudsters create these synthetic identities to open banking accounts, apply for government benefits and are display behavioral patterns not significantly different from genuine customer’s making it hard to detect their presence in the first place.  

Synthetic identity frauds have been in the news lately

While banks have yet to fully grasp the true magnitude of the synthetic identity fraud problem, we have seen some research that quantifies losses due to synthetic fraud. In their 2021 Future of Fraud Forecast, Experian estimates that synthetic identity fraud was the fastest type of financial crime in the United States. McKinsey research indicates that synthetic identity fraud could contribute to 10-15% of losses on average in an unsecured lending portfolio.

What makes synthetic identity fraud particularly insidious?

Since synthetic identities are born off a combination of real and manufactured id details, it is often hard to detect them as fake. Furthermore, fraudsters are known to augment synthetic identities with bona-fide looking documents, social media profiles making it hard for a typical onboarding process to flag these identities.  

Traditional identity fraud is often detected by the true customer when they receive a collections notice or communication from the bank on their credit line, in synthetic identity fraud there is no real victim who can blow the whistle, further compounding the complexity of detecting this type of fraud. 

Fraudsters play the long game to maximize their earnings from a synthetic identity. They will promptly pay their credit card dues and build up a stellar credit record till they are eligible for a substantial limit increase, which could take months or even years. Once the limit increase is sanctioned, that is when they bust out and emerge as synthetic identities to the bank’s risk managers. Typical models are unable to flag this behavior as anomalous as till bust out these accounts follow behavioral norms not different from majority of the portfolio. 

 No standard classification protocols for synthetic identities further queer the pitch. Many synthetic identity frauds are mistakenly written off as credit losses or charge offs making the available data for synthetic identity fraud an incomplete data set for analytics and modelling purposes. And with banks unable to gauge the full estimate of this issue, synthetic identity fraud becomes a ticking time bomb in many banks’ lending portfolios.

Tackling synthetic identities head-on

The devil is in the quotidian details when it comes to detecting synthetic identity fraud. Identities that appear shallow, with limited real-life evidence are more likely to be synthetic. Whereas true customers will typically leave behind consistent data trails in different data bases if one searches hard enough. Banks can analyse these data points and model the riskiness of a potential customer.   

For e.g. some of the typical characteristics of a synthetic identity gleaned from different sources of data:

·      Several credit records associated with the same SSN but with a different name, address and date of birth

·      IP address or device id used to apply for a loan linked to several other account openings

·      Email address or social media profiles associated with credit application is less than 3 months old whereas applicant age is in 30s or 40s

·      Limited previous employment or employer details for an adult in their 30s or 40s

·      Physical address is near shipping centers or airports increasing the ease by which goods can be collected

Given the severity of synthetic identity fraud and its financial ramifications, the US Congress has passed a bill that allows organizations to validate the identity of applicant in real time via the Social Security Administration. The service known as, Electronic Consent Based Social Security Number Verification (eCBSV), will confirm if the SSN, Full Name and Date of Birth have a matching record and can also return a deceased indicator for an SSN. While this is a welcome move, banks will have to tread carefully while utilizing this service:

·      Since this is a consent-based service, it can add friction to the onboarding process making competitor banks’ offerings more attractive and leading to greater abandonment rates

·      The service will only return a Yes or No response when queried for a matching entry which means customers with multiple versions of their full name might be declined creating a false positive issue

·      Banks will also have to design a strategy for customers who refuse to provide consent and will need to take a risk-based approach on whether and how much credit to issue

Conclusion

Synthetic identity fraud is fast emerging in the top 3 challenges for a bank’s CRO. The US Federal reserve estimates that the US loses billions in this type of fraud. Coupled with the fact that traditional fraud models fail to detect 95% of synthetic identity applicants, this issue is fast emerging in banking chief risk officer’s top agendas for 2021. A combination of advanced data modelling techniques and utilizing the government initiated eCBSV service can help banks stem the losses associated with this crime.

Disclaimer: The postings on this site are the authors’ personal opinions. This content is not read or approved by their current or former employer before it is posted and does not necessarily represent their positions, strategies or opinions