Synthetic identity fraud is emerging as a key migration point in the post-EMV era, as criminals refocus on application fraud and exploit easy access to sensitive consumer data.
According to Auriemma Consulting Group (ACG) fraudsters are using that data to create fake personas – hybrids of stolen and fabricated personal information – and open new lines of credit. In fact, the share of financial losses stemming from application fraud, which includes the creation of synthetic identities, grew by 42% in the fourth quarter of 2016, according to ACG data.
Fraudsters’ migration to application fraud is particularly impactful because perpetrators behave like true customers for months or even years before “cashing out,” leaving lenders with massive losses and little recourse for collection and recovery. To make matters worse, a single fraudster can cultivate tens or even hundreds of high-value accounts, greatly increasing financial exposure.
The lending community is mobilizing against synthetics. But a series of obstacles stand in the way: With no true customer, fictitious accounts can be virtually impossible to pinpoint; conventional countermeasures are ineffective; and reporting is underdeveloped, obscuring the true scope of the problem.
A potential solution – cross-checking applicants’ information against Social Security Administration (SSA) records – is out of the industry’s reach, at least for now. The SSA’s existing verification service requires the written consent of the SSN holder, an impractical condition when dealing with synthetic identities. Regulatory reform to open up SSA records, either to lenders or the credit reporting agencies (CRAs), is moving slowly, and there’s no guarantee it will make the legislative agenda.
Without collaboration with peer institutions, mitigating systemic fraud at this scale is virtually impossible. The good news is that the lending community is banding together to find solutions, as it has with more traditional fraud types.
Massive credit losses aren’t the only financial risk associated with synthetic identity fraud: By the time a synthetic account defaults, the lender has invested potentially years’ worth of marketing, servicing, and other operational costs. Meanwhile, the fraudster has moved on to the next identity. While collections and fraud departments usually deal with the aftermath, lenders are increasingly looking to marketing, acquisitions, and underwriting teams as the first lines of defense.
Lenders are refining their pre-screening processes to look for anomalies in applicants’ credit profiles and considering supplementing traditional, credit-based criteria with more robust data. The existence of employment information, payroll accounts, and utility records, for instance, can increase confidence that an identity is legitimate. There’s also a push to strengthen identity verification at account opening with knowledge-based authentication (KBA) and enhanced know-your-customer (KYC) techniques. Based on risk tolerance, lenders may queue suspicious applications for manual review, request additional proof-of-life documentation, or decide not to offer credit.
Lenders are also stepping up monitoring at the acquisition and account management stages to detect high-risk behavioral patterns. Warning signs include the velocity of applications submitted under a single name, requests to add a high number of authorized users to an account, and suspicious retail transaction patterns and money movement activity.