Bogus Identities. Actual Crimes: Protect Your Customers Now
July 7, 2020
Synthetic Fraud: How to Identify and Act on Hidden Fraud and Credit Losses
As technology evolves, so do fraudsters who swarm toward the next profitable opportunity. To watch out for synthetic fraud, you have to know where to look and how to fix and bolster defenses.
COVID-19 Makes Synthetic Fraud Harder to Identify
During the pandemic, people have been forced to use digital services more than ever before. As a result, vendors have focused on providing a good customer experience and being empathetic to those experiencing financial difficulties. Due to this new environment however, synthetic fraud can hide longer in the system before being discovered. Increased delinquency issues along with up-ended work and living situations mask fraud attacks. Stay focused on preventing fraud by implementing precautionary measures and tools shared below.
What is Synthetic Fraud?
Synthetic fraud occurs when bad actors create a “fake” identity (potentially comprised of multiple real identities) to defraud organizations. Unlike traditional 3rd party fraud, there aren’t “victims” to claim a stolen identity.
Why is Synthetic Fraud a Problem?
Because synthetic ID attacks and losses are not easily defined, many financial institutions may not recognize the problem until too late. You can get a false sense of security by simply comparing loss rates to industry benchmarks. Synthetic fraud losses may be hidden because they can appear as credit losses instead of fraud losses.
You can get a false sense of security by simply comparing loss rates to industry benchmarks.
Are you at Risk for Synthetic Fraud? Ask Yourself these Simple Questions
- Have delinquency rates begun to increase relative to credit risks booked?
- Are losses related to particular geographic areas?
- Is there an increase in 1st pay defaults? Is there an increase in no contact straight roller accounts?
- Is the portfolio experiencing an increase in deposit/payment returns?
Answering “yes” may indicate synthetic fraud. So, what do you do?
Dig Deeper to Confirm Drivers of Losses
These frauds typically use common information across the accounts such as phone numbers, addresses, driver’s license information, and other synthetic personally identifiable information.
Identify links between accounts that use similar information but for different customers – you may reveal a web of linked accounts and identities within the portfolios. Common link analysis and consortium data-based solutions are often used to identify other accounts potentially associated with synthetic fraud perpetrators.
Be sure to analyze across products and portfolios since these frauds typically exploit as many accounts as much as possible.
With a little digging, you may reveal a web of linked accounts and identities within portfolios.
Implement Preventive Measures and Tools
If your research indicates evidence of synthetic fraud, you need to implement countermeasures and enhanced authentication to minimize the opportunity for exploitation.
Sounds like a lot—but it’s doable. Start with these steps:
Top four countermeasures for synthetic fraud
- Develop rules to target these risks using already-available data. Data that you are likely already collecting can be used to combat synthetic fraud if appropriately deployed.
- Velocity-based rules can identify potential fraudsters who are testing your defenses.
- Suspicious bureau data and inconsistencies related to inquiry velocity and age of credit file can be indicators of potential synthetic fraud.
- Tighten authentication practices. Because these frauds “own” the identity being used, traditional 3rd party tools are largely ineffective. Some potential options to separate the good customers from the bad customers include:
- Enhanced ID validation. This technology can validate the ID being used to confirm it has the right. Some frauds may get IDs made in the 1st party/synthetic name but most do not.
- Request a 4506T (IRS – Tax Return Request). Since it is unlikely that taxes are filed on 1st party/synthetic IDs, asking the applicant to complete the 4506T request consent form will usually deter the frauds. However, this could also deter good customers so it should be used when the fraud risk is very high.
- Electronic Consent Based Social Security Verification (eCBSV) service: This program, currently in pilot, simply returns a “Yes/No” value to verify if an individual’s SSN, name, and date of birth combination matches Social Security records. This will be the least intrusive option – mitigating the risk of turning away your good customers through intensive authentication methods.
- Control Access Channels. These controls include device detection and voice/caller id detection. These tools can identify known bad devices, common voice patterns across multiple accounts, and known bad used phone numbers.
- Identify and implement the use of consortium models. While it is difficult to precisely define and identify synthetic ID fraud, vendors with consortium-based tools can be effective at identifying known fraud identities across different financial institutions.
Synthetic fraud is not new, but all signs indicate it is increasing and today’s fast digital marketplace makes detection and prevention that much more difficult.
Bridgeforce has extensive experience in combatting synthetic fraud, including assessments, new rule identification, developing policies and procedures and optimizing operations to help organizations be more efficient and effective in fraud prevention. We also partner with ID Analytics to provide best-in-class credit and fraud risk solutions. Contact us for support in executing these steps to reduce synthetic fraud losses.