By Tina Giorgio
The COVID-19 pandemic has given rise to a significant number of fraud-related concerns, but perhaps most disconcerting is the potential for
increases in synthetic identity fraud, which is estimated to cost $6 billion in annual credit losses in the United States.
As I mentioned back in November,
detecting synthetic identity fraud can be tricky precisely because it stems from legitimate personally identifiable information (PII) and normal credit-building patterns. In many cases, synthetic identity fraud accounts check all of the boxes as they
move through normal due diligence. In fact, pre-pandemic, half of fraudsters who were using
synthetic IDs applied in-person for credit—passing standard Know Your Customer (KYC) tests.
Catching synthetic identity fraudsters remains difficult, and the fall-out of not detecting it, is substantial. AI company Coalesce estimates that synthetic identities account for more than 20 percent of losses in a loan portfolio, and for credit, they average 4.6 times the typical loss.
With that in mind, the Federal Reserve Banks released its whitepaper, “Mitigating Synthetic Identity Fraud in the U.S. Payment System”,
last month with strategies to decrease risks around this growing problem. The following seven tips offer insights from the report into ways to better safeguard against synthetic identity fraud.
- Think beyond today’s risk management solutions. A study from ID Analytics estimates traditional fraud models were ineffective at catching 85 to 95 percent of likely synthetic identities meaning the bank will have to institute additional measures to mitigate its risk.
- Cull multiple data sources. If you assume all PII has been compromised, how do you validate the person is who he or she says? Use additional data sources unrelated to name, social security number (SSN), date of birth, and address
to confirm the applicant’s identity.
- Employ a multi-layered approach. AI and machine learning can support a more automated analysis, but these solutions only go so far. Educated bank staff must intervene on more complex issues, like false positives. Having both engaged
bolsters a bank’s line of defense.
- Institute or reinforce link analysis. Highlighted in the Fed paper, link analysis includes reviewing various banking channels (checking accounts, lending accounts, other financial activity) to monitor for anomalies in everything from
IP address to reused SSNs. Because synthetic identity fraudsters generally open multiple accounts at the same organization, this cross-departmental assessment can be used to catch fraud before it happens.
- Report the loss as fraud. I’ve said this before, but it bears repeating, report synthetic identity cases as fraud. If it is assigned as a credit loss alone, credit bureaus can remove the credit delinquency from the account after
seven years, giving the fraudster a window to do it all over again. Noting the loss as fraud also flags it for other areas of the bank.
- Share information. When you see something, say something. Continue working with industry groups and law enforcement to shine a light on the trends you’re noticing in your institution. Work with your regulator to iron out any
uncertainties around what data you can and should share.
- Enroll in the electronic consent-based SSN verification (eCBSV) service when it becomes available to you. While this is not a catch-all (see sidebar), eCBSV will go a long way toward helping community banks thwart false identities,
providing real-time validation of SSNs. If you haven’t already applied for this service, watch for the next open enrollment period.
All in all, synthetic identity fraud continues to create a significant risk for community banks. But by employing a thoughtful, strategic approach, you can minimize your exposure and shrink the overall threat.
Tina Giorgio is ICBA Bancard president and CEO.