Detecting and Mitigating Synthetic Identity Fraud

By Tina Giorgio

Tina Giorgio, President & CEO, ICBA BancardIt’s the fastest growing type of financial crime in the U.S., costing U.S. lenders $6 billion in 2016, and it’s not what you might think. Whereas in years past the industry might have been battling insurance fraud or identify theft, today one of the biggest threats to the financial services industry—and community banks—is synthetic identify fraud.

Synthetic identity fraud is a different take on traditional identity theft. Perpetrators use a mix of fictitious or authentic personally identifiable information (PII), such as names and Social Security Numbers (SSNs), to create new identities, establish a credit history, and then max out or “bust out” credit lines and then disappear with the funds only to start a another synthetic identity.

But because perpetrators often use real PII and exhibit normal credit-building patterns and behavior, synthetic identify fraud can be hard to detect and mitigate. Studies have found that fraud models built to predict traditional identity fraud did not flag 85 percent to 95 percent of potential synthetic identity fraud applicants.  Last year, more than 1 million children were victims. That’s because their SSNs had never been used to establish credit.

Despite the difficulty in detection, there are some common characteristics that synthetic identities exhibit, according to the Federal Reserve's recently released Detecting Synthetic Identity Fraud in the U.S. Payment System. Synthetic identities often maintain:

  1. Addresses near international airports or shipping areas — These are ideal locations where fraudsters can easily retrieve documents related to the synthetic identity for quickly reshipping illegally obtained merchandise before victims can act.
  2. Multiple identities with the same SSN — Fraudsters will pair numerous fake names with a valid SSN until they find a pairing that grants them credit approval.
  3. Multiple applicants with the same address or phone number — Perpetrators often leverage a mix of new and repeated information, such as address and phone number, to increase their chances of scoring a hit.
  4. Credit history inconsistent with consumer profiles — Synthetic identities exhibit abnormalities, such as a 40-year old consumer with only a six-month credit history.
  5. Use of secured credit lines to build credit — Secured credit lines are typically tied to a savings account or backed by collateral, making them easier for fraudsters to obtain and leverage to build credit and eventually obtain a traditional credit line.
  6. Use of SSNs issued after 2011 — SSNs issued after 2011 are not assigned to individuals based on geography, making it easier for fraudsters to use regardless of their location.
  7. Multiple accounts from the same IP address — Perpetrators often use automated processes or bots to submit multiple credit applications from the same device.
  8. Multiple authorized users on the same account — Perpetrators frequently add multiple synthetic identities to “good” accounts to support the validity of synthetics and help build their credit profile. Many times, the synthetic identity will “inherit” the credit history of the valid account holder.

Understanding the characteristics of synthetic identities is a great first step in helping to mitigate the effects of synthetic identify fraud. Community banks should consider other mitigation activities as well to minimize the threat this type of fraud poses. These activities could include:

  1. Artificial Intelligence (AI) — Community banks can leverage AI and machine learning to determine normal customer behavior patterns and habits and detect anomalies indicative of fraud.
  2. Proper Loss Categorization — Most synthetic identity fraud losses are incorrectly categorized as credit losses. If properly categorized, community banks can use the information to track linked accounts and other potential synthetic identities. If not, credit bureaus can remove the credit delinquency from the account after seven years, opening the door for the fraudster to use the same synthetic identity and re-perpetrate the crime.
  3. Information Sharing — Community banks can collaborate with other institutions and law enforcement to aggregate and analyze data for trend analysis and develop appropriate mitigation strategies.

Synthetic identify fraud might be one of the fastest-growing threats to our industry, but by recognizing the telltale characteristics and leveraging mitigation activities, community banks can get in front of it to minimize the impact.

Tina Giorgio is president and CEO of ICBA Bancard.