Synthetic identity fraud is a growing concern that is under reported. EMV chips had limited the chances of a credit card being hacked. But that led fraudsters to an epiphany: if we can’t hack a cardholder, be a cardholder.
Fraudsters are opening bank accounts with synthetic identities (we’ll say synthetic IDs as we move forward). And cardholders are unaware of it. They may not know it until they see huge withdrawals on their billing statements. And issuers are having trouble detecting this threat. But that doesn’t mean you should suffer from it.
We looked at several reports to better understand the trends of synthetic identity fraud. Along with providing highlights from each report, we have tips on how to protect your business from this fraud.
April is Here.
That means Visa Claims Resolution (VCR) will go live. Do you know Visa's new reason codes?No. But I want to.
But First, What Is Synthetic Identity Fraud?
Synthetic identity fraud uses stolen information in order to obtain a legitimate credit and debit card. Unlike traditional identity fraud, synthetic identity fraud involves creating a new identity. This new identity is a fusion of information that belongs to more than one cardholder. This includes children information in some cases. Here’s what we can learn from this growing threat.
Lenders Are Targets For Synthetic Fraudsters
Traditional identity fraud has more obstacles than synthetic identity fraud. EMV chips are the main obstacle. And partnerships are making a comeback. Bloomberg reported that lenders partner with the Social Security Administration (SSA) in order to detect fraudsters who impersonate as cardholders. But if they’re not able to connect the dots between real social security numbers (SSNs) and mismatched credentials (i.e., someone else’s DOB), fraudsters can look like real borrowers. This lets them qualify for loans with no plans to repay the lender.
The threat is more prominent than you may think. Synthetic identity fraud was responsible for 25% of all fraud affecting lenders in 2016. Lexis Nexis also found synthetic identity fraud to be responsible for 16% of all fraud affecting financial services in that same year. Issuers and acquirers fall into this category.
How Much Money Was Lost From Synthetic Identity Fraud?
Auriemma Consulting Group (ACG) found that lenders lost $6 billion in 2016 from synthetic identity fraud. The consulting firm suggested that this fraud also contributed to the rise of credit card delinquencies and loss rates. Here are the results from a year-over-year basis in the first quarter of 2017:
Credit Card Delinquency Grew
in Q1 of 2017
Loss Rates Grew
in Q1 of 2017
It was also shown that charged-off balances averaged around $15,000 per attack. Charged-off balances are balances that are considered too delinquent to be paid off. The lender has more than enough motives to confront the delinquent cardholder. But they’ll be wasting their efforts on a synthetic ID. Fraudsters ends up getting away with their money without paying interest!
This trend shows no signs of stagnation. Synthetic identity fraud is predicted to generate $8 billion in losses by the end of 2018. We have less than eight months (since this article was published) to find out if this becomes true.
How Many Victims Were Harmed By Synthetic Identity Fraud?
It depends on what you are reading to find this answer. The most recent figures we found were from 2015. In that year, ABC News said synthetic identity fraud was responsible for 85% of all identity fraud in the United States. And it was responsible for 80% of credit card losses, according to Equifax. There’s a growing demand for fraud prevention to stop this threat.
There’s other fraud you should be aware of. View our blog and find the latest tips on things like friendly fraud, true fraud and phishing scams. You can never be too careful with whom (or what) you engage in the internet. Read more.
But Why? Why Is Synthetic Identity Fraud A Thing?
We read a report from Equifax to find that answer (and yes, we see the irony in Equifax helping us out). Synthetic identity fraud is possible for the following reasons:
- Data. There is a lot of data that fraudsters can use to create synthetic IDs. They (theoretically) have unlimited access if they know where to look.
- There are real SSNs within this data pool. Some can be bought in the Dark Web while others can be created until fraudsters find a unique number to use.
- Financial institutions were slow in updating security measures for verification and authorization. That gives enough room for synthetic IDs to grow and mature. Most of the growing phase involves developing good credit history. That makes a synthetic ID look real.
What’s Synthetic Identity Fraud Like in Action?
Think of synthetic IDs as video game avatars. A fraudster doesn’t rely on one avatar. He or she creates several of them. Each one may share an SSN but have their own synthetic credentials. Or they may have their own SSN and synthetic credentials (the options are endless!). Like any fraud, the objective is to obtain credit while impersonating someone else. And then max out and bail before anyone knows of the incident.
It doesn’t help to provide a mock example of synthetic identity fraud. That’s why we looked at cases studies from the National White Collar Crime Center. Here’s one case study that caught our attention.
(NOTE: The case study below was edited to improve readability. We also sealed the identity of the suspect. We did that because we want to show the sophistication of the crime, not the suspect. Read the full report to see the name and other case studies.)
Synthetic IDs from phony SSNs is one of the fastest growing forms of identity theft in the United States. The U.S. Attorney’s Office for the Northern District of Georgia is staying ahead by prosecuting the rising numbers of these cases. One case involves [SUSPECT], who was sentenced to three years and ten months in federal prison for wire fraud. [SUSPECT] used synthetic IDs and established a credit history for the false SSNs. Using this method, [SUSPECT] defrauded credit card companies out of over $350,000.
According to U.S. Attorney Horn, “the charges and other information presented in court: from January 2013 until December 2015, [SUSPECT] had obtained and created synthetic IDs to obtain credit cards in the names of fictional individuals. [SUSPECT] then used online credit card processing services to charge transactions to the credit cards, directing all the stolen funds obtained to himself.”
In December 2015, law enforcement executed a search warrant at [SUSPECT’s] residence and discovered information for over 300 synthetic IDs. This included fake driver’s licenses, a fake social security card, and numerous credit cards held in the names of individuals other than [SUSPECT]. In total, [SUSPECT] attempted $435,862.10 in fraudulent credit card transactions and succeeded in obtaining approximately $350,000.National White Collar Crime Center
You think that’s bad? You should see how fraud affects ecommerce payments. The year 2020 is just around the corner. You can learn about predictions in ecommerce fraud now. Hopefully, your losses and basis points don’t match our records. Read more.
One crucial detail about this case study (and many others, too) is that synthetic identity fraud works if the SSN is seen as real. That gives them credit to receive, well, credit from lenders X, Y and Z. But this doesn’t only hurt lenders or merchants who offer financial services. Synthetic identity fraud can hurt car dealerships, real estate, brick-and-mortars and tech companies. Basically, it can hurt everyone. And a fraudster will have more than one objective.
For example, one spreadsheet may have synthetic IDs tailored to target merchants who deal with credit. And another spreadsheet may have IDs tailored to steal products and resell them at half the price. In any case, we’re all future targets. That’s why it’s crucial to apply the following tips prevent synthetic identity fraud.
Tip 1: Know Your Cardholders
This may seem obvious. But doesn’t make it less important. When we say ‘know your cardholders’, we’re also saying to know your future and new cardholders. For example, where are they coming from? How are they entering your website or how were they referred to meet you in person?
It’s always exciting to see new cardholders come from new places. But this new place (or referral) demands scrutiny. Every channel must be vetted. Examining the entrance can help you understand the paths that bring in these new cardholders. This includes their IP addresses, the devices, and forms that were used for entry.
Some synthetic fraudster may mimic like real cardholders. But this will help detect the reddest of red flags if their paths are far different for your regular cardholders.
Know Their Behaviors (Post-Entry)
Once they enter your site (or establishment), fraudsters will think their synthetic IDs are working. That’s when you close the gates. You need to remember that detecting synthetic IDs won’t work if you’re vetting them through a credit-report tool. After all, fraudsters groomed their IDs to withstand that tool. You need to vet IDs with an identity-focused approach. That requires identity-focused tools. Here are some fraud prevention services that satisfy this demand:
Transunion created this product to help merchants analyze cardholder behavior. It does so by uncovering anomalies or suspicious patterns within your universe. You’ll be able to detect synthetic IDs upon entry and right before fraudsters ‘cash out’ with your goods. Here are more details.
Comply360® verifies all data given by new cardholders. Whenever an issue arises, this tool will provide specific flags that explains the suspicious activity. This tool is similar to Chargeback’s response generator. But instead of being advised on dispute responses, Comply360® advises you on how to handle synthetic IDs when they arise. Learn more here.
GlobalGateway does more than just detect synthetic identity fraud. It was built to help you, issuers and acquirers comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) rules around the world. It’s their way of letting you detect bad actors and fraud activities at the same time. Here are more details.
Tip 2: Create Partnerships
Chances are synthetic identity fraud is used in organized crime. Why shouldn’t merchants unite to protect their business? It will be great to create partnerships where possible. It can be a quid pro quo arrangement. For example, retailers can help vet incoming IDs while their carriers re-verify the shipping details. You can cancel orders in real-time if you find synthetic credentials.
These partnerships can extend to issuers, acquirers and card networks. The fraudster may bail before he faces consequences. But notifying all parties will diminish the synthetic ID and have everyone reassess how this can be prevented. Merchants of the world, unite!
Fraudsters adapt. Therefore, we need to adapt as well. Synthetic identity fraud is not only growing as a threat. It’s growing as a common search query. While searching for ‘synthetic identity fraud statistics’ on Google, I was offered an interesting search recommendation: ‘how to create a synthetic identity’.
I didn’t click on it (it’s not my thing). But you can imagine the available tools that let fraudsters cause serious harm. That lead me to an epiphany: fraudsters need free and reliable information. We can offer the same service for fraud prevention.
We’ll inform you on every trend that occurs. And we’ll offer tips to help fill any voids in fraud detection. Make sure you sign up for our newsletter. And read some other articles that talk about fraud prevention. Until then, let’s decrypt synthetic IDs together.