Synthetic identity fraud is a growing concern that is under reported. EMV chips had limited the chances of a credit card being hacked. But that led fraudsters to an epiphany: if we can’t hack a cardholder, be a cardholder.
Fraudsters are opening bank accounts with synthetic identities (we’ll say synthetic IDs as we move forward). And cardholders are unaware of it. They may not know it until they see huge withdrawals on their billing statements. Even issuers are having trouble detecting this threat, but that doesn’t mean you should suffer from it.
We looked at several reports to better understand the trends of synthetic identity fraud. Along with providing highlights from each report, we have tips on how to protect your business from this fraud.
But First, What Is Synthetic Identity Fraud?
Synthetic identity fraud uses stolen information in order to obtain a legitimate credit and debit card. Unlike traditional identity fraud, synthetic identity fraud involves creating a new identity. This new identity is a fusion of information that belongs to more than one cardholder. This includes children information in some cases. Here’s what we can learn from this growing threat.
Lenders Are Targets For Synthetic Fraudsters
Bloomberg reported that lenders partner with the Social Security Administration (SSA) in order to detect fraudsters who impersonate as cardholders. But if they’re not able to connect the dots between real social security numbers (SSNs) and mismatched credentials (i.e., someone else’s DOB), fraudsters can look like real borrowers. This lets them qualify for loans with no plans to repay the lender.
The threat is more prominent than you may think. Synthetic identity fraud was responsible for 25% of all fraud affecting lenders in 2016. Lexis Nexis also found synthetic identity fraud to be responsible for 16% of all fraud affecting financial services in that same year. Issuers and acquirers fall into this category.
How Much Money Was Lost From Synthetic Identity Fraud?
Auriemma Consulting Group (ACG) found that lenders lost $6 billion in 2016 from synthetic identity fraud. The consulting firm suggested that this fraud also contributed to the rise of credit card delinquencies and loss rates. Here are the results from a year-over-year basis in the first quarter of 2017:
- Credit card delinquency grew 14.8% in Q1 of 2017
- Loss rates grew 12.3% in Q1 of 2017
It was also shown that charged-off balances averaged around $15,000 per attack. Charged-off balances are balances that are considered too delinquent to be paid off. The lender has more than enough motives to confront the delinquent cardholder. But they’ll be wasting their efforts on a synthetic ID. Fraudsters ends up getting away with their money without paying interest!
This trend shows no signs of stagnation. Synthetic identity fraud is predicted to generate $8 billion in losses by the end of 2018. We have less than eight months (since this article was published) to find out if this becomes true.
How Many Victims Were Harmed By Synthetic Identity Fraud?
The most recent figures we found were from 2015. In that year, ABC News said synthetic identity fraud was responsible for 85% of all identity fraud in the United States. And it was responsible for 80% of credit card losses, according to Equifax. There’s a growing demand for fraud prevention to stop this threat.
But Why? Why Is Synthetic Identity Fraud A Thing?
We read a report from Equifax to find that answer. Synthetic identity fraud is possible for the following reasons:
- Data. There is a lot of data that fraudsters can use to create synthetic IDs. They (theoretically) have unlimited access if they know where to look.
- There are real SSNs within this data pool. Some can be bought in the Dark Web while others can be created until fraudsters find a unique number to use.
- Financial institutions were slow in updating security measures for verification and authorization. That gives enough room for synthetic IDs to grow and mature. Most of the growing phase involves developing good credit history. That makes a synthetic ID look real.
What's Synthetic Identity Fraud Like in Action?
Think of synthetic IDs as video game avatars. A fraudster doesn’t rely on one avatar. He or she creates several of them. Each one may share an SSN but have their own synthetic credentials. Or they may have their own SSN and synthetic credentials (the options are endless). Like any fraud, the objective is to obtain credit while impersonating someone else. And then max out and bail before anyone knows of the incident.
It doesn’t help to provide a mock example of synthetic identity fraud. That’s why we looked at cases studies from the National White Collar Crime Center. Here’s one case study that caught our attention.
(NOTE: The case study below was edited to improve readability. We also sealed the identity of the suspect. We did that because we want to show the sophistication of the crime, not the suspect. Read the full report to see the name and other case studies.)
The National White Collar Crime Center study said,
"Synthetic IDs from phony SSNs is one of the fastest growing forms of identity theft in the United States. The U.S. Attorney’s Office for the Northern District of Georgia is staying ahead by prosecuting the rising numbers of these cases. One case involves [SUSPECT], who was sentenced to three years and ten months in federal prison for wire fraud. [SUSPECT] used synthetic IDs and established a credit history for the false SSNs. Using this method, [SUSPECT] defrauded credit card companies out of over $350,000.
According to U.S. Attorney Horn, “the charges and other information presented in court: from January 2013 until December 2015, [SUSPECT] had obtained and created synthetic IDs to obtain credit cards in the names of fictional individuals. [SUSPECT] then used online credit card processing services to charge transactions to the credit cards, directing all the stolen funds obtained to himself.”
In December 2015, law enforcement executed a search warrant at [SUSPECT’s] residence and discovered information for over 300 synthetic IDs. This included fake driver’s licenses, a fake social security card, and numerous credit cards held in the names of individuals other than [SUSPECT]. In total, [SUSPECT] attempted $435,862.10 in fraudulent credit card transactions and succeeded in obtaining approximately $350,000."
One crucial detail about this case study is that synthetic identity fraud works if the SSN is seen as real. That gives them credit to receive, well, credit from lenders X, Y and Z. But this doesn’t only hurt lenders or merchants who offer financial services. Synthetic identity fraud can hurt car dealerships, real estate, brick-and-mortars and tech companies. Basically, it can hurt everyone. And a fraudster will have more than one objective.
For example, one spreadsheet may have synthetic IDs tailored to target merchants who deal with credit. And another spreadsheet may have IDs tailored to steal products and resell them at half the price. In any case, we’re all possible future targets. That’s why it’s crucial to apply the following tips prevent synthetic identity fraud.
Tip 1: Know Your Cardholders
This may seem obvious, but doesn’t make it less important. When we say ‘know your cardholders’, we’re also saying to know your future and new cardholders. For example, where are they coming from? How are they entering your website or how were they referred to meet you in person?
It’s always exciting to see cardholders come from new places. But this new place (or referral) demands scrutiny. Every channel must be vetted. Examining the entrance can help you understand the paths that bring in these new cardholders. This includes their IP addresses, the devices, and forms that were used for entry.
Some synthetic fraudster may mimic like real cardholders. But this will help detect the reddest of red flags if their paths are far different for your regular cardholders.
Know Their Behaviors (Post-Entry)
Once they enter your site (or establishment), fraudsters will think their synthetic IDs are working. You need to remember that detecting synthetic IDs won’t work if you’re vetting them through a credit-report tool. After all, fraudsters groomed their IDs to withstand that tool. You need to vet IDs with an identity-focused approach. That requires identity-focused tools. Here are some fraud prevention services that satisfy this demand:
Transunion’s Synthetic Fraud Model
Transunion created this product to help merchants analyze cardholder behavior. It does so by uncovering anomalies or suspicious patterns within your universe. You’ll be able to detect synthetic IDs upon entry and right before fraudsters ‘cash out’ with your goods.
ID Analytics’ Verification — Comply360®
Comply360® verifies all data given by new cardholders. Whenever an issue arises, this tool will provide specific flags that explains the suspicious activity. Comply360® advises you on how to handle synthetic IDs when they arise.
GlobalGateway does more than just detect synthetic identity fraud. It was built to help you, issuers and acquirers comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) rules around the world. It’s their way of letting you detect bad actors and fraud activities at the same time.
Tip 2: Create Partnerships
Chances are synthetic identity fraud is used in organized crime. Why shouldn’t merchants unite to protect their business? It will be great to create partnerships where possible. It can be a quid pro quo arrangement. For example, retailers can help vet incoming IDs while their carriers re-verify the shipping details.
These partnerships can extend to issuers, acquirers and card networks. The fraudster may bail before he faces consequences. But notifying all parties will diminish the synthetic ID and have everyone reassess how this can be prevented.
Fraudsters adapt. Therefore, merchants need to adapt as well. Synthetic identity fraud is not only growing as a threat. It’s growing as a common search query. While searching for ‘synthetic identity fraud statistics’ on Google, I was offered an interesting search recommendation: ‘how to create a synthetic identity’.
I didn’t click on it (it’s not my thing). But you can imagine the available tools that let fraudsters cause serious harm. That is why it is so important for merchants to stay up to date on current fraud trends.