Behind the Masks Webinar: Identifying & Preventing Synthetic Identity Fraud
August 25, 2021
At a recent webinar, “Behind the Masks: Identifying and Preventing Synthetic Identity Fraud,” presented by Thomson Reuters for the Association of Certified Financial Crime Specialists (ACFCS), financial crime experts Acuant’s Chief Product Officer, Jose Caldera, Gina Jurva, Esq. and Michael Schidlow, Esq. joined to discuss the growing threat of synthetic identity fraud and how financial institutions can mitigate risk.
Fraud, particularly identity-related fraud, is continuing to grow exponentially. The increased digitalization of daily activities and services, such as digital banking, and the chaos of the COVID-19 pandemic have been significant contributing factors to this growing threat landscape. According to the US’s Federal Trade Commission (FTC), they received approximately 4.7 million reports of identity theft and identity fraud in 2020 alone, up 45% from 2019. However, the panelists suggested that the number of cases is actually higher because the FTC’s numbers do not include other agency fraud reports (DOJ etc.), the people that are hesitant to come forward or those unaware they’ve been victimized. And while these reports don’t necessarily name synthetic identity fraud as a culprit, the panelists explained that it was likely a contributing factor to the number of cases reported.
The Growing Threat of Synthetic Identity Fraud
One of the fastest growing types of fraud, synthetic identity fraud is when a fraudster or criminal, for personal or financial gain, combines real (stolen) personally identifiable information (PII) such as a Social Security number with fictious information to create a false name, address and date of birth (DOB), in order to create a fake, yet seemingly real, identity. Synthetic fraud goes beyond identity fraud because it’s far more comprehensive, creating a new “identity” based on multiple data points. Fraudsters prefer these types of fictitious identities because they are more difficult to identify and track down.
There are myriad ways in which stolen data is accessed, and data breaches are a primary way for how criminals steal people’s data. However, the panelists noted that another increasingly problematic cyberattack used by criminals to access PII is the electronic form of social engineering known as phishing. Additionally, fraudsters will take advantage of disastrous situations (“disaster fraud”) such as an apartment building collapse where they can steal the names of victims, or through government programs such as the US’s Paycheck Protection Program (PPP) where fraudsters used fake identities to steal billions of dollars—of the $780 billion-worth of loans provided through the PPP program, about 15% ($76.3 billion) is suspected to have been given out to fraudulent accounts or identities.
Mitigating the Risk of Synthetic Identity Fraud
The purpose of identity verification is to verify and validate that an identity is who he/she claims to be by using identifiable data, but synthetic fraud can complicate that process, particularly when using ineffective identity proofing measures.
Verification breakdowns in the identity proofing process come into play because the systems financial institutions typically have in place tend to be more oriented towards operations rather than financial crime or preventative measures. The panelists explained that fundamentally, traditional identity verification methods are based on verifying an identity based on the same few (static) data points (name, address, date of birth, Social Security, etc.). Using the same few data points to verify people against, the panelists suggest, makes it easier for fraudsters to better prepare the synthetic identities they present.
To effectively fight identity fraud and financial crime, financial institutions need to have a greater focus on the risk and vulnerabilities they have in their verification processes; procedural breakdowns when detecting identity fraud are not due to a lack of available technology, but rather the ineffective utilization of the technology to leverage the provided data. It will be critically important to transition from a singular perspective to a more holistic risk-based approach that assesses, understands and adapts based on user behavior and determined risks. The panelists were emphatic, financial institutions would be better off focusing on whether the presented data is valid, not whether it’s been provided. Validating data using technology that enables biometrics and face matching (including liveness testing), data verification and document authentication will be critical for preventing fraud, not just during onboarding but throughout the customer journey. The key, as always, is balancing the right amount of friction to the risk posed by each transaction or customer. Finding the right risk-based platform can accomplish this.
Read our white paper to learn about the importance of having the right identity verification model and how businesses can build the best one for their use case.
* Consumer Sentinel Network Data Book 2020, FTC