Of the many fraud trends that shook the financial services industry during the pandemic, synthetic identity fraud (SIF) was arguably the biggest headliner. Synthetic fraud may have flown under the radar of many credit unions prior to the pandemic, but has rapidly garnered more scrutiny alongside escalating monetary losses and media coverage.
SIF involves fabricating a new identity procured from a mixture of fake information and authentic personally identifiable information (PII) stolen from multiple victims. The synthetic identity might use a legitimate Social Security number (SSN) and birth date from a real person, as well as random false data, to fill in any gaps.
The diversity, velocity, and scale of synthetic fraud attacks has intensified as fraudsters continue to leverage new approaches and technologies to achieve their ends. SIF is well-suited for innovation because of the seeming legitimacy of the manipulated or manufactured identity, and has spawned a host of fresh fraud trends.
The popularity of Buy Now Pay Later (BNPL) in recent years is due in part to the accessibility of its services for consumers with little, poor, or no credit history. BNPL service providers typically perform a soft pull on the user’s credit, which provides an opportunity for fraudsters to leverage a synthetic identity to invade the platform with minimal friction. The distributed payment installments also enable fraudsters to cast a broader net for attacks.
Fraudsters are increasingly turning their attention toward the most vulnerable victims: children. Bad actors leverage various social engineering techniques to illegally procure children’s data from sources such as school district systems, social media accounts, and even the dark web. The data is used to compile a convincing synthetic identity that can be used to fuel different types of fraud. Because the crime is often only discovered once the child applies for credit or a federal student loan as an adult, the synthetic identity can be successfully used for years without being noticed by the victim or their family.
The mainstream adoption of automation and digitization in the auto finance industry—an attempt to appeal to younger generations—is presenting numerous challenges for lenders, as is the ongoing shortage of automotive inventory. This further streamlines identification checks and onboarding to enable easy access to financing. Fraud losses from falsified auto loan applications are expected to grow this year as lenders push their digital transformation agendas forward.
Deepfakes have become infamous for their realistic portrayal of victims, including celebrities and government officials. Now deepfake synthetic identities are increasingly being used to help fraudsters secure remote job roles. The FBI recently reported that they’ve received an influx in complaints of stolen personally identifiable information (PII) and deepfakes used for job applications, primarily in technology jobs. Deepfakes and synthetic content, including identities, bring verisimilitude to various social engineering scams. In this latest manifestation, the approach is deployed in online job interviews with the goal of accessing financial data, corporate databases, sensitive customer data, and other valuable information frequently associated with technology job roles.
The quality and quantity of new and emerging synthetic identity fraud trends demonstrate how challenging SIF detection is for traditional fraud prevention tools and approaches.
The inclusion of both authentic and falsified information, in addition to the patience fraudsters often exhibit in nurturing accounts and mimicking legitimate account holder behaviors, helps synthetic identities bypass existing fraud detection models so criminals can establish credibility. Financial institutions also struggle with the lack of a single source of truth for identity verification, siloed identity verification data sources, and inaccurate identity data across data sources.
Fraud prevention is a balancing act; solutions and approaches must be robust enough to stop criminals before they can infiltrate the system and commit fraud, yet optimized in such a way that the digital experience isn’t hindered for real customers. Real-time intervention and detection via artificial intelligence (AI) and machine learning (ML) enables institutions to efficiently combat synthetic identities while addressing this need for balance.
The pillars in this equation include an abundance of high-quality data to authenticate identities and address any information voids, and advanced analytics to recognize and manage risks. This creates a solid foundation for FIs to:
Stopping synthetic identity fraud doesn’t end there; a modern control framework should also incorporate customer education, application velocity monitoring, and identity verification and entity resolution convergence for a more complete perspective of applications and their relationships.
It’s time to apply smarter, better, faster FRAML to your fraud activities, and stop fraudsters before the damage is done.
ERIC TRAN-LE is vice president, head of Actimize Premier at NICE Actimize.