Synthetic Identity Fraud
What is it?
Synthetic Identity Fraud (SIF). Simply put, it is the combination of real facts about someone with fake information, often an amalgamation of other sources to create a new identity for purposes of fraud.
It is common, growing, and very effective with few consequences for the perpetrator.
Who Is Doing It?
Crime rings. Individuals with poor credit. Unauthorized Immigrants.
Who Is Targeted?
Many of the victims are children. In fact, based on one security breach, it appears they are 51 times more likely to be targeted than adults. This might be a bit counter-intuitive since children rarely have credit histories.
Kids are a blank slate in the world of credit.
But that is the allure.
With clean backgrounds, they are inviting targets for financial abuse. The most frequent application in Carnegie Mellon’s Cylab study appears to be for unauthorized immigrant documentation and for individuals who have exhausted their own credit.
In terms of the leveraging of these new identities, Cylab states that when it comes to kids, 70% of these crimes are to acquire mortgages and credit services.
The fraudsters also may target children because they have a better chance of escaping justice than if their victims were adults.
Children aren’t buying big ticket items where a credit check might turn up the issue. The youngest recorded victim of identity theft was 5 months old. (Read the full Carnegie Mellon Cylab report here.)
The Ones That Matter
As mentioned above, we have three basic actors when it comes to SIF. One is the unauthorized immigrant who needs a US citizen identity in order to obtain better job opportunities and standards of living.
While illegal and unethical, in terms of the totality of dollar impact, they are not our concern here.
Likewise is the individual who has effectively ruined their own credit and therefore turned to a child’s identity, often their own. Again, while they may repeat the cycle of fiscal irresponsibility, damaging their own child’s future, the total financial impact to society is likely muted compared to the worst offenders.
What we really care about from a financial system perspective is the sophisticated frauds. The big dollar ones. And those are run by crime rings with multiple parties and patience.
How It Works
Utilizing stolen SSN data, coupled with legitimate and fraudulent supporting facts, a crime ring applies for credit. Invariably, our synthesized individual is denied credit on their initial application.
And then on the next application, and the next. And perhaps the next too. At first, the system works.
But the credit industry tracks everything, and in that hyper vigilant approach, the irony is that vigilance becomes a vulnerability. A credit file is created to track this individual and their attempts to gain credit. They are now “in the system” as it were. (1)
The credit file becomes the root of the fraud because it creates authority and legitimacy out of thin air.
Eventually a bank takes a low level risk on our synthesized credit seeker. It is a small credit line, perhaps only $500.
But over the next two years, that line grows as the criminals behind the line of credit dutifully pay off the amounts charged on it.
The credit line grows until it is large and established.
The Bust Out
Now comes the payday. Defaults on anything from auto loans to large lines of credit. The dollars involved are significant, and they come all at once.
For credit cards alone, Aite estimates the loss was $968mm in 2018, with a projected climb to $1.25 Billion in 2020.
These payouts are termed ‘the bust out’ because it is the finality of the con. Or at least it used to be.
In some cases, enterprising criminals are now attempting to rebuild these fraudulent accounts under the auspices of wayward debtors trying to rebuild their lives and credit histories.
Such is the nature of synthetic identity, that even after the fraud, it is sometimes possible to continue the abusive behavior and get a second chance at the bust out.
The Hang Wringing Begins
We collectively treat this issue as if the sophistication of these criminals is far beyond anything the credit reporting agencies, government, and banking consortiums can handle. That until the industry’s artificial intelligence gets better we are at a collective loss to stop these crimes. I would disagree.
These criminals may be patient, but they are not particularly advanced. Buying their data on the dark web (SSNs) and jumbling in additional variables is hardly worthy of awe. Yes, their patience is admirable, but that is about it.
Successful synthetic identity fraud is not all that sophisticated, just good at exploiting gaps in credit extension.
And no, success is not inevitable.
The answer is better and more inclusive controls on what constitutes “good data”. Currently, much of the data that is used to build a credit file is ‘stove-piped’. This simply means it is siloed in different databases controlled by different entities. Think government vs. bank vs. credit reporting agencies.
Those extending credit make an educated guess on extending credit based on incomplete data. This gap is where the opportunity for synthetic identity arises. Think legitimate SSN (verified or ‘calculated’ by the creditor), legitimate address (confirmed geographically by the creditor) + fake name (accepted by the creditor), fake DOB (accepted by the creditor). (2)
How to Fight It
Use disparate data sources to build a more holistic profile of those seeking credit. In other words, allow key decision makers to confirm data validity before extending credit utilizing public and private datasets – and data that creates a more meaningful picture of what a ‘real person’ might do.
Just how long has this ‘person’ existed? When did they originally first seek credit?
This means sharing data better between credit extending entities to establish the age of a particular credit file and it’s origin. There is no doubt a brake on this in the form of government regulation and privacy concerns. Both of those will temper, but should not preclude, action.
Employ link analysis tools (IBM’s i2 comes to mind) to find overlap between suspect accounts or data points that may have been manipulated. Be ready to shutdown existing credit more aggressively at the risk of alienating customers or the revenue & marketing side of the business.
And importantly, be willing to turn down more applicants for credit. This last approach may be the hardest for some entities in a competitive landscape for revenue.
But as the SIF threat continues it’s upwards trajectory, LESS may definitely be MORE when it comes to credit.
(1) https://legal.thomsonreuters.com/en/insights/articles/synthetic-identity-fraud
(2) https://www.fico.com/sites/default/files/2018-08/FICO_Synthetic_Identities_4596BR_EN.pdf