Synthetic identity fraud has become the fastest growing type of financial crime in the US according to the US Department of Justice. FinCEN calls synthetic identity fraud a national security priority because of its potential to be used for cyber attacks, anti-money laundering, and terrorist funding.
Socure’s latest white paper, The State of Synthetic Fraud: Evolution, Trends, and How We Will Eradicate It By 2026, explains the evolution of synthetic identity fraud, analyzes methods being used to perpetrate it, identifies trends in synthetic identity activity including impacts from the COVID-19 pandemic and follow-on stimulus efforts, and ultimately offers a 10-point strategy for combating this rapidly growing threat and eventually eradicating the plague of synthetic fraud. This blog summarizes some of the findings from that white paper. To get a more complete understanding of how synthetic identity fraud is captured, and for more insights into Socure’s blueprint for eradicating synthetic fraud, please check out the complete white paper.
The state of synthetic identity fraud
Federal Deposit Insurance Corporation (FDIC) research indicates there are 124 million US households with at least one bank account. By analyzing identity data on new applications for depository accounts, Socure estimates that synthetic identities make up between 1-3% of financial institution and fintech DDAs. Assuming one account per household (an ultra-conservative estimate) from the FDIC data and that 2% of those accounts were established by synthetic fraudsters, it means there are over 2.48 million synthetic identities hiding in open US bank accounts.
One of the most common types of synthetic identity fraud comes in the form of P2P scams. The recent FTC Sentinel Data report shows that scams are up substantially; consumers reported more than $2.3 billion in losses due to imposter scams last year, up from $1.2 billion in 2020. The median loss per imposter scam is $1,000, according to the FTC. Multiplying that rate by 2.48 million bank accounts hiding synthetic identities drives a total loss for DDAs of $2.48 billion, should the CFPB and others make those organizations responsible for the loss instead of consumers.
Synthetic fraud not only creates losses with DDAs but is also a big problem for the credit card sector. Aite-Novarica Group, an advisory firm to banks, insurers, payments providers, and investment firms, reports that synthetic fraud in the unsecured credit card sector for 2022 is estimated at $2.4 billion. To date, Aite-Novarica’s numbers have been the industry’s sole barometer for synthetic fraud. However, by combining the Aite-Novarica credit card losses of $2.4 billion and the $2.48 billion potential loss estimate for DDAs should regulatory groups push for banks and fintechs to shoulder the financial loss rather than the consumer, it could bump total synthetic losses to $4.88 billion—more than double the gauge commonly used by the industry.
Synthetic fraud will continue to plague the industry for the next several years. Socure, however, sees a day when the problem of synthetic fraud can be eradicated. But the way to completely solve synthetic fraud is to work collaboratively across industries.
A blueprint for eradicating synthetic identity fraud
Socure strongly believes that, as an industry, working together with the government, we can eradicate the problem of synthetic fraud completely by 2026 and stop the damage that bad actors are committing against consumers and our financial system. This new white paper outlines our 10-point proposal for eradicating fraud. Here’s a sample of what we propose:
- Educate the industry about the problem of synthetic fraud. The Boston Federal Reserve has done an outstanding job of working with the industry to define synthetic fraud and roll out an exceptional educational program to teach professionals how it’s created and how to stop it. Those efforts, along with additional initiatives contributed by partnering solution providers, like Socure, are a good start but don’t reach far enough to educate every organization about the dangers of synthetic fraud.
- Stop synthetic identities before they can enter the front door. Fighting fraud should not be done alone. And yet we still see companies that have significant synthetic fraud hiding in their portfolios when analyzed in a live test or proof of concept. It’s critical that all organizations that are susceptible to synthetic fraud, no matter their perceived level of exposure, get aggressive about employing fraud detection and eradication strategies.
- Identify “manipulated” and “fabricated” identities and treat them appropriately. It’s not enough to identify a potential application as “synthetic fraud.” While a good start, organizations must dig deeper into the patterns of synthetic identity creation to further identify a synthetic identity as either “manipulated” or “fabricated” and to design an automated solution for follow-on treatment.
- Bring identity characteristics forward into account management. Organizations need to put politics aside and integrate analytics to be able to apply friction when a consumer application falls into scoring margins that make it look synthetic-ish. Risk signals gained at the point of origination will reduce false positives and increase fraud capture rates, so that a smart company will identify a marginally scored synthetic identity sooner versus later in the account lifecycle.
- Apply rigid definitions to fraud, label each account, and share those labels with a noteworthy consortium. Labeling synthetic fraud is more difficult than any other type of fraud, because there is no clear victim to inform the bank that an account is fraudulent as when third-party identity fraud occurs. Clean labels based on effective synthetic fraud definitions and shared with a noteworthy consortium are critical to aiding the industry in fighting and eventually eradicating synthetic fraud.
- Remove the known tools of the trade whenever possible. Credit washing (especially when done at scale by credit repair companies,) piggybacking authorized user tradelines, and “boosting” credit scores using unscrupulous methods are all known tools of the trade that synthetic fraudsters employ to strengthen credit histories. Until there is a way to limit or restrict these services and information, manipulated synthetic fraud will continue to proliferate.
- Provide eCBSV for all. As we’ve seen, eCBSV is not a magic solution for eliminating synthetic fraud; however, it’s a great addition to your synthetic fraud-fighting toolbox. By extending eCBSV availability to more industries, everyone will benefit from more comprehensive synthetic fraud detection tools.
- Require CIP solutions that don’t integrate synthetic fraud detection technology to provide a disclaimer to users. Organizations that use credit header files solely to fuel CIP solutions hurt the industry by giving users a false sense of protection against synthetic fraud. Enterprises need to learn how to strengthen CIP offerings, and we need to educate lenders that CIP alone will not stop synthetic fraud.
- Identify and delete existing synthetic fraud out of the “machine.” Companies who have not been protecting their front door from synthetic accounts would benefit from a one-time portfolio scrub to identify these accounts and shut them down before they do more harm.
- Systematically freeze credit reports for randomly issued SSNs at birth. Because it is illegal to gain access to credit information on people younger than 18 years of age, it would make sense for the government (or through parent authorization through the Certificate of Live Birth process), to systematically submit a credit reporting “security freeze” to the national credit reporting systems. This would remove one of the synthetic fraudsters’ most valuable tools, and it would protect individuals from entering the credit ecosystem with an already negative credit report attached to their credit report.
Synthetic fraud is no longer a surprise attack on America’s financial and commerce systems. The problem has existed for over 20 years, and we in the industry and government sectors have allowed it to reach an alarming level.
There are now exceptional educational programs in place. The patterns of synthetic fraud are well understood and the profiles of manipulated and fabricated subtypes have been teased out, which will aid in stopping synthetic fraud better during follow-on step-up efforts. There are solution providers who work with industry to share and develop consortiums of reported synthetic frauds that drive incredibly precise models. These models have overcome many of the issues related to false positives and no longer add unnecessary friction to those younger consumers, the underbanked, and immigrants who have a light information footprint and therefore appear synthetic. Socure strongly believes that as an industry, working together with the government, we can eradicate the problem of synthetic fraud completely within the next three years, and stop the damage that bad actors are committing against consumers and our financial system.
The Socure approach to synthetic fraud
Socure’s Sigma Synthetic Fraud is a purpose-built synthetic identity fraud detection solution that delivers holistic protection through multi-layered controls to block harmful synthetic identities from entering an ecosystem at account creation. The model employs both advanced machine learning techniques cyclically trained with expert human-in-the-loop analysis to mitigate rapidly evolving and complex synthetic patterns. It results in the ability to deploy the right tools at the right time to hone customers’ decisioning strategy, whether the goal is to capture more synthetic fraud or create a lower-friction user experience.
Companies are testing Sigma Synthetic Fraud to determine the number of synthetic identities hiding in their existing portfolios. To schedule your proof of concept, book a meeting today.
Socure
Socure is the leading platform for digital identity verification and trust. Its predictive analytics platform applies artificial intelligence and machine learning techniques with trusted online/offline data intelligence from email, phone, address, IP, device, velocity, and the broader internet to verify identities in real time.