Fed Report Provides Insight on Mitigating Synthetic Identity Fraud

Posted by Anna Kragie on Jul 10, 2020 8:45:40 AM

There is no one-size-fits-all approach to combating the rise of synthetic identity fraud — the fastest-growing type of financial crime, according to McKinsey's research. Instead, financial institutions must take a collaborative approach across the fraud detection industry and leverage comprehensive insights and advanced technology to combat the ever-evolving problem. These recommendations were highlighted in the Federal Reserve's July 2020 report, Mitigating Synthetic Identity Fraud in the U.S. Payment System.

The Fed's report pulls from expert analysis that details actionable tips for how financial institutions — particularly smaller ones — should collaborate and partner with organizations that can provide access to more data and fraud detection tools to FIs that otherwise wouldn't have these resources. 

"Consortium data is better than organization-level data in detecting trends. Information sharing is particularly important for smaller financial institutions, which generate less data and may have fewer technological and fraud-fighting resources than larger companies," the report noted.

Mitigating the risks associated with synthetic identity fraud comes down to combining data analysis with advanced technologies to proactively stop the risk of fraud threats before they spread. 

"A multi-layered approach that employs both manual and technological data analysis gives organizations the best chance to identify and mitigate fraud caused by synthetics," the report notes. "Organizations that have the most success are those that look beyond basic PII elements (such as name, SSN, date of birth and address) and use additional data sources to gain reasonable assurance of the applicant’s identity.

The Fed's report notes how there has been an increase in applying AI and machine learning to detect and mitigate synthetic identity fraud. Value exists in the ability to "create efficiencies for financial institutions, while also saving time and labor costs." Traditional fraud models fall short in detecting synthetic identities, which is why advanced AI-driven data analytics tools have become part of financial institutions' fraud mitigation strategies.

Mitigating Synthetic Identity Fraud: How AI and Machine Learning Help Detect Fraud

Insight from Juniper Research indicates that online payment fraud is expected to exceed $200 billion between 2020 and 2024. One key contributing factor is the rising number of synthetic identities created to perpetrate fraud. An increase in digital access points has allowed fraudsters more channels to breach, allowing more sensitive personal data to be exposed online to be sold on the dark web and/or be used to craft entirely new fraudulent identities. Juniper's research also points to the value of machine learning to combat fast-rising fraud trends.

“The rapidly evolving nature of payment fraud and increased sophistication in attack methods requires machine learning adoption at scale, in order to minimize risk. Constant innovation in analytics and data models is increasingly essential to constraining fraudulent behaviors in payments," wrote Nick Maynard, the research co-author of the report Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024.

Machine learning allows for transaction behavior to be analyzed using data analytics that can detect and mitigate risk based on spending patterns. Juniper's research points to the correlation between rising fraud figured and machine learning investments: "The incorporation of machine learning into fraud detection and prevention software will drive spending forward, reaching $10 billion in 2024, a 15% increase on 2020," the report concludes. 

Mitigating Synthetic Identity Fraud: The Evolution of the Problem

Synthetic fraud allows hackers to set up accounts in a person’s name that appear to be authentic, but are in fact fictitious. The construction of new synthetic IDs is based on combining truthful and false information to build a credit file and then open new accounts, which is perpetrated at scale by opening hundreds of new accounts. Synthetic ID fraud has grown increasingly popular for cyber criminals because of the bigger payoff.

Three factors have contributed to the rise:

  1. Digitization and Automation of Services: The digitization and automation of the customer experience allows people to sign up for services without working with an actual person. Fraudsters have taken advantage of this to scale their techniques.
  2. SSN Randomization Shift: The Social Security Administration made a change in 2011 that randomized the issuance of new SSNs to new applicants. This process made it easier to gain a SSN number with fabricated data. This shift opened the floodgates for fraudsters to create more false identities to exploit at mass scale.
  3. Major Data Breaches that exposed more PII: The scope of personal information exposed during breaches has grown dramatically. In the Equifax breach alone, there were SSNs, DOBs, addresses and credit card information exposed all at once. These vital credentials are being stolen and sold on the dark web on a regular basis.

The financial gains are much greater since the fraudsters create an identity that is harder for banks to crack down on since there is no actual person to make a complaint over fraudulent activity. Because of this, it’s up to the financial institution's own fraud detection mechanisms to spot suspicious behavior. Since they don’t need as much personal information as credit card fraud, cyber criminals have shifted their attention to this type of fraud. For example, by combining a legitimate SSN with a fake name, or by using an inactive social security number with a real name, or even a fake name and SSN, an entirely new identity can be created. From there, fraudsters begin to open up lines of credit and credit cards under these synthetic identities.

The problem with identifying synthetic identities is that it can often be misconstrued as other similar types of fraud, such as account takeover fraud or new account fraud. The rise of PII being sold and monetized on the dark web is leading to an increase in each of these types of payment fraud that is getting increasingly difficult for financial institutions to spot and combat on their own. This type of fraud is largely underreported since may victims of this crime are children, the elderly and homeless individuals, which allows fraudsters to scale this type of fraud without being noticed as easily. This has led to bigger payouts and attracted more fraudsters to commit this type of crime.

As fraudsters continue to exploit new methods — and new technologies — financial institution leaders must learn to adapt to fraud trends faster and more effectively. Traditional fraud models fall short in achieving this goal, which is where AI and machine learning have paved a path to enhanced fraud detection for financial institutions, particularly smaller organizations that previously did not have access to such resources. 

"Information sharing within – and between – organizations also can help the industry draw connections between datasets to better identify potential synthetic identities. Technology can complement manual fraud mitigation practices, as AI and machine learning solutions help humans analyze this data more effectively than humans alone." the Fed report concluded. 

Get a copy of the Fed's full report here: Mitigating Synthetic Identity Fraud in the U.S. Payment System

Synthetic_ID_Fraud[Source: Federal Reserve's July 2020 report, Mitigating Synthetic Identity Fraud in the U.S. Payment System]