Since the fallout of the Equifax breach, the chatter in the financial services industry has been all about identity fraud. The same sentiment was echoed in a recent study by Javelin.
According to that study, for the first year ever, data breaches compromised more Social Security Numbers than credit card numbers. SSNs accounted for 35 percent, while credit card numbers rang in at 30 percent in breaches. The reason for this shift was attributed to the Equifax breach.
As predicted, with fraudsters’ techniques getting smarter, they are adapting quickly to different types of fraud. The big concern in the financial world around identity theft is the ability to commit synthetic identity fraud.
“[Fraudsters are] smarter now. They have all the data they need to commit fraud and they know exactly how to use it,” Al Pascual, Javelin’s research director and head of fraud and security NBC News. “They're getting more sophisticated faster than we can respond — and that's the big problem.”
The other big problem is what identity theft can lead to: Lots and lots of Synthetic ID fraud.
Why is Synthetic ID Fraud Such a Rapidly-Growing Problem?
Synthetic fraud allows hackers to set up accounts in a person’s name that appear to be authentic, but are in fact fictitious. The construction of new synthetic IDs is based on combining truthful and false information to build a credit file and then open new accounts, which is perpetrated at scale by opening hundreds of new accounts.
Synthetic ID fraud has grown increasingly popular for cyber criminals because of the bigger payoff. The financial gains are much greater since the fraudsters create an identity that is harder for banks to crack down on since there is no actual person to make a complaint over fraudulent activity. Because of this, it’s up to the bank’s own fraud detection mechanisms to spot suspicious behavior.
“Synthetic identity fraud is costing banks billions of dollars and countless hours as they chase down people who don’t even exist,” Alan McIntyre, senior managing director and head of the global Banking practice at Accenture, wrote in a Forbes article.
Since they don’t need as much personal information as credit card fraud, cyber criminals have shifted their attention to this type of fraud. For example, by combining a legitimate SSN with a fake name, or by using a inactive social security number with a real name, or even a fake name and SSN, an entirely new identity can be created. From there, fraudsters begin to open up lines of credit and credit cards under these synthetic identities.
What Else Should Financial Institutions Be Concerned About?
The speed at which these fraudsters move has become an increasingly troublesome problem for financial institutions — particularly with the influx of concerns related to synthetic identity fraud.
The Javelin study highlighted some more troubling figures.
- Identity fraud impacted an estimated 16.7 million Americans in 2017, which was a 8 percent increase from 2016 (1.3 million more).
- Fraudsters stole $16.8 billion in 2017, which was the highest figure in four years. This consisted of stolen credit card numbers, hacked bank accounts, mobile phone account takeover and loyalty reward point theft.
On a positive note, Javelin’s research suggests that EMV chip cards led to a dramatic drop in fraud loss. In fact, Visa recently reported that merchants who were EMV equipped saw a 66 percent drop in counterfeit card losses when comparing June 2017 to June 2015.
The bad news? The risk of online CNP fraud is greater than ever. Javelin’s research suggests that CNP fraud is 81 percent more likely to occur than POS fraud. The number of consumers who had their cards misused in a CNP transaction has nearly doubled, when compared to POS purchases.
Stolen personal data — SSNs, birthdays, account passwords, etc. — has also led to more account takeovers. This leads to drained bank accounts, or new accounts opened in a person’s name for fraudulent purposes. Javelin estimated that new-account fraud rose a whopping 70 percent in 2017, with a majority of the fraud linked to opening new cell phone accounts, online payment accounts and e-commerce shopping accounts. Account takeover losses totaled $5.1 billion in 2017, which was a 120 percent increase from 2016.
How Machine Learning Helps Banks Fight Synthetic ID Fraud
Machine Learning allows banks to thwart off breach threats faster, detect breaches when they occur, and devise a plan of attack for when breaches hit — preventing them from spreading into even bigger problems. With a rise in identity theft, this is more important than ever.
Not only can machine learning technology process billions to trillions of data, analyze millions of variables, it has the ability to learn and improve everyday, far faster than human analysis. Machine learning can help fraud teams at banks and credit unions be better equipped to get ahead of the problem before it spreads. By eliminating costly, manual processes that are also far less accurate (not to mention far slower), this presents endless benefits for financial organizations.
“A key part of the solution will be using artificial intelligence engines and machine learning methods to comb through the growing repository of digital data about each of us to better verify identity,” McIntyre wrote.
Having the ability to sift through organized data that’s collected using powerful software, instead of relying on a team of data scientists to interpret what accounts have been breached, and how they were breached, is the only way to devise sustainable business practices and be fully prepared to fight fraud.
The stakes are getting higher than ever, and the fraudsters are getting smarter. It's up to banks to invest in the right fraud detection measures that can keep up with the rate of which fraud is spreading.
