Losses from synthetic identity fraud are projected to increase to almost $5 billion by 2024 — this is double their current rate of $2.48 billion. When you take mitigation costs into account, this type of fraud is already costing financial institutions an estimated $6 billion per year.
To help you out, this guide looks at synthetic identity theft and explains what financial institutions can do to protect themselves and their customers from this growing threat.
What Is Synthetic Identity Fraud?
Synthetic identity fraud is when someone uses a combination of real and made-up details to commit bank fraud. For instance, someone may use a real Social Security Number with a fake name and address. Or they may use a stolen Social Security Number, a stolen name, and their real address. In other cases, they mix and match elements that are all stolen from different people.
Types of Synthetic Identities
The two main types of synthetic identities are manipulated and manufactured.
A manipulated identity features very small changes to Social Security Numbers and other identifying details. Criminals use these identities, but so too do consumers who are trying to hide poor credit histories. The latter often don’t necessarily even realize they’re doing something wrong, but they’re still putting your financial institution at risk.
A manufactured identity traditionally featured a mixture of real identifying features mixed together, earning it the name of a Frankenstein identity. Now, criminals are more likely to blend together fabricated details that closely mimic legitimate details. For instance, they may use made-up Social Security Numbers based on the same range of numbers used to generate real Social Security Numbers.
Synthetic Identity Fraud Vs. Identity Theft
With classic identity theft, a fraudster steals someone’s real identity. Then, they take over the victim’s existing accounts or use the victim’s identity to open new accounts. Again, with synthetic identity fraud, the fraudster uses a fake or synthetic identity rather than stealing a real one.
Usually, with identity theft, once the fraudster takes over an existing account or opens a new one, they commit the fraud immediately. This helps them to avoid detection. In contrast, with synthetic identity fraud, the fraudster bides their time. They want to make the account look legitimate so they often wait a while before generating significant losses.
Credit Card Bust Outs
Historically, synthetic identity fraud primarily focused on credit bust-outs. This is when someone uses a fake identity to open a credit card. Then, they use the card modestly for a few months and make all of their payments on time. In a lot of cases, this inspires the card issuer to increase the credit limit.
When the fraudster has the trust of the credit card company, they “bust out” by maxing out the card and never making another payment. Because their identity is make-believe, the credit card issuer can never find them or get the funds back.
New Types of Synthetic Identity Theft
Recently, however, fraudsters have expanded their targets. Now, they’re using synthetic identities to open demand deposit accounts and investment accounts. They use these accounts to perpetuate many different types of fraudulent schemes, but like the “bust out” schemes, they often devote a lot of time to building up trust before they initiate the fraud.
These fraudsters are skillful at using their accounts in ways that look legitimate so that they can escape detection for as long as possible. This makes it nearly impossible for financial institutions to spot fraud once the account has been opened.
To protect your financial institution, you need safeguards in place that help you spot synthetic identities during the account opening process. This may include looking for unusual credit file markers or a lack of information on the account application. It can also include checking Social Security Numbers.
Social Security Number Verifications
In 2018, The Economic Growth, Regulatory Relief, and Consumer Protection Act (also known as the “Banking Bill”) required the Social Security Administration to simplify verification processes for financial institutions. Now, you can use the electronic Consent Based Social Security Number Verification Service (eCBSV) to check if the Social Security Number, name, and date of birth correspond to a real identity when someone opens an account.
The system returns a simple yes, no, or a death indicator. It doesn’t provide any additional details. Your financial institution can use this program directly, or you can work through a third-party service provider. In all cases, you need the signed consent of the person using the Social Security Number. Unfortunately, this process can also delay the processing of new account applications.
A “Victim-Less” Fraud
Synthetic identity fraud doesn’t target consumers like traditional identity theft. This makes it a victimless crime for consumers, but of course, that means that a financial institution becomes the victim.
The “victimless” nature of this type of fraud makes it harder to spot. Generally, if someone experiences an account takeover or an identity theft, they report the issue to the bank as soon as they become aware of it. In contrast, there is no victim to become aware of the synthetic identity. Detecting this crime rests solely on the financial institution
Spotting synthetic identities is critical if you want to minimize the threat of these losses in your financial institution, but you need to set up safeguards that detect synthetic identities without creating unnecessary roadblocks for legitimate customers. Striking the right balance between fraud detection and customer satisfaction can be challenging, but it’s imperative if you want to stay profitable.
Get Help From SQN Banking Systems
At SQN Banking Systems, we are committed to helping our clients protect their financial institutions from all types of fraud. Fraud is constantly evolving, and our tools are always evolving to ensure that you stay one step ahead. Ready to learn more? Then, contact us today.