Your Face as a Fraud Signal

Defending Against Synthetic Identity Fraud

Synthetic identity fraud is one the fastest-growing — and hardest-to-detect — forms of identity theft in the U.S., according to the U.S. Federal Trade Commission.

Synthetic identity fraud is responsible for up to 20% of credit losses and costs lenders billions each year, according to Auriemma Consulting Group.

Synthetic identity fraud is when criminals combine both real and fake information to create an identity. Cybercriminals use a concoction of disparate data. This might include real information including a person’s Social Security number or address which is coupled with fake details, such as a name, phone number, email address and falsified ID documents.

Once this fictitious person (synthetic identity) is established, the criminal can open fraudulent accounts, increase their credit and make fraudulent purchases. Others may open accounts and use them responsibly for months or even years in order to build up the credit score and history. The higher credit score allows the fraudster a bigger windfall down the road.

These synthetic profiles are really hard to detect because oftentimes the person who had their information stolen is not directly impacted. In fact, 85% to 95% of applicants who were identified as synthetic identities were not identified as high risk by traditional fraud models that normally detect traditional identity theft.

Defending Against Synthetic Fraud

Because of the sophistication of synthetic fraud, there isn’t a simple panacea. Banks and other financial institutions need to take a multilayered approach that relies on advanced data, analytics and technology — and one that focuses on identity. Too many financial institutions depend solely on basic demographic information and snapshots in time to confirm the legitimacy of an identity. These organizations need to think beyond those capabilities. The real value of data in many cases lies between the data points.

How Jumio Face Lookup Can Help

Evaluating historical transactions and velocity in which basic demographic attributes and photos on ID documents can provide more confidence during the identity verification process when the new account is opened. For example, if a Social Security number is used frequently to apply for credit within a short period of time — particularly with different addresses — it could indicate fraudulent behavior.

Another common signal is when fraudsters create falsified ID documents with different data points such as name or address, but use the same photo (sometimes even using their own face) when creating new accounts. That’s why Jumio is launching Face Lookup as part of our automated identity verification solutions. This new feature, available at no additional cost, is able to flag potential fraudulent activity when we spot the same face being used across multiple verification attempts.

Here’s how it works.

  1. Face capture: The user captures a picture of their government-issued ID and corroborating selfie when applying for a new account online.
  2. Face detection: Our AI algorithms ensure that there is a face present within the image/selfie.
  3. Facial digitization: Both the photo on the ID and the selfie are digitized and stored within Jumio’s facial database.
  4. Face search: Jumio searches both face images (ID image and selfie) in our facial database.
  5. Matches returned: If we find additional instances of that digitized face, we will return the findings to the customer (along with the transaction number so they can cross-reference the findings for anomalies).

If we find duplicate faces from previous verification transactions within our platform and there’s a mismatch in key contact fields such as name, address or date of birth, this is certainly a powerful fraud signal and an important synthetic fraud tell. Once potentially fraudulent behavior is detected, financial institutions need to deploy secondary identity checks (such as remote document verification) prior to a lending decision.

By the way, finding the same face multiple times may also prove useful in and of itself. If Jumio can flag that a legitimate user may have opened more than one account in your system using the same ID document, this may be a data hygiene issue that needs to be addressed. Or it may suggest that a legitimate user is having trouble with your platform or their account.

If you’re an existing Jumio customer, ask us about Face Lookup and we’ll activate it at no additional cost. It’s an important data point that just might help you nip synthetic fraud in the bud before incurring a significant write-off.