Identity fraud is a major concern for any company, particularly for those in the financial industry.
One scam you need to guard against is synthetic identity fraud, a fast-growing type of identity theft that uses a combination of real and fake information. Sometimes known as Frankenstein IDs, criminals create these fake identities by stitching together a false name, a real date of birth, and a stolen social security number or by using other fraudulent combinations.
Because synthetic identity fraud uses some legitimate information, you may find it more difficult to catch. With these IDs, fraudsters can open bank accounts, apply for loans and acquire credit cards and never have to pay back the money.
How Does Synthetic Identity Fraud Happen?
Synthetic identity fraud begins with the theft of a Social Security number. Scammers can either steal the information themselves from discarded documents, purchase it from the dark web or acquire it from a data breach. Sadly, it’s not that difficult to obtain this information.
Next, the cybercriminal creates an account or accounts using the SSN with a fake name, address and date of birth to create a false identity. Once they’ve created this synthetic ID, fraudsters will use it to take out loans, apply for credit cards and build a credit history until they are caught. Sometimes they are able to use the fake ID for months or years before their scheme is revealed.
Synthetic IDs allow identity thieves to practice bust-out fraud, a scheme that involves opening fake accounts and establishing good credit — in the beginning. Once the scammer establishes good credit and healthy credit lines, they max out all of the credit available to them and then disappear.
Finding these fraudsters is incredibly difficult because there is no trail leading to them. The only trail is to the person whose stolen SSN they’ve used. That person may have some difficulty proving that they are innocent and must prove that the fake information came from a thief. Usually, the creditors send the accounts to collections and eventually write them off.
Who Is Responsible? Synthetic Identity Fraud & Financial Institutions
When it comes to synthetic identity fraud, financial institutions bear the brunt of the losses associated with the crime.
The loss from these incidents is steadily rising, growing from $1.8 billion in 2019 to $5.8 billion in 2021. While ID theft can cause individuals financial problems, such as ruining their credit temporarily, consumers are not responsible for most of the financial losses due to this scam if they act quickly.
By reporting your ID theft to the FTC within two days of your becoming aware of it, you will only have to pay a maximum of $50 for any fraudulent use of your bank account and credit card accounts. If you delay reporting these issues, you or your company could end up owing a lot more.
Most of the burden falls upon the financial institutions. Since clients are not responsible for fraud perpetrated against them, it’s the banks, investment companies and other organizations who must take the loss. And money isn’t the only problem. Consumers tend to blame the institution for the ID theft.
Financial Costs of Synthetic Identity Theft
Lenders suffer great losses from synthetic identity theft for several reasons. Since it is a long-term scam, the fraudsters can earn large lines of credit before cashing out. They often rack up large loans with no intent to pay them off.
Also, the stolen Social Security number lends legitimacy to the fraud, making it difficult to detect. These scams can continue for years, allowing the thieves to steal huge sums.
AML/KYC Compliance Risks
Financial institutions must satisfy federal regulations, including those governing AML and KYC. Synthetic fraud makes money laundering easy and often untraceable, meaning thieves can more safely “wash” their stolen money by passing it through financial institutions as business profits.
While this deception is not the fault of financial institutions, they do have a responsibility to conduct due diligence. If the government finds that you did not take stringent measures to detect this fraud, your company may face millions in AML/KYC compliance fines. You are responsible for taking proactive measures against synthetic ID fraud. Law enforcement is responsible for catching the perpetrators.
A Loss of Brand Trust
Consumers are unforgiving when it comes to data breaches and identity theft. They often blame the institution that fell for the fraud as much as the people who stole the money. Any company linked with fraudulent schemes often loses customers. These scams particularly affect financial institutions.
In 2019, major financial company cyber thieves breached Capital One and stole sensitive information from more than 100 million customer accounts. This information included Social Security numbers, addresses and credit scores. The day after the scam was revealed, Capital One shares plunged. In many of these instances, consumers run to rival companies they consider safer.
Preventing Synthetic Identity Theft Within Financial Institutions
You can help protect your company’s reputation, bottom line and consumer base by practicing the following safeguards:
- Implement biometrics when onboarding new customers: By using biometrics such as facial recognition, fingerprints or iris recognition when onboarding new clients, you lessen the chances that their accounts will be breached.
- Utilize multi-factor authentication: Enhancing your customer log-ins with multi-factor authentication greatly increases your security. You can easily have your customers enter a code from an email or SMS as well as their username, phone number and password to thwart potential thieves.
- Apply machine learning to detect suspicious activity: Certain algorithms allow your platform to detect unusual behavior by customers. Machine learning can flag suspicious purchases, geographic locations, malware threats and unfamiliar devices and require the user to go through more security checks before finalizing the transaction.
Extra Precautions You Can Take to Prevent Synthetic Identity Fraud
As an individual, you can take your own steps to prevent synthetic identity fraud. Some recommended actions are:
- Keep an eye on your credit: You should regularly check major credit agency reports to make sure no fraudulent purchases show up.
- Freeze your credit: If you suspect that you are a victim of ID fraud, you can contact the major bureaus and freeze your credit, making it so no one can access your credit files. That means no more scam accounts can be created while you address the issue.
- Be smart about what you share on social media: Do not overshare on social media. Never give out your address, the model of your first car or other information often used to verify your identity.
- Don’t give out your SSN if not necessary: Never give out your SSN if someone contacts you and asks for it. If you contact a financial institution, they may ask you to verify the last four digits. That is fine as long as you have instigated the contact and have reached a legitimate site.
- Subscribe to an identity protection service: For a fee, identity protection services will monitor your credit for signs of fraudulent activity.
Protect Your Organization from Synthetic ID Scammers With Jumio
Your organization risks being the target of financial crime. Taking basic security measures isn’t enough anymore. To protect your company and your clients, you need to use the latest, most sophisticated security technology.
Jumio offers a user-friendly system that includes biometrics and eKYC solutions. Typically, we implement the following services for our financial customers to protect them from synthetic ID and other types of fraud:
- Device Risk Check: Runs in the background before the person has entered any information. This risk signal helps identify scammers who use the same laptop or other device to run a series of fraudulent transactions.
- Social Security Number (SSN) Check: Verifies the person’s Social Security number to make sure it is legitimate, it belongs to the applicant, its owner is not deceased, and the name and date of birth in the SSN database match the information on the person’s ID.
- ID Verification: Verifies the user’s passport, driver’s license or other ID is a legitimate, government-issued document and extracts the person’s name, address and date of birth.
- Identity Verification: Compares the person’s selfie to the photo on the ID to make sure it’s the same person.
- Liveness Detection: Makes sure the person in the selfie is physically present, not a spoof.
- Email Risk Check: Verifies the reputation of the email address, including its age and whether it’s been used in fraudulent transactions.
- Phone Number Risk Check: Verifies the reputation of the phone number by looking at a variety of factors.
After running these services, Jumio returns an overall risk score as well as details on these checks. This gives banks and other financial services the tools they need to automatically reject high-risk transactions, automatically approve low-risk transactions, and easily investigate and quickly make a decision on any transactions that might require manual review.
For more information on how Jumio can help you safeguard your business, contact us today.
Originally published May 13, 2022