As the heavy societal reliance on web-based technologies and processes utilized to facilitate every-day life continues to grow, there has been a nearly symmetrical rise in the prevalence of cybercrime and fraud schemes seen over the last decade alone. Arguably the fastest growing form of cybercrime is fraud propelled by identity theft. Despite the potential risks of identity theft becoming common knowledge in the 2020’s, with citizens being more cognizant of the need for personal account security than ever before, fraudsters have been quick to adapt their already intricate practices to exploit alternative loopholes in the defenses of the average individual, spawning a new breed of highly-sophisticated cybercrime coined “synthetic identity theft.”
Traditional identity theft is generally a simple concept (making it an attractive vehicle for even a novice fraudster to potentially make a significant profit at the expense of others). A criminal or other unauthorized party would essentially pilfer someone’s personal identification information (i.e. SSN, bank account info, credit card numbers) and use it to commit financial crimes with the criminal in this case simply pretending to be a person that already exists. Synthetic identity fraud/theft however is a far more complex process. In this form of financial crime, a criminal uses a combination of both legitimate and fake information to create a completely new identity, with the “real” information utilized being stolen or the byproduct of hacking or phishing exploits. This fake person then uses this new identity to open accounts and commit financial crimes that almost always go unnoticed simply because there is no clearly identifiable victim in this form of fraud.1 Furthermore, individuals engaging in this form of fraud can create virtually as many identities as they want and use them to simultaneously, allowing them to apply for multiple lines of credit at a time and effectively steal money from creditors, keeping this vicious cycle going for as long as they are able to continue stealing the personal information of unsuspecting individuals. In a recent publication titled “The $6B Synthetic Identity Fraud Problem And Assessing Customer Identity”, Forbes Councils Member Robert McKay chronicled many of the means by which criminals go about legitimizing their synthetic accounts. McKay writes:
“The most common example is of a fraudster stealing a real Social Security number (often from a child) and combining it with fake contact information to apply for credit. The initial request will often be denied, but the denial creates a profile with that Social Security number in the credit reporting system which legitimizes the fake identity. The fraudsters will keep applying, often moving down market to smaller financial institutions with less mature identity verification processes or direct to retailers, until a request is granted.”2
McKay continues, noting that while the perpetrators may use their newly-acquired credit responsibly for an indefinite period of time to build the credit score for the fake individual, the end goal is to max out their lines of credit/loans and ride off into the sunset with a significant sum of cash.2
Altogether there are generally two types of synthetic identity theft: Manipulated synthetics and manufactured synthetics. Manipulated synthetics involve identities based on a real person with minimal changes to the SSN and other components. People using these may not be career criminals but rather they may be someone trying to gain access to credit to make purchases they otherwise would not be able to finance under normal circumstances. Manufactured synthetics on the other hand are much more malicious. These identities pull valid data from multiple sources and create what has been called a “Frankenstein” identity given the patchwork accumulation of personal identifiable information from multiple real sources used to create the fake identities.3 Many of these novel accounts also use social security numbers chosen from a similar range to that used by the United States government when randomly issuing new SSN’s. One can only begin to imagine the potential complications arising from these developments, and United States and international regulatory bodies have begun to take notice.
The scope of synthetic identity fraud is rapidly growing, with this form of crime alone estimated to be costing financial institutions $6 billion annually at current, with no signs of slowing down any time soon. Given that a customer reporting losses or a compliance department catching suspicious activity is how fraud typically gets identified and later resolved, the case for synthetic identity fraud is quite different. With the social security numbers utilized in these cons either being fake or stolen from children, homeless or even the deceased, the chances of the proper checks and balances being made in this regard are highly unlikely. However while synthetic identity theft it is a uniquely difficult type of fraud to fight, many believe it is still preventable. BSA departments must be especially vigilant with their KYC and onboarding of new customers given that all of the information provided by fraudsters upon account opening may technically be legitimate. As such, checking individual elements of the identity only without the full context taken into account is useless in preventing this form of crime given that the information is easily manipulated. The solution is to evaluate each identity element alongside identity markers. This means comparing data points and seeing if there are connections between them (i.e. the relationship between names, SSN’s and addresses or potential businesses). In addition to the strength of the connection between identity elements, the frequency of interactions between them must be evaluated as well. The implementation of effective risk-rating and enhanced due diligence solutions such as those provided by Global RADAR can help to automate this process and lead to increased efficiency in identifying and deterring crimes of this nature – assisting financial institutions and their clientele in maintaining their financial integrity.
Citations