Addressing the Role of Synthetic Fraud in P2P Scams

Run into a crowded theater yelling, “Fire!,” and you could be held liable for inciting a riot. Yell, “Consumers are getting scammed!,” however, and until recently, you’ll likely get nothing but a passing acknowledgement. Fraud is nothing new, but it’s getting more insidious and being perpetrated with greater complexity across all varieties of consumer financial services. As a result, the federal government is applying increased pressure on the banking industry to apply effective fraud prevention measures, especially in light of recent findings about the massive rise in synthetic identity fraud.

If it’s possible to sweep financial loss under the proverbial rug, one could say that synthetic fraud has provided the model for doing so. The repercussions of this particular flavor of fraud have historically been borne by banks that are prone to write off their synthetic fraud losses as credit charge offs or first party fraud. When there’s no actual criminal to prosecute, it takes effort to determine who is ultimately responsible for the crime. 

This has set a bad precedent in multiple ways. For one thing, financial services companies have to absorb those synthetic fraud losses, but really, those costs are just spread among legitimate customers in the form of fees and other charges. Secondly, avoiding solving the issue of fraud—any type of fraud—enables a system that cannot be completely trusted, and that delivers bad outcomes for institutions, individuals, and communities. While no one goes unpunished, those who are playing by the rules are suffering the various consequences.

Synthetic fraud is finding fertile ground in new types of consumer financial transactions, especially with peer-to-peer (P2P) payments, and there’s increased awareness of the damage being perpetrated and the need to stop it. P2P payment fraud is rising in volume and damage; the head of the Consumer Financial Protection Bureau (CFPB), Rohit Chopra, said that the level and degree of P2P fraud is actually “frightening.” The past year has seen a spate of Zelle user scams and large numbers of victims from other P2P services. 

The rise and impact of synthetic fraud

The issue of fraud eradication is thankfully getting more scrutiny by banks, fintechs, and the government. Better fraud insights are uncovering the real economic cost of synthetic fraud, and financial institutions are applying better solutions both to eliminate fraud and to increase opportunities for valid customers. At the same time, the government is addressing broad fraud issues with better guidelines intended to protect consumers.  

To understand the growth of synthetic fraud and its reach, consider that statistics from the Federal Deposit Insurance Corporation (FDIC) indicate that 124 million U.S. households have at least one bank account. With that information, combined with an in-depth analysis of identity data on new applications for depository accounts conducted by Socure, we believe that synthetic identities make up between 1-3% of financial-institution and fintech direct deposit accounts (DDAs). 

Let’s do a little arithmetic on that to understand what it truly means: If we presume one account per household (which is actually a very conservative estimate), and then multiply that by 2% of all US bank accounts (that’s a conservative estimate of the number of accounts established by synthetic fraudsters), it means there are over 2.48 million synthetic identities hiding in open US bank accounts. From any perspective, that’s a meaningful number, and it’s growing daily.

The current economic climate is causing government agencies with a financial markets purview to initiate regulatory action with the goal of changing the strategies of fintech and traditional lenders, as well as banking institutions. The goal is not punitive, but rather, these are attempts to focus additional efforts on reducing credit, fraud, and compliance risks that already exist within their customer accounts.

As the synthetic fraud problem increases in severity and prevalence, banks can no longer ignore the damage being done to their customers and systems. But the question on the minds of most financial sector watchers is, why don’t banks and fintechs offering deposit accounts do a good job (or even a great job) of stopping synthetic fraud at the point of origination? One answer is that it’s seen as an impediment to customer onboarding. That response suggests that ease of access is prized over fraud elimination, especially if the bank or fintech offering depository accounts are not shouldering the majority of the financial loss. 

The sad truth is that many banks and fintechs see this as a binary issue, as in, you can have either a good customer experience, or less fraud—take your pick. But that answer won’t hold water much longer, especially in light of new mandates from the government that are intended to support consumers while helping banks and fintechs by providing more exacting requirements for fraud repercussion liability. 

Synthetic identities used for P2P scams

The issue is important enough that the CFPB is considering a proposal to shift liability from consumers to banks for scams involving peer-to-peer (P2P) payments. A group of six U.S. Senators is aggressively advocating that the CFPB invoke Regulation E of the Electronic Fund Transfer Act (EFTA) to protect consumers who have been scammed by fraudsters in the course of a P2P funds transfer.

Financial transaction scams come in many forms, and while P2P scams are increasing, not every P2P scam is funded through a deposit account held by a synthetic identity. Nevertheless, with the recent increase of synthetic attacks against DDA accounts, it’s reasonable to presume that a good percentage of these fraudulent scams are funded through these types of accounts. In fact, according to Javelin Strategy & Research, an industry research firm and consultant, nearly 18 million Americans—or about 7% of the adult population—were defrauded through scams involving digital wallets and P2P payment apps in 2020, the last year for which numbers are available.

These concerns are heightened by uncertain financial forecasts that may lead to a substantial economic downturn and subsequent credit tightening. Additionally, new proposals from regulatory bodies like the CFPB are looking at proposals to redirect P2P financial losses away from consumers and toward banks and fintechs who hold the accounts.

What we know of these fraudulent identities is that the risks they pose are hidden and have gone undetected, in some cases, for years. They come in a variety of forms; some are individuals looking to “bust out” and walk away from any financial responsibility, while others are orchestrated accounts that operate as money mules for fraudulent money movement. Irrespective of their intent, these identities create financial and compliance risks for Socure’s customers and for all banks and organizations that hold customer accounts for financial transactions. 

Synthetic fraud is no longer a surprise attack on America’s financial and commerce systems. The problem has existed for over 20 years, and will continue to plague all facets of the banking and financial systems until there is a coordinated effort among the government and public sector.

Right now is the time for responsible lenders to scrutinize the consumer identities of account holders to tease out financial and compliance risks before the potential reality of a changing regulatory and economic landscape puts them in jeopardy of enabling more fraud.