I am blessed with two beautiful, brilliant children. One is a dedicated public servant, and the other is laboring to save the planet, one plant at a time. The second works on a prairie restoration project in western Illinois, transforming old farmland back to its original state. She gathers seeds of native growths for replanting, eradicates invasive species, and regularly sends me pictures of the amazing looking bugs she encounters on the thousands of acres where she does her thing. The only risk is dodging hundreds of bison who roam the area, and who really don’t like people much.
As part of her previous studies, she traveled to China and Costa Rica for research, focusing heavily on pollination, as in how do you get friendly insects to do their thing so you can have a healthier and more diverse biosphere. She’s forced me to leave whole tracts of our property free from any chemicals that might mess with bees and other bugs that feed on the clover and even the weeds that they like. So I’m restoring my own prairie, whether I like it or not.
As an aside, I plan to skip hosting my own apiary, since bees make lots of honey, but not beer, which would make them more useful to me.
You know who else slowly cultivates and pollinates? You’d never guess. It’s fraudsters.
I really hate it when people corrupt a term. But pollination, which should only be a good thing, can also refer to a virulent method used by perpetrators of synthetic fraud to create phony identities, which they use to max out credit cards and loans. Let me tell you who does it, and how it works.
First, a brief description of synthetic identity fraud—third party fraud is essentially me pretending to be you. Synthetic fraud is me pretending to be a fabricated John Doe, someone who doesn’t even exist. In other words, I invent a whole new person. I may very well construct it from legitimate pieces of other identities, utilizing actual SSNs, emails, phone numbers, and more. But at its core, a synthetic identity is an avatar, a nobody. This is what makes synthetic fraud pretty complex. See, if I only pretend to be you, and you notice, you start making phone calls, and you shut me down. But if I pretend to be somebody who doesn’t exist, there’s no John Doe to complain. And herein lies the power of synthetic fraud. It has the luxury of time to bake.
And the longer a synthetic ID bakes, the more history it can take on, appearing more legitimate while flying under the radar. I can imbue that fake person with credit, with permanence. I can register the identity with the credit reporting agencies, get it a credit card, even make purchases and payments. This builds its credibility and a positive perception. Maybe it begins small with a starter credit card and limited credit line with few underwriting requirements. It’s used for purchasing small amounts of useless goods for a while, while regular payments build the credit rating. This sets the stage for a better card and higher credit line next time.
You might be thinking, “I see where this is going. With that great credit line, max out some cards and loans, then disappear.” But no. The situation is even worse. Now it pollinates.
Having built up the credit rating of my phony baloney person, more synthetic identities are added to the card in the form of authorized users. Real people do it all the time. They add spouses and children to their accounts, so the family can make purchases, payments are made from one place and everybody shares in that credit pool. Similarly, those additional fake people then inherit a positive credit reputation over time. Down the road, instead of maxing out a single card, the synthetic identities are able to max out and exploit a bunch of cards, and then disappear. Then, the cycle repeats.
So I am pollinating the criminal flower of my credit card with the pollen of my additional fake identities. Yeah, I know, it’s an odd metaphor, but I didn’t invent it. So sue me.
One synthetic perpetrator opened a credit card account using the address of a shopping plaza (a red flag that wasn’t caught). Subsequently, he added more than 50 authorized users to the card (a second red flag that wasn’t caught). If he hadn’t been so greedy, he might have gotten away with it.
Third party fraud, again, is me pretending to be you. I exploit your name and address and credit, but my email and phone. I have to pull it off quick. But synthetic fraud not only requires time, it affords time by not attracting much attention to the non-existent consumer. Synthetic fraud is often called a victimless crime because that consumer isn’t real, but in reality the banks and issuers are the victims.
At Socure, we’ve built the industry’s best solution for detecting third party fraud. And now, we have enhanced capabilities to battle synthetic fraud. We employ a number of techniques, data sources and machine learning models to root out synthetic identities. In addition, we’re partnering with the Social Security Administration for another layer of validation. Our accuracy in distinguishing good applicants from bad, and isolating synthetic attempts, is sky-high.
By encouraging pollinators, my daughter is greening the planet, and paying her bills. By fighting pollinators, Socure helps its customers flatten fraud, where the person paying the credit card bill is real, and I get to pay my own bills. And the person paying my credit card bill is a real person. No kidding, just check out my byline.
Jeff Scheidel is a technologist with 34 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.
Funny, This Doesn’t Taste Like Third-Party Fraud to...
You can’t prevent identity fraud if you don’t know what it...
How Do You Protect Your Online Business From...
As a longtime horror fan, I live for October. It’s nearly...