Officials representing the United States’ central banking system and the government agency responsible for combating financial crimes are warning banks that a dangerous type of identity fraud is likely unknowingly flourishing in their portfolios and trade lines which has been tied to money laundering, terroristic funding, and other illegal activities. Not only can this result in significant material loss to their organization, but the business may be subjecting itself to regulatory risk as well.
During a session at this year’s virtual MoneyFest, put on by Money 20/20, Jim Cunha, SVP of Secure Payments & Fintech at the Federal Reserve Bank of Boston, and Carole House, Cyber and Emerging Technology Policy specialist at the Financial Crimes Enforcement Network (FinCEN) shared their knowledge about the growing threat of synthetic identity fraud.
Rather than providing a stringent definition of synthetic ID fraud, as there is no industry standard today, Jim stated that this type of fraudster’s goal is to create a new, fictitious identity that looks like a legitimate person with a good credit score, typically using fake or stolen PII. He continued by calling out that the objective is to use the synthetic ID to steal or launder money which is then funneled to fund terrorism and other illicit activities.
Carole added that remote operations and the reliance on digital onboarding brought on by the COVID-19 pandemic have resulted in a significant increase in fraud, highlighting underlying weaknesses in the ecosystem as well as the need for financial institutions to integrate a reliable identity verification and fraud solution.
Jim went on to explain that synthetic identities are nurtured over several months or even years, acting as “sleeper” accounts that slowly build a good credit history before “busting out” by maxing out a trade line and then going dark. A synthetic identity may even be building credit for other synthetic identities by adding them as authorized users to an existing account.
Why is there so much synthetic ID fraud occurring in the marketplace? Fraudsters have increasingly been locked out of PII-reliant activity, so they have evolved their manner of operating to take advantage of inherent weaknesses in identity verification and fraud processes. As Jim pointed out, creating 100 synthetic IDs is much easier than recruiting 100 money mules. From a monitoring standpoint, Jim says that financial institutions are focused on verifying creditworthiness when onboarding a new customer versus conducting effective identity fraud screening.
Carole added that some banks decide not to undertake identity verification checks for fear that it adds to their cost or creates too much friction within the application process. She was hasty to emphasize that financial institutions have a responsibility to form “reasonable belief” that the customer they are onboarding is who they say they are, citing it as core to CIP and KYC regulatory requirements.
Both Jim and Carole agree that synthetic identity fraud has invaded a number of unexpected industries beyond banking, including auto loans, healthcare, insurance, tax return filing, and utilities.
Both the Federal Reserve and FinCEN have created initiatives to help the financial services industry learn more about this elusive type of fraud. Jim emphasizes that education is paramount as many banks still do not understand synthetic identity fraud or believe that they could be targeted. In this regard, both organizations participate in seminars and events, such as the session they did at MoneyFest. Additionally, Jim and his colleagues at the Federal Reserve have written three white papers on the subject.
In terms of solving synthetic ID fraud, Jim stressed it must be a collaborative effort across the industry because there is very little good data. Each financial institution should conduct link analysis across their entire portfolio to check for anomalies, such as whether multiple customers are using the same Social Security number. Better yet, he encourages institutions and the industry at-large to work together. “More data is better, as long as it’s good data,” he concluded.
The Socure Solution
To address the growth in synthetic identity fraud risk, Socure recently launched a new and innovative approach with its latest module, Sigma Synthetic Fraud. Relying heavily on feature engineering and data source analysis as well as applying both supervised and unsupervised machine learning models to derive a common definition of synthetic identity fraud, Socure developed classification models that have proven highly effective in identifying and combating this elusive type of fraud.
Socure also acknowledges that mitigating synthetic ID fraud must be a collaborative effort. The Sigma Synthetic Fraud solution is powered by a rich set of feedback data from a consortium of clients which is aggressively analyzed and cleansed to maximize and amplify risk signals. Clustering is applied on top of baseline ML pattern recognition to further segment and identify fraud attack methods. When combined with other proprietary processes, Socure achieves up to 90%+ fraud capture in the riskiest 3%.
Because synthetic identity fraud is only one piece of a robust risk and identity verification program, Socure provides a multidimensional view identity with its Socure ID+ platform which includes Intelligent KYC to address CIP and KYC compliance. Incorporating a wealth of data sources along with advanced graph analytics and unsupervised machine learning, it produces more expansive and actionable insights. Socure ID+ also includes Sigma Identity Fraud that leverages machine learning models which have been purpose-built for specific industries and trained with feedback data to tackle targeted third party fraud patterns and produce real-time actionable risk scores and reason codes, in addition to Sigma Synthetic Fraud.
Participate in a Sigma Synthetic Fraud POC
Socure is seeking additional financial institutions to participate in a Proof of Concept (POC) initiative for Sigma Synthetic Fraud. Interested organizations should be seeking comprehensive KYC, AML, and identity fraud solutions. For the Sigma Synthetic POC, institutions are asked to submit a statistically significant number of account records, and Socure can assist with labeling when needed. Socure will respond with lift charts and corresponding fraud capture rates and cluster analysis, providing helpful interpretations for Sigma Synthetic scores and the percentage of likely synthetic ID manipulations. For more information on participating in the POC, please contact firstname.lastname@example.org.