Search Icon
Back to Blog

With regulators considering shifting liability for certain consumer scam losses on to “receiving” banks, proactively auditing your portfolio of customer accounts is critical. Financial institutions can no longer afford to ignore the synthetic identities and money mules lurking in their customer base — and those who do face steep compliance penalties and reputational damage…and eventually massive financial loss.

Socure Principal Campaign Leader, Emma Cross, recently sat down with Senior Manager of Solution Consulting, Nick Collinger to discuss why it’s critical that financial institutions get a handle on what risks may be lurking in their portfolio.

Read on for the Q&A or watch the LinkedIn Live replay here!

Q: Can you explain to us why institutions should audit their customer base for money mules before the end of the year?

A: There are two major reasons I’d point to. The first is going to be macroeconomic. With the impacts from COVID, fraudsters are using those events to turbocharge their activity. We’ve seen massive increases in the rate of synthetic fraud across a number of different institutions and financial products, including demand deposit, savings, and investment accounts, as well as credit cards. 

All of that is happening simultaneously to a shift in liability coming from regulators. 

For scams and other nefarious activities that mule accounts are being used to perpetrate, regulators are pushing back on the industry and proposing that the receiving bank take the financial loss from authorized push payment schemes. There is a potential for institutions to rapidly incur large losses.

Socure analysis shows a 1% to 3% rate of synthetic identities for banks and fintechs who hold deposit accounts. We’ve also seen regulators levying fines against large FIs, fintechs and even money movement platforms for these types of money mule synthetic fabricated accounts. There’s certainly a lot that is keeping money mules top of mind. 

Q: I understand we’re currently working with several organizations to help audit their customer base. Can you share some of those findings from our initial scrubs?

A: One that comes to mind is captured in a recent case study. We received approximately 2 million records from this institution to test. Of the 2 million records, we identified about 500,000 disparate identity risk signals. Now, those aren’t all going to be on individual accounts. The 500,000 signals included undeliverable email addresses, VoIP phone numbers, or commercial addresses listed as residential. It’s a really overwhelming amount of signal and detecting the signal within that noise can be very challenging.

For our most recent portfolio scrub, we saw that almost 2% of the 2 million accounts tested were actually fabricated synthetic identities. This was concerning, especially because this client had a very sophisticated approach to synthetic risk at onboarding. Clearly these fraudsters had developed techniques to bypass their strategy and were leveraging and turbocharging their attack to get these accounts onboarded. 

Q: When an organization comes to us and says, help me find the risky identities in my portfolio, how does the process work? What can they do next?

A: It’s a pretty straightforward process.The first thing we want to do is target a population that is appropriate for the client. Some clients may want to do their entire portfolio and scrub 30, 40, or 50 million active accounts because they want to make sure that there is absolutely no doubt about what’s in their portfolio. 

Alternatively, other clients might want to look at the most recent two to three years of new accounts and focus on those because those are the portion of the portfolio they have less certainty about. 

Once we’ve settled on the appropriate size, we work closely to encrypt and securely transfer the data. We’ll need a current snapshot of the accounts, including if there have been recent phone number or address updates. 

We’ll complete our analysis in a few weeks, and then we’ll provide the client with a fully scored file. This includes every Socure model score and every reason code that we’ve developed, all appended back to the file. 

In addition to that, we’ll create an executive-level summary detailing all of the different risk signals that we’ve identified. We’ll also include the logic used to identify those risk signals so our clients can recreate the analysis on their side. Then we’ll share where we think the largest risk exists, as well as provide recommendations from our subject matter experts on how to best mitigate. Our fraud investigation team is heavily involved in this process and will analyze the real identities to get a sense of the types of risk that these fraudsters are manifesting.

The summary will also highlight both manipulated and fabricated synthetic identities. We’ll also identify compliance risks, such as where we see deceased identities, deceased Social Security numbers (SSNs), bad addresses, commercial addresses, PO boxes, correctional facilities, and third-party risks. 

Because we want to capture the most recent email and phone number, we can look for third-party fraud in the form of account takeover risk associated with bad phone numbers or risky emails, as well as anywhere we’ve seen this identity in our Socure Risk Insights Network. We’ll leverage our network to provide feedback to see if this email or phone number has been compromised elsewhere. All of that data is then returned back to the client on a record-by-record basis. 

Once we’ve presented our findings, we’ll work closely with our clients as they continue to digest the results. So if they’re performing manual reviews or if they’re taking action in an automated fashion, we’ll help the client observe that feedback. Then we can refine any risk signal across the portfolio and provide the client with detailed insights to show where they’ve identified the most risky pockets. 

Learn more about how Socure Portfolio Scrubs can help identify risk lurking in your portfolio here, and download our eBook: The Hidden Risk of Money Mules.


Socure is the leading platform for digital identity verification and trust. Its predictive analytics platform applies artificial intelligence and machine learning techniques with trusted online/offline data intelligence from email, phone, address, IP, device, velocity, and the broader internet to verify identities in real time.