Search Icon
Back to Resources

Did you know that 1-3% or more of open deposit accounts in the U.S. are held by synthetic identities, likely acting as money mules to fuel fraudulent money movement?

With such a high rate of fraud, there’s a full expectation that regulatory changes will eventually transform how banks and fintechs operate specific to these types of accounts. To combat risks such as synthetic identity fraud and money mules to their organizations, leaders must scrutinize the consumer identities within their existing accounts with tools that allow them to identify these synthetic and mule accounts – all while continuing to fine tune customer onboarding strategies and fraud controls.

Rates of synthetic identity fraud only continue to grow. Effectively addressing this threat starts with understanding the book of business that comprises your portfolio, who your customers are, and how those accounts are used and potentially abused for money mule activities.

Deposit, investment, and savings accounts are frequently used by money mules to launder money and fuel fraudulent money movement through P2P, wire transfer, ACH and other real-time payment rails. Fraudsters can use real people who are either aware or unaware of the scam, synthetic identities created using stolen or fabricated information and other fraudulent identity types to aid in the money movement. Synthetic identities are particularly challenging to detect because they often use valid Personal Identifiable Information (PII). Fraudsters can also use synthetic identities to open bank accounts, apply for loans or credit, and conduct other financial transactions.

When a top five U.S. bank wanted to identify customer accounts that could cause financial or reputational harm to their organization, it turned to Socure.

Synthetic fraudsters are attacking deposit institutions at an increasing rate. Socure analysis shows that 1-3% or more of open deposit accounts in the U.S. are held by synthetic identities, likely acting as money mules to fuel fraudulent money movement.

Socure Portfolio Scrub

As the leader in digital identity verification and fraud prevention solutions, Socure’s Portfolio Scrub helps fintechs and traditional banks uncover fraud and compliance risks that may have slipped through the cracks at, or after, account opening. This includes third-party and synthetic fraud risk, account takeover, high risk addresses, SSNs, emails, phones, and more.

The Portfolio Scrub analysis includes:

Accounts that may have been previously taken over

These valuable insights help organizations identify and understand their largest potential risk areas and receive individual, customer-level treatment strategies and remediation recommendations to reduce risk.

Socure’s impact

Working with Socure’s data science experts, this top-tier bank provided and tested ~2 million records of existing customer data for both credit cards and deposit, originating from digital and non-digital onboarding, as well as digital credit card businesses. Socure then ran the records through our Sigma Identity Fraud, Sigma Synthetic Fraud, KYC+, and Email, Phone, Address RiskScores and Correlation Value modules.

Socure found that ~2% of the bank’s open accounts exhibited high risk for either KYC compliance issues or identity fraud. These accounts exhibited invalid email addresses, phone numbers known to be associated with fraud, addresses for commercial reshippers, and a host of other signals highly correlated with fraud.

Additionally, 30,000 of the ~2 million accounts tested were opened by either a manipulated or fabricated synthetic identity, with a higher percentage of fabricated synthetic identities, which are known to incur significantly higher losses for banking institutions.

While analyzing the individual risk signals returned in the form of Socure’s proprietary reason codes, the team found that 0.76% of SSNs across the bank’s three lines of businesses were invalid, associated with a deceased individual, or did not resolve to the originating PII. Additionally, 25% of addresses being used as an individuals’ address were either invalid or commercial, dual-purpose, or prison addresses.

“Socure found that 30,000 of the bank’s ~2 million accounts tested were opened by either a manipulated or fabricated synthetic identity, with a higher percentage of fabricated synthetic identities.

Socure Reason Code Percentage of Accounts
R972 – Address is a commercial mail receiving agency or commercial mail drop ~0.2%
R709 – Address labeled as commercial or dual-purpose ~2%
R916 – Address labeled as invalid or does not exist ~6%
R932 – Address identified as correctional facility ~0.01%


Socure Reason Code Percentage of Accounts
R901 – SSN does not resolve to individual                                                                       8%
R907 – SSN reported as deceased 0.25%
R913 – SSN invalid 0.06%

Moving forward

Alone, these individual PII elements may not have flagged an account as high risk. However, financial institutions can’t afford to lack awareness of the potential risk within their portfolio.

Armed with real insights into the risk of its existing portfolio, this bank worked with Socure to implement custom remediations such as additional account monitoring or step-up authentication such as eCBSV, as well as using Socure’s DocV solution for document and live selfie validation.

It’s critical to understand and reassess current onboarding strategies to prevent invalid information or risk, in any form, from coming into your ecosystem. Now is the time for responsible financial institutions to take a deep look at the consumer identities of account holders to tease out financial and compliance risks, before the potential reality of a changing regulatory and economic landscape puts them further at risk.

Who’s lurking in your portfolio?

Learn how Socure can help.