Something scary is coming. It is already all around us, in fact. It is half-machine, half-man, and here to trick organizations into opening its doors and welcoming it in. It is… synthetic identity fraud!
Okay, it is not quite as dramatic as cyborgs, but these fraudulent identities—combining details from real people with made-up information—are still cause for concern for financial and payments providers.
Synthetic Identity Fraud is Already a Problem…
In 2020, financial institutions lost $20 billion as a result of synthetic identity fraud. This type of fraud can take all sorts of forms: fake auto loan applications, Buy-Now-Pay-Later (BNPL) fraud, and refund fraud are all problems today—in 2020, those deceptive auto loan applications increased by an alarming 260%. And the applications to utilize synthetic, bogus identities made up in part with stolen information to defraud companies and harm the victims whose information was stolen go well beyond these examples.
To help build awareness for this rapidly-increasing type of fraud, the Federal Reserve in February of this year put out an explainer video about it. They cover what constitutes synthetic identity fraud, the areas we’ve seen it pop up, and the fact that these synthetic identities are also used to launder money, fund terrorism, or facilitate criminal activity. Synthetic identity fraud’s impact is far-reaching, and it’s already here.
…And It’s Only Going to Get Worse
Aite-Novarica Group believes that synthetic identity fraud for unsecured U.S. credit products is expected to grow from $1.8B in 2021 to $2.42B in 2023. It also found that, in a survey of top fraud executives, “synthetic identities resulting from application fraud” as the number one threat they are most concerned about in the near future.
Not only will the prevalence of this kind of fraud increase, the sophistication with which fraudsters will attack financial and payments institutions will also heighten. Just like phishing attacks have evolved—from the “advance-fee” scams that we often use as a punchline today for how obvious they used to be to an omnipresent threat impacting 81% of organizations—those aiming to dupe systems with synthetic identities are only going to get more creative with how they enact these attacks.
Here’s What We Can Do
What makes dealing with synthetic identity fraud so difficult is the perpetrator’s elusiveness. The combination of real and faked data is very hard to track, and it is easy for businesses and law enforcement to get frustrated by the process of finding the fraudster. Even worse, many of these criminals are playing the long game and keeping a low profile by taking out smaller loans than would raise eyebrows, paying their bills on time, and avoiding easy detection. It can feel like chasing the wind trying to investigate these folks.
So that leaves preventative measures as the most effective way of dealing with synthetic identity fraud. Stopping bad actors before they can even get in the door. Preemptively blocking this type of fraud is hard, but gets easier when identity data can be utilized.
Given the steps synthetic identity fraudsters have taken in advance (paying utility bills, opening bank accounts) to legitimize these fake identities, static data normally used to prevent breaches falls short of being effective. Real-time data that builds user profiles to determine identity-checking behaviors in the moment, when put in place at the point of account creation or login at a financial or payment portal online, makes it much harder for synthetic identity fraud to be successful. Historical activity intelligence of user’s online behavior is continually collected in these types of systems, making it harder and harder for someone to pretend they are someone they’re not without getting flagged. The very absence of any historical activity on an email address being used across a wide swath of websites and apps – normal behavior for legitimate online users – is a clear indication that this identity is more likely to be fraudulent.
It is just too expensive and unwieldy for would-be fakers to get past these checks; the number of different websites, diversity of activity, and length of time needed to convince these systems that they are a real person is far too costly.
Staying a Step Ahead
Identity intelligence at scale is the key to putting in effective preventative measures against synthetic identity fraud. Real-time data (rather than stagnant data) based on a billion or more daily activities, feeding into an identity check when needed, can be extremely effective in keeping these cyborg identities out of places they could cause damage. This protects businesses from financial damage as well as everyday people who have had their identity or personal information compromised.