Regulators warn about fraudsters creating synthetic borrowers
Information cobbled together from multiple people used to make fake identities, establish credit
The financial technology industry that’s upending consumer finance could be the solution to a kind of identity fraud that’s dogging traditional banks and fintech companies alike.
It’s called synthetic identity fraud, where instead of stealing one person’s information, criminals synthesize a false identity using information from many people — usually those unlikely to monitor their credit, like children, the elderly, prisoners or the homeless. Fraudsters then establish a credit history for the fake person over time until they can trick banks or financial technology companies into lending them money.
Although most synthetic identity fraud affects credit card and loan products, person-to-person payment applications could be equally vulnerable, according to federal authorities who are monitoring the problem.
[Capital One hack gets attention of Senate panel, New York AG]
The Federal Reserve issued warnings about the practice, and is expected to release a report early next year on ways financial companies can mitigate the problem. A major part of the solution will come from financial technology companies, the Fed said.
“Fintechs are developing artificial intelligence and money laundering models to detect synthetic identity patterns in card and loan applications, among other product areas,” Jim Cunha, who heads the Secure Payments and Fintech division at the Federal Reserve, said in a statement to CQ Roll Call.
Cunha, who is also vice president of the Federal Reserve Bank of Boston, authored the Fed’s most recent synthetic identity fraud report, which came out in October. Other industry leaders agree that technology will aid the solution.
“The speed of innovation means greater business solutions, but also presents greater challenges,” said Amy Zirkle, vice president of industry affairs at the Electronic Transactions Association, which represents more than 500 fintech companies. “Addressing these challenges is top of mind for all of our members.”
Artificial intelligence could help spot anomalies in customer behavior patterns to detect the fraud, the Fed’s October report said.
“No single organization can stop wide-ranging, fast-growing synthetic identity fraud on its own,” the report said. “It is imperative that payments industry stakeholders work together to keep up with the evolving threat posed by synthetic identity fraud, which includes anticipating future fraud approaches.”
Detecting it could require further innovation than currently exists, though. ID Analytics, a credit and fraud risk company, in a report this year said fraud detection computer models failed to flag as much as 85 percent to 95 percent of potential synthetic identity fraud applicants.
The ability to instantly verify that a name and Social Security number match may be a first step. The Social Security Administration is scheduled to roll out a pilot project in June that will provide such instant verification. The current version can take up to several days to verify a match, according to the Fed.
The Fed touted Social Security’s pilot project as a helpful tool, saying the initiative seeks to “educate the industry, create a sense of urgency, and influence action.”
Synthetic identity fraudsters have shown a willingness to invest substantial effort into maximizing profits cultivating synthetic identities over a long time by making small payments on the account to increase its legitimacy and earn credit line increases. Once the credit lines are large enough, the thief vanishes with cash or easily convertible goods, a move called “busting out,” according to the Fed.
Sometimes, after the bust out, a fraudster will falsely report that the synthetic identity is the victim of theft and may succeed in resetting the credit lines and repeating the process. The industry that’s grown around protecting personal information is tracking the rise in such crimes.
“We’ve seen dramatic spikes [in synthetic identity fraud] in the past few years on applications for new credit and service products in the U.S. such as credit cards, online loans, and new smart phones,” Ken Meiser said in an email to CQ Roll Call. Meiser is the chief compliance and consumer support officer for ID Analytics, a division of Norton Life Lock. “While the problem isn’t growing as rapidly as it was in 2015-2017, it remains on the rise and at an all-time high.”
While financial companies are the main targets, people can still feel ill effects. Cunha recommended freezing or at least monitoring the credit reports of vulnerable loved ones such as children or elderly relatives.
“It definitely seems to be more of a U.S. problem because of our Social Security number being the identifier and also how much personally identifiable information has been exposed,” Cunha said.
[Opinion: Rethinking Social Security Numbers in the Modern Age]
Norton’s Meiser added that victims of identity theft spent an average of six hours correcting issues resulting from the fraud.
The House Financial Services Committee’s Task Force on Artificial Intelligence held a hearing in September in which a digital fraud expert, Amy Walraven, testified about the threat of synthetic identity fraud and the need to develop better digital identity verification.
But lawmakers haven’t touted any legislation to accomplish what Walraven and other fraud prevention experts are recommending — a secure digital identity verifier. That would replace Social Security numbers as means to identify a person, with the idea that they would not be shared in an unsecure environment, such as on medical forms or lease applications.
The total amount of fraud has been difficult to calculate. But Auriemma Group, a research and consulting firm that focuses on the consumer finance industry, tabulated that synthetic identity fraud cost U.S. financial institutions $6 billion and accounted for up to 20 percent of credit losses reported in 2016.
“Synthetic identity fraud is not a problem that any organization or industry can tackle independently, given its far-reaching effects on the U.S. financial system, healthcare industry, government entities and consumers,” the Fed’s October report said. “Industry collaboration can be a key step toward identifying trends and developing strategies to reduce specific fraud vulnerabilities.”