During the COVID-19 pandemic, the U.S. Department of Justice announced the conviction of four members of a Los Angeles-based fraud ring for using synthetic and stolen identities to submit at least 35 fraudulent loan applications seeking over $5.6 million in Small Business Administration loans under the CARES Act passed by Congress at the start of the pandemic1.
Synthetic identities are created by mixing real and fictitious identity information and they are one of the fastest-growing fraud strategies in the U.S. today. In addition to the application fraud referenced in the above indictment, synthetic identities can be used to apply for credit accounts and create a legitimate record with a credit reporting agency.
Criminals then build trust in the synthetic identity by using it in legitimate ways. The longer they operate legitimately, the larger their credit limits grow, increasing the payoff when they “bust-out” and leave the financial institution with a large unpaid credit line. It is difficult to track synthetic identity fraud because it is not well defined, and because it is easy to mistake for bad debt. Thus, any statistics or data on synthetic identity fraud are likely understating the problem.
The Federal Reserve’s FedPayments Improvement Committee2 is undertaking a project to address this confusion by creating an industry-wide definition of synthetic identity fraud, including the data elements that are used to construct synthetic identities and common uses, some of which do not involve the risk of financial loss. For example, one use cited by the Committee is credit repair, in which a borrower attempts to avoid rejection by adopting a new identity. Another is “fraud for living,” in which a person uses a fake identity to apply for employment or services (perhaps because they are an undocumented immigrant), with no intent to default on payment.
On a more sinister note, the Fed also points out that synthetic identities can be used to facilitate other criminal activity, such as money laundering, terrorist financing, and sanctions evasion. This makes it important for financial institutions to be proactive in detecting synthetic identities as part of their overall AML/KYC program, since they may not have been detected at onboarding.
McKinsey estimated in 2019 that between 10-15% of losses in a typical unsecured lending portfolio are due to synthetic identity fraud3. In 2020, the Federal Reserve found that synthetic identity fraud cost lenders $6 billion and accounted for 20% of credit losses4. Aite Group conducted a survey of 46 financial services fraud executives and found that half of them considered synthetic identity fraud to be their biggest concern in 20205.
Synthetic identities are good at evading traditional fraud risk models, because they have no history to evaluate, do not show up on lists of known fraudulent identities, and have no victim to notice unauthorized behavior on their account. In fact, if the financial institution flags a suspicious transaction, the owner of the synthetic identity can simply approve it as legitimate. These identities can be used to open deposit accounts for the purpose of receiving stolen funds, such as from a fraudulent unemployment claim or tax refund. In these cases, the use of real identity data can make it harder to detect the fraud. Banks and credit unions who allow these accounts to operate can get snagged in investigations, raising costs, and incurring reputational risk.
Since synthetic identities are specifically designed to defeat traditional expert systems and fraud models by emulating typical consumer behavior, an extra layer of detection and prevention is required. This way, known fraudulent synthetic identities can be shut down wherever else they may have been used, reducing the payoff for the criminals. More subtle patterns can be detected, reflecting the habits of the fraudsters behind the synthetic identities. As you can imagine, it can be taxing to maintain multiple synthetic identities, and criminals will tend to reuse transactions that have worked in the past.
Financial institutions need to rethink their current verification process and determine what’s best for their organization. Successful solutions have multiple layers to mitigate this type of fraud. Criminals continue to evolve their methods, and financial institutions must work to keep up. However, old approaches based on internal data are becoming obsolete. Seeking assistance from partners, like Early Warning®, provides FIs the confidence that the person is who you think they are. Through our contributed and acquired data, we are able to provide insights into synthetic and manipulated identities.
Early Warning’s industry-leading identity verification solution allows FIs to expand their customer base with confidence while also mitigating risk and fraud. To learn more about our identity verification solutions, check out our product page.