Last year was a whirlwind for everyone, but for fraudsters it was a bonanza. The sudden and widespread pivot to digital channels for everything from banking to buying groceries was the perfect convergence for criminals to ramp up their attacks.
One facet of fraud that flashed mixed signals from 2020 is synthetic identity fraud. Synthetic Identity (ID) fraud happens when criminals create fictitious identities by combining stolen personally identifiable information (PII) like Social Security NumberSPs (SSN), birth dates and addresses with other made-up details.
Fraudsters then use the newly-minted synthetic ID to apply for credit cards, loans and other credit products. This kind of fraud is difficult to detect, can lead to billions in losses for FIs and continues to evolve and get more sophisticated.
Estimates of synthetic ID fraud loss range from “10-15% of lender’s losses each year” to “$12 billion in losses for 2020.”
Up or Down? Hard to Say
Interestingly, as pandemic restrictions took hold and remained in place, Transunion reported that in Q3 2020 synthetic ID fraud declined “35% for personal loans, 33% for credit cards, and 23% for auto loans and leases compared to Q3 2019.”[i]
On the other end of the spectrum, experts are warning that synthetics are deeply embedded in financial institutions (FIs) – and concerns are still high in boardrooms and in the trenches. A recent Aite report notes that “the vast majority of FIs…(70%) believe that synthetic identities are a much more challenging issue than identity theft”.[ii]
The hard reality is that organizations are simply not identifying synthetics in the application process, because they look just like thin or no-file consumers and do not raise additional fraud flags.
Let the Data Do the Talking
SentiLink, a Zoot partner and a leading provider of synthetic identity fraud solutions, has some fascinating data. In Q1 ’21, SentiLink detected synthetic fraud in about 1 percent of all the applications they verified. But the level varied widely across verticals, ranging from an average or 60 fraudulent applications in personal loans to an average of 178 in credit cards.
SentiLink also analyzed tradelines for over 1400 known synthetic identities. Their research uncovered that three of four synthetic identities (74%) had a bank or co-branded card, one in two (50%) had a retail card and one in five (22%) had an auto loan.[iii]
Given that alarming rate of incidence, it is no surprise that organizations are concerned about synthetic IDs. Perpetrators of synthetic fraud are patient and may wait for years before cashing in and disappearing. And once the fraudsters do bust out, FIs get hit with a “double whammy…[of] absorb[ing] the loss…[and] trying to collect from someone who doesn’t exist.”[iv]
Estimates of synthetic ID fraud loss range from “10-15% of lender’s losses each year”
Since synthetics are hard to identify once they are in the portfolio, FIs are keen to keep them out in the first place. One of the best ways to stop them is to implement a synthetic-specific scoring solution that puts a numeric value on the likelihood of an applicant being fraudulent.
By quantifying a number of diverse and varied criteria like name, address, SSN and more, scoring solutions allow FIs to set minimum/maximum thresholds for their fraud risk tolerances. Providers (and Zoot partners) like LexisNexis and SentiLink offer solutions that FIs can put right into the application process, to stop fraudsters in their tracks.
For example, when SentiLink receives the name, date of birth, address and Social Security number of an applicant, they compare it with the 200 million apps they’ve seen before, as well as all the third party identity data pulled together in-house. They can also compare the application against known fraudulent identities, evaluate any red flags, and put the information through models where they are scored along multiple dimensions.
SentiLink will then return a proprietary score that indicates the likelihood of fraud. For apps that are scored as likely synthetic, many banks use SentiLink to send these apps through eCBSV, a real-time SSN validation with the Social Security Administration. eCBSV verifies whether a given name, date of birth and SSN combination matches what’s in the SSA’s database. eCBSV enables banks to reject fraudulent applications before spending any more money or time processing them.
FIs that access and implement fraud scores in the application process have an excellent defensive mechanism layered into their decisioning. Full-suite decisioning platforms like Zoot enable real-time updates to when and where scores are applied, putting ultimate flexibility into the hands of fraud teams.