Latest News

Three Steps Your Lending Operation Should Be Taking to Mitigate Synthetic Identity Fraud

April 18, 2017

(New York, NY):  Synthetic identity fraud is emerging as a key migration point in the post-EMV era, as criminals refocus on application fraud and exploit easy access to sensitive consumer data.

At an alarming rate, fraudsters are using that data to create fake personas – hybrids of stolen and fabricated personal information – and open new lines of credit. In fact, the share of financial losses stemming from application fraud, which includes the creation of synthetic identities, grew by 42% in the fourth quarter of 2016, according to ACG data. Fraudsters’ migration to application fraud is particularly impactful because perpetrators behave like true customers for months or even years before “cashing out,” leaving lenders with massive losses and little recourse for collection and recovery. To make matters worse, a single fraudster can cultivate tens or even hundreds of high-value accounts, greatly increasing financial exposure.

The lending community is mobilizing against synthetics. But a series of obstacles stand in the way: With no true customer, fictitious accounts can be virtually impossible to pinpoint; conventional countermeasures are ineffective; and reporting is underdeveloped, obscuring the true scope of the problem.

A potential solution – cross-checking applicants’ information against Social Security Administration (SSA) records – is out of the industry’s reach, at least for now. The SSA’s existing verification service requires the written consent of the SSN holder, an impractical condition when dealing with synthetic identities. Regulatory reform to open up SSA records, either to lenders or the credit reporting agencies (CRAs), is moving slowly, and there’s no guarantee it will make the legislative agenda.

“SSA validation is considered the holy grail,” said Ira Goldman, Director of ACG’s Synthetic Identity Fraud Working Group, “but it could take years to orchestrate. In the meantime, the industry needs to find other solutions to mitigate mounting losses.”

Without collaboration with peer institutions, mitigating systemic fraud at this scale is virtually impossible. The good news is that the lending community is banding together to find solutions, as it has with more traditional fraud types. In March, ACG’s Synthetic Identity Fraud Working Group held its second meeting to promote industry collaboration on the issue. The introductory sessions have brought together fraud prevention managers and government relations personnel from more than 20 leading credit card lenders, along with payment network risk executives, the national credit reporting agencies, and industry trade associations.

Here are three risk mitigation strategies from the session you can apply to your lending operation:

  1. Strengthen Front-End Detection and Prevention

Massive credit losses aren’t the only financial risk associated with synthetic identity fraud: By the time a synthetic account defaults, the lender has invested potentially years’ worth of marketing, servicing, and other operational costs. Meanwhile, the fraudster has moved on to the next identity. While collections and fraud departments usually deal with the aftermath, lenders are increasingly looking to marketing, acquisitions, and underwriting teams as the first lines of defense.

“Risk detection is vital at each stage of the account lifecycle,” Goldman said, “beginning with more intelligent prospecting to avoid booking bad accounts in the first place.”

Lenders are refining their pre-screening processes to look for anomalies in applicants’ credit profiles and considering supplementing traditional, credit-based criteria with more robust data. The existence of employment information, payroll accounts, and utility records, for instance, can increase confidence that an identity is legitimate. There’s also a push to strengthen identity verification at account opening with knowledge-based authentication (KBA) and enhanced know-your-customer (KYC) techniques. Based on risk tolerance, lenders may queue suspicious applications for manual review, request additional proof-of-life documentation, or decide not to offer credit.

Lenders are also stepping up monitoring at the acquisition and account management stages to detect high-risk behavioral patterns. Warning signs include the velocity of applications submitted under a single name, requests to add a high number of authorized users to an account, and suspicious retail transaction patterns and money movement activity.

  1. Use Data Analytics to Learn from Synthetic Accounts

While synthetic identity fraud is not a new phenomenon, lenders are still developing and refining data-centric identification strategies. Collections and fraud departments are turning to reverse engineering – analyzing confirmed bad accounts to determine how synthetics are constructed and to identify behavioral patterns that signal malicious activity. This postmortem analysis can shed light on attributes lenders can use in fraud modeling and portfolio scoring to strengthen detection. It can also uncover a wealth of data elements – identity, location, and device information – that can be shared with front-end teams for use in pre-screening (a bad IP address, for instance, may be linked with multiple fictitious identities).

  1. Enrich Reporting and Information Sharing

With more robust internal reporting in place, the next logical step is to share information on bad accounts. In the near term, lenders should document known or suspected synthetic identities and report them to law enforcement and the CRAs, which can use the data to cleanse the ecosystem of known synthetics and investigate fraud rings.

“For lenders, there’s mutual benefit in removing bad accounts from the system,” Goldman said. “Information sharing is key.”

In the long term, fraud prevention managers envision a consortium model housing bad account data across industries, from banking to telecommunications, that lenders can use to cross-check applicants. This type of widespread data sharing, which ACG is working with charter members to develop, will require unprecedented collaboration across the industry and with external stakeholders.

About ACG’s Synthetic Identity Fraud Working Group

ACG is working with key industry constituents, including lenders, payment networks, and the national credit reporting agencies, to establish a task force against synthetic identity fraud. The group’s mission is to represent the needs of a diverse mix of financial services companies with a unified voice and to advance the industry’s synthetic identity fraud agenda. For more information, contact Ira Goldman at 212-323-7000 or ira.goldman@acg.net.