The Federal Reserve recently released a white paper sharing insights on combating the risk of synthetic identity fraud. As we noted in an earlier article on the subject, this type of fraud is particularly difficult for traditional detection methods to flag, and it represents the fastest-growing type of financial crime in the United States.
It’s a problem uniquely built for the U.S. marketplace, where static personally identifiable information (PII) – including social security numbers – is still a cornerstone of how most transactions work. The scammer combines real and fictitious data – names, social security numbers, or card information – to create new identities to defraud financial institutions, government entities, or individuals. That combination of information is what sets synthetic identities apart from traditional identity fraud – and in turn, makes the automated security tools built to prevent identity theft much less likely to be tripped.
In general, individuals who have their information compromised in this way do not bear any responsibility for the financial cost of the crime – provided they can prove their information has been compromised, which is a burden in and of itself – leaving the financial costs largely to the financial institutions.
The Fed’s guidance calls for the need for vigilance on multiple fronts in order to mitigate risks, as the approach for the attack often masks itself as any other legitimate transaction. In particular, they note avenues in for fraudsters on three fronts:
- Enrollment Phase – Fraudsters register synthetic identities to apply for credit, often passing KYC checks.
- Transaction Phase – Fraudsters use this synthetic identity’s line of credit to acquire high-value goods that are easy to resell, from electronic devices, gold, or cash advances. Fraudsters can even use these identities to register fake businesses, increasing the potential payout before they “bust out” and cease making payments on the account.
- Reconciliation Phase – Financial losses are typically identified as either chargebacks, charge-offs or unauthorized payment sources. Once accounts reach delinquency, some funds may be recovered by selling debts to a collections agency, but as these agencies cannot collect on the fraudulent debt, these losses are never recouped in full.
Beyond vigilance, the Fed calls for government and private organizations to work together to identify problem applicants. As this type of fraud remains underreported and difficult to detect in isolation, a larger network of information is necessary to find the patterns to understand, detect, and mitigate it within the U.S. payments marketplace.