Payments Security, Webinars

5 Things to Know About Synthetic Identity Fraud

By Jim Cunha, Senior Vice President, Federal Reserve Bank of Boston

A lively exchange of views – and many questions – were shared during our September webinar with fraud experts from the FBI and Turnkey Risk Solutions (TRS). I encourage you to listen to the archived recording if you missed the live event. In the meantime, here are five insights from the webinar.

  1. Synthetic identity fraud is a big problem, but industry experts don’t know exactly how big. It’s relatively cheap and easy to “piece a person together” by combining made-up information with data from real people, such as Social Security numbers readily available due to data breaches. Credit processes were built to verify a real person’s creditworthiness and satisfy Know Your Customer (KYC) requirements, but they weren’t built to look for synthetic identities. Industry experts estimate synthetic identity fraud cost U.S. lenders $6 billion in 2016 – but the number could be far larger. Differing definitions and approaches to detection make it difficult to measure this type of fraud.
  2. The FBI is a great resource. FBI Supervisory Special Agent Zach Baldwin explained the FBI’s goal: “to investigate, disrupt and dismantle money laundering facilitators, criminal organizations and individual operations engaged in fraud schemes which target our nation’s financial institutions – all of which are utilizing synthetic identities to commit fraud.” The FBI’s proactive education includes outreach to the private sector, regulators and law enforcement.
  3. You are the first line of defense. Baldwin encouraged financial institutions, retailers and other payments stakeholders to actively engage in the detection of synthetic identity payments fraud. The FBI reviews every Suspicious Activity Report (SAR), either manually or through data analysis, to monitor trends and developments in criminal patterns. Beyond filing a SAR, you can file a complaint with the FBI Internet Crime Complaint Center (www.ic3.gov (Off-site)) or contact your local FBI field office (Off-site) – especially if you suspect insiders are facilitating the fraud.
  4. This type of fraud has been around for a long time, “and we’re playing catch-up as an industry,” said Amy Walraven, TRS CEO and chief analytics officer. Both Baldwin and Walraven cited examples to demonstrate the magnitude of synthetic identity fraud, including a $200 million crime ring (Off-site) that first hit the news in 2013 – but started nearly a decade earlier. “The trends change fairly quickly. Different threat vectors happen to different organizations based on their product mix, based on their control infrastructure, based on [fraudsters’] appetite,” Walraven said. “These guys are equal opportunity offenders. Small, medium, large [organizations] – they really don’t care . . . they’re wherever the money is.” The internet is making it easier to conduct business and commit fraud from anywhere and everywhere, so these often are transnational crimes.
  5. There is no single silver bullet to prevent or mitigate synthetic identity payments fraud. Walraven advised organizations to layer multiple controls and tools that recognize red flags as the first step in fraud prevention and detection. The goal is to find identities that deserve additional verification before setting up an account or approving a loan. A challenge, however, can arise between increased fraud controls (which can create friction) and ensuring a seamless customer experience.

For additional insights from the investigators, watch our September webinar: On the Front Lines Against Synthetic Identity Fraud.