Payments Security

Taking Action Against Synthetic Identity Fraud

Forecasters’ crystal balls are working overtime as experts attempt to predict the ongoing, far-reaching effects of the COVID-19 pandemic. Fraud has been a major concern (Off-site), including phishing and other digital scams against socially distanced consumers and businesses. This trend may accelerate as pandemic-related financial assistance comes to an end and individuals and businesses experience greater financial stress.

In an effort to help combat the emergence of synthetic identities, financial institutions, processors and fraud solution providers are putting a new tool to work: an industry-recommended definition of synthetic identity fraud (SIF) announced earlier this year by the Federal Reserve, which has already been incorporated into the FraudClassifierSM model. Awareness of synthetic identity fraud is greater than ever before across the payments ecosystem, according to fraud experts who participated in a Fed-convened focus group and helped develop this definition.

“Awareness and a common definition of synthetic identity fraud are particularly important for the small to mid-size financial institutions we serve,” said Jack Lynch, senior vice president and chief risk officer of PSCU, a cooperative serving 1,500 credit unions. “Fraudsters don’t decide to go after your credit card department alone – once they’ve used a synthetic identity to obtain a credit card, they can open a bank account and get an auto loan, too. Credit unions using a common definition across all departments can better see suspicious patterns across multiple channels and avoid misclassification of fraud as a loan loss.”

Since the definition was published, PSCU has provided information to its member credit unions and advised credit unions to educate (Off-site) end users about the importance of safeguarding personally identifiable information (PII) and signing up for credit monitoring. Synthetic identity fraud is the use of a combination of PII to fabricate a person or identity to commit a dishonest act for personal or financial gain. The record number of data breaches over the past few years has made consumers’ PII readily available to fraudsters. “Members need to know that fraudsters don’t need their entire identity to commit fraud – just fragments of information.”

The industry-recommended definition also is being used in TransUnion educational and marketing materials, said Lee Cookman, senior advisor of global fraud solutions at TransUnion. He added that the definition has provided “common ground” and facilitated “deeper conversations” about synthetic identity fraud with TransUnion customers and in fraud data exchanges offered by his company and third parties, where participants share information about potential fraud trends.

“In developing the definition, our focus group recognized that not all synthetic identities are created by the user with the intent to commit financial crimes or “bust out” fraud. Sometimes, people create identities to obtain credit despite previous bad debts or to apply for employment and housing,” Cookman said. “That’s one reason financial institutions may choose to apply our common definition in different ways. One bank may set a policy that minimizes false positives by screening for identities where there is a higher risk of loss, while another bank may have a zero-tolerance policy and seek to identify as many potential synthetics as possible. In either case, a bank will create a separate workflow to step up its Know Your Customer compliance and identity verification as needed to differentiate synthetics from identity theft and ‘real’ customers.”

In addition, Cookman credited the Social Security Administration’s electronic Consent Based Social Security Number Verification Service (eCBSV) (Off-site) as a tool that is helping reduce synthetic identity fraud. Launched in 2020 and expanding this year, eCBSV enables registered financial institutions to verify a customer’s Social Security number with the customer’s electronic consent.

Claire Le Gal has a bird’s-eye view of global fraud trends as senior vice president of fraud intelligence and strategy at Mastercard. Her role ranges from analyzing and understanding fraud trends globally to refining Mastercard’s network rules and products to defend against fraud by closing “loopholes.”

“Minimizing reliance on personally identifiable information is a core component of our Privacy by Design approach,” Le Gal said. “At the same time, the security of our network depends on our ability to look holistically at information related to transactions to validate a purchase or indicate possible fraud, including a number of the elements found in the synthetic identity fraud definition such as the digital footprint of a customer.”

“Consumer education is very important. Mastercard encourages its card issuers to educate their customers about how to protect themselves from synthetic identity fraud,” she added. “Fraudsters take the path of least resistance. The United States is often more lucrative for fraud than other countries as the purchasing power of U.S. consumers tend to be higher than in other countries. Using this new definition is a step toward a common understanding of how to speak to consumers about SIF.”

Read more about the focus group’s efforts, the development of this definition and additional ways the industry may apply it.