How Synthetic Fraud is 'Lying in Wait' for Credit Unions

Jewelers and pawnbrokers don't often get fooled by fake Rolexes. Counterfeit currency rarely passes muster at casinos. Fake ID confiscation has ruined many underage drinking excursions.

How do fraudsters keep getting away with exploiting synthetic identities for profit? In short, it's because these fake identities are so difficult to distinguish from the real thing, and the patterns behind them can be nearly impossible to distinguish from normal banking activity. Traditional fraud-fighting measures simply can't account for this growing source of criminal profit, and it's costing financial institutions billions in losses.

In 2015, Javelin Strategy & Research estimated new account fraud, perpetrated with synthetic identities, will rise from $5 billion in annual losses in 2015 to a projected $8 billion by 2018. What began as a problem for credit issuers has now become a high-risk proposition for credit unions, with the potential for large losses and diminished consumer confidence in a credit union's ability to protect its members from fraud.

After analyzing bank fraud trends for the past 25 years, we're seeing that many of the same fraud types and schemes are experienced by both the deposit and credit sides of banking. Increasingly, fraudsters are opening a demand deposit account (DDA) to establish a consumer profile with the financial institution and then applying for a credit or lending account later. Since deposit account opening criteria are less stringent and there is added pressure from the CFPB to open "every" DDA account, many financial institutions unwittingly help perpetrate synthetic identity fraud.

Properly classifying fraud is necessary to allow for the identification of the underlying attributes and distinct patterns to detect each particular fraud type. But synthetic identity fraud is particularly difficult to categorize and prevent, as many identifying account holder attributes (Social Security number, date of birth, etc.) seem to be legitimate.

The fraudsters create fake identities – often fabricating all or part of the consumer profile – in order to open deposit accounts without further scrutiny. Criminals will even use random-number generators to create completely fake SSNs, obtain government-issued identification to support the fake identity and then build credit histories before cashing out the fraudulent accounts.

Once a DDA account is opened, the criminal makes small transactions to give further appearance of legitimacy or establish enough of a history to apply for credit cards or loans. Synthetic accounts always include an address and phone number to ensure alerts, messages and financial instruments are sent directly to the fraudster. Synthetic fraud rings are often highly organized, with multiple identities established for a single fraudster, deceiving financial institutions into thinking they are dealing with legitimate account holders.

Other synthetic identity fraud tactics include:

Picking a random SSN and getting it established (for example, by buying a mobile phone and paying for months);
Getting an SSN (or generating a false one) and then buying a tradeline and/or getting added as an authorized user; and
Opening accounts, establishing legitimate behavior and then going rogue months or years later with multiple accounts simultaneously.

Fabricated data is at the root of synthetic identity fraud and data is the also at the heart of the solution. Having a score-based, cross-channel fraud tool in place to ensure the authenticity of contact information and recognized account-opening patterns is critical to reducing account takeover fraud risk, especially when it comes to synthetic identities.

Typical fraud-fighting solutions often limit their data analysis to SSN matching and the method only considers a single data source. By using a variety of data points from multiple data sets, financial institutions can increase their chances of finding possible fraud cases. And it's critical for credit unions to ask themselves, "What are we missing?"

Geoproximity – or the opening of several new accounts at a single or separate, adjacent addresses – can also be a clear indication of synthetic identity fraud, but without predictive tools to warn financial institutions of these patterns, they often go unnoticed.

For example, let's look at a prominent fraud pattern we've seen for years – multiple new account applications from a single apartment complex in Glendale, Calif. The high-level profile of these account openings shows the "consumers" present at the credit bureau, but not present on other sources of data. This discrepancy might be easily explained simply as underbanked individuals or those with limited credit histories. Once these retail accounts are opened and legitimized with transactions, the fraudsters open credit and lending accounts to maximize their take, sometimes waiting months or years before closing and cashing out multiple accounts simultaneously.

To limit the effectiveness of synthetic identity fraud, financial institutions need to examine additional data points, particularly those that establish contact between the institution and its customers or members. These include IP addresses, mailing addresses, phone numbers, email addresses and mobile identifiers, such as cell phone records. By implementing anti-fraud solutions based on differential risk prototypes, accounting for all possible fraud scenarios, institutions can build predictive models that optimize detection throughout the product pipeline.

Credit unions should consider the totality of all available data when assessing fraud risk. By leveraging additional data sources and adopting new data parameters, they can mitigate fraud more effectively. It may not be as simple as spotting a fake Rolex, but understanding how fraudsters operate – and predicting their behavior based on common patterns – can go a long way toward eliminating synthetic identity fraud.

Adam Elliott is Co-Founder & President of ID Insight. He can be reached at [email protected].