October 16, 2018
October 9, 2018
Posted July 26, 2018
Perhaps one of the android hosts on the HBO sci-fi series “Westworld” put it best when she asked, “If you can’t tell the difference, does it matter if I’m real or not?”
For many institutions, the issue of synthetic identity fraud is becoming an increasingly prevalent issue. In fact, by some estimates, synthetic identity fraud will account for $8 billion in business losses this year. The Federal Trade Commission calls it the fastest-growing form of identity fraud, while Accenture says synthetic ID fraud is one of the biggest threats banks face today, costing them “billions of dollars and countless hours as they chase down people who don’t even exist.”
But what, exactly, is synthetic identity fraud? Why is it so hard to tell the difference between a real and a fake identity when extending credit? And bottom line: What can be done to stop it?
Think of it this way. Cybercriminals have long stolen personal identity information in order to rob consumers and businesses. According to Javelin Strategy & Research, the number of US identity theft victims rose to a record high last year, resulting in a total of $16.8 billion in losses.
Thanks to the 9 billion personal identity files set loose through data breaches in recent years, fraudsters can easily get their hands on everything from social security numbers to “fullz,” or complete identity files, on the dark web.
But instead of simply stealing an identity, these same thieves are increasingly using just a few pieces of real data and combining it with bogus information to create entirely new, wholly fictitious identities. Fraudsters then use a variety of methods to start monetizing these fabricated identities by curating credit profiles and building up online history for them.
In particular, thieves are interested in acquiring the social security numbers of young children, who won’t be applying for credit for years—and thus won’t raise any flags over misappropriated identity information. Studies show that 10.2% of children under age 18 have already had their social security numbers swiped, including 1 million babies born in the last year. Two-thirds of all victims are under the age of eight.
Cultivating ersatz identities takes a lot of time, patience and attention to detail. But once suitably established, the game plan typically involves acquiring multiple lines of credit and then suddenly maxing them out on major shopping sprees before disappearing into thin air in “cash out” or “bust out” schemes.
Javelin Strategy & Research estimates individuals and crime rings get away with an average $15,000 per attack. Even the most reclusive of lone wolves can make a serious killing. One Atlanta-based con artist allegedly synthesized 300 different identities to rip off $350,000 from Internet retailers and credit card companies before being nabbed by federal agents.
According to American Banker, that second example is increasingly emblematic. With Internet retailers and credit card companies hardening defenses, synthetic identities are increasingly being used for auto loans—which enable scofflaws to drive off the lot with expensive new cars, never to be seen again.
Beyond the costs to financial institutions and other businesses, the myth that consumers remain victimless is patently false. At some point, the legitimate owners of all those social security numbers will be faced with the unenviable task of decoupling themselves from crimes perpetrated with a key element of their own, very real identities.
The task of detecting stitched-together identities can be challenging and requires increasingly sophisticated data insights and technology adoptions.
Key to spotting synthetic identities is understanding whether or not an identity has evolved naturally at the speed of life, or through anomalous methods and expedited timelines common of fraud schemes.
Not many businesses can independently analyze the myriad connections between consumers and all their devices, locations, behaviors, accounts, home addresses, physical records and how these attributes have been built up over time.
Digital and physical identity intelligence with global scale, behavioral analytics and advanced machine learning capabilities may be required to accurately spot synthetic identities and optimize fraud decisions without creating friction for actual, real-life customers.
The stakes for businesses and consumers may be higher than you think.
A growing number of experts are raising the alarm on the potential losses from synthetic identity fraud. As Accenture states, financial institutions must push to out-innovate the fraudsters or risk serious consequences.
That’s easier said than done, of course. As another “Westworld” android observed in a recent episode, “That which is real is irreplaceable.” Especially when fakes put it in so much danger.