Synthetic identity fraud is a problem that is growing in sophistication, intensity, and frequency. A synthetic identity is a combination of fabricated credentials where the implied identity is not associated with a real person. Fraudsters may create synthetic identities using potentially valid social security numbers (SSNs) with accompanying false personally identifiable information (PII). For example, the synthetic may have a real, “shippable” address and the SSN may appear valid, but the SSN, name, and date of birth combination do not match with any one person.
A major contributing factor to the heightened risk associated with synthetic identities is the implementation of social security number randomization, the Social Security Administration’s (SSA’s) new approach to SSN issuance that took effect in July 2011. While this new approach was designed to provide higher safeguards for the public, it has also made it more difficult for fraud detection systems to identify a fictitious SSN. Compounding the problem is that synthetic identities are not created equally. The method fraudsters use to compose a fake identity has an impact on the level of financial harm a synthetic identity can do and how easily it can be detected.
The methods fraudsters use to create synthetic identities currently fall into two categories:
The true danger of synthetic fraud is that, unlike third-party fraud where an entire identity is stolen and used to defraud enterprises and victims, synthetic fraud frequently has no specific consumer victim. That can sound like a good thing – until you realize that consumer victims are a critical tool in detecting and stopping fraud. The lack of a clear victim presents two challenges to enterprises.
These examples show the difficulty in tracking and quantifying losses from synthetic identities. Additionally, there are often inconsistencies within organizations on what constitutes a synthetic identity and even disagreement on whether this is a fraud or credit problem. Without a paper trail leading to a real person, the true victims of synthetic identity fraud are the lenders and service providers who are left to absorb what can be high-frequency and high-dollar losses.
In May of 2018 new legislation was passed called the Economic Growth, Regulatory Relief, and Consumer Protection Act. The Act includes a provision directing the SSA to make a mechanism available to facilitate the verification of SSNs, upon request by a certified financial institution. Currently, to verify an SSN, an institution must collect and submit a hard-copy wet signature on an SSA consent form, which is a significant obstacle to using current SSA services. This provision would allow a certified financial institution to obtain consent from a consumer electronically. Electronic consent will allow financial institutions to verify identities more quickly, and at scale, in connection with a credit transaction.
While this regulation has the long-term potential to help reduce synthetic identity fraud, uncertainty around the SSA’s timeline for implementation, and limitations on the industries and use cases which can benefit from it make the level of impact unclear.
Synthetic identity fraud is a complex challenge that is growing by the day – solving it requires effective strategies that examine the core issue of identity legitimacy and the typical outcomes. By creating a holistic defense capable of addressing the entire issue, enterprises can better maintain performance once synthetic fraudsters shift their methodology.
Combating synthetic fraud should not be done in a silo. Connect with other industry partners and law enforcement to share information, identify trends, behaviors, and threats. By leveraging these best practices, you can help improve your ability to detect and mitigate synthetic identity fraud.
Contact us to learn more about how to stay ahead of evolving threats with advanced fraud detection technology – while reducing costs and increasing efficiency.
This article is for educational purposes only and does not guarantee the functionality or features of LexisNexis products identified. LexisNexis does not warrant this article is complete or error-free.