Synthetic identities: more real than you think
This is a guest post by Ryan Wilk, vice president of customer success at NuData Security, a MasterCard company.
When a family member dies, there are myriad things to look after from closing bank accounts, sorting belongings and notifying everyone they did business with. It would feel like the worst that could happen just did – until you find out that your elderly relative had defrauded companies and individuals for hundreds of thousands of dollars!
While that may sound like a ridiculous movie plot, this scenario is becoming reality more often than you think. To identity thieves, obituaries are nothing more than another source of data.
Synthetic identity fraud is a rising trend, one that has the potential to threaten the CNP industry, where fraud exposure is expected to hit $71 billion annually by 2020.
Bad actors access genuine identity data, either through hacking or purchase on the Dark Web, and use it to build artificial identity profiles. One common ploy is to access social security numbers (SSNs) of children through school or health insurance records filled out by parents. Another means is to access SSNs of deceased people (known as ghosting), with no one available to contradict the usage.
Using children’s information is advantageous to bad actors as the crime may not be discovered for many years when the then-young adult applies for credit and is denied based on “past” fraudulent behavior. Unfortunately, we won’t know that magnitude of this damage for another 10 or 20 years.
Synthetic identity fraud can also be created via collusion schemes, called furnishing. Fraudsters set up a company with the soul purpose of making sales to synthetic identities they have created themselves. An “applicant” synthetic identity applies for and is granted credit for the purchase of a high-end product from the “furnishing” merchant. Each month the “furnishing” merchant reports an on-time payment from the synthetic identity. This continually boosts the credit score of the synthetic identity and it can eventually be used for other financial fraud once the bad actor knows the identity has value.
Thieves steal the identities of nearly 2.5 million Americans annually, including people of all ages from newborns to seniors, according to the IDTheftCenter. The stolen SSNs often are assigned fictitious birthdates of people in their 20s to give the appearance of someone starting to establish credit.
Using these IDs to start building credit history is easier than you might think. Applying for credit, even if the application is declined, starts a file with credit reporting agencies. After two or three applications, and perhaps success with a small account, the file grows and eventually a credit record is established.
Aite analysts believe synthetic identity fraud is under-reported and that financial institutions write off bad debt without discovering the applicants were not real people. Even so, Aite recently reported that 13% of checking account application fraud and 9% of credit card application fraud involved synthetic identities.
Until recently, synthetic identity fraud was almost impossible to detect. Making use of behavioral biometrics is the most effective method to identify the creation and use of synthetic identities. While the data points entered by individual bad actors may pass the traditional PII checks, knowing the underlying behavior of the user creating the account provides a new insight into the types of behavior risk present at the time of account creation.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.