RegTech firm Flagright recently shone a light on the topic of fraud detection in FinTech, with a battle against synthetic identity theft ongoing.
Synthetic identity fraud presents a unique challenge for the FinTech sector. Unlike conventional identity theft, synthetic identity fraud involves the concoction of a completely new identity, created from a blend of legitimate and false details.
Rather than appropriating an individual’s existing identity, fraudsters fabricate a ‘synthetic’ identity using real and fictitious data.
The building blocks of a synthetic identity often comprise a legitimate social security number—usually pilfered from vulnerable demographics such as the elderly or children who rarely scrutinise their credit histories—paired with falsified data, including names, birth dates, and addresses. This amalgamation of real and spurious data makes synthetic identities extraordinarily challenging to identify, as they typically pass initial identity checks without setting off alarm bells.
Once a synthetic identity is established, fraudsters can then indulge in “piggybacking”, a method where they develop a credit history for the bogus identity. This frequently involves small transactions being conscientiously repaid to boost the credit score linked to the synthetic identity. After amassing a decent credit history, the fraudster embarks on a “bust-out” scheme, maxing out the credit attached to the synthetic identity and disappearing, leaving the financial institution burdened with the losses.
Synthetic identity fraud is becoming an increasingly attractive strategy for criminals due to its difficulty to detect, often remaining undetected until the bust-out occurs. Furthermore, it is challenging to prosecute these cases since they don’t involve a direct, identifiable victim in the conventional sense.
Consequently, synthetic identity fraud poses serious threats to financial institutions, contributing to billions in losses each year. It destabilises the financial ecosystem, undermines the credibility of financial institutions, and may even unintentionally involve innocent individuals whose information was utilised in creating the synthetic identities.
By understanding the complexities of synthetic identity fraud, financial institutions can better arm themselves to combat this growing issue. We will delve deeper into why detecting this type of fraud presents such significant challenges and discuss practical steps that can be taken to effectively detect and mitigate synthetic identity fraud.
Detecting synthetic identity fraud is a formidable challenge for financial institutions for several reasons. The problem’s roots lie in the crime’s very nature—it involves the creation of an identity that is partially valid, allowing it to slip through the standard checks and balances of identity verification.
Synthetic identity fraud relies heavily on the use of valid information, often a real social security number. This valid information, when coupled with fabricated details, tends to pass initial identity verification checks, thus enabling the fraudster to create a credit profile for the synthetic identity. As the social security number may belong to an individual who doesn’t frequently monitor their credit history, the fraud can remain unnoticed for an extended period.
The current structure of the credit system also contributes to the difficulty in detection. Credit bureaus create credit files based on information received from lenders. When a synthetic identity applies for credit and gets denied (which is often the case initially), the application itself can lead to the creation of a credit file under that identity. While the initial application is declined, the existence of a credit file aids fraudsters in establishing a credit history over time.
The fragmentation of data across multiple financial institutions and credit bureaus also presents a challenge. A synthetic identity could have relationships with multiple banks and credit card companies, and unless these institutions share information with each other, it’s hard to gain a comprehensive view of the suspicious activity.
Moreover, the very nature of synthetic identity fraud, which doesn’t involve a direct, identifiable victim, complicates detection. Traditional fraud detection systems often rely on the actual victims to report irregularities, but with synthetic identity fraud, the ‘victim’ is a nonexistent person.
Finally, as fraudsters become more sophisticated, so do their methods. They use advanced techniques, including utilising large scale data breaches, to obtain valid personal information and artificial intelligence to create credible synthetic identities, further complicating detection efforts.
The challenges posed by synthetic identity fraud demand a shift from traditional fraud detection methods. Financial institutions need to implement comprehensive and sophisticated approaches, making use of advanced technologies and machine learning algorithms to identify patterns and anomalies indicative of synthetic identity fraud. We will explore these steps in more detail in the following sections, providing a roadmap for effectively tackling synthetic identity fraud.
Read the full post here.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst