A common thought in comics and movies, when evil geniuses build giant machines to steal all the oxygen from Earth’s atmosphere, or carve their initials in the moon, is “Why don’t they use all this? shine for good instead of evil? “The criminals in ‘Die Hard’ were obviously smart enough to generate a huge budget for henchmen and military equipment. If only they had used their wits better, they could have avoided being blown up by Bruce Willis.
The answer to why they went wrong in life is obvious. They may or may not be caught, but they are willing to take the risk, for the opportunity to score a big score. And to achieve this score, they are ready to invest their brains and even a little budget.
It’s the same with financial crimes. Identity theft, which often results in third-party fraud (in which an author uses stolen private information and then pretends to be another person in order to obtain loans, credit cards, and other undeserved benefits), is a relatively simple crime to execute. It only requires the acquisition and application of the appropriate data. In a way, it’s a smash-and-grab. Steal the data, use the data. These data are usually name, address, SSN, email, phone, driver’s license, etc. The criminal applies for a loan or credit card on behalf of the victim, but substitutes their own contact details (phone and email) to intercept the benefits. The person whose identity has been taken may not find out that they have been cloned until it is too late. Once the villain gets a card or loan, he runs away, leaving the wreckage for the victim and the lender.
False identities, real crimes
A much more complex and insidious type of identity fraud involves the use of synthetic identities. Private information is always stolen and used, but instead of pretending to be a real person, the perpetrator creates an entirely new identity from parts. The building blocks are always the pieces of the backgrounds of others used to provide credits and other fundamental data, but the real identity is fabricated. And here’s why. The more foundation and history an identity has, the more likely it is to acquire a serious set of cards or loans. Not just a starter, but something with a bigger line of credit. It means investment.
What does the aggressor invest in?
- Effort. Third-party fraud requires the effort, and possibly minimal cost, to retrieve someone else’s data. Synthetic identity fraud demands the same. But then the data is used in the creation of fake people. Almost immediately after the ingredients are combined to create a fake ID, the criminal has it applied for credit. And then come the Twitter and Facebook accounts to continue building a digital footprint.
- Cash. These ghosts are often endowed with bank accounts, with real (and very small) deposits. These ghosts might even make purchases and payments. They apply to other random accounts. And these include the ultimate financial assets that will deliver the best return.
- Time. The credit that is requested immediately after the “birth?” Even when denied, that request becomes part of history. Once enough activity and background has been baked and enough financial and social history has been gathered, the fake identities are ready to be tossed. This means that the author is ready to make the best use of these fake bodies. This history allows the thief to make the most of ill-gotten deadlines and “get out” the term (similar to first-party fraud) when synthetic identities paved the way for the scammer to maximize credit cards and ready and walk away.
The Rub: What Makes Synthetics So Hard To Catch
The thing that allows synthetic fraudsters to get away with building this story is the synthetic part. There is no real person to alert that activity is being generated on their behalf. The named victim does not receive any alerts to take action, as there is no actual named victim. That said, synthetic identity fraud is not “victimless,” as it’s often called. The financial institution itself is the victim, and the costs of fraud, while often written off, always reverberate with measurable impact.
What could stumble this pattern? If an application using a real SSN triggers an alert to the SSN holder. For this reason, synthetic fraudsters often steal SSNs from individuals who are less likely to be alerted. Usually, newborns are the victims. They won’t be applying for credit anytime soon, so their data theft can go unnoticed for years to come. The consequences of this crime are therefore terrible today and in the future.
To prevent the success of synthetic identity, institutions must ensure that everyone who applies for credit is who they say they are. This seems obvious, of course, and this is the reasoning behind standard CIP (Customer Identification Program) and KYC (Know Your Customer) laws and policies. But with enough personal data stolen and a healthy dose of fake history, synthetic identities can present themselves as perfectly legitimate.
Most of the KYC tools were not designed to discover fake identities, but only to match the name / DOB / SSN to the header data. Fraud solutions, on the other hand, are designed to be a bit more sophisticated, but still seek an alignment of data points, which scammers have learned to artfully recreate. Therefore, deeper penetration into identity, using more insightful fraud prevention tools, is needed to ensure that all of the elements truly align in a holistic identity and are not tied together to stolen parts.
Outsmart the fake
So, how to retool the solutions to thwart the false? Certainly, the usual precautions must be taken to ensure the basics of identity. But then we have to fight the very essence of synthetic identities: the combination of stolen data elements and the invention of a bogus story.
The first is fought by the correlation of these elements. Name, address, email, phone, SSN, etc. do they all belong to the same person? Do they constitute a holistic identity, that is, a collection of data belonging to a single entity?
The second is thwarted by going straight to this bogus story. Digging deeper, to examine the age of this phone, the age of this email, the history of that identity through public and private sources, can help reveal a synthetic identity like an empty suit. As this fraud increasingly relies on real accounts, associations with real credit holders and sometimes the complicity of real traders, it will be necessary to discern these illegitimate links as part of a global effort to uncover and defeat synthetic identifiers.
If the perpetrators have no conscience, they certainly have the intelligence to be a threat and contribute to a type of fraud that costs US lenders and issuers billions every year, possibly accounting for a fifth of all frauds. to credit. This means that financial frontier advocates need to be even smarter, to fight synthetic fraud today in its current forms, and in the future as it evolves. New financial products and digital channels offer more opportunities to consumers, as well as fraudsters who continue to use their intelligence for evil. Fortunately, there are many smart people creating identity verification platforms to combat this fraud. Because they chose to use their powers for good.
Jeff Scheidel is Training and Development Manager at Socure