February 14, 2024
Synthetic Identity Fraud: A Comprehensive Guide
Detect and prevent synthetic identity fraud with our comprehensive guide for financial institutions.
Introduction
As the fastest-growing financial crime in the United States[1], synthetic identity fraud imposes an immense burden on financial institutions. The exact financial toll remains unclear, with estimates varying widely between $20 billion to $40 billion[2] and increasing as criminals continue to exploit these lucrative opportunities.
Synthetic identity fraud is a complex challenge for the financial services industry, requiring a multi-layered approach to detection and prevention. While no one tool will provide a complete answer, an identity solution provider can play a vital role in helping to build a resilient defence.
In this guide, we will explore the challenges of synthetic identity fraud detection, the importance of balancing defensive measures with customer experience, and outline the key considerations for financial institutions when selecting an identity solution provider.
Understanding synthetic identity fraud
In 2021, the US Federal Reserve collaborated with fraud experts to agree on an industry-recommended definition for synthetic identity fraud to identify, classify, and combat this complex and widespread crime more effectively. The group defined synthetic identity fraud as:
“The use of a combination of personally identifiable information to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.”
The definition also includes primary and supplemental elements:
Primary elements – These are specific identity elements that, when used in combination, are typically unique to an individual or profile, such as name, date of birth, Social Security Number, and other government-issued identifiers;
Supplemental elements — These are details that can help substantiate or enhance the legitimacy of an identity but are insufficient to establish an identity on their own, like mailing or billing address, phone number, email address or digital footprint.
The financial services industry is particularly vulnerable to synthetic identity fraud due to its reliance on personal data for digital transactions, which fraudsters can easily manipulate and use to create credible fake identities.
These fabricated identities have proven difficult for traditional fraud detection systems to spot. Alarmingly, it’s estimated that 95% of synthetic identities are not detected during the onboarding process at financial institutions.[3]
After passing detection, these fraudulent identities are used to open bank accounts, take out loans, apply for credit cards and more. As a result, financial institutions face significant yearly losses from this type of fraud, not just through fraudulent transactions but also from associated indirect expenses, including extensive manual labour for resolving fraud cases, filing reports and conducting employee training.
The challenges in fraud detection
One of the biggest challenges in detecting synthetic identities is the fact that they are composed of both real and false information.
Unlike traditional forms of identity theft, where an individual's personal information is stolen and used by another person, synthetic identities involve many different layers of deception and often exhibit typical credit-building patterns and behaviour that make it difficult for banks and other institutions to identify them before any damage has been done.
Although challenging to pinpoint, synthetic identities display recognisable characteristics, as highlighted in the Federal Reserve's report.[4] These include:
Addresses near international airports or shipping areas | Favoured by fraudsters for the ease of intercepting documents linked to the fabricated identity. |
Several identities linked to one Social Security Number (SSN) | Fraudsters experiment with various fabricated identities in conjunction with a legitimate SSN until they find a pairing that secures credit. |
Multiple applicants with the same address or phone number | Criminals commonly reuse specific details like addresses and phone numbers across different applications to bolster their chances of creating a successful fraudulent identity. |
Inconsistent credit histories | Credit records that do not align with typical consumer patterns, such as a 40-year-old with a six-month credit history. |
Use of secured credit lines to establish creditworthiness | Fraudsters prefer these types of credit since they are usually backed by a deposit or collateral, simplifying the process of establishing credit with the aim of eventually securing unsecured credit lines. |
Preference for SSNs issued after 2011 | These newer SSNs are not assigned based on geography, making it simpler for fraudsters to exploit these numbers from any location. |
Numerous applications from the same IP address | Such activity can often be traced back to bots or automated systems fraudsters use to file numerous applications. |
Multiple authorised users on a single account | Fraudsters will frequently add fake identities to reputable accounts to legitimise synthetic identities and help build credit, often resulting in the synthetic identity inheriting the credit history of the main account holder. |
While financial institutions encounter inherent obstacles in identifying synthetic identities, smaller institutions, like regional banks, grapple with this challenge on an uneven playing field. Unlike their larger counterparts, these institutions typically do not have extensive resources at their disposal for implementing advanced fraud detection technologies. This makes it difficult to spot the subtle irregularities indicative of synthetic identities. Moreover, smaller banks and financial entities often operate with tighter budgets and fewer specialised staff, which can impede the development and maintenance of robust, proactive fraud detection systems.
Implementing a multi-layered defence
When it comes to combatting synthetic identity fraud, a multi-layered defence is essential. No one tool can provide businesses with a complete solution, but by layering multiple defences together, organisations can build resilience against synthetic identity fraud.
Traditional KYC checks, email and mobile intelligence, and biometric identity document verification are all key components of this strategy, providing the breadth and depth of intelligence needed to detect fraudulent activity.
To understand how a bank might use these tools together, imagine a customer trying to open an account online.
The bank's first line of defence would be traditional KYC checks; through this process, they would verify that the customer is who they say they are and that their address and other personal details match.
As an added layer of protection, the bank may also employ email and mobile intelligence tools. These tools allow the bank to ensure that the customer has not submitted compromised identity data found on any criminal forums, websites and chatrooms and to verify details such as phone number ownership or detect SIM/device swaps and call forwarding.
The bank may also use AI and biometrics-enabled document verification to find signs of tampering or counterfeiting in government-issued documents, such as passports or driver's licenses, to determine if it is real or fake.
While these tools alone are not a silver bullet for combating synthetic identity fraud, they are essential to any proactive defence strategy. When deployed effectively and combined with other indicators, such as suspicious transaction patterns or IP addresses used for logins across multiple accounts, financial institutions can gain insight into potential malicious actors before any damage has been done. This multi-layered approach ensures financial institutions can access sufficient data points to make informed customer decisions.
Data Zoo’s IDUX Ecosystem enables financial companies to build custom verification flows and confidently verify their customers. It supports document verification and selfie checks, allows you to validate information against government and 3rd-party databases, and flag high-risk users with additional fraud indicators.
Balancing defensive measures with customer experience
Financial institutions must walk a fine line when it comes to fraud prevention: they need to detect synthetic identity fraud early to avoid financial and reputational harm, yet they must do so without inconveniencing legitimate customers.
Striking the right balance requires a robust partnership between the institution and its identity solution provider. Together, they can deploy effective fraud prevention measures that uphold customer trust and deliver a smooth experience from start to finish, all while staying within regulatory boundaries.
An efficient onboarding process that minimises friction is essential for customer trust and satisfaction. Advanced fraud detection tools, when executed effectively, can authenticate identities and uncover potential synthetic identities without disrupting the customer journey. This balance between security and user experience is vital for maintaining customer loyalty.
These tools, adept at spotting irregularities suggestive of fraud, should also be easy to integrate into existing systems, avoiding manual interventions that could hinder the customer experience. Real-time data is also crucial for detecting subtle fraud patterns early. Leveraging machine learning and predictive analytics enables organisations to swiftly identify and react to suspicious activities, mitigating risks without imposing excessive obstacles on customers.
Data Zoo helps detect and manage risks without compromising the user experience. Our suite of verification tools is powered by research-backed, patented technology that automates KYC processes and manual tasks, eliminates friction and reduces customer drop-off. Learn more here.
Key considerations for selecting an identity solution provider
Financial institutions need to choose the right tool to prevent synthetic identity fraud. While no single tool can do the job, a blend of different technologies can help financial institutions stay one step ahead of fraudsters.
Investing in these technologies is like buying insurance: it might seem like an extra cost until it saves you from a much more significant loss. The amount a financial institution should invest in fraud prevention often depends on how much risk it faces from fraud. Every financial institution’s situation is different, but all need to protect themselves against the growing threat of synthetic identity fraud.
When looking for an identity solution provider, financial institutions should focus on four key areas:
Security: Security must be at the forefront when selecting a solution provider to tackle synthetic identity fraud. A provider worth considering should have secure data handling practices. It is essential that a provider is certified and adheres to the highest industry regulations and standards globally.
Data Zoo automatically protects customers and their sensitive data for all verifications in accordance with the highest global best practices and controls. Learn more.
Risk Decisioning: They should provide advanced analytic capabilities that accurately distinguish between legitimate behaviour and potential fraud. The outcome is typically a risk score accompanied by metadata to provide insights into reasons why. Furthermore, they should offer customisable solutions that align with the unique risk profiles of your customer segments, providing tailored protection.
Our fraud detection solution is powered by a decision engine that evaluates the trust level for every verification in real-time.
Integration Capabilities: Fraud detection tools are only effective if they can integrate seamlessly with other systems within an organisation. Therefore, it is essential for financial institutions to select a solution provider that offers APIs that enable easy integration with existing systems and platforms. Furthermore, these APIs should be highly configurable, tailored to meet specific risk profiles and regulatory requirements, and scaled as needed.
IDUX Core is our low-code standardised API for financial businesses, helping remove manual processes and integration complexities.
Ongoing Support: Financial institutions must partner with a vendor who offers ongoing support throughout the implementation process and beyond. The right identity solution provider will provide strategic guidance tailored to each organisation's unique needs and objectives to ensure maximum effectiveness when combatting synthetic identity fraud. In addition, this partnership should also enable organisations to stay agile and responsive in the face of rapidly evolving fraud schemes.
Data Zoo's standard support offers 24x7 availability from our multi-lingual experts, achieving 95% First Response SLA and 98% Resolution SLA. Learn more here.
