Saturday , September 21, 2019

How IDs Invented out of Whole Cloth Have Become a Fast-Growing Scourge in Payments

Synthetic identity fraud has become the fastest-growing and one of the most difficult financial crimes to detect in the United States, says a white paper released this week by the Federal Reserve. Lenders in the United States lost $6 billion to synthetic identity fraud in 2016, with the average chargeoff balance per incident totaling $15,000, the report says. The report is the first of a three-part series from the Fed that will examine the synthetic-fraud crisis and potential solutions.

Unlike traditional identity theft—in which a criminal assumes the identity of an actual person to access her creditworthiness and open new accounts in her name—synthetic ID fraud involves accounts created using a combination of actual consumer identification information, such as a Social Security or driver’s license number, with fictious birthdates, names, or addresses. The result is the fabrication of a new identity. The creditworthiness of the new but fake identity is then built up over time to defraud financial institutions. Two factors fueling the spread of synthetic identity fraud are the randomization of Social Security numbers and the increased exposure of consumer data to criminals due to data breaches, says Jim Cunha, senior vice president for the Federal Reserve Bank of Boston.

In 2011, the Social Security Administration began randomly assigning Social Security numbers by eliminating what had been the geographical significance of the first three digits of the number. Typically, financial institutions use the first three digits of the number to determine an individual’s state of origin.

“As a result of randomization, geographic checks are no longer effective for newly issued Social Security numbers, and it is more difficult to detect when fraudsters create synthetic identities using unissued or fabricated SSNs,” the white paper says. “ID Analytics estimates that nearly 40 percent of synthetic identities use a randomized Social Security number.” ID Analytics LLC is a San Diego-based vendor of authentication tools.

In addition, data breaches have made readily available consumer identification data that can be used to craft synthetic identities, Cunha says.

Another hurdle to detection arises if a criminal steals a child’s or homeless or elderly person’s SSN. Since each of these demographic groups is unlikely to access their credit information, illicit use of the number is likely to go unreported. “In the case of a child, it’s unlikely the victim will know his Social Security number has been compromised until he applies for credit years later,” Cunha says.

To better detect synthetic identity fraud, fraud experts recommend financial institutions increase the use of artificial intelligence and data-driven analytics that detect suspicious patterns. One potential solution, says Trace Fooshee, a senior analyst at Boston-based consultancy Aite Group, lies in identity hubs. An emerging technology, identity hubs integrate with transaction and interaction monitoring controls, as well as external and consortium-based identity-data sources, to continuously monitor for markers of identity fraud well beyond the account-opening date.

“This allows the solution to provide much more detail and context that is useful in assessing the risk of the identity,” Fooshee says.

Fraud experts also agree more collaboration is needed between financial institutions and government agencies to establish best practices to detect synthetic identity theft and identify vulnerabilities within the system that allow it to thrive.

“Like cybercrime, the growing problem of synthetic identity payments fraud cannot be addressed by any government or private-sector organization working in isolation,” Brian Riley, director for the credit advisory service at Mercator Advisory Group, says in a blog posted this week. “It requires the attention of all payments-industry stakeholders to collaborate and work together to understand, detect, mitigate, and address synthetic identity fraud in the U.S. payments ecosystem.”

Check Also

The PCI Council Plans More Rule Flexibility As It Eyes a Major Revision of Its Flagship Standard

Recognizing there is no one-one-size-fits-all approach to data security, the PCI Security Standards Council continues …

Do NOT follow this link or you will be banned from the site!