Synthetic identity fraud is a system issue that is causing havoc in the financial sector. It’s an issue that not only affects fintechs, but traditional banks, merchant providers, and consumers. In fact, in the United States, synthetic identity fraud costs banks $6-billion.
So, how can businesses like yours battle this wave of bad-faith actors and minimise the impact on their operations?
In this article, we’ll go over the definition of synthetic identity fraud, how it works, and a few solutions to the issue.
What is a synthetic identity?
Firstly, let’s go over exactly what constitutes a ‘synthetic identity.’ Governments issue their citizens with unique identification numbers, which are used to create your profile — this includes your date of birth, nationality, full name, and more. And add to this physical information, like your image.
Financial institutions use your unique ID number to create a profile of your credit history, debt, and other financial data. This number is a powerful tool in the correct - or incorrect - hands.
For the rest of the article, we will refer to identification numbers as Social Security Numbers (SSNs).
How does synthetic identity fraud work?
It’s a sophisticated form of financial fraud that uses stolen SSNs. Criminals combine a real person's information with fabricated personal details to create a new identity. Because of this, detecting synthetic identity theft can be a challenge for traditional fraud monitoring systems.
Often, SSNs are obtained through data breaches, online scams, or social engineering.
Creation of a fake ID
Fraudsters can use real SSNs, occasionally altering or combining information for identity manipulation. Alternatively, they may create a completely fabricated identity with false information, known as identity fabrication.
When it comes to manual SSN checking, which involves a tertiary glance at a user’s information and image, fake IDs can slip through.
Application for loans
Automated scripted bots use stolen data from breaches to open accounts without human involvement, giving fraudsters easy access to personal information. The bots will try to apply for loans with the stolen data to access as much money as possible.
If successful, the victim’s SSN is associated with tremendous amounts of debt, while fraudsters face little to no repercussions with their ill-gained funds.
Building a positive credit track record
Fraudsters engaging in synthetic identity theft often build a credit history with low-friction accounts, such as utilities or mail-order services which typically have minimal vetting.
This approach, known as "sleeper fraud," allows criminals to slowly increase their credit rating, ultimately giving them access to large sums via legitimate transactions.
Further reading: Explaining chargeback fraud and how to prevent it
Why are synthetic identities becoming more common?
It’s due to growth. The global pandemic saw a massive spike in the e-commerce sector, which means that more and more users were transacting online in various ways. And not every company fully understands cyber and fraud security, which leads to a wide range of previously discussed issues, like database leaks, phishing, and cybercrime.
Bad actors are weaponising personal information to illegally obtain funds more than ever before. This has also seen a boost because of how much of our lives are now ingrained in online platforms, such as social media and internet banking.
Though the news cycle focuses on these issues with larger entities, they are issues that affect more Fintech and online businesses than the public knows about.
The role of AML/CFT Compliance in synthetic identity fraud
The process of KYC involves cross referencing the information a customer inputs at onboarding, and it is thanks to this information it is possible to detect uncharacteristic behaviours.
Anti-Money Laundering (AML) checks will typically follow when a customer has passed a KYC check. To clarify, AML is used as an umbrella term that includes KYC as well as sanctions for if a business does not comply with AML laws, which also include Countering the Financing of Terrorism (CFT).
There are many powerful tools designed to help companies identify and combat identity fraud.
One of our pre-integrated compliance partners, SumSub, outlines essential categories to pay special attention to at the verification stage. Some of which include:
- White margins around the edges of the ID document
- The photo of the document is of poor quality
- The colours and fonts of the document differ from the standard
- The country issuing the document does not match the user’s country/IP address
- Verification steps are performed with abnormal timing
- A frequently used IP address is detected
How can fintechs prevent synthetic identity fraud?
In addition to the above mentioned, there are many ways businesses can navigate the murky waters of compliance in general, and specifically synthetic identity fraud:
- Lock-down access to sensitive company and customer information
- Revoke any and all access to employees who no longer work at the organisation
- Ensure strict communication protocols are in place to prevent social engineering
- Regularly audit your suppliers to ensure they are following fraud best practices
- Consider using biometric technology for face identification
- Scrutinise all SSNs that are submitted to your company. Some of the largest SSN theft is conducted on children
- Cross-check users through local databases
- A digital identity on any system must have forensic evidence to prove it belongs to a real-world person
- Make sure your fintech startup is ready for FCA authorisation
The art and science of risk and compliance doesn't need to be laborious, expensive and complex. So, if you are interested in finding out how you can protect your business and revenue, contact us to find out more.