Fraudsters find it easier to create IDs than to steal them

One of the fraud threats we continue to see force its way into the credit union industry is synthetic identity fraud. Part of the increase may be due to counterfeit credit card fraudsters coming up against EMV, which makes duplicating cards much more difficult.

Synthetic identity fraud relies on the use of an identity that has been created in one of three ways. Fraudsters…

  • pair a real social security number (SSN) with a fake name;
  • use an “inactive” social security number with a real name (typically belonging to a child or someone who has died); or
  • fabricate both the SSN and the name completely

From there, the identity is further developed when the fraudster applies for a small line of credit (typically less than $500) using his newly acquired or created SSN and name. Even though he will very likely be declined on that first try, the simple act of applying helps him begin to build a credit history. Upon receipt of the inquiry, the bureaus will each generate a new credit file. Bingo, the synthetic person is born.

(This is just one of many reasons the payments and credit industry must evolve beyond using only bureaus sources to determine credit worthiness.)

After his new identity has been established, the fraudster will open a few accounts and pay them off in full and on time each month to generate a healthy credit score – one that will secure more yes’s from more financial institutions (or more cell phone, utility and other companies that require credit histories).

If this is sounding like something that would take a long time, especially for a cash-strapped criminal, you’re not wrong. Of course, crimes like these are not always committed by the lone wolf. Often, there are large fraud rings generating IDs and building histories by the thousands, each of which can be purchased on the Dark Web when they reach maturity. In 2013, federal authorities shut down an enormous synthetic identity fraud scheme that created 7,000 false identities. Overtime, the criminals behind this particular fraud obtained more than 25,000 credit cards that resulted in more than $200 million in losses.

What’s more, as the crime has evolved over time, its perpetrators have figured out how to speed up the process.

One way they’ve learned is to piggyback onto a legitimate cardholder’s account as an authorized user. Similar to the ways in which fraudsters use social media to convince people to deposit bad checks or receive a fraudulent wire transfer, synthetic identity artists persuade cardholders to add them as authorized users, sometimes for as little as three days.

A second, albeit more intense, method is to work with company “insiders” as part of a data-furnishing scheme. In these cases, the company – either fake or legitimate – essentially makes up and supplies false information on fake people to the credit bureaus to help build the credit histories of these synthetic folks.

Fortunately for lenders, synthetic identity fraud detection and prevention strategies have evolved, as well. Digital technology, neural networks and predictive analytics powered by machine learning and artificial intelligence are helping to more quickly scan large databases like those generated by data-furnishing front companies.

These technologies and methods can’t come soon enough. Gartner estimates synthetic identity fraud makes up 80 percent of losses from credit card fraud today!

Corey Skadburg

Corey Skadburg

Corey Skadburg is the Chief Operations Officer for BrightWise, which provides training courses that raise awareness about cybersecurity threats and engage employees to become the first line of defense. As ... Web: Details