“Gift” to Credit Unions for Mitigating Identity Theft Scheme

by: Chuck Salvia, Vice President, Computer Information Development

Thieves have tilted the playing field to their advantage with “Credit Profile Numbers”

Much to the dismay of the law-abiding community, buying or creating a “new credit profile” is far too easy with a “Credit Profile Number” – CPN. This is recent terminology for a stolen SSN, and just the tip of the proverbial iceberg in a wave of new attacks on Credit Unions nationwide. Posters on Craigslist, YouTube, and hundreds of other websites brazenly hawk their ability to defeat current decisioning platforms with thousands of electronic ways to obtain stolen or fabricated SSNs to create a false credit identity. Contrary to website claims, use of a CPN is not legal because the 9 digit number is a valid SSN of another individual. Apprehending these criminals is not an easy task for law enforcement because many of these criminal website operations are offshore.

Can your Credit Union detect if an individual is trying to conceal a questionable background or is an outright identity thief attempting to perpetrate a crime by the use of a Credit Profile Number (CPN)? How does your Credit Union keep from being victimized by a CPN used for Synthetic Identity Theft (SIT) – a stolen SSN blended with the real personal identifiers of the questionable individual or criminal? In 2007, the Federal Trade Commission (FTC) reported that there are over ten million more credit profiles in the system than there are actual consumers. Does your Credit Union attempt to mitigate fraud based on this grossly insecure system? If so, you are in a perilous position and vulnerable for significant losses.

This scheme creates new falsified credit profiles hidden within the CRAs and not detected by credit header information from the credit bureaus because false profiles do exist within their systems which are then passed between trusted authorities creating an “authentication fraud loop”. Furthermore, CPNs (used for Synthetic Identity Theft) might not be detected by the use of SSN Trace algorithms or other methods currently employed by the Credit Union community. These methods of PII (Personally Identifiable Information) verification are fundamentally flawed, have polluted profiles, are easily manipulated, and contain stale data up to or over 90 days old. The stolen SSN is a “valid” SSN to the bureaus and is coupled with a real name and address creating a sub-profile that your Credit Union cannot detect as fraudulent.

A “Gift” from the Social Security Administration

Social Security Number (SSN) verification has evolved into a required component of due diligence processes for Credit Unions in the areas of credit risk management, lending, credit administration, hiring, asset quality and fraud investigations. Social Security Administration (SSA) developed Consent Based Social Security Number Verification (CBSV) service in 2002 to mitigate fraud and identity theft while protecting vital business interests, reducing losses, bad/negligent hires, and unauthorized workers/applicants.

CBSV is an effective and easy to implement fraud prevention strategy. It’s absolute validation of the personal identifiers of Name, Social Security Number, Date of Birth, Gender, and Death Indicator direct to the official governmental issuing authority. Simply stated, no other method of SSN verification is as effective as CBSV nor can any other method make this claim. CBSV allows Credit Unions to safeguard their vital interests and thwart what has become a national security issue.

CBSV is a unique service offering:

1. Direct access to the SSA Master File and Death Index

2.  Instant, online matching of five personal identifiers (Name, SSN, Date of Birth, Gender, Death Indicator)

3.  Accurate results to official governmental source records

4.  Absolute validation methodology used for any business purpose:

• Depository accounts
• Loan originations (mortgage, auto, personal)
• Employment (both pre- and post-hire to ensure an authorized workforce)
• Applicants of all types; members, students, clients, patients, tenants, volunteers, etc.
• Fraud investigations / Collections / Special Investigative Units

5.  Premier compliance component for state and federal regulations including CIP,  KYC, FTC Red Flags Rule, Fannie Mae Loan Quality Initiative, Dodd-Frank Wall Street Reform and Consumer Protection Act, and more

6.  Fraud and ID theft protection – reducing losses and net charge-offs, bad hires and unauthorized applicants

7.  For “SSN Randomization” – State of Issuance cannot be determined on SSNs issued since June 25, 2011

Protect Your Vital Interests

The probability is very high that you have current members that used false identifiers to establish their account relationship because an inferior verification methodology did not detect fraud.

Daily across the U.S., Credit Unions are defrauded by identity thieves. Consent Based SSN Verification can spare those institutions, members, and management staffs the anguish and cost of becoming victimized. With fraud and identity theft in the billions of dollars annually, with credit thieves continuing to exploit the system, and with a down economy that causes people to perpetrate crimes that they might not otherwise, CBSV should no longer be optional, but part of your due diligence processes. Credit Unions are prime targets poised to be victimized unless they implement a CBSV strategy.

Charles “Chuck” Salvia is a CBSV subject matter expert and Vice President at Computer Information Development LLC (CID), a provider of fraud detection, prevention and remediation services to the financial community. He works with Credit Unions in the battle against fraud risk and associated losses through education, training, and providing access to the Social Security Administration’s Master File through their Consent Based Social Security Number Verification (CBSV) service.  www.idvalidation.net