Fraud isn’t new—particularly in the financial services industry. But, lately, we are seeing a rise in the sophistication of attacks. It’s critical to understand various types of fraud in order to effectively detect and protect against them. Protecting against these types of attacks reduces the risk of financial loss, improves trust and safety on your platform, and frees up your team to focus on onboarding more legitimate new customers.
According to a recent survey of fraud executives by the Aité-Novarica group, synthetic identity fraud ranks as the number one threat they are most concerned about in the near future.
What is a synthetic identity?
A synthetic identity is a fake identity that combines real personal information, like a Social Security number, with fraudulent or fabricated information. Fraudsters often create synthetic identities to pass identity verification checks when signing up for financial services, like bank accounts or loans.
Not all synthetic identities are created to defraud people or financial institutions. Sometimes, people without access to required documentation or credit history create synthetic identities so they may apply for loans or open bank accounts. These scenarios can arise without the intent to defraud anyone simply because it’s the only option available. Nonetheless, synthetic identities are fraudulent and are not a legitimate solution.
Why are synthetic identities becoming more common?
Synthetic identities and synthetic identity fraud have become more common in recent years. While there are a few reasons for the increase, the tremendous amount of personally identifiable information (PII) data available on the dark web has made third-party synthetic ID theft easier.
What’s more, after the Social Security Administration (SSA) decided to randomize social security number (SSN) assignments, anti-fraud systems that used algorithms based on the SSA’s formula to assign SSNs could no longer quickly spot fake SSNs. While the initiative was designed to help prevent fraud by making the numbers less predictable, the move inadvertently made it more difficult for fraud detection systems to suss out fake identities.
→Ready to prevent synthetic identity fraud? Get started with Plaid Identity Verification.
Should I be concerned about synthetic identities?
Synthetic identities are a growing concern because they are difficult for identity verification platforms to find and prevent before a crime has occurred. In some cases, fraudsters may wait years and in the process, build up a legitimate financial history, before committing any kind of fraud. In many cases, synthetic identities are used to defraud financial services platforms, rather than individual users.
How does synthetic identity theft occur?
After a fraudster has built up a credit history based on real and fake information—such as a deceased person’s Social Security Number and a made-up address—these bad actors may defraud a financial institution, then use the real and verifiable elements of their synthetic identity to claim identity fraud.
Another common tactic is “piggybacking”, where someone adds a synthetic identity to an established credit profile, oftentimes inheriting the positive credit history.
Find out how much identity verification is worth to your organization
Prevent fraud, win users, and protect your bottom line
How big is the threat of synthetic identity fraud?
The impact of synthetic identity theft is hard to measure. Synthetic identity fraud can be hard to detect, and once it’s discovered, there’s no standardized process for how those losses are recorded. Some banks may record the loss as a credit loss, while others may account for the loss as third-party fraud.
Estimates cited by the Federal Reserve pegged the losses at $6 billion per year or roughly 20% of credit losses. And that was back in 2016. In the subsequent years, the threat has likely grown.
How can you prevent synthetic identity fraud?
There are a few crucial ways to prevent synthetic identity fraud. Plaid mitigates the risk of synthetic identity fraud by:
Evaluating multiple sources of identification. For example, data source, documentary, and liveness.
Data source: Does the person know their basic personally identifiable information (PII)? Does it match an authoritative source?
Documentary: Does the person physically possess an authentic government-issued ID document?
Liveness: Can the person, using their mobile phone camera, follow a few instructions to prove they are live?
Using sophisticated neural networks, while completing the steps above, Plaid can:
Use Optical Character Recognition (OCR) to confirm that the information included in the data source verification matches the information on the government-issued document.
Use facial matching to confirm that the face captured during the liveness test matches the photos on the government-issued ID document.
Use best-in-class selfie verification to confirm that the person in the liveness check is real and not, for example, a printout of someone’s face. Plaid Identity Verification looks at factors like skin reflectivity, patterns seen on screens, signs of image manipulation, etc.
Confirm that the person has active accounts online, like a valid email address and phone number, and social media accounts.
Use our proprietary Identity Verification Network Explorer to alert you to repeated ID verification attempts from a single IP address, device, and more.
Behind the scenes, Plaid runs a host of fraud checks to detect other flags that may be indicative of fraudulent activity.
→Ready to prevent synthetic identity fraud? Get started with Plaid Identity Verification