In the following Q&A, we learn all things synthetic fraud, from risk mitigation to what businesses can do now to effectively combat this new challenge for global businesses.
What is synthetic fraud and how does it differ from fraud?
Synthetic fraud is a type of fraud where a falsified or manipulated identity is used to open consumer and business financial services accounts. It’s very different from ID theft because there’s no victim that comes forward to claim their identity has been stolen. As a result, synthetic identities go undetected for years. So, not only does synthetic fraud cost banks and lenders billions of dollars a year in losses, but these identities facilitate all sorts of criminal activities.
How is Sentilink revealing the risks of synthetic fraud (Through a report, through research, through other means)?
SentiLink offers several solutions that credit unions prevent synthetic fraud.
Synthetic Scores: SentiLink’s Synthetic Scores product indicates the likelihood that an identity is synthetic. Synthetic Scores are made available to clients via API or a user-friendly Dashboard.
Manifest – Manifest is the identity data leveraged by the machine learning algorithm that generates SentiLink’s Synthetic Scores. This dataset includes information from the credit bureau, utility records, the death master file, as well as phone and email data. SentiLink enriches this identity data and makes it available in the Manifest product via API and the Dashboard. Clients can incorporate Manifest in their proprietary models or utilize the data to investigate individual cases via the Dashboard.
eCBSV – For the first time ever, it’s possible to validate Social Security numbers with the Social Security Administration’s database of SSNs in real-time using eCBSV. With applicant consent, financial institutions can send their applicants’ names, dates of birth, and SSNs to SentiLink via API and receive a match or no-match response within milliseconds. This service enables lenders who have historically required SSA-89 forms, such as mortgage lenders, to shave days off the loan origination process.
Why is synthetic fraud more of a risk to credit unions rather than to other establishments?
To be clear, synthetic fraud is a risk to all financial institutions. But, some credit unions may think that the membership requirements to join are a deterrent to synthetic fraud. But, we’ve seen that fraudsters are able to become members and get loans from credit unions.
What could credit unions be doing that would help them lessen the risk of synthetic fraud?
There are several things credit unions can do:
Education is the first step. The Federal Reserve wrote 3 white papers on synthetic fraud that are very informative.
Pay special attention to the Social Security number of applicants applying. If the SSN was issued in a state where the applicant doesn’t have address history, this is a potential red flag. If the SSN was issued in a year that’s different than the date of birth, this is a potential red flag. It doesn’t necessarily mean a synthetic identity is being used to apply, but these are scenarios that potentially warrant additional verification. Validating the SSN using an SSA-89 form or eCBSV is a smart approach.
Labeling losses according to the type of fraud is also important. Knowing whether a loss was due to ID theft, synthetic fraud, and other types of fraud will enable a credit union to measure losses due to each type of fraud and learn how to recognize similar identities when they apply.
What are the 7 synthetic identities and how does it work/identify?
Perhaps I should clarify the statement, “1 in 7 synthetic identities has a credit line from a credit union.” SentiLink has tagged over 100,000 synthetic identities. We have a subset of these identities where we can see what financial institutions gave these fake consumers a loan. Our analysis showed that 1 in 7 of these synthetic identities had a loan from a credit union. The point we were trying to make is that credit unions are at risk for synthetic fraud just like other banks, fintechs, and lenders.
What do you mean by “tradeline from a credit union with balances 2/5X higher?
We looked at the loan size that credit unions issued to these synthetic identities and compared them to the loan size that they gave to non-synthetic identities and found that the balances issued to synthetic identities were significantly higher. So, the credit unions lost a lot more money when issuing loans to synthetic identities. This is another reason why credit unions should work to identify synthetic identities before they become members, so they don’t experience these losses.
What are the risks to a credit union in regard to synthetic fraud?
The risks are losses and compliance. As mentioned above, synthetic identities cause significant losses to financial institutions. But, there is also the regulatory requirement to Know Your Customer. KYC solutions can’t detect synthetic identities, and as regulators become more aware of this issue, their expectations around what constitutes appropriate KYC measures is likely to change. If credit unions are issuing loans to synthetic identities, they aren’t conducting appropriate due diligence to know their customer. Their ability to comply with KYC requirements will suffer if they don’t address synthetic fraud.
What are the warning signs that credit unions should pay attention to?
Certainly, upticks in losses can be a sign of increased synthetic fraud. But, also things like the same address being used frequently to apply for loans can be a sign that a group of fraudsters is attacking a credit union.
What do you see as the future of credit unions in relation to this type of fraud?
Synthetic fraud is going to be an issue for credit unions for the foreseeable future. Unlike id theft where fraudsters steal an identity and have to quickly take out a loan, take the money and move on, synthetic identities can be used over and over again for a very long period of time. And, synthetic identities are easy to create so it’s something credit unions are going to have to learn about in order to detect and stop them from impacting their business.
Sarah Hoisington is head of Marketing at SentiLink, a fraud protection tech firm helping financial institutions and government agencies.