synthetic identity Archives

In the following Q&A, we learn all things synthetic fraud, from risk mitigation to what businesses can do now to effectively combat this new challenge for global businesses.

What is synthetic fraud and how does it differ from fraud?

Synthetic fraud is a type of fraud where a falsified or manipulated identity is used to open consumer and business financial services accounts. It’s very different from ID theft because there’s no victim that comes forward to claim their identity has been stolen. As a result, synthetic identities go undetected for years. So, not only does synthetic fraud cost banks and lenders billions of dollars a year in losses, but these identities facilitate all sorts of criminal activities.

How is Sentilink revealing the risks of synthetic fraud (Through a report, through research, through other means)?

SentiLink offers several solutions that credit unions prevent synthetic fraud.

Synthetic Scores: SentiLink’s Synthetic Scores product indicates the likelihood that an identity is synthetic. Synthetic Scores are made available to clients via API or a user-friendly Dashboard.

Manifest – Manifest is the identity data leveraged by the machine learning algorithm that generates SentiLink’s Synthetic Scores. This dataset includes information from the credit bureau, utility records, the death master file, as well as phone and email data. SentiLink enriches this identity data and makes it available in the Manifest product via API and the Dashboard. Clients can incorporate Manifest in their proprietary models or utilize the data to investigate individual cases via the Dashboard.

eCBSV – For the first time ever, it’s possible to validate Social Security numbers with the Social Security Administration’s database of SSNs in real-time using eCBSV. With applicant consent, financial institutions can send their applicants’ names, dates of birth, and SSNs to SentiLink via API and receive a match or no-match response within milliseconds. This service enables lenders who have historically required SSA-89 forms, such as mortgage lenders, to shave days off the loan origination process.

Why is synthetic fraud more of a risk to credit unions rather than to other establishments?

To be clear, synthetic fraud is a risk to all financial institutions. But, some credit unions may think that the membership requirements to join are a deterrent to synthetic fraud. But, we’ve seen that fraudsters are able to become members and get loans from credit unions.

What could credit unions be doing that would help them lessen the risk of synthetic fraud?

There are several things credit unions can do:

Education is the first step. The Federal Reserve wrote 3 white papers on synthetic fraud that are very informative.

Pay special attention to the Social Security number of applicants applying. If the SSN was issued in a state where the applicant doesn’t have address history, this is a potential red flag. If the SSN was issued in a year that’s different than the date of birth, this is a potential red flag. It doesn’t necessarily mean a synthetic identity is being used to apply, but these are scenarios that potentially warrant additional verification. Validating the SSN using an SSA-89 form or eCBSV is a smart approach.

Labeling losses according to the type of fraud is also important. Knowing whether a loss was due to ID theft, synthetic fraud, and other types of fraud will enable a credit union to measure losses due to each type of fraud and learn how to recognize similar identities when they apply.

What are the 7 synthetic identities and how does it work/identify?

Perhaps I should clarify the statement, “1 in 7 synthetic identities has a credit line from a credit union.” SentiLink has tagged over 100,000 synthetic identities. We have a subset of these identities where we can see what financial institutions gave these fake consumers a loan. Our analysis showed that 1 in 7 of these synthetic identities had a loan from a credit union. The point we were trying to make is that credit unions are at risk for synthetic fraud just like other banks, fintechs, and lenders.

What do you mean by “tradeline from a credit union with balances 2/5X higher?

We looked at the loan size that credit unions issued to these synthetic identities and compared them to the loan size that they gave to non-synthetic identities and found that the balances issued to synthetic identities were significantly higher. So, the credit unions lost a lot more money when issuing loans to synthetic identities. This is another reason why credit unions should work to identify synthetic identities before they become members, so they don’t experience these losses.

What are the risks to a credit union in regard to synthetic fraud?

The risks are losses and compliance. As mentioned above, synthetic identities cause significant losses to financial institutions. But, there is also the regulatory requirement to Know Your Customer. KYC solutions can’t detect synthetic identities, and as regulators become more aware of this issue, their expectations around what constitutes appropriate KYC measures is likely to change. If credit unions are issuing loans to synthetic identities, they aren’t conducting appropriate due diligence to know their customer. Their ability to comply with KYC requirements will suffer if they don’t address synthetic fraud.

What are the warning signs that credit unions should pay attention to?

Certainly, upticks in losses can be a sign of increased synthetic fraud. But, also things like the same address being used frequently to apply for loans can be a sign that a group of fraudsters is attacking a credit union.

What do you see as the future of credit unions in relation to this type of fraud?

Synthetic fraud is going to be an issue for credit unions for the foreseeable future. Unlike id theft where fraudsters steal an identity and have to quickly take out a loan, take the money and move on, synthetic identities can be used over and over again for a very long period of time. And, synthetic identities are easy to create so it’s something credit unions are going to have to learn about in order to detect and stop them from impacting their business.

__________________________________________________________________

Sarah Hoisington is head of Marketing at SentiLink, a fraud protection tech firm helping financial institutions and government agencies.

Most banks and lenders are well aware of how synthetic identities can be used to fraudulently open a bank account and secure a credit card or other type of loan. According to McKinsey, synthetic identity theft is the fastest-growing type of financial crime in the U.S., accounting for 10–15% charge offs in a typical unsecured lending portfolio.

The U.S. government now has synthetic identities on their radar thanks to the Paycheck Protection Program (PPP). Many manipulated and fabricated identities were used to apply for these government loans in 2020.

The amount of fraud executed through the PPP program is still being tallied but there have been notable pending cases that show synthetic identities were used.

There are many factors that enabled fraudsters to take advantage of PPP loans including the speed of issuance, loosened credit criteria, and financial rewards for all involved with little downside risk. Below is a discussion of the evolution of the PPP and the elements that contributed to fraud.

PPP — How Did We Get Here?

When the U.S. economy largely shut down as a result of responses to COVID-19, the government put programs in place to help small businesses weather a major turndown. Nearly half of the U.S. workforce is employed by a small business. Helping these companies continue to pay workers was critical to maintaining a viable economy.

The Coronavirus Aid, Relief, and Economic Security (CARES) Act was passed on March 27th, 2020. This over $2 trillion economic relief package was intended to protect Americans from the public health and economic impacts of COVID-19.

The PPP was established by the CARES Act and was implemented by the Small Business Administration with support from the Department of the Treasury. This program provided small businesses with funds to pay up to 8 weeks of payroll costs. Funds could also be used to pay interest on mortgages, rent, and utilities. The PPP, specifically, was authorized to fund up to $659 billion of these small business expenses.

Faced with having to distribute over half a trillion dollars within a few short months, the SBA enlisted the help of banks and lenders. The private sector was also tasked with the vetting and funding of applications, a process which the Treasury Department encouraged lenders to complete in as little as a day.

Getting money into the hands of small businesses quickly was vitally important. Claims for unemployment benefits catapulted to over 3 million the week of March 21st from a weekly average of 200,000 for months prior.

To facilitate rapid distribution, the stringent requirements to qualify for funding established at the beginning of the program were relaxed over time. For example, the need to verify an applicant’s tax records and payroll documentation was eliminated.

The huge loan sizes (up to $10M per loan) combined with urgency and relaxed standards drew the attention of fraudsters. “Any time you have large amounts of federal aid available, it’s going to bring out all the bad guys,” said Kathryn Petralia, co-founder and the president of Kabbage, an online lender that handled 297,000 loans for the program.

The PPP ended August 8th and by then, $525B had been distributed to over 5M businesses by nearly 5500 banks and lenders.

PPP — Revenue Boost For Banks & Lenders

Those who were approved by the SBA to administer funds were well rewarded, and there was no penalty for issuing loans to fraudulent entities. Banks and lenders were paid fees for each loan issued plus 1% interest on PPP loans they held that weren’t forgiven. Many banks could earn as much from the PPP loans as they reported in net revenue for all of 2019, according to analysis from S&P Global Market Intelligence.

Below is a sampling of the fees estimated to be earned by some of the largest banks involved in issuing PPP loans.

In pursuit of these fees, lenders were incentivized to fund as many loans as possible. Given the competition for funding loans, those that had the least friction got most of the applications — and likely most of the fraud.

PPP and Fraud—Stay Tuned

While millions of small businesses were helped by the PPP program, work is ongoing to figure out how much money may have been disbursed to fraudulent accounts.

Anecdotal evidence suggests a significant amount of money was issued to illegitimate applicants:

-The Small Business Administration’s fraud hotline, which received fewer than 800 calls last year, has already had 42,000 reports about coronavirus-related fraud.

-The Justice Department has made at least 41 criminal complaints in federal court against nearly 60 people, who collectively took $62 million from PPP by using what law enforcement officials said were forged documents, stolen identities, and false certifications.

-The Treasury Secretary, Steven Mnuchin, said the Treasury Department would review every loan over $2MM to determine if funds were disbursed fraudulently.

While the work above addresses funds already disbursed, the real story will likely emerge as small businesses apply for forgiveness. In order to get PPP loans forgiven, small business owners have to show proof that at least 60% of the money was used for payroll and the rest for other permitted expenses. Falsifying these records will result in hefty penalties. However, fraudsters with malicious intent have presumably already taken their PPP money, and are unlikely to apply for forgiveness, leaving the SBA responsible for reimbursing banks.

To be clear, a wide variety of fraud schemes were likely pursued to secure PPP funding. The most grievous method was to create fictitious businesses, proprietors, and employees to effectively steal U.S. taxpayer money. The less black and white forms of fraud include companies that spent the funds on non-compliant expenses and companies that leveraged organizational structures to obtain more funding.

The fact that synthetic identities were created to steal PPP dollars demonstrates the pervasiveness of this type of fraud. Synthetic identities have infiltrated financial services and are clearly being used to take advantage of government programs. This type of fraud is not bound by any vertical or medium. Any product or service that requires identity verification is potentially susceptible to synthetic identity fraud.

______________________________________________________________

Sarah Hoisington is head of Marketing at SentiLink, a fraud protection tech firm helping financial institutions and government agencies.

SentiLink Shares What Businesses Should Know About Synthetic Fraud in Exclusive Q&A

most viewed today