Synthetic fraud is the fastest growing form of fraud in the financial services industry today. Ramakanth Chowdavarapu (pictured below, left) Head of Credit and Fraud Risk at Railsr, North America, takes a look at what is meant by synthetic fraud and how the industry is fighting back.
It was back in 2015 when a new kind of sophisticated fraud emerged in the US. It was this year when the introduction of chip enabled cards across the US resulted in a significant reduction in credit card fraud through skimming. Up until then, this had been one of the major sources of credit card fraud.
However, there was a downside to this achievement. Starting in late 2015 fraudsters changed their focus to application fraud, primarily through identity theft and synthetic fraud.
Unlike identity theft where an entire identity is stolen and used to defraud organizations and victims, synthetic fraud generally lacks a consumer victim.
A synthetic identity is a combination of fabricated credentials where the implied identity is not associated with a real person. This makes it harder to identify this form of fraud as organizations receive no alerts from the victims.
Worryingly, the current system used by the financial industry, based on reporting consumers to bureaus and inturn using the information from the bureaus to provide additional credit, actually helps the fraudsters. This is because it actually creates legitimacy to these identities over time and undermines the integrity of the system.
Looking at synthetic fraud itself, there are actually two main forms:
identities created using some parts of real identities combined with other fictitious information - manipulated identities, first-party synthetics, for example, using a real person's name and address and other identifying documents with a fictitious social security number (SSN);
complete fictitious identities created using non existent identities - fabricated identities, third-party synthetics.
First-party synthetics are generally created by individuals with bad credit history and trying to access credit by mostly using their real identities - such as name, date of birth, Identification documents - combined with a fake SSN. These identities are much easier to identify as they clash with their real identities and a good fraud investigator with proper investigation tools will be able to weed them out.
Third-party synthetics are generally linked to fraud rings and perpetrated on a large scale. Let’s examine some of the ways these identities are created:
fraudsters create a fake identity and get an authorized user card in the name of the fake identity. This not only helps to create good credit history for this profile, but also creates legitimacy for this identity through the bureau reporting of the identity by the financial institutions;
creating a fake identity and then applying for credit, in this scenario even though the request for credit is denied, bureau creates a profile for the requestor, thus creating an identity;
synthetic identities using a minor's SSN. In this scenario, fraudsters create a fake identity around the social security number of minors and use it for acquiring credit.
The credit card industry first started taking notice of this trend in late 2015 and early 2016, when credit card delinquencies started increasing and most of the increases were coming in higher credit score bands (FICO/Vantage >740).
There were no tools commercially available at that time to address these increases. Banks initially responded by tightening access to credit, through credit declines and lower lines, to everyone with limited time on bureau and exhibiting hunger for credit through a large number of credit inquiries.
This worked in the short term to reduce the delinquencies, but the tool was too blunt and was hurting legitimate business. Additionally, fraudsters adapted to these changes in rules and started letting these identities age before applying for additional credit.
As the problem worsened, several players in the industry came up with products to contain synthetic fraud. Various methods are currently used by different commercial players to identify synthetic fraud.
At a high level these are the features these commercial players and credit card providers are using to catch synthetic fraud.
Looking at the whole profile of the person beyond the credit profile and asking, does this identity have a life outside the credit file, such as:
social media profiles;
birth records;
property records.
Is there a group of identities using, or sharing some of the features of the profiles, such as fraud rings/networks:
multiple applicants using same address;
multiple applicants using same phone number;
multiple applicants using same identifying documents;
multiple applicants using same bank account, or routing combinations;
multiple applicants using same IP address, or devices;
Behavioral biometrics, based on the way the person responding to the application in line with the response for a normal person:
is the typing speed correlates to age of the applicant;
Is the time taken by the applicant in filling certain fields of the application indicate unusual behavior - for example, is the applicant taking the same time to enter a name, or an ID).
Customized bureau age and score parameters:
does the age on bureau of the applicant changes significantly if the authorized user-trades are removed;
does the credit profile of the applicant changes significantly if the authorized trades are removed;
does the age of the credit file seem appropriate given the age of the applicant?
eCBSV (electronic Consent Based Social Security Verification)
verify if an individual’s SSN, name, and date of birth combination matches social security records;
the golden source for all social security numbers is the database maintained by the social security administration, which issues social security numbers in the first place.
With all the techniques employed above, the industry is starting to make inroads into the fraudsters' malicious attempts to part people with their money. Yet, even though the industry has made progress, the threat is still growing, mainly because behind it are organized crime rings, which are increasingly resourceful and sophisticated.
Here at Rails, we combine our knowledge of fraud detection with advanced analytical capabilities and smart use of market leading tools, to deliver a robust data driven approach to synthetic fraud detection for our clients.
Overall, the situation is challenging. In the “The State of Fraud And Financial Crime In the U.S,” a PYMNTS and Featurespace collaborative report, it was concluded that: “Nearly two-thirds of FIs reported an increase in fraud attacks using credit cards. This occurred in tandem with an overall increase in fraud for most FIs. Criminals’ approaches are becoming more sophisticated, and most FIs consider this a problem.
“Our research showed that most FIs saw criminals increasingly using sophisticated methods to target their organizations and clients as a significant problem in their efforts to fight financial crime. Approximately one-quarter of the largest FIs by asset size consider this the most important challenge they face.”
We are in a war with fraudsters, a constant battle to keep ahead of those determined to steal and commit fraud, but, overall, progress is being made and that has to give us a great deal of confidence for the future.
Synthetic fraud will be a key topic of discussion on the Railsr stand (5231) at Money 20/20 US in Las Vegas.
For anyone wishing to meet the Railsr team at Money 20/20 USA, please see here.