Skip to main content

Synthetic Identity Fraud: Prevention & Detection Tips for Financial Institutions

Patrick Thomas, CFE, CAMS
March 4, 2022
Read Time: 0 min

Synthetic ID fraud is growing quickly and hurts FIs and customers

Knowing the schemes associated with synthetic identity fraud and how criminals avoid detection can help minimize losses.

 

Would you like other articles like this in your inbox?

Synthetic ID Fraud
The growing threat to financial institutions

Synthetic identity fraud, or synthetic ID fraud, is a growing form of identity theft in which an individual is impersonated by using stolen information. Synthetic identity fraud is also the fastest-growing type of financial crime in the U.S.

The most common method for developing a synthetic identity scheme begins with the theft of a Social Security Number (SSN). Once a SSN is stolen, it is combined with fake information (such as a fictitious name, address, and date of birth) to create an artificial, or synthetic, identity. The intent of creating the synthetic identity can vary greatly, from creating a credit profile to human trafficking.

The following schemes are associated with synthetic identities:

  • Piggybacking. 
    Piggybacking is a method of using an individual's credit for gain. In this scheme, a fraudster will attach their synthetic ID to an unsuspecting individual's credit by becoming an authorized user on some of the victim's credit accounts. The fraudster is "piggybacking" onto a valid credit account and establishing good credit for the synthetic identity. Once the credit is established, the fraudster can use it to obtain additional credit in bust-out schemes.
  • Bust Outs.
    Bust outs are considered one of the more challenging forms of synthetic ID fraud to catch because they are developed slowly, over a long period of time. In this scheme, the criminals take months or even years to establish a good credit history with the synthetic identity. Once credit has been established, significant changes are made using that profile, such as obtaining credit line increases and maxing out available credit with no intention of repaying the charges. Eventually, the identity is abandoned, leaving the creditors and financial institutions on the hook for those losses.

A recent example of a bust out scheme was a nationwide operation that resulted in a Great Valley, N.Y., man pleading guilty to multiple felonies, including money laundering, for his role in a national fraud ring that resulted in the theft of more than $1 million from financial institutions. Adam D. Arena, previously of California, was sentenced to 48 months in federal prison and ordered to make $1.3 million in restitution to Synchrony Bank, according to the U.S. Dept. of Justice.

Investigators had found evidence that more than 20 synthetic identities had been created and used to fraudulently obtain loans and credit card accounts from 19 different financial institutions, according to a press release by the Suffolk County New York District Attorney's office announcing Arena's guilty plea. Once the synthetic identities accumulated positive credit reports, participants in the scheme used the identities to fraudulently obtain loans and credit card accounts, then used the accounts to the maximum amount without paying the balances.

The largest ever bust out case to date? A $200 million international fraud scam uncovered in 2013 involving more than 7,000 synthetic identities and tens of thousands of credi cards. The leader was sentenced to 80 months in prison, five years of supervised release and a $25,00 fine after pleading guilty to one county of conspiracy to commit bank fraud.

You might also like this webinar on disrupting financial and cyber crimes.

WATCH

Other ways fraudsters profit from synthetic identities

In addition to the methods above, fraudsters have found other ways to profit from synthetic identities, including:
  • Selling. Synthetic identities have been sold to undocumented workers and criminals, giving those individuals a means to live and work in the United States and even to apply to receive benefits like federal Supplemental Security Income (SSI) and healthcare.
  • Multiplying. Criminal enterprises will purchase or create synthetic identities in bulk to facilitate multiple schemes simultaneously. This dramatically increases the losses associated with synthetic identities.
  • Evasion. Felons have used synthetic identities to evade law enforcement and avoid prosecution. Fraudsters and felons can use multiple synthetic identities to continually move from area to area using each identity to avoid detection methods.
Customer, Regulatory, Financial
Synthetic identity fraud: Scope and impacts

According to Aite Group, identity theft accounted for an estimated $721.3 billion in financial institution losses in 2021. In its report, “Synthetic Identity Fraud: Diabolical Charge-Offs on the Rise,” the firm estimates unsecured U.S. credit product losses due to synthetic identity fraud will increase from $1.63 billion in 2019 to $2.42 billion by 2023. Until financial institutions implement synthetic identify fraud detection methods to prevent synthetic identity fraud, they should expect this number to increase.

Preventing synthetic identity fraud impacts the bank, credit union, or non-bank financial institution beyond minimizing losses. Other factors to consider when making the case for investing in anti-money laundering and fraud prevention solutions and programs include:

  • Customer impact and experience
  • Regulatory considerations
  • Preventing costs associated with collections efforts tied to losses
Difficult to Detect
Synthetic ID fraud prevention for financial institutions

Because synthetic identity fraud is difficult to detect, due diligence and monitoring by financial institutions are the best methods of prevention. Following are some prevention tips and steps institutions can take to ensure they are protected from future losses associated with this growing fraud:

Increase onboarding requirements

Banks, credit unions, and non-bank financial institutions have made it easier for consumers to apply for credit and open accounts to stay competitive. Unfortunately, by making this process easier for legitimate customers, they have inadvertently made it easier for fraudsters to take advantage of them.
The challenge for financial institutions is to make the process more challenging for fraudsters, but not legitimate applicants. One way to accomplish this is to make more lucrative transactions burdensome for fraudsters – requiring additional sources of proof of identity and employment that can be independently verified.

Assuming the financial institution has followed all BSA requirements for a Customer Identification Program (CIP) and the fraudster still established a new account with a synthetic identity, fraud detection is nevertheless possible with appropriate policies and systems.

Take a multi-layered approach to detection

According to a 2019 Federal Reserve Payments Fraud Insights whitepaper, Institutions should implement a multi-layered approach to combat synthetic identity schemes.

A multi-layered approach should begin with detection tools that will alert when multiple accounts utilize the same SSN. In addition, detection tools should alert when multiple account applications originate from the same I.P. address or device.

In addition, the multi-layered approach can include law enforcement and financial institutions sharing information about threats and trends by using the 314(b) information-sharing authority, the Fed said in its whitepaper. FinCEN's recent Fact Sheet clarifying the circumstances under which financial institutions can share information under 314(b) of the USA Patriot Act explains that information sharing is permissible under the program if the financial institution suspects that the subject activity, customer, or account is tied in some way to terrorist acts or money laundering.  In other words, the institution does not need to conclusively determine that an activity is suspicious to share information.

Utilize monitoring software

Utilizing monitoring software with properly calibrated detection tools can detect specific outliers, anomalies, spikes, and velocity scenarios, in a financial institution's data. Those outliers can be used to uncover potential trends associated with the use of synthetic identities.

When fruadsters use synthetic identities to open new accounts, they will commonly target mortgages, student loans, and car loans, in addition to credit cards, according to the 2019 Identity Fraud Study from Javelin Strategy & Research.

Some potential warning signs of new account fraud that could be connected to synthetic identity fraud include:

  • When an account that has been open less than a year has spikes in the number of transactions – either during the first couple of months after opening, or then and again during the next several months.
  • When an account opened less than a year has large increases in the amount of individual transactions, such as ACH credit transactions, wire transfers, or cleared checks, and when those amounts continue to increase over time. This could potentially indicate the account is being used for corporate account takeover fraud and should be investigated.
  • When a new account requests multiple lines of credit or loans and quickly begins utilizing them to their maximums

Conclusion

Synthetic identity theft is a genuine, increasing threat to financial institutions. Undetected, it has and will in the future cause significant losses to financial institutions worldwide. It is vitally important for banks, credit unions, and non-bank financial institutions to create an added layer of protection for their customers and their institutions. They can do this through increased due diligence and the use of BSA/AML and fraud-monitoring software and services that are calibrated to the rising threat of synthetic identity fraud.

Stay up to the date on emerging fraud trends
See this Customer Due Diligence Checklist to help strengthen your institution's program.

keep me informed Download
About the Author

Patrick Thomas, CFE, CAMS

Risk Management Consultant
Patrick Thomas is a Risk Management Consultant with Abrigo in the Advisory Services Group. He has over 20 years of Risk Management and Compliance experience working in both the Mortgage and Banking industries. In his career, he has worked as a Fraud Manager, AML Compliance Officer and Lead Government Mortgage

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!