Because synthetic identity fraud is difficult to detect, due diligence and monitoring by financial institutions are the best methods of prevention. Following are some prevention tips and steps institutions can take to ensure they are protected from future losses associated with this growing fraud:
Increase onboarding requirements
Banks, credit unions, and non-bank financial institutions have made it easier for consumers to apply for credit and open accounts to stay competitive. Unfortunately, by making this process easier for legitimate customers, they have inadvertently made it easier for fraudsters to take advantage of them.
The challenge for financial institutions is to make the process more challenging for fraudsters, but not legitimate applicants. One way to accomplish this is to make more lucrative transactions burdensome for fraudsters – requiring additional sources of proof of identity and employment that can be independently verified.
Assuming the financial institution has followed all BSA requirements for a Customer Identification Program (CIP) and the fraudster still established a new account with a synthetic identity, fraud detection is nevertheless possible with appropriate policies and systems.
Take a multi-layered approach to detection
According to a 2019 Federal Reserve Payments Fraud Insights whitepaper, Institutions should implement a multi-layered approach to combat synthetic identity schemes.
A multi-layered approach should begin with detection tools that will alert when multiple accounts utilize the same SSN. In addition, detection tools should alert when multiple account applications originate from the same I.P. address or device.
In addition, the multi-layered approach can include law enforcement and financial institutions sharing information about threats and trends by using the 314(b) information-sharing authority, the Fed said in its whitepaper. FinCEN's recent Fact Sheet clarifying the circumstances under which financial institutions can share information under 314(b) of the USA Patriot Act explains that information sharing is permissible under the program if the financial institution suspects that the subject activity, customer, or account is tied in some way to terrorist acts or money laundering. In other words, the institution does not need to conclusively determine that an activity is suspicious to share information.
Utilize monitoring software
Utilizing monitoring software with properly calibrated detection tools can detect specific outliers, anomalies, spikes, and velocity scenarios, in a financial institution's data. Those outliers can be used to uncover potential trends associated with the use of synthetic identities.
When fruadsters use synthetic identities to open new accounts, they will commonly target mortgages, student loans, and car loans, in addition to credit cards, according to the 2019 Identity Fraud Study from Javelin Strategy & Research.
Some potential warning signs of new account fraud that could be connected to synthetic identity fraud include:
- When an account that has been open less than a year has spikes in the number of transactions – either during the first couple of months after opening, or then and again during the next several months.
- When an account opened less than a year has large increases in the amount of individual transactions, such as ACH credit transactions, wire transfers, or cleared checks, and when those amounts continue to increase over time. This could potentially indicate the account is being used for corporate account takeover fraud and should be investigated.
- When a new account requests multiple lines of credit or loans and quickly begins utilizing them to their maximums
Synthetic identity theft is a genuine, increasing threat to financial institutions. Undetected, it has and will in the future cause significant losses to financial institutions worldwide. It is vitally important for banks, credit unions, and non-bank financial institutions to create an added layer of protection for their customers and their institutions. They can do this through increased due diligence and the use of BSA/AML and fraud-monitoring software and services that are calibrated to the rising threat of synthetic identity fraud.