Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/12/2019
10:00 AM
Kathleen Peters
Kathleen Peters
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The Fight Against Synthetic Identity Fraud

Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.

Synthetic identity fraud — a type of fraud attack carried out by criminals who have created fictitious identities — continues to be a vexing challenge for many financial institutions and retail organizations, even prompting a recent white paper by the Federal Reserve. At the same time, many remain optimistic that initiatives on the near horizon may severely disrupt fraudulent behavior. Most notably, the Social Security Administration's electronic Consent Based Social Security Number Verification service — the pilot program scheduled for June 2020 — is designed to bring efficiency to the process for verifying Social Security numbers directly with the government agency. That said, criminals still have a window of opportunity to maximize their inventory of synthetic identities before the program kicks in.

It typically takes fraudsters approximately 12 to 18 months to create and nurture a synthetic identity prior to "busting out" — the act of attempting to build a credit history, with the intent of maxing out all available credit and eventually disappearing. That means fraudsters are investing money and time building numerous tradelines — a term to describe credit accounts listed on a credit report —  to ensure these "fake" identities are in good credit standing in order to steal the largest amount of money possible. Any significant progress in making synthetic identities easier to detect could cost fraudsters significant time and money.

For instance, an organized crime ring may be sitting on a large pool of "developed" synthetic identities. Just like perishable food in a grocery store, these synthetic identities now have an expiration date: June 2020. To monetize as many of these identities as possible, some organized crime rings, as well as other fraudsters, may increase their volume of synthetic identity fraud attacks in the coming months.

With the Social Security Administration's pilot program not scheduled for launch until the middle of next year, how can financial institutions and other organizations bridge the gap and adequately prepare for a potential uptick in synthetic identity fraud attacks? It comes down to a multilayered approach that relies on advanced data, analytics, and technology — and focuses on identity.

Far too many financial institutions and other organizations depend solely on basic demographic information and snapshots in time to confirm the legitimacy of an identity. These organizations need to think beyond those capabilities. The real value of data in many cases lies between the data points. We have seen this with synthetic identity — where a seemingly legitimate identity only shows risk when we can analyze its connections and relationships to other individuals and characteristics. The use of advanced analytics (such as machine learning) and innovative technology (such as device intelligence and behavioral biometrics) can help organizations detect patterns and anomalies that indicate potentially fraudulent behavior.

Additionally, evaluating the historical behaviors and velocity in which basic demographic attributes are used can provide more confidence during the verification process. For example, if a Social Security number is used frequently to apply for credit within a short period of time — particularly with different addresses — it could indicate fraudulent behavior. Once potentially fraudulent behavior is detected, financial institutions need to deploy secondary identity checks prior to a lending decision, such as one-time passocdes or remote document verification.

Beyond the ability to minimize and prevent future losses associated with synthetic identity fraud, proper identity management practices can also save financial institutions money during the prescreen process. Because many synthetic identities appear to have good credit — which can often pass prescreen criteria – if organizations can identify high-risk accounts, it diminishes the cost to review these identities during the application stage.  

While there are programs and initiatives in the works to help financial institutions and other organizations combat synthetic identity fraud, it's important to keep in mind there's no silver bullet — a multilayered approach is required. The evolving patterns in the fraud landscape suggest we may see a burst in activity around synthetic identity bust-out in the coming months. Now is the time to apply additional layers of intelligence to the problem. The use of advanced data and innovative technology will position organizations to more easily identify abnormal behavior and recognize legitimate customers from "fake" ones.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Community Projects Highlight Need for Security Volunteers."

Kathleen Peters is Experian's senior vice president and head of fraud & identity, where she is responsible for the strategic direction of the company's fraud and identity products and capabilities. In 2018 and 2019, Kathleen was named a "Top 100 Influencer in Identity" by One ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Security Pros Value Disclosure ... Sometimes
Dark Reading Staff 9/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I wish they'd put a sock in it.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16691
PUBLISHED: 2019-09-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-16707
PUBLISHED: 2019-09-23
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
CVE-2019-16708
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16709
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16710
PUBLISHED: 2019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.