Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/12/2019
10:00 AM
Kathleen Peters
Kathleen Peters
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The Fight Against Synthetic Identity Fraud

Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.

Synthetic identity fraud — a type of fraud attack carried out by criminals who have created fictitious identities — continues to be a vexing challenge for many financial institutions and retail organizations, even prompting a recent white paper by the Federal Reserve. At the same time, many remain optimistic that initiatives on the near horizon may severely disrupt fraudulent behavior. Most notably, the Social Security Administration's electronic Consent Based Social Security Number Verification service — the pilot program scheduled for June 2020 — is designed to bring efficiency to the process for verifying Social Security numbers directly with the government agency. That said, criminals still have a window of opportunity to maximize their inventory of synthetic identities before the program kicks in.

It typically takes fraudsters approximately 12 to 18 months to create and nurture a synthetic identity prior to "busting out" — the act of attempting to build a credit history, with the intent of maxing out all available credit and eventually disappearing. That means fraudsters are investing money and time building numerous tradelines — a term to describe credit accounts listed on a credit report —  to ensure these "fake" identities are in good credit standing in order to steal the largest amount of money possible. Any significant progress in making synthetic identities easier to detect could cost fraudsters significant time and money.

For instance, an organized crime ring may be sitting on a large pool of "developed" synthetic identities. Just like perishable food in a grocery store, these synthetic identities now have an expiration date: June 2020. To monetize as many of these identities as possible, some organized crime rings, as well as other fraudsters, may increase their volume of synthetic identity fraud attacks in the coming months.

With the Social Security Administration's pilot program not scheduled for launch until the middle of next year, how can financial institutions and other organizations bridge the gap and adequately prepare for a potential uptick in synthetic identity fraud attacks? It comes down to a multilayered approach that relies on advanced data, analytics, and technology — and focuses on identity.

Far too many financial institutions and other organizations depend solely on basic demographic information and snapshots in time to confirm the legitimacy of an identity. These organizations need to think beyond those capabilities. The real value of data in many cases lies between the data points. We have seen this with synthetic identity — where a seemingly legitimate identity only shows risk when we can analyze its connections and relationships to other individuals and characteristics. The use of advanced analytics (such as machine learning) and innovative technology (such as device intelligence and behavioral biometrics) can help organizations detect patterns and anomalies that indicate potentially fraudulent behavior.

Additionally, evaluating the historical behaviors and velocity in which basic demographic attributes are used can provide more confidence during the verification process. For example, if a Social Security number is used frequently to apply for credit within a short period of time — particularly with different addresses — it could indicate fraudulent behavior. Once potentially fraudulent behavior is detected, financial institutions need to deploy secondary identity checks prior to a lending decision, such as one-time passocdes or remote document verification.

Beyond the ability to minimize and prevent future losses associated with synthetic identity fraud, proper identity management practices can also save financial institutions money during the prescreen process. Because many synthetic identities appear to have good credit — which can often pass prescreen criteria – if organizations can identify high-risk accounts, it diminishes the cost to review these identities during the application stage.  

While there are programs and initiatives in the works to help financial institutions and other organizations combat synthetic identity fraud, it's important to keep in mind there's no silver bullet — a multilayered approach is required. The evolving patterns in the fraud landscape suggest we may see a burst in activity around synthetic identity bust-out in the coming months. Now is the time to apply additional layers of intelligence to the problem. The use of advanced data and innovative technology will position organizations to more easily identify abnormal behavior and recognize legitimate customers from "fake" ones.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Community Projects Highlight Need for Security Volunteers."

Kathleen Peters is Experian's senior vice president and head of fraud & identity, where she is responsible for the strategic direction of the company's fraud and identity products and capabilities. In 2018 and 2019, Kathleen was named a "Top 100 Influencer in Identity" by One ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...