Whether perpetrated by a one-man gang, or an organized crime syndicate, synthetic identity fraud schemes (which involves a mixture of real and fake data to create a brand-new identity that belongs to no one) continues to thrive due in large part to the number and severity of data breaches. Unfortunately, criminals have never had so much stolen data at their fingertips. Since it began tracking breaches in 2005, The Privacy Rights Clearinghouse has reported an astonishing 8,031 breaches, involving 10 billion records. In 2017 alone, we saw several high-profile data breaches that exposed names and social security numbers for millions of Americans.
With a seemingly never-ending supply of stolen data on the dark web, which in turn drives down the cost to purchase the PII needed to create a synthetic identity, what can we expect in terms of fraud in second half of 2018 and beyond? According to a recent report from Javelin, 16.7 million people experienced identity fraud in 2017, which is a record high and an 8 percent increase over 2016. The Javelin study also noted the continued migration of fraud from face-to-face to online, due primarily to the adoption of EMV.
And that’s where synthetic fraud comes in to its own. Given the anonymity that the online environment provides, when a criminal presents a synthetic identity online, absent the tools to pierce the veil shrouding the identity’s true nature, synthetic fraud prospers.
With so much customer data trading on the criminal underground, coupled with the increase in online transactions, it’s not surprising that 58% of organizations surveyed for IDology’s Fifth Annual Fraud Report reported they were “extremely worried” or “very worried” about synthetic identity fraud in particular. Survey participants also rated synthetic fraud as the number one problem their industry is least prepared to handle. This infographic details some additional stats from the Fraud Report (click to see the full-sized image).
Why are companies so concerned about synthetic identity fraud? From our perspective, that concern often stems from the challenges that come with using legacy identity verification solutions in detecting synthetic schemes, and the loss of revenue when a company inadvertently denies a legitimate customer credit.
When an individual’s Social Security number ends up in the hands of criminals, it’s a torturous process to request a replacement. Even if someone replaces their Social Security number, a subsequent breach may expose it. Nonetheless, while millions of real Social Security numbers exist on the black market, there’s nothing stopping criminals from making up numbers that appear legit, or match a real Social Security number.
That’s what makes synthetic identity theft so difficult and demanding to detect. Criminals can mix and match a real or fictitious Social Security number with the types of information leaked during a breach such as name, addresses, birth dates, and driver’s license numbers to create an almost infinite number of synthetic identities.
With access to vast amounts of stolen data, and increasingly sophisticated criminals with the ability to perpetuate synthetic schemes, in our “post-data breach” world, financial institutions need to think beyond static identity matching. The best way to detect and prevent fraud is to utilize a multi-layered identity verification system that examines a multitude of identity attributes that go beyond readily available PII. From our experience, stopping synthetic fraud starts when financial institutions embraces a new approach to identity verification.
To learn more about deterring synthetic identities, download our free whitepaper: Combating Synthetic Identity Fraud.