The walking dead: A study on the use of SSNs belonging to the deceased
From 2018 – 2019 ID Analytics identified a notable increase in the use of Social Security numbers (SSNs) belonging to deceased individuals on new applications within our ID Network®, a unique cross-industry repository of consumer information. ID Analytics executed a data study examining this behavior, which is a known characteristic of identity theft. We discovered that the use of SSNs that belong to deceased individuals to open new credit and service accounts might not be a clear case of identity fraud.
The use of an SSN that belongs to a deceased individual is a tempting way for criminals to commit third-party fraud because the deceased individual cannot report their SSN as being used fraudulently and, therefore, the stolen identity may go undetected for an extended period of time. However, what happens when the wrongful use of a deceased person’s SSN turns out to be unintentional or a mistake?
Our study on the use of deceased individuals’ SSNs in the ID Network examined a sample of credit applications that were approved and accepted. We isolated a subsection of those applications that were submitted using SSNs that were known to belong to people who are deceased.
The analysis found that SSNs belonging to the deceased had a fraud rate that was nine times riskier than the overall population (see Figure 1). These results were not surprising since the use of SSNs of people who have died is a known behavior of identity thieves when applying for credit or services – and logically deceased individuals don’t attempt to open new credit and service accounts.
Figure 1. Fraud risk comparison between the overall study population and those using SSNs of deceased individuals
The interesting finding was that 90.5% of the identified deceased individuals’ SSNs were not recognized as fraud post account opening (see Figure 2), which brings to light whether all applications that contain an SSN belonging to a deceased person should be declined.
Figure 2. SSNs belonging to the deceased are most often non-fraudulent applications
The Death Master File (DMF) is a central record of deaths across the United State compiled by the Social Security Administration (SSA). ID Analytics’ fraud solutions have access to the DMF which helps our clients determine whether an SSN on a credit or service application has been reported as belonging to a deceased individual. However, it can take up to six months for financial institutions, credit-reporting bureaus and the SSA to receive, share or register death records.¹ These gaps in the system may allow fraudsters to slip through the cracks, giving them plenty of time to rack up significant debt while going unnoticed.
Therefore, if an application contains an SSN that belonged to a deceased person, enterprises may decline that individual. Our research revealed that more than 90% of the approved applications containing a deceased individual’s SSN didn’t result in a fraudulent loss to the enterprise. This poses a challenge to enterprises when determining who may be a real customer and who is attempting to defraud the organization.
An important factor to consider is why a consumer would assert an SSN belonging to a deceased individual on a new account application. For example, what if a family has built credit around one individual and when that person dies, the widow/widower is left without a credit history? They may apply for new credit or continue to use an established credit account using the Social Security number of their now deceased spouse without knowing the implications.
Regardless of the circumstance, opening an account using an SSN that does not belong to the individual submitting the application can be problematic. In the case of applications containing the SSN of a deceased individual, remediation may want to be handled on a personal level, due to the potentially sensitive issues why the applicant provided that SSN. The enterprise can call the individual to inquire about the potential error or ask the person to come into the branch to finalize the application. That process can potentially weed out the fraudsters and give the enterprise an opportunity to authenticate the right identity, correct the record and extend credit or services to the consumer, instead of declining them. In these cases, there could be an opportunity to retain or gain a customer, when initially it appeared like a clear case of identity fraud.
We will continue to examine identity fraud detection in the U.S. in 2020 and share our findings in this blog series. To receive automatic updates when we release new research, sign up for our newsletter below. To learn more about these fraud trends watch our on-demand webcast Keeping Pace: How Identity Fraud will Change in 2020.
Kevin King is Head of Marketing at ID Analytics, A LexisNexis Risk Solutions Company
1. AARP.org, https://www.aarp.org/money/scams-fraud/info-03-2013/protecting-the-dead-from-identity-theft.html (accessed November 20, 2020).