Top 3 questions from our web seminar: Tackling synthetic identity fraud head-on
ID Analytics recently participated in a web seminar hosted by American Banker, Tackling synthetic identity fraud head-on where we discussed best practices for optimizing detection and prevention strategies to combat synthetic identities. During the live presentation, there were numerous questions from attendees regarding how synthetics are slipping through current defenses and what can be done to mitigate the problem without sacrificing innovation or a good customer experience. We thought we’d share the most-asked questions and the responses with you here.
Q: Friction is inherently associated with combatting fraud. How do you manage fraud while still differentiating your business through innovation and removing friction points with consumers to improve the user experience?
A: Often, the only approach that can be taken against suspected synthetics is to place a series of high-friction requirements in front of the applicant. For example, requesting sensitive documents like birth certificates or social security cards.
Using these high-friction methods to combat fraud can run counter to financial services industry movements to improve the customer experience and embrace innovation. An argument can be made that the industry has failed to innovate a more efficient form of identity proofing – a definitive means of proving someone is who they claim to be – which is imperative for detecting synthetic identities.
Currently, predictive modeling is the best option for combatting synthetic identities while protecting the consumer. If it is necessary to impose friction on suspected synthetic applicants, you will want to be as precise as possible AND be able to adjust the percentage of applicants placed through the review process as the threat evolves. Predictive models deliver on both, and while the end format (often a three-digit score) may feel similar to other solutions that have been around for some time, the data science behind these models is growing at a break-neck pace. It’s an unassuming and effective form of innovation that companies can embrace in attacking synthetic identities.
Q: Are these fictitious identities using fake Social Security numbers (SSNs)? If so, how are they getting past solutions which purport to verify SSNs?
A: Many synthetic identities assert fake SSNs because validating the legitimacy of SSNs not known to be issued prior to 2011 has become increasingly difficult.
Before 2011, ID Analytics and many other providers could validate the legitimacy of SSNs, because the Social Security Administration (SSA) followed a highly sequenced and well communicated process for issuing them. At a high level, it was possible to know whether and when any SSN on an application had been issued.
In 2011, the SSA moved away from that sequenced process and began issuing SSNs randomly – removing the industry’s ability to determine whether an SSN on a new application had legitimately been issued. In response, individuals submitting synthetic identities on credit applications started to abuse this loophole – asserting SSNs which couldn’t be properly validated.
The recent regulatory action referenced in the web seminar seeks to establish a process for the SSA to directly validate whether an SSN/date of birth/name combination is valid. Until this process is established, the difficulty validating SSNs will continue to be one of the key reasons synthetic identities are successfully slipping through fraud risk screenings.
Q: What solutions do you suggest for financial institutions to manage synthetic identity fraud applications in their existing portfolio/accounts?
A: This is an important issue that often gets overlooked. While there are many solutions designed to combat synthetics at account opening, it is equally important to monitor portfolios for synthetic identities whose account applications have already been approved and are waiting to ‘bust out’.
It’s a great practice to run “synthetic portfolio scrubs” – sending a batch file of existing accounts through the various synthetic identity screens you leverage at underwriting to look for threats which weren’t obvious at account opening. Ideally, the first scrub would identify the majority of synthetics on a lender’s books, but it’s critical to continue to run these files every few months. While a synthetic identity may not have been obvious at the time of application, in the intervening months activity around that identity or its contact information could reveal their true nature, allowing you to freeze the account and investigate.
To get the full run-down of content and questions covered during the web seminar, access the on-demand version of Tackling synthetic identity fraud head-on.