Risk & Fraud

Synthetic Identity Fraud Defined – Improving Risk Mitigation for Financial Institutions

By: Jack Lynch, Chief Risk Officer, PSCU, and President, TriVerity & The Loan Service Center

Synthetic identity fraud is reported to be one of the fastest-growing types of financial crimes in the U.S., costing financial institutions billions in losses annually. To help better identify and mitigate this type of fraud, the Federal Reserve recently announced an industry-recommended definition of synthetic identity fraud. The definition was developed by a payments industry focus group of 12 fraud experts, which I’m honored to have been a part of, in response to a widespread issue of differing definitions in use, making it challenging to properly identify.

The industry-recommended definition of synthetic identity fraud (SIF) is the use of a combination of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain. The Federal Reserve and focus group members envision that a consistent definition for synthetic identity fraud will help the industry understand what constitutes this type of fraud and its impact on consumers, financial institutions and the overall U.S. payments system.

The Growing Need to Define Synthetic Identity Fraud

Since my previous blog on synthetic identity fraud nearly two years ago, awareness has grown around this emerging threat. Historically, many cases occurred when accountholders would seemingly stop paying and the accounts would classify as charged-off accounts, when actually, they were synthetic fraud events. Since the onset of the COVID-19 pandemic, this type of fraud has expanded, due to the rise in ecommerce and consumers setting up payment accounts online.

More financial institutions are now providing better tools and processes to validate that they are entering into agreements with actual people at account opening. However, action has bred inconsistency, with financial institutions taking different views on what synthetic fraud means. Some formed well-thought-out definitions, others used different variations and some have not used a definition at all, so their synthetic fraud cases are often classified incorrectly as standard fraud or a charged-off account based on non-payment.

Furthermore, it’s not enough for one financial institution, or even all issuers, to operate under a standard definition. Synthetic identity fraud spans the entire payments ecosystem with merchants, acquirers, issuers and processors all having a stake in reducing this type of fraud. If the industry can align around a consistent definition, then we can better understand the scope and magnitude of this issue and the fraud tactics behind this fraud type to develop improved mitigation strategies.

The synthetic identity fraud definition helps to prevent mis-categorization of losses and provides insights into where losses are actually occurring. If financial institutions can build the profile for accountholders to pass the first gate with a new account or loan, that reduces the need to be suspicious of synthetic identity fraud.

PSCU’s Investment in Fraud Intelligence

As we head further into a digital-first world, PSCU is continuing to invest millions of dollars into our own artificial intelligence (AI), machine learning and analytics efforts to address synthetic identity fraud and other emerging forms of fraud that may not be detected by standard tools until it’s too late.

Our Fraud Intelligence team continues to leverage Linked Analysis and machine learning capabilities that reveal fraudsters using the same type of identity to commit fraud in multiple locations, enabling us to initiate action to protect our Owner credit unions. As a result, the fraud prevention dollars we’ve saved have increased exponentially over the past year from $22 million year over year to $38 million. This is money that our credit unions would have lost from various types of fraud, like synthetic identity fraud, which standard transaction fraud protection tools would not have uncovered on their own.

While our current fraud mitigation focus is on the “before” and “during” phases of the payments lifecycle, we continue to invest in tools and technology to identify fraudulent activity outside of what we would consider traditional fraud-fighting capability around transactional fraud, such as synthetic identity fraud. We also participate in industry fraud-fighting initiatives, like the work the Federal Reserve is doing, to provide an industry voice on fraud for credit unions.

Strategies and Tips for Credit Union and Member Protection

The synthetic identity fraud definition can begin to help credit unions know what to monitor, focusing models on the identity itself (rather than conventional fraud models, which focus primarily on payments behaviors) and better quantify the extent of synthetic identities within their portfolios.

Including these elements with behavioral and transactional monitoring can provide additional insights, helping credit unions better understand fraud trends around synthetic identities. The combination of insights gained from consistent classification and increased monitoring could help credit unions improve fraud management within modeling (including detection, mitigation and prevention).

To educate members effectively, reinforcement of the message is a key component to awareness. Members need to know that fraudsters don’t need their entire identity to commit fraud – just fragments of information. Consider implementing campaigns around fraud awareness regularly, and suggest members take simple, practical steps of action, including:

  • Signing up for an identity monitoring service that monitors their social security number, and those of their children.
  • Never carry around their social security card or family’s cards in public; keep the cards in a secure place at home.
  • When possible, avoid freely sharing personal information with others about themselves or family members. Even something seemingly innocuous, like a restaurant loyalty program, could be used to hijack someone’s identity.
  • Oversee their children’s use of social media, as cybercriminals target this space to steal personal data. Suggest they closely monitor who their children are interacting with and what they are sharing.

Industry socialization of the definition can help promote a consistent understanding of synthetic identity fraud; however, it is the application of the definition by industry stakeholders that can begin building the foundation in the fight against this type of fraud. Visit FedPaymentsImprovement.org to learn more about the definition, as well as PII elements that may be used to create a synthetic identity, common uses of synthetic identities and more ways financial institutions can apply the recommended definition.

Jack Lynch leads PSCU’s Fraud and Risk Management Operations area and is President of TriVerity, a PSCU company specializing in delinquency management. Jack has over 25 years of leadership experience delivering operational services, project management, client implementations, process re-engineering, account management, training and technology services.