Guest post by Tony Ademi.
Synthetic identity fraud occurs when one individual impersonates someone else online using fake ID credentials. It’s a common type of financial crime and is becoming even worse as digital transactions increase.
One of the most common methods for developing a synthetic identity scheme starts with a Social Security Number (SSN). Once an SSN is stolen and falls into the wrong hands, it’s associated with fictitious information to create a fake ID. Identity fraud activities can vary widely, from creating credit profiles to human trafficking.
If you’re a victim of synthetic identity fraud, recovering your good name can be tedious, frustrating, and time-consuming. This post outlines seven strategies you can use to avoid identity fraud.
What is the difference between traditional ID fraud and synthetic ID Fraud?
Traditional ID fraud is real-time fraud. For example, sending fraudulent emails from a stolen account is an example of direct ID fraud. However, synthetic ID fraud has become a more common practice. In fact, according to the CEO of Schmicko, 80% of stolen accounts are the result of synthetic ID fraud.
The bad actors who steal accounts are frequently patient and well organized. Taking steps now to proactively protect your identity can thwart their efforts (at least forcing them to move on to easier targets).
Seven ways to prevent & detect synthetic identity fraud
1. Make it challenging for fraudsters to create accounts
To improve the customer experience and stay competitive, financial institutions have made it easier for consumers to apply for credit and create accounts. However, while this makes life easier for legitimate consumers, it also lowers the bar for online attackers, simplifying their efforts in stealing IDs.
Consequently, one of the biggest challenges for financial institutions is simultaneously making processes easier for applicants and harder for fraudsters. One straightforward way to achieve this is to make fraudsters provide additional proof of identity. For example, a selfie or other source of proof can help institutions discern legitimate inquiries from fraud attempts.
If financial institutions follow BSA requirements for the Customer Identification Program, fraud detection is always possible with the right policies and systems. In addition, plenty of modern anti-fraud software can help prevent fraudsters from taking advantage of fake IDs. For example, synthetic identity fraud with SEON: it’s anti-fraud detection software is popular for reducing fraud rates with real-time data enrichment and advanced use of APIs.
One way that SEON effectively fights synthetic identity fraud is by using OSINT techniques for fraud prevention. These techniques look at publicly available data and cross-reference the information to detect suspicious profiles.
2. Device fingerprinting
If fraudsters succeed in attacking your company once, they will likely try to do so many times. Easy targets are tempting to return to. Their challenge isn’t to create hundreds of synthetic IDs, but simply to make it look like they are connecting to your site as a new user each time.
How can you stop this? Device fingerprinting is an effective method for countering this by identifying tools that fraudsters will use to spoof different users and devices. With the help of device fingerprinting, you can flag the following:
- VPN usage;
- Tor connections;
- Proxy usage;
- Suspicious browser setup;
- And more.
Device fingerprinting will allow you to log each device setup as a unique ID or assign a fraud score for every IP address. Once the device identifies a user’s fake accounts, it shows you the red flag and informs you about it.
3. Look at data both horizontally and vertically
If you are evaluating a loan application, looking only at the information provided to you is a horizontal perspective of the applicant’s data. It’s always better to take another glance at the data, such as looking at the vertical side to it as well and reviewing additional data sources.
Checking many data sources can show whether the applicant’s name has been used in different accounts or if the phone number provided is linked to another person living in another country.
4. Use a multi-layered approach
Fighting synthetic identity fraud is challenging, and a multi-layered approach can be the best way to combat it. Start by implementing a multi-layered approach with detection tools that alert you whenever different accounts use the same SSN, as well as when different accounts are also using the same IP address. This should immediately raise red flags.
The multi-layered approach involves financial institutions and law enforcement sharing important information regarding attacks using the 314 transmitted by the authority.
For instance, FinCEN’s fact sheet clarifies the type of information financial institutions are allowed to share under 314. Section 314 is part of the Patriot Act which permits information sharing under the program if a financial institution is suspicious of any customer, subject activity, or account associated with fraudulent activities or any other policy violation acts.
However, it isn’t always obligatory for financial institutions to determine whether suspicious activity is occurring in order to share information.
5. Digital footprint analysis
Another powerful method of stopping synthetic ID fraud is by using digital footprint analysis. This includes email and phone number analysis to see if their details are legitimate.
By using a reverse phone number or email address search, you can identify if the digital footprint is valid. Anti-fraud software will do the work for you, scanning through online sites and social media channels to provide the following benefits:
- Using social media profiles to confirm identities;
- Identifying likely fraudulent identities (those with no online footprint);
- Assisting with credit scoring; and
- Providing granular information to flag high-value, high-risk customers.
6. Watch out for suspicious behaviors
According to Henfield, it’s advisable to watch for any suspicious behaviors that don’t quite add up. For example, you wouldn’t suspect anything bad from an individual with a good credit score. However, there may be a problem if applications for multiple different accounts are being submitted from the exact location. This is control reporting which helps financial institutions monitor whenever they are being attacked, comparing regular and default rates.
Think of synthetic ID fraud as similar to a virus quickly spreading worldwide, as it’s one of the easiest ways for malicious actors to make money. It requires diligence, effort, and technology to prevent these deceptive practices.
7. Install monitoring software
Monitoring software with fraud detection tools can detect velocity scenarios, outliers, and more within a financial institution’s internal data. Detecting outliers allows the software to spot behavior that may be related to synthetic identities.
When online fraudsters use synthetic IDs to create new accounts, they usually target specific types of applications such as student loans, car loans, and credit cards.
Here are a few warning signs of synthetic ID fraud attempts:
- When an account is open in less than a year and has an unusual increase in transactions—either during the first few months after the account is created or after the next several months.
- When a new account requires numerous line-of-credit loans and begins to utilize them to their maximum limits.
- When an account created within the past year has a significant increase in individual transactions, such as wire transfers or credit transactions, and these amounts increase over time. This could indicate that accounts are being used for account takeover fraud and should be further investigated!
Wrapping it up
These are seven of the best methods to help prevent and detect synthetic ID fraud—important practices to ensure you are protected from these types of attacks. Synthetic ID fraud is much different from traditional ID fraud, but the bad news is that most stolen accounts occur from synthetic ID fraud.
The digital world has provided criminals with new ways to try to steal your personal information. If your personal information is stolen, it can damage both your persona credit and your business reputation.
It’s difficult to convince users to restore their information or create new accounts with your business if their data gets stolen. That makes it imperative to try to avoid being victimized by synthetic ID fraud as much as possible.
Tony Ademi is a freelance SEO content and copywriter. He has been in the writing industry (sic) for three years and has managed to write hundreds of SEO-optimized articles. Moreover, he has written articles that have ranked #1 on Google. Tony’s main concern when writing an article is to do extensive research before writing and ensure that the reader is engaged until the end.