How to minimize the risk of identity fraud

0
572

Isaac Trask, member of ASIS International’s Banking and Financial Services Community’s Steering Committee Member and Chair of the Fraud Sub-Committee, shares his insights on how organisations can minimize both the threat and potential losses of Frankenstein Fraud.
Frankenstein Fraud, or what is more commonly known as Synthetic Identity Fraud, is the fastest growing financial crime in the United States. Suitably titled after Mary Shelley’s novel, Frankenstein, fraudsters pair real and fictitious customer data to create false identities. These data points can comprise of a real Social Security Number and a fake name, date of birth, or even social media accounts—which come together to form a synthetic profile.

With the ever-increasing quantity of data breaches, criminals simply utilise an access point to the dark web to acquire real customer data and manipulate it to form these convincing falsified identities. Fraudsters often open accounts with synthetic IDs to establish credit and behave as stellar customers for months or even years before they use those accounts to defraud financial institutions by making purchases on multiple high limit credit cards and unsecured loans from banks.

Once the criminal utilises the accounts or bust out, it can take numerous suspicious chargebacks or missed credit card payments for financial institutions to close the account. By that time, criminals have likely pilfered tens of thousands of dollars. Frankenstein Fraud can be one of the most difficult financial crimes to detect, as there isn’t a true consumer victim—unlike traditional identity theft, where the account owner would notice unusual activity in their account and report it to their banking provider.

Since the beginning of the Covid-19 pandemic, payment processing and online transactions have reached an all-time high. These conditions have created the ideal breeding ground for synthetic identity fraud, as there are wide fluctuations in consumer accounts, a much higher than normal transaction activity, and a stress on the financial industry to minimize customer friction to remain competitive.

Financial Institutions must instil a diversified number of prevention methods to combat this type of fraud. It can often be misread for a real person who is only starting to build their credit record, in which they may have limited or no credit history. In addition, as the payments begin to slip in a synthetic identity account, these missed fees can be mistaken as a real person who is undergoing financial hardship and can no longer pay their bills. Machine learning deep neural networks and other traditional fraud detection technologies unfortunately will not be of effective help against this unique type of fraud. As there are few patterns associated with synthetic identity fraud, there is a lack of historical data to train the neural networks upon.

Fraud management is essential to protect customer trust, brand reputation, and revenue streams. Below are six ways an organisation can minimize both the threat and potential losses of Frankenstein Fraud.
Know your customer— Follow the trends in anti-money laundering efforts. In today’s landscape, it’s important to know your customer. Implement custom-segmented workflows for new customers that allow organisations to create unique and personalised application processes based on risk assessment and, further, to perform step-up authentication as needed to minimize customer friction while preventing fraud.
Be proactive in customer education — Protecting your consumers’ identities helps to fight identity fraud on the front lines. Creating an increased awareness of identity theft and the importance of guarding one’s documents prevents the initial creation of synthetics and the purchasing of real customer information.
Establish granular risk profiles — Develop detailed risk profiles that illustrate customer behaviour amid their account lifecycles. This enables the risk team, investigators, and analysts to detect unusual and abnormal behaviour before it has a financial impact.
Leverage third-party data — Unlike real people, synthetic IDs tend to be inconsistent, because although the applicant may have real data, the fake information they enter will not reoccur. Mining third-party data sources, which are becoming increasingly available, can deepen a bank’s understanding of their customers. The knowledge they gather can help improve risk controls and decrease losses while refraining from additional and more intrusive ID checks.
Ask “out-of-wallet” questions —Asking differentiating questions can cause a fraudster to slip and uncover inconsistencies in the synthetic application. These questions would not rely on information that is publicly available to be researched. For example, a fraudster may be unable to recall an address five years ago while a real applicant would.
Investigate account behaviour— Be vigilant for signs of account manipulation, such as one account controlling the actions of various other accounts or multiple accounts using one email address, phone number, or geographical location.