Fighting Back Against Synthetic Identity Fraud – Source: securityboulevard.com

As the COVID-19 pandemic raged, Adam Arena was getting rich. However, he wasn’t running a prosperous business that was thriving despite pandemic uncertainty. Instead, Arena and a dozen co-conspirators were stealing more than $1 million from financial institutions using a fraud scheme called “synthetic identity fraud.”

This fraud approach, the fastest-growing in a long line of fraud techniques, is especially prevalent in the financial services arena among threat actors leveraging stolen credentials to make money.

The Federal Reserve defines synthetic identity fraud as “the use of a combination of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.”

Unlike identity theft, in which a fraudster uses a specific individual’s stolen—yet real—information, fraudsters create synthetic identities by combining elements of real and fictitious PII. This “identity” is then used to obtain a loan or extensive credit line, but it’s never paid back.

In today’s digital-first world, synthetic identity fraud is becoming more prevalent and pervasive. One estimate found that synthetic identity fraud will cost businesses $5 billion by next year. Within businesses, many see synthetic identity fraud as becoming more common in their industries. Additionally, a survey of financial industry analysts found that 70% of respondents agreed that synthetic identities were a more significant challenge than traditional identity theft, creating security, compliance and customer experience concerns that can’t be ignored.

By understanding the causes of synthetic identity fraud and best practices for preventing it, companies and their customers can effectively protect against this growing and problematic fraud trend.

What’s Driving Synthetic Identity Fraud?

The reason synthetic identity fraud is becoming so prolific is simple: Opportunity.

Technology has removed many of the hurdles for perpetrators of fraud and financial crime. Accessing the tools, technology and data to commit fraud now requires just a few clicks. This has allowed synthetic identity schemes to thrive and become a key part of a sophisticated and scalable fraud operation.

Meanwhile, data breaches have continued unabated for several years. In 2022, more than 1,800 data compromise events impacted 422 million people, exposing PII and other critical information that threat actors leverage to commit synthetic identity fraud and other crimes.

Additionally, threat actors leverage other data sources to enable their operations, including

● Cyberattacks

● The dark web

● Identity theft

● Fraud scams

● Account takeover

● Credit history sources (for example, credit bureaus).

In other words, threat actors have ample opportunity to collect the information needed to create synthetic identities that can be used to take out loans, acquire lines of credit or other fraud attempts.

What’s more, fraudsters are willing to play the long game, often lying dormant for several years. Attackers may use these fake accounts for up to five years, making everyday transactions and payments to avoid getting caught. Eventually, the scammer will use up the available credit, leaving no real person to hold accountable.

Because these attacks can be costly and consequential, companies and their customers need solutions to detect, prevent and respond to synthetic identity fraud trends.

Best Practices for Preventing Fraud

A comprehensive, integrated approach to managing and automating various fraud prevention systems is the best way to fight fraud at scale. These orchestration layers, which manage and enable various fraud prevention tools and systems, have been touted as an effective way to detect synthetic identity fraud, but not all orchestration solutions are created equal.

Many serve as onramps for additional software solutions that don’t deliver better fraud prevention strategies.

Organizations that rely on orchestration layers must be ready for large-scale coordination and vetting of data providers to counter sophisticated attacks effectively.

At the same time, it’s essential not to underestimate the technical aspects of an orchestration layer, as third-party data providers have unique response times, and system performance should be capable of scaling horizontally.

To successfully combat synthetic identity fraud, orchestration layers must not only integrate with various data sources but also develop the logic necessary for building models. For instance, comparing applicant information involves querying third-party databases for device IDs or other risk signals and writing logic to compare the retrieved data with the submitted customer application information.

When paired with a modern, risk-based approach to customer onboarding, companies, financial service providers and other companies can effectively detect and prevent synthetic identity fraud.

Adapting to Evolving Threats

The rise of synthetic identity fraud, as exemplified by Adam Arena’s case, poses significant challenges to businesses, particularly in the financial sector. The digital age has provided fraudsters with more opportunities and resources to execute their schemes, causing considerable financial losses and jeopardizing customer trust.

As the threat landscape continues to evolve, it is crucial for organizations to stay vigilant and adapt their strategies to protect their customers from emerging fraud techniques. In doing so, they can prevent future cases like those of Arena and his co-conspirators and, ultimately, safeguard their business and customers.