Florida Banking July 2022

BANCSERV ENDORSED PARTNER: SHAZAM

R

S

E

K

A

N

S

S

A

O

B

C

A

I

D

A

I

T

R

I

O

O

L

N

F

SYNTHETIC IDENTITY FRAUD: A SERIOUS PAYMENTS INDUSTRY CONCERN

BY MIKE BURKE, SENIOR ROBBERY AND CRISIS MANAGEMENT CONSULTANT, SHAZAM

T he U.S. payments system, one of the nation’s essential infrastructures, is continually challenged with fighting fraud threats that are evolving as technology advances. In 2018, the Federal Reserve launched an initiative to raise awareness about synthetic identity fraud, reportedly the fastest growing financial crime in the United States. The Center for Payments™, a joint program sponsored by the U.S. payments associations, supports the Fed in educating financial institutions about synthetic identity fraud and encouraging proactive measures to mitigate this risk. What is synthetic identity fraud? Unfortunately, where money is in motion, there are those looking to steal it. While fraud isn’t new, the perpetrators’ techniques are constantly evolving. Synthetic identity fraud (SIF) is the use of a combination of personally identifiable information (PII) to fabricate a person or entity to commit a dishonest act for personal or financial gain.1 Synthetic identity fraud has gained prominence in recent years for several reasons: • Social Security number randomization in 2011 eliminated the geographical significance of the first three digits (the area number) and the chronological significance of the remaining digits. Social Security numbers had previously been more useful in corroborating other forms of identification. • The increase in PII available to fraudsters has increased significantly in recent years due to the spike in data breaches in the beginning of 2017. Also contributing to this issue is the amount of PII consumers voluntarily make available on social media. • Finally, synthetic identities often escape detection during the credit application process, which is becoming increasingly automated.

While traditional identity theft is well understood, it’s often mistaken or confused with synthetic identity fraud. Traditional identity theft occurs when a fraudster pretends to be another real person, usually supported by the person’s Social Security number, date of birth, driver’s license, bank account login credentials, or other sensitive information the fraudster has captured. The fraudster then uses the victim’s identity to access credit, accounts, and other items of value. This more traditional type of fraud is usually detected and reported quickly, as victims begin to receive unfamiliar notifications, phone calls from creditors, and other red flags that tip them off. Synthetic identity fraud is different and results in creating a brand-new identity. Here’s one example of how it can work: 1. Fraudsters buy PII or other personal information on the dark web. This data is usually exposed to the dark web by data breaches, social engineering, or oversharing on social media. Whose PII do they steal and use? Here’s where the real danger lies. 2. In some cases, the fraudster uses the Social Security number of a child or an elderly or homeless person. Why? Because children, elderly and homeless people don’t actively use their credit and are less likely to notice the fraud for some time. 3. Then, the fraudster applies for credit using their newly minted identity. Even if the institution denies their application, the inquiry creates a credit file with the credit bureaus, which can help validate the identity in the future. 4. Undaunted by the first few denials of credit, eventually someone will approve the application. Many times, the initial credit is granted by a high-risk lender. The fraudster will

Synthetic Identity Fraud, Continued on page 14

WWW.FLORIDABANKERS.COM JULY 2022 — 13