Florida Banking July 2022

• Multiple credit applications from the same phone number, mailing address, or IP address. • Use of secured credit lines to build credit. • “Piggybacking” to build credit (applicant is an authorized user on multiple established credit accounts which may be associated with geographically dispersed addresses). • Multiple authorized users on the same account. Also, the Social Security Administration has introduced an electronic Consent Based Social Security Number Verification Service (eCBSV) to help identify synthetic identity fraud. With the consent of the SSN holder, eCBSV can verify if the SSN, name, and date of birth combination provided by an account applicant matches Social Security records or not. eCBSV returns a match verification of “yes” or “no.” If SSA’s records show that the SSN holder is deceased, eCBSV returns a death indicator. This service was introduced by the SSA in 2008 as a paper-based process, but the initial roll-out of a more efficient, electronic version has been Verifying your customer can be even more difficult if you never see the account applicant in person. Online account opening, already gaining in popularity thanks to consumer demand, has quickly accelerated with a big push forward due to the Covid-19 pandemic. Many financial institutions are challenged to safely meet the increased demand for more digitized services. To build on the work of the Fed and to help support financial institutions that want to offer online account opening, the Center for Payments recently conducted a study called Digitizing Payments: The Online Account Opening Experience 4 . Over 500 c-suite executives from financial institutions of various sizes were surveyed to examine current practices and procedures to detect, evaluate, and mitigate fraud risks throughout the online account opening process. The key findings are: • Online account opening is a growing trend in financial services. • Risk avoidance is the key rationale for not offering online account opening. • It is critical for financial institutions to understand the types of fraud risks associated with online account opening, such as synthetic identity fraud. • Financial institutions that offer online account opening use various tools and techniques to mitigate fraud risks, including additional steps beyond their standard Customer Identification Program (CIP) requirements. Visit the Center for Payments website for an executive summary of the study: “Digitizing Payments: The Online Account Opening Experience 4 ”, and contact your payments association for access to the full report which provides more information on ways to support a safe, secure online account opening experience. in a pilot phase since June 2020. What else can be done?

use this initial line of credit to establish a timely repayment history to cultivate higher credit limits and even more accounts. This can all take time, but the fraudster certainly has that. The process continues as the fraudster’s efforts gain momentum, they generate a solid credit history, proceed to build their identity with social media accounts, and a home address (usually a P.O. box, vacant property, or vacation home). More sophisticated operations even create fake businesses and sign up with merchant processors to install credit card terminals to run up charges on fraudulent cards. This activity causes the fraudster’s credit score to increase. After all, they’re making payments on time, achieving increases in credit limits, and solidifying their identity. This is when they “bust out.” The term “bust out” refers to maxing out a credit line and vanishing without repaying. Sometimes, a fraudster will use a fake check to pay off the balances before maxing out a credit line again and defaulting. Adding insult to injury, some fraudsters even cry “identity theft” and have their charges erased…before making additional transactions and repeating the process. Who bears the cost? Generally, the individual whose personal information was used to create the false identity won’t be responsible for losses, provided they can prove they weren’t behind the synthetic identities. Rather, financial institutions bear most of the cost of this type of fraud. Industry experts estimate the load borne by U.S. financial institutions at over $14.7 billion in 2018.2 Further, roughly 20 percent of credit losses in the financial industry are believed to stem from synthetic identity fraud.2 What’s a financial institution to do? The best time to detect synthetic identity theft and prevent the risk of loss is at the time of account opening. The problem is, synthetic identities often pass traditional Know Your Customer (KYC) compliance requirements, which rely heavily on an established credit history and assume the first Social Security number in a credit file is valid. To detect synthetic identity fraud, it’s important to look beyond the basic identifying information to verify whether an identity is legitimate or synthetic. In its white paper, “Detecting Identity Fraud in the U.S. Payment System3” the Federal Reserve advises financial institutions to look for the following characteristics of a synthetic identity: • Social Security numbers issued after 2011. • Credit file depth inconsistent with the customer’s age or other profile information (such as a 60-year-old applicant with a credit file less than a year old). • Multiple identities with the same Social Security number. Synthetic Identity Fraud, Continued from page 13

14 — FLORIDA BANKING THE VOICE OF FLORIDA BANKING