Losses to imposter scams based on synthetic identities—identities that only exist as figments in a credit reporting bureau’s records—will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure.
Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure’s report said. Typically, such an identity is based on a real person, but with a slight tweak to some piece of personally identifiable information, like a different date of birth or Social Security number.
This altered identity is frequently verified by nothing more than a credit check—which means that it’s rarely detected. A fraudster can then use the identity for a wide array of purposes, including different types of loan applications and credit cards.
Despite advances like the US government’s Electronic Consent-Based Verification Service, or eCBSV—which allows some entities to verify whether a given combination of social secuirty number, name and date of birth match an existing Social Security Record—the issue remains a serious one in large part because it’s still easy to create this type of manipulated identity, thanks in part to the lack of incentives for financial institutions to combat them.
“Today, the positive value of a good banking relationship is roughly the same as the negative cost of a fraudulent account (roughly $250-$400, depending on the bank or fintech),” the report said. “When considering the downside cost of a fraudulent banking relationship, generally the dollars are very low because financial losses like Peer to Peer, or P2P, scams are absorbed largely by the consumer, and nefarious activities like human and drug trafficking, terrorism, fraudulent PPP [Paycheck Protection Program] and unemployment deposits and low levels of money laundering do not carry a financial loss for the bank.”
Broader verification techniques needed to combat fraud
Gartner vice president and analyst Akif Khan said that broader-based verification techniques are necessary to combat the problems posed by synthetic identity-based fraud. Simply checking against credit data is insufficient.
“[ID verification vendors] have layered in capabilities like device ID,” he said. “So you’ve captured their name, address, Social Security, but you’re also fingerprinting their device.”
Device ID capabilities can also be used to check whether one device is being used to interact with multiple identities, providing another useful indication of potential fraud.
In general, however, Khan said that the key to fighting synthetic identity fraud is simply finding additional sources of information.
“There are ways to address this,” he said. “Broadly speaking, the way to do it is, when you get someone presenting an identity, to check it against more than just credit bureau data.”