Who needs real identity data when you can commit just as much fraud (and commit it successfully) with the fake stuff?
At least that’s the stand many fraudsters are taking.
This has given way to a significant shift toward using synthetic identities — a new, false identity not associated with a real person — which enable fraudsters to open and cultivate new accounts. Research has found that new-account fraud more than doubled from 2014 to 2015, with nearly 7 million individuals having their Social Security numbers (SSN) compromised in 2015, an increase of more than 63 percent from the previous year.
Pat Phelan, SVP of identity at TransUnion, shared with PYMNTS the opportunities and challenges in combating a fraud landscape that’s becoming more complex and sophisticated, especially as new threats such as synthetic fraud are costing the country as much $50 billion per year.
Here is an excerpt of the conversation.
PYMNTS: What are some of the biggest challenges businesses face when authenticating consumers?
PP: Fraud is constantly evolving and changing. What works today might not work next month or even tomorrow. Companies can purchase a platform that solves today’s problems and find it is completely out of date very quickly. Businesses need a fraud prevention solution set that can evolve and change as fast as — if not faster — than the fraudsters.
Manual reviews also continue to be a challenge for purchasers as human intervention continues to be an accepted model for the market — yet more support is often needed. Today’s challenges around “almost” professional fraudsters are totally different than last year where device ID was probably “good enough” to solve most problems. Digital or device attributes are no longer enough of the picture as real-world identities are now at least just one of the requirements needed to detect fraud.
PYMNTS: TransUnion’s recent research shows the immense growth in fraud against lenders and banks — maybe something we already thought we knew, but you measured it. What, in your view, though, was the most surprising trend?
PP: The professionalism of fraudsters. Fraudsters are working as hard to scam the industry as the industry is working to prevent their scams. The days of stealing a credit card and using it for eCommerce transactions, while still prevalent, now make up only the tip of the iceberg. We are seeing professional networks that behave like hackers of yesterday and are constantly probing and testing new methods.
PYMNTS: What is synthetic fraud, and why is it such a prevalent threat to businesses?
PP: Synthetic fraud is pretty much what it sounds like: Someone creates an identity for the purposes of committing fraud. Often, synthetic identities are made up of fabricated data elements or a compilation of multiple real identity elements, with the intent to develop a credit profile that can later be “cashed out.” These credit identities are then leveraged to open accounts and “steal” product from lenders. Distinct from third-party or identity fraud, there is no harmed consumer victim. However, businesses have lost countless millions of dollars to such fraud. The lack of an injured consumer makes synthetic fraud more difficult to confirm. Yet, this is a growing form of fraud that is impacting many industries, and the prevalence of synthetic fraud has risen every year since 2011. The Federal Trade Commission estimates that synthetic fraud costs U.S. businesses $50 billion per year. Additionally, it was discovered that synthetic credit profiles used were groomed for as many as five years before inflicting greater than $100,000 in losses across lenders. It’s also estimated that synthetic fraud makes up more than 80 percent of all first-party fraud.
PYMNTS: What’s the best way to fight back against synthetic fraud?
PP: There are a number of identity triggers that can help businesses. We look for a number of indicators, like very high credit applications in a brief period, an SSN issued recently, the number of credit cards issued in a brief period and other unique alerts and indicators.
PYMNTS: Why is that important — and how difficult is that to do?
PP: Matching the digital identity (machine, IP, location, cellphone, email and hundreds of other subcategories) with physical identities, name and address verification and other “real-world” signals brings a high degree of accuracy, we think, in separating the real from the fake identities. Taking that and combining it with real-time fraud alerts will take the authentication game to an entirely new level — and help stop fraudsters before they can do real harm.