Fraudsters’ Latest Target: Dead People

digital fraud

Back in the golden olden days of print newspapers, bad guys would regularly read the obituaries, then craft a plan to break into houses and steal valuable items during the wake or funeral. But like most analog businesses, this criminal model has gone digital.

Today, the internet makes discovering and then executing creative ideas not much more than a mouse click away — which makes exploiting death for the purposes of identity fraud easy, too. The idea is either to siphon funds from the accounts of the deceased, or to build new IDs around their personal details in order to build credit and make a bigger haul down the road.

In a new PYMNTS interview with Karen Webster, Zac Cohen, general manager at identify verification services provider Trulioo, detailed how an old type of fraud works in the 21st-century digital economy — and why businesses need to pay attention to how to prevent it, lest they suffer the consequences of such thefts, not the least of which include negative PR and consumer backlash. The interview comes amid heightened attention to synthetic and other growing forms of digitally-based fraud.

“Stealing IDs from the deceased is not the first thing people think about when preparing a [fraud prevention] strategy,” Cohen told Webster.

But this type of fraud is not something to ignore.

Many Victims

That’s in large part because some 800,000 deceased people each year have their identities stolen. No, unlike “Game of Thrones,” the dead don’t come back, seeking to reclaim their own identities — but the loved ones of the deceased, along with the businesses that served him or her, can still face troubles and hassles from this particular type of fraud.

Even though identities are harder to steal due to digitization of government and healthcare services, fraudsters are getting creative and leveraging technology to commit fraud under the guise of a dead person’s name. “It’s pretty scary stuff,” Cohen said.

Opportunity is opportunity, whether legitimate or criminal.

And though we at PYMNTS have no wish to be insensitive about death, the reality is that such a time presents a top opportunity for fraudsters, given how mourners’ attentions are turned elsewhere, and how grief can consume all other emotions, thoughts and activities. Relatives and friends of the deceased don’t always think about closing down or otherwise taking control of the financial accounts of the deceased — at least not in the moment — nor do they always make the necessary contacts with issuers, DMV offices and credit bureaus to flag the accounts and IDs of the deceased, making it more difficult for fraudsters to succeed.

Flagging Accounts

Even if those contacts are eventually made — there’s often one person in every family who steps up to take care of what seem like horribly mundane details at the time — it’s not always enough. That’s because those contacts, and the alerts and flags they bring about, might be able to “stop [fraudsters] from moving forward,” without really stopping the fraudsters. “It can be quite a long time before they get caught.”

The criminals use that opportunity and time not only to steal money from bank accounts or run up the credit cards that were owned by the deceased. They also steal identification details from the deceased and build fraudulent IDs that can be used to open bank accounts and build credit — a long-term fraud strategy. “They will continue to use those new accounts to establish a certain level of credit rating or a certain level of trust,” Cohen said, “then make a large-bust out purchase, run up a huge debt, disappear and move onto the next one.”

Indeed, more fraudsters are apparently using stolen personal details to make synthetic IDs, and not just from dead people.

More than, say, just pumping out illegitimate payment cards, as one analysis described it, the scheme also involves “the creation of completely new identities,” sometimes via the Social Security numbers of children. Successful synthetic ID operations tend to play out over months or even longer periods of time, and involve the racking up of (fraudulent) credit before the “bust-out,” a last big spending spree before the ID is essentially retired and the criminals move on. According to various estimates, losses from synthetic ID fraud come in at $6,000 or more per account or victim, and the form of fraud has increased by 35 percent or more since 2015.

Fraud Prevention

So, how to prevent digital fraud involving the identities of deceased people?

Well, as mentioned above, individuals have to stay on top of informing various outside organizations when a person has died, and his or her accounts need to be closed, flagged or controlled. “Hopefully, everyone has friends and families who can help,” Cohen told Webster. Not only that, but follow-up is required — checks to ensure that “no bad activity” has taken place with those accounts, he said. What can also help in preventing such fraud is applying anti-money laundering (AML), know your customer (KYC) and similar fraud prevention techniques in hopes of stopping those criminals.

It’s always a good bet to count on the shamelessness of human nature — that’s cold, but it’s true, at least when it comes to fraud prevention. The digital updating of the old obituary-notice theft process just underscores that point.