Identity theft is a well-established and prevalent threat, with 15 million Americans falling victim to it every year. Bad actors deploy a wide variety of tactics to steal identities, ranging from phishing to social engineering to brute-force attacks, resulting in 33% of the population experiencing ID theft at some point in their lives. Identity fraud occurs when thieves then use these stolen identities to make fraudulent transactions.
Consumers have plenty to worry about when it comes to identity fraud, but organizations and businesses also must deal with an even more pernicious variety: synthetic identity fraud. Traditional identity fraud involves a bad actor impersonating an actual individual, but synthetic identity fraud involves the fraudster constructing a new artificial identity from scratch, making it even harder to detect until long after the damage is done. This month, PYMNTS Intelligence explores synthetic identity fraud’s impact on organizations and how behavioral analytics can be a potent weapon against it.
How Bad Actors Leverage Synthetic Identities
Synthetic identity fraud can take on many forms, all of which consist of inventing a new identity out of whole cloth rather than stealing one from another person. These identities often incorporate disparate elements of real identities to look more realistic, such as actual Social Security numbers and email addresses stolen from two different individuals. Cases of synthetic identity application fraud have no identity theft victims to notify businesses of fraudulent applications made in their names, so this type of fraud is particularly hard to spot.
One recent study found that synthetic identity fraud cost FIs $20 billion in 2020, with the average synthetic identity bank account stealing between $81,000 and $97,000 before it was caught. Another report asserted that online lenders lose $6 billion annually to synthetic identity fraud, and the Federal Reserve pinpointed it as the fastest-growing financial crime. Brian Vitale, chief risk and compliance officer at Notre Dame Federal Credit Union, said this fraud cost the CU approximately $200,000 in unpaid loans before the organization suspected something was fishy, and by the time the CU figured out that the borrowers did not exist, it was too late.
However, traditional identification methods, such as passwords and multifactor authentication (MFA), are ineffective at stopping synthetic identity fraud. Only artificial intelligence (AI)-driven systems, such as behavioral analytics, show promise in neutralizing this threat.
Countering Synthetic Identities Through Behavioral Analytics
Knowledge-based authentication methods, such as passwords, are almost entirely ineffective against synthetic identity fraud, as the bad actor is not attempting to leverage a stolen identity or break into a known user’s account, but is instead opening a new account that has its own authentication. There is little that individual consumers can do to protect against synthetic identity fraud. Instead, they must rely on organizations and businesses to implement sophisticated tools and software to protect themselves and, in turn, their customers.
One of the most effective tools for this purpose is behavioral analytics, which can monitor how customers enter information during the onboarding and application processes. These systems use a variety of metrics, such as interaction time, hesitation and automated entry, to determine whether a given applicant is a legitimate user or a fraudster armed with a synthetic identity. The bad actor will likely be creating multiple fake accounts at once, for example, and will be auto-filling entries that a legitimate user typically would type by hand, such as names and passwords. A fraudster attempting to circumvent these analytics by entering this data manually still runs the risk of making typos or misspellings that an actual user would avoid, providing the analytics system with another metric to evaluate the risk of fraud.
Behavioral analytics also can reduce the rate of false positives, or legitimate customers mistakenly being identified as fraudsters. A recent study found that 33% of customers will not return to a business that accuses them of fraud, depriving organizations of a massive potential revenue source — not only from the customers themselves, but also from any potential referrals they might make to other prospects.
Both synthetic identity fraud prevention and false positive avoidance are crucial when conducting business online, and any business will need a means to provide both. Behavioral analytics could be a key resource in meeting this objective.