As Silicon Valley Bank and Signature Bank collapsed last month, fraudsters saw opportunity. Frantic customers tried to withdraw their money from the beleaguered banks and applied for new accounts at other institutions, sometimes multiple times on the same day. Fraudsters took advantage of the situation by doing the same, posing as customers looking to flee their current bank, creating risk for banks looking to bring on new clients amid the turbulence.
Data released by the identity-verification company Socure shows that, in the days following the collapse of Silicon Valley Bank, small-business and investment banks saw a spike in both synthetic identity fraud and, to a greater extent, third-party fraud. Socure's analysis is based on the riskiest 1% of applications it analyzes, which come from its more than 1,500 customers.
In cases of third-party fraud, a fraudster assumes the identity of a legitimate consumer while maintaining control of the account in question. Socure data shows the rate of this form of fraud more than tripled on the day after the Federal Deposit Insurance Corp. took over Silicon Valley Bank.
Synthetic identity fraud involves using stolen elements of real identities to create a new identity. This is often done by using a Social Security number that credit bureaus or other identity verification services wouldn't recognize — perhaps the SSN of a minor — and coupling it with a fictitious name, date of birth, address and so on. This kind of fraud doubled in the days following SVB's collapse, according to Socure's data.
Socure scores each application it processes on behalf of its clients for fraud risk and puts the riskiest 1% of applications through a secondary, step-up verification process. This typically involves asking applicants for a live photo of themselves as well as a photo of their passport, driver's license or some other identifying document, so the company can compare the two photos. From there, Socure determines whether the application is legitimate, a third-party fraud risk, or a synthetic identity fraud risk.
While Socure processed more applications than typical in the days following Silicon Valley Bank's collapse, the share of applications it determined to be fraudulent also increased. In other words, many institutions faced greater fraud risk because fraudsters responded to the crisis more strongly than legitimate customers.
The timing of the spike in fraudulent applications is not the only evidence that the bank run led to an increase in fraud. Socure attributed the spike to the banking crisis because the increased fraud risk was specific to new savings, checking and investment accounts. The spike did not affect new online gaming accounts, job applications, applications processed for public sector purposes or other types of applications the company processes.
"We believe that was happening to fuel fraudulent money movement through P2P scams through wire transfers," said Mike Cook, Socure's vice president of fraud.
Cook said fraudsters simply recognized an opportunity as news about bank failures started to percolate.
"Fraudsters know if there's this flood in applications all of a sudden, they can more easily hide in that flood," Cook said. "That's what happened here."
Many types of events can cause a spike in fraud, according to Al Pascual, senior vice president of enterprise risk solutions at TransUnion. These include new product releases (such as online personal loans), expansions into new markets and segments for which existing controls are not well suited (such as an issuer moving from store credit cards to co-branded, general-purpose credit cards), and promotions designed to drive traffic. Each creates a wave of applications in which fraudsters can hide.
Banks looking to reduce their fraud risk during such moments must change their thresholds for step-up authentication, temporarily limit the types of activity new account holders can conduct (to provide time for a more thorough review) or collect more data during the application process (such as device or behavioral data). These measures often require advanced planning to properly pull off.
When responding to sudden market events, banks just have to be nimble. According to Pascual, it's a matter of taking the right steps right away — and these steps don't always have to be complicated.
"Fraudsters aren't analyzing the SVB customer base to assess whether they could effectively imitate one that is switching banks," Pascual said. "They just try to take advantage of chaos."
