Using SSN verification to fight synthetic and modified identity fraud
How the government and private industries are working together to make synthetic and modified identity fraud a thing of the past
Identities take on many shapes and sizes these days. There’s our physical identity, our digital identity and even our device identity. But whether face-to-face or communicating through a computer or mobile device, how can you be confident that the customer is who they say they are?
Identifying a real customer from a fraudster is one of the biggest challenges financial institutions face across all channels. We’ve all seen the headlines about fraudsters using data breaches and exposed personally identifiable information (PII) to stitch together real and fictitious information to create a modified identity, but it’s even easier than that. Fraudsters can simply fabricate a fictitious Social Security number (SSN) out of thin air to essentially create an identity, which becomes even more complicated to defend.
Welcome to the world of synthetic and modified identity fraud.
Unlike traditional identity fraud in which a fraudster pretends to be another real person and use his or her credit, here, fraudsters use a combination of real and/or fake PII to create a new identity that is so believable it is hard to catch. These are classified as synthetic identity fraud and modified identity fraud.
Synthetic identity fraud is when a fraudster creates a completely fake identity. Modified identity fraud is when a fraudster uses a mix of real and fake information to create an identity.
- Synthetic Identity Fraud:
Synthetic identity fraud is the fastest growing type of financial crime in the U.S., accounting for up to 15% of charge-offs in a typical unsecured lending portfolio.1 Not only is synthetic identity fraud extremely pervasive, it’s lucrative for fraudsters. Aite Group estimates that criminals will walk away with $1.2 billion in 2020 alone.2
- Modified Identity Fraud:
Modified identity fraud can take on many forms. One example may be when a fraudster uses a SSN from victims who are less likely or for some reason otherwise unable to monitor their credit information or financial accounts, such as children, the elderly, the homeless and the deceased, and combine it with other personal information to make a new identity. As a result, many instances go unreported and losses are likely much higher. In fact, modified identity fraud affects more than one million children, resulting in losses totaling $2.6 billion and families of those affected paying over $540 million out of pocket.3
The Link Between SSNs and Synthetic and Modified Identity Fraud
Fraudsters often use real SSNs with fake information to craft new identities. These fraudsters are adept at fabricating false identity documents such as birth certificates and driver’s licenses, and may even use the real victim’s same address. These fraudsters even go as far as to create fake social media accounts to nurture the identity and add an air of legitimacy.
SSNs from data breaches are easy to find on the dark web, often for as little as $1.4 With access to a legitimate SSN, fraudsters bide their time, carefully aging these fake identities by making purchases on a regular basis and going as far as making payments on time as well so they appear real—but it’s gotten even easier to get away with the crime.
As of June 25, 2011, the Social Security Administration no longer issues SSN based on chronology or geography, but randomizes issuance, making it that much easier for fraudsters to create a synthetic identity. As a result of randomization, financial institutions can no longer associate the SSN number sequence with a state or year an applicant was born, making it even more difficult to easily verify a legitimate SSN by its number scheme. But up until very recently, in order to verify the SSN directly with the Social Security Administration, the government requires that financial institutions obtain consumer consent with a wet signature. In an era of almost-instant credit and account decisioning, few financial institutions can afford the days it takes to get the signed paperwork in order.
Here’s how synthetic or modified identity fraud typically works:
- The fraudster fabricates a new SSN or uses a stolen SSN to create a new identity.
- The fraudster blankets multiple financial institutions with applications and when one, typically a high-risk lender, finally grants an account or card, the fraudster makes a series of small purchases and pays them off to establish a credit bureau score and cultivate higher credit limits.
- The fraudster then opens additional accounts. This process takes months or years, but fraudsters can speed it up with piggybacking: being added as an authorized user on another account.
- After opening several accounts and requesting to increase credit limits, the fraudster maxes out the accounts all at once—and disappears, otherwise known as “busting out.”
A Public/Private Partnership to Eradicate Synthetic and Modified Identity Fraud
Recognizing the danger of synthetic and modified identity fraud, the Social Security Administration is working with a select number of providers, including Early Warning, on a new electronic Consent Based SSN Verification service (eCBSV). Set for pilot in June 2020, eCBSV will allow “permitted entities” to verify an applicant’s SSN, name, and date of birth directly with the ultimate source of truth—the Social Security Administration—via a digital consent process in real time.
By allowing consumers to consent in real time and bypassing the manual process, financial institutions can more easily and quickly match an applicant’s identity with their SSN, full name and date of birth. As groundbreaking as this new SSN verification service is, it’s critical to note that Early Warning plays an important role in helping financial institutions identify fraud beyond what eCBSV is able to detect. Most notably, Early Warning can identify irregular behaviors like multiple SSNs used in combination with various PII (including addresses, phone numbers and email addresses). The company can also identify when multiple PII elements are tied to one SSN or multiple applications across the industry in a short period of time – also known as velocity detection. These high or irregular application rates can be an indicator that the SSN is being used to perpetrate synthetic or modified identity fraud. With hundreds of attributes calculated by Early Warning in real time and fed into sophisticated analytic models, the company is able to score each new application and better separate fraudulent applications from good applications.
For over 30 years, Early Warning has helped secure and advance the financial services industry and supported over 2,500 financial institutions in doing so. This program with the Social Security Administration further reinforces our commitment to a fast, safe and easy experience for our customers while helping mitigate synthetic and modified identity fraud on a wide scale. This initiative is an excellent example of how the government and companies such as Early Warning can work together to protect consumers, businesses, and financial institutions from the devastating losses caused by identity fraud.
A Great Start—But, There’s More to Be Done
Synthetic and modified identity fraud will continue to grow. The ability to electronically verify if the SSN was issued and whether it matches the applicant’s full name and date of birth directly with the Social Security Administration is groundbreaking and a big step forward, but it won’t completely eradicate all types of identity fraud.
An identity/risk platform that supports ID proofing, behavior risk, deposit/payment risk and device authentication, are all critical in mitigating not only synthetic and modified identity fraud, but all types of fraud. Financial institutions can get started today in combatting various identity fraud with Early Warning’s suite of data validation and authentication products including our New Account Scores bundled with eCBSV service. These scores leverage data from millions of transactions and identities to determine the likelihood of a valid identity as well as the risk from account fraud or default within the first nine months of account opening.
About Early Warning Services, LLC
Early Warning Services, LLC, is a fintech company owned by seven of the country’s largest banks. For almost three decades, our identity, authentication and payment solutions have been empowering financial institutions to make confident decisions, enable payments and mitigate fraud. Today, Early Warning is best known as the owner and operator of the Zelle Network®, a financial services network focused on transforming payment experiences. The combination of Early Warning’s identity, risk and payment solutions enable the financial services industry to identify fraud at the time of the application review process, when funding a new or an existing account or during high-risk transaction to help move money fast, safe and easy, so people can live their best financial lives.