The Changing Nature of Financial Fraud

The Changing Nature of Financial Fraud

By Christopher DeAngelis, Senior Director, Fraud Strategy, Sallie Mae

Christopher DeAngelis, Senior Director, Fraud Strategy, Sallie Mae

“Life comes at you fast” is a meme that knows no boundaries; anyone caught unprepared for this phenomenon may be blindsided and left behind. Elevator operators and bowling pin setters saw their skills replaced with electricity and machinery. When technological advancements came to the telephone industry, some switchboard operators saw the writing on the wall and were able to translate their talents to the TTY/TDD equipment that serviced phone calls for the hearing impaired. Others advanced beyond the limited set of obligatory phrases they repeated all day into the conversational and probing abilities required for transitioning into call-center employment.

So, too, have criminals regularly faced the prospect of obsolescence. Once valuable safe-cracking skills have seen a diminishing benefit. Advances in modern medicine have rendered grave robbers and the lucrative black-market for cadavers archaic. And, in the realm of financial crimes, the adoption of EMV chip technology has brought payment card counterfeiters to a crossroads.

While the assumptions were correct about U.S. card issuers seeing a rise similar to other countries in card-not-present fraud after chip cards were introduced, the impact to fraud has gone much deeper. Skimming magnetic stripes was always about exploiting a glaring vulnerability.

When faced with those opportunities drying up, most criminals simply moved to compromising the card account number. Others in the fraud underworld instead set their sights on Identity Theft and Account Takeover where the success rate may be lower, but the fruit more bountiful. Yet, each of those methods are limited to the population of potential victims that have a credit-worthy identity or an existing account.

“Synthetic ID fraud is no mere “smash and grab” type of crime. The most prosperous criminals take painstaking detail to maximize the potential payoff”

The shift by certain criminals to Synthetic Identity fraud however, where those victim limitations are all but gone, is a swell of danger that the financial services industry cannot lose sight of. Synthetic Identity fraud occurs when a fictious identity becomes a real and verifiable identity. Identities cultivated from the ground up are known as “manufactured” synthetics, while “manipulated” synthetics are cobbled together using both real and fake elements. The identity is then used to obtain loans, credit cards, deposit accounts, and even driver’s licenses and passports.

With those types of accounts and tools in hand, the damage that can be inflicted to financial service providers is exponentially greater than more traditional fraud types. In 2017, a skilled (and patient) criminal organization based in New York was brought down after spending years incubating 7,000 fictious identities, associated with 1,800 controlled addresses, to open 25,000 credit products across dozens of financial institutions. The associated losses exceeded $200 million.

Synthetic ID fraud is no mere “smash and grab” type of crime. The most prosperous criminals take painstaking detail to maximize the potential payoff. Phony businesses are created in order to have employment verification associated with the identity. Normal use of the illegally opened account keeps it in good standing, while attributes like credit scores improve, resulting in credit limit increases and additional lines of credit.

On the dark web, specialized segments of criminals concentrate on spawning synthetic IDs primarily to sell for illicit use. While the capacity for proceeds is constrained compared to using the synthetic ID itself, it comes with a reduced risk of getting caught.There has also been the recent benefit of having the value of their wares hold steady while the proliferation of data breaches has caused underground prices of legitimate identities to plummet due to excess supply.

For the criminals using the synthetic ID, it is not uncommon to “double dip” by first taking advantage of customer-friendly fraud protection policies. By staging a false claim of fraud, they are reimbursed in full before executing their final objective of maxing out the available funds and abandoning the account. The result for the financial institution is a loss that can total up to twicethe amount of credit granted.

This type of fraud, though barely a decade old, has forced the industry to adapt with various tools and strategies that must mature quickly in order to significantly stem this rising tide. According to Auriemma Consulting Group,Synthetic ID losses reached $6 billion in 2017and resulted in the highest average loss per case of all fraud types ($15,000.)

For one, the “Know Your Customer” model within the financial services industry needs to significantly evolve. The Economic Growth, Regulatory Relief and Consumer Protection Act of 2018 directed the Social Security Administration to create a secure service for financial institutions to electronically confirmsocial security numbers and names. As a verification resource, that will certainly be beneficial.But customer information based on social security numbers, credit reports and other standard KYCsource records demands to be supplemented with checks that validate a real-world presence of someone’s actions and interactions. The application of machine learning and artificial intelligence to assist in this is already happening, mainly driven by the FinTech segment.

Blockchain, to standardize and store traditional data and/orphysical and social biometrics for validation, should continue to be explored as another useful technology in the defense arsenal of organizations. Indeed, the necessarycooperation among financial institutions to fully leverage the capabilities of a universal digital identity system could be a hurdle in the U.S., but the favorable proof-of-concept results seen recently in Asia, and across other international regions, lends great promise.

Ultimately, there is no single, miraculous fix waiting to be discovered. An approach of continuously iterating on innovation will prove to be the best way to both challenge Synthetic ID fraud while remaining nimble enough to adjust as the criminals perpetually look to elude extinction and find new ways to survive.

Read Also

Cyber Fraud - the Silent Killer

Cyber Fraud - the Silent Killer

Bill Murphy, SVP, CIO & CRO, Fidelity Bank of Florida N.A.
The Current and Future States of AML Technology

The Current and Future States of AML Technology

Eric Barzydlo, Regulatory Compliance Officer, Fulton Financial Corporation, Lancaster, PA
A lot of questions to be asked, but no single correct answer

A lot of questions to be asked, but no single correct answer

Dan Komanski, Vice President of Risk Management, Robins Financial Credit Union

Weekly Brief

Top 10 Financial Fraud Detection Solution Providers - 2019

Financial Fraud Detection Special