2024 CLFP Recertification
Educational Content: Synthetic Identity Theft
Synthetic Identity Theft
Definition:
Fraudsters create synthetic identities by piecing together fictitious and/or stolen personally identifiable information to forge an identity, with the intent of engaging in deceitful activities for personal or financial gain. These fraudsters utilize these fabricated identities to establish fictitious companies or steal the identities of existing businesses. This allows them to open bank accounts and/or secure loans, further enabling their financial schemes.
The Impact:
According to the Federal Reserve, Synthetic Identity Theft led to approximately $20 billion in losses for U.S. financial institutions in 2020. However, this figure is likely an underestimate since Synthetic Identity Theft often gets misclassified as ‘credit losses,’ as creditors might not accurately identify the true nature of the loss.
A Benchmarking Report titled “Combatting Business-to-Business Fraud,” jointly released in June 2023 by the Association of Fraud Examiners and Thomson Reuters, ranks concerns related to Synthetic Identity or fake business relationships as among the primary fraud-related worries during the onboarding of new business customers or vendors.
How the Scheme Works:
Fraudsters commonly use the synthetically crafted identity to apply for credit, introducing the false identity into the financial system. They are aware that the initial application might be rejected. However, this rejected application establishes a credit file. The fraudsters then persistently submit credit applications using this identity until one is approved. They might even apply as a co-signer with a ‘qualified applicant’ to increase their chances of approval. Over time, they build a favorable credit history, amassing credit limits and acquiring additional accounts. Some might continue making payments if they are using the credit history for criminal activities like human trafficking, terrorist financing, or money laundering. Others opt to ‘bust out’ by ceasing payments, vanishing with the loan’s collateral. Remarkably, the same synthetic identity can be exploited to defraud multiple industries and institutions simultaneously.
Core Identifying Information Collection & Verification:
While collecting essential identifying information before onboarding a new business, guarantor, and/or vendor is crucial, going a step further by validating the data through third-party data providers (such as credit-reporting agencies, government databases, or reputable third-party verification sources), as well as conducting open-source internet searches and outsourcing to subscription-based service providers, becomes paramount in shielding your institution from potential losses arising from synthetic identities.
Key data points to gather may encompass, but are not restricted to, the complete legal name of the entity/individual; taxpayer identification number; beneficial ownership form; physical and mailing addresses; phone numbers; email addresses; and photo identification for all guarantors and signers (including a clear color copy of both sides).
Additional internal screenings might involve, but are not confined to, sanctions screening; corporate filing history; open-source searches (including negative news and overall web presence); and criminal and public record searches.
Fraud Detection Toolkit and Service Providers:
Numerous toolkits and solutions are accessible to aid in identifying synthetic identities. One such resource is the Synthetic Identity Fraud Mitigation Toolkit, issued by the Federal Reserve in February 2022. Synthetic Identity Fraud Mitigation Toolkit – FedPayments Improvement
Many traditional fraud models and tools are not designed to account for the possibility of a ‘nonexistent’ person, underscoring the need to thoroughly vet businesses and individuals or rely on fraud mitigation service providers to unearth these fraudulent activities.