Sentilink posted a new article that provides some revealing statistics on the Social Security Administration’s new electronic consent-based social security name matching service.
Sentilink, the growing identity company, is one of the early adopters of the program and provides access to the service to banks and lenders. So they are able to provide early read-outs of how the program is going as it matures.
In the article, they posted some revealing statistics based on over 30 million checks that have been sent through the new system.
69% of SSN No Match/MisMatches Are Not Fraud
Sentilink’s analysis concluded that about 93.3% of name checks with the Social Security Administration will result in a match – which is a pretty good match rate for being able to validate true ownership.
However, according to Sentilink, “Of the 6.7% that were returned as a “No” match/mismatch, we identified 31% as malicious fraud attempts (compared to 25% in Q1). That means 69% of mismatches aren’t fraud due to things like “fat-finger” typos. This nuance is important to keep in mind for financial institutions looking to approve more applicants.
What This Means To Banks and Lenders
While 69% of no match or mismatch name checks are false positives, that isn’t all bad news. The real good news is that the system can accurately clear 93% of social security numbers as valid while detecting about 2% of the name checks as true fraud.
For the name mismatches, banks will simply need to perform stepped-up verifications to resolve those in other ways such as document reviews and other more robust identity checking.
SSN Checking Is Notoriously Difficult
From my experience SSN Mismatches, while they sound like a red flag, often prove to be false alarms. Sentilink’s analysis is informative, but not surprising to me.
In analysis, I have conducted on SSN variations on credit bureau red flags, the false positive rate on bureau alerts involving social security numbers can be as high as 1,000:1 which is close to random probability of fraud.
SSN mismatch flags should be used as just an element of any identity strategy, rule or model and not as an absolute indicator of fraud.