5 Things Banks Should Do To Stop Synthetic Identity Fraud

The Federal Reserve calls synthetic identity fraud the fastest growing financial crime in the US.

It boggles the mind that something so ridiculously simple as using a stolen Social Security Number and combining it with a different name and address could lead to such a rampant crime.

I mean, shouldn’t we be able to stop this from happening 100% of the time?

It turns out we could. And we probably should.

Synthetic Fraudsters Use the Banking System To Legitimize Their Identities

Synthetic Identity fraudsters use loopholes in our banking and credit reporting system to create and maintain their fraudulent identities.

A Synthetic Identity is nothing more than a Trojan Horse. It looks like good customers, but once they get in the gates they wreak havoc and undermine the whole banking process.

Whether it is using the credit approval process to generate a fake identity, or using the secured card gateway products to legitimize those identities, or leveraging the authorized user privileges banks offer to their customers – all of these processes are being used extensively to perpetrate one of the biggest frauds in the country.

There Are Simple Things Banks Can Do!

It turns out that there are some simple things Banks can do to stop Synthetic Identity. But I have inform you – it will mean pushing banks out of their comfort zone and changing old habits that often die hard.

Here are 5 things that I believe Banks could do to stop synthetic identity.

#1 – Don’t Let The Secured Card Trojan Horse Synthetics in The Door

In 1995, I worked for a large subprime credit card issuer as fraud analyst and I noticed an unusual trend developing on a new product we had just launched.   

The product was called Secured Card.   A consumer could deposit $300 with the bank and receive a credit card with a $300 credit line.

It was targeted to people that had little or no credit or people who wanted to build their credit score back up.  If the customer paid their monthly bill on the credit card account, we would report the positive payment history to the credit bureaus and they would eventually establish a good credit score.

But something fishy started to happen when we launched that product.  I started to notice that people were depositing $300 into the bank, applying for the credit card, taking out a cash advance for $300 to max out the card and then several months later, they would stop paying altogether. 

In some cases, they would actually write bad checks against the account and boost the credit line well above the initial $300 line of credit.

Something was obviously wrong at the bank and it was happening on a large scale. Our portfolio of secured cards was growing rapidly but customers weren’t using the accounts to build their credit, they were doing something else.

So I started to look at the social security numbers on all of the applications.   I used a product called Experian SSN Trace to see who owned the social security number. 

In almost every case, the SSN’s were not returning to the applicant.  I would type a social security number in, and it would show a completely different name than the applicant.

The applicants were plugging in any social security on the application and using their own names.  The only way I could detect it was by de-coupling the social security number from the name and seeing what got returned.

What I had stumbled upon was a technique used by first-party fraudsters called “credit tumbling” which was designed to fool credit bureaus identity linking system by removing one element of their 3 part matching algorithm (name + address + social security number). 

If a credit bureau received a different social security number from the borrower it would essentially create a new record called a no-hit which would later be turned into a credit file if a second inquiry was made.

The fraudsters were targeting secured cards in particular because it was an easy gateway product to build a new credit bureau.  Since the bank was getting a security deposit they were not that worried about losing money so they did very little in terms of fraud screening during account opening.

You see it turns out, that Bank I worked for was letting the Trojan Horse synthetic identities through the door. The bank felt they were protected by the security deposit but that was just a myth.

Don’t let your secured card portfolio be abused by synthetic identity fraudsters.

#2 – Stop Enabling PiggyBackers By Churning Through Authorized Users

Nothing is more frustrating then banks that continue to let their customers rent out their credit to people that they don’t know.

Some bank customers rotate their authorized users every 3 months and in the process make hundreds of dollars.

Why is this process allowed to continue? Banks should implement systematic controls to stop authorized user abuse.

Here are 3 ways that it can be done:

  1. Certify that the customer personally has met or knows the person they are putting on their account as an authorized user.
  2. Set up a policy that only allows no more than 1 authorized user change per year.
  3. Remove the authorized user privileges for any customer accounts that appear to have historically been credit renters.

#3 – Educate Consumers About Illegal CPN Use

The use of CPN’s (Credit Privacy Numbers) is out of control. It’s primarily driven by websites that promote the use of CPN’s as completely legal -which it is not.

One such website is LegalCPN.com which even promotes that using CPN’s is legal according to the FBI.

Banks need to start a nationwide education program to counter all of this misinformation that is being spread. Most consumers have no idea that CPN’s are just stolen social security numbers, given to them by providers that have no right issuing them in the first place.

#4 – Put a Warning and Confirmation on Applications Prohibiting CPN Use

Most prosecutions of synthetic identity fraud are successful because the consumer has supplied a CPN in the place where the application calls for a social security number.

So, banks should identify this very clearly to consumers. Banks should require applicants to certify that they are the rightful owner of the social security number and that they are NOT using a CPN.

#5 – Stop Approving Synthetic Loans and Cards

If Synthetic Identity fraud was similar to traditional True Name Fraud where the applicant has no intention of repaying, banks and lenders would target the problem more aggressively.

The problem with Synthetic Identity is that it is not.  In fact, many borrowers that use Synthetic Identities are trying to build or rebuild their credit and have every intention to repay.  And they often do.  And they are often profitable.

Some examples of potentially high-performance segments include:

  • Recent immigrants using Social Security Numbers not issued to them to establish their credit.
  • Recent immigrants using falsified ITIN’s not issued to them to establish credit.
  • Consumers that legitimately want to re-establish credit with a good payment history and use a false social security number.

But these high performing segments are causing a big problem for the industry.  Some lenders and banks simply don’t want to turn away the profitable segments so they choose to defer the problem to some point in the future.

The inability to distinguish between “good” and “bad” synthetic identities has put the financial services industry in a conundrum.

Stop Synthetic Identity Through Zero Tolerance!

The problem of Synthetic Identity could be resolved relatively easily.   I think some simple steps could go a long way.

  1. Treat Synthetic Identity like true name identity fraud – don’t tolerate it.
  2. Treat Synthetic Identity as a KYC (Know Your Customer) issue – verify everything
  3. Verify directly with the Social Security Administration when possible.  They are introducing new legislation to validate SSN’s electronically which could go along way.

Frank McKenna is the Chief Fraud Strategist for PointPredictive and a Fraud Consultant based in San Diego California