Marie-Christine Diaz, Business Development Manager/Payments-EU at Eastnets
Imagine fighting an enemy that doesn’t exist but appears to be very real and can certainly cause actual damage. How can you tell apart this shadow, made up of many fragments of information, from an actual person?
This is the challenge financial institutions worldwide are grappling with, and it’s known as synthetic identity fraud. Criminals are mixing genuine and stolen information to create identities that can easily get past account setup and know-your-customer (KYC) checks.
The amalgamation of multiple identities into one synthetic identity makes this type of fraud particularly insidious. Often, it goes unnoticed until it reaches a point of substantial financial loss. Now imagine this is happening in the era of instant payments, where transactions occur in the blink of an eye.
How can financial institutions do to protect their customers and themselves from this threat?
The synthetic conundrum
Synthetic identities that blend stolen legitimate information with fabricated details such as names, phone numbers or genuine ID documents serve as powerful tools for criminals. They use them to open accounts with a fake identity and gradually build up a credit history over months or even years.
Once they have established creditworthiness, fraudsters exploit these identities to make purchases, withdraw cash, or draw credits. When they reach the maximum credit limits, they vanish without repaying, leaving financial institutions with substantial losses.
Estimates suggest that financial institutions miss a staggering 95 per cent of synthetic identity fraud cases during the account setup process[1]. This alarming statistic underscores the urgency of finding effective solutions. Losses attributed to synthetic identity fraud are estimated to range from $20 billion to $40 billion annually[2], with the figures steadily climbing.
Regulators are formulating new rules that require the validation of username and account information to fight this type of fraud. But in many countries, the solutions to do this are not yet ready and have fallen behind what fraudsters can do.
Taking a whole-system approach
Addressing synthetic identity fraud requires a holistic and multifaceted strategy. It has to look at how customers join at the start. It needs to check who the customers really are. And, it must keep watch for risks all the time. This includes:
Deepening customer understanding
Financial institutions must invest in tools and technologies that help them know their customers better. This involves scrutinising synthetic ID information, such as addresses, emails, and phone numbers, and cross-referencing it with a wide range of non-financial data sources. These sources may include previous addresses, driving licenses, property ownership records, education histories, social media activity, and mobile phone records.
Additionally, the integration of face and voice biometrics recognition can enhance the accuracy of identity verification. Inconsistencies in the information gathered should trigger additional verification steps, including in-person document verification.
KYC enhancement
KYC procedures need to evolve from fragmented, rule-based solutions to more robust and dynamic models. Financial institutions should develop synthetic ID risk models based on a combination of internal and external data sources.
These models should enable real-time customer risk assessment and scoring. Frequent checks of the validity of customer information, both current and historical, should be scheduled. The system should also support timely rescoring to detect and deter synthetic identity fraud more effectively.
Given the evolving nature of fraud, the chosen KYC solution should offer the flexibility to create and customize KYC forms, allowing for the incorporation of specific risk categories related to fraud, including synthetic fraud.
Connecting the dots
The ability to “join the dots” is essential in identifying synthetic identity fraud. Financial institutions should implement tools capable of detecting and scoring fraudulent identities by correlating demographic identity information with various contextual and historical data sources.
These sources may include profile information, account activity, transaction history, blacklists, sanctions screening results, and credit profiles. Detecting duplicates or mismatches in key identity fields like name, address, or birthdate across different sources is critical. Such inconsistencies could be indicative of synthetic fraud.
Using advanced technologies
As synthetic identity fraud becomes more sophisticated, financial institutions must harness advanced technologies to stay ahead. Artificial intelligence (AI) and machine learning (ML) can play a pivotal role in fraud detection and prevention.
While traditional models struggle due to the lack of historical synthetic fraud cases, AI and ML can analyse data from various sources and identify anomalies. These technologies can significantly reduce false positives, enhance risk scoring accuracy, and streamline data-driven investigations.
Integration is key
Addressing synthetic identity fraud requires a multifaceted approach, combining several essential tools and solutions. One key component is eKYC, a tool that serves as the foundation for authentication. This may involve the use of document verification, biometric verification, or other digital identity verification methods, ensuring the person is genuine.
Complementing this is sanctions screening, which operates in real-time to cross-reference individuals against sanctions lists and blacklists, acting as a crucial barrier to stop fraudsters from slipping through the cracks. Simultaneously, AML transactions monitoring provides ongoing scrutiny of customer information, offering a vital line of defence by tracing potentially illicit money transfers via mule accounts.
Moreover, fraud detection is indispensable, especially in the context of instant payments, as it swiftly identifies transactional or customer behaviour anomalies in real-time. Together, these integrated tools and solutions create a comprehensive strategy to combat synthetic identity fraud, safeguarding financial institutions and their customers from this evolving threat.
Compliance and data privacy
It’s essential to ensure that any solution or method used to fight fake identity fraud follows data privacy regulations. This means respecting people’s right to have their information deleted. However, financial institutions must ensure they can still spot fraud in the future by keeping unique identity markers even when other information is removed.
The battle against synthetic identity fraud is a tough one, but it’s a battle that financial institutions cannot afford to lose. By adopting a holistic approach that combines technology, data analysis, and a deep understanding of customers, the sector can stay ahead of fraudsters.
As the threat of synthetic identity fraud continues to grow, a comprehensive strategy is not just an option – it’s a necessity.
