By Jason Lee and Marisol Lopez Mellado, Senior Directors – Compliance & Third-Party Risk Management at Moody’s
Governments and businesses have long dreamed of frictionless personal identity verification. The UK government announced this month that it intends to accelerate its adoption of digital identity, celebrating the benefits and calling on tech firms to support the rollout.
Digital IDs undoubtedly have the potential to play a role in people’s day-to-day transactions. Removing the need to carry personal documents to buy age-restricted goods, for example, could reduce the risk of loss or theft. Digital IDs are also being established to ensure only characteristics relevant to a given transaction are shared, better protecting individuals’ privacy by omitting additional information superfluous to the requirement such as home address and exact date of birth.
Wherever there is a new technology, however, bad actors will emerge and try to exploit it – be they individuals, organized criminals or state backed bad actors. Already, Digital IDs are being used for nefarious purposes.
The Rise of Synthetic IDs
Synthetic ID fraud is not new. At a basic level, it functions in a similar way to traditional identity theft: fraudsters use an identity that does not belong to them to gain unauthorized access to sensitive information, to steal money, and commit various other illegal acts.
The crucial difference between traditional and synthetic identity fraud is that, rather than stealing a real identity in its entirety, synthetic ID fraud uses fabricated identities that are often not linked to a real person at all. Fraudsters blend real biographical information taken from one or multiple individuals and combine it with fictional information, sometimes creating detailed backstories, which can make their deception more convincing and more difficult to detect.
Rapid advancements in AI technology over recent years, including the advent of GenAI, have in someways made synthetic ID fraud easier to commit and harder to detect, as bad actors can leverage the technology to produce convincing backstories, audio, and even video evidence to deceive automated or human checks.
The use of synthetic IDs to break the law or evade sanctions presents a particular risk in a corporate setting. Synthetic IDs can, for example, be used to hide beneficial ownership, and specially designated nationals (SDNs – or sanctioned individuals) can hide their involvement or stake in an enterprise by attributing entity ownership to a synthetic ID. Faced with this deception, legitimate businesses and financial institutions are at risk of severe financial and reputational harm.
What can be done?
At the time of writing, there is little in the way of specific legislation related to synthetic ID fraud. But there are existing compliance rules around due diligence and monitoring, initiatives to improve digital safety, and a number of methods by which organisations can reduce the risk of falling victim to fraudsters.
Adopting perpetual KYC (pKYC) practices can be an effective way of ensuring continuous risk monitoring and assessment. While traditional KYC checks to review material and relevant risks might be conducted periodically – perhaps once a year – pKYC checks are conducted throughout the lifecycle of a customer relationship. They can flag risk events that trigger screening and offer organisations a more active view risk which, in turn, can improve the likelihood of spotting characteristics that might indicate an elevated financial crime risk.
Inititiatives like that proposed by the Centre for Finance, Innovation and Technology (CFIT) are also promising. The government-backed group has recently published a blueprint for building a Digital Company ID, which aims to help in reducing synthetic ID fraud through unified and secure data sharing.
Although AI has made synthetic ID fraud more challenging to deal with, AI technologies can also be used to support fraud prevention and detection. AI-led systems can make use of unified datasets to perform analytics and identify anomalies or outliers that can build holistic risk profiles of given individuals or entities, which can be leveraged to make risk-based decisions. AI software can also be deployed to help assess the veracity of video or audio files.
With our digital identities on track to be used more and more in everyday transactions – both for individuals and entities – it’s more important than ever for businesses and financial institutions to equip themselves to deal with the challenges posed by synthetic ID fraud.
Advances in AI have opened a new set of challenges, but they also present opportunities to strengthen fraud prevention techniques. Use of innovative technology, combined with human expertise trained to spot what doesn’t look and feel right, is emerging as one of the best ways to prevent synthetic ID fraud – and indeed all kinds of fraud.
By incorporating developing technologies, implementing continuous risk checks, and unifying datasets across an organisation, businesses can better mitigate risks associated with synthetic ID fraud.
