New research from SentiLink shows credit unions may be at greater risk of falling victim to identity fraud than they believe.
A SentiLink analysis of nearly 1,600 known synthetic identities found one in seven had connections to a credit union, generally either a checking account or loan relationship. Synthetic identities utilize a mix of real and fake credentials to manufacture a new identity, though not all of those credentials may be associated with the same person.
The company divides this sort of fraud into two categories, first- and third-party synthetic identities. First-party involves a real person manipulating information, such as a fictitious date of birth or social security number, while third-party fraud is an entirely fictitious person.
For first-party fraud, while a consumer may have a driver’s license with a name, date of birth and an address matching the credit union’s field of membership, the social security number may be inaccurate. Credit unions aren’t checking closely enough to determine a genuine identity, said Max Blumeneld, co-founder of SentiLink.
“In their minds, they’re checking this thing, which is, ‘Hey, this person is eligible, they must be real,’ and they let their guard down a little bit in that sense,” he said.
Blumenfeld explained that if a consumer supplies the wrong combination of name, date of birth and social security number, credit bureaus simply create a credit record since no previous record with that combination exists. Instead, SentiLink recommends credit unions validate social security numbers either through W-2 forms or the Social Security Administrations eCBSV database.
Using that database or an SSA-89 form to verify identity requires the consumer’s consent, said Blumenfeld, “but if you suspect something is synthetic, that would be a reasonable thing to ask for.”
While institutions can fall victim to either first- or third-party fraud, said Blumenfeld, the latter is less common, in part because it’s more costly for the fraudster to pull off. Because first-party fraud is more prevalent, however, it often ends up being more costly to the creidt union in the long run.
Blumenfeld added that SentiLink’s analysis found no difference between how small and large credit unions were impacted by these fraud threats.