We tend to talk about fraud as if it’s a singular, monolithic problem. It’s much like a photomosaic; the closer you look, the more clearly you see how fraud consists of many specific behaviors and practices.
Friendly fraud, account takeover and counterfeit cards are just a few common threats that fall within the purview of fraud. One of the fastest growing and most dangerous of these threat sources is synthetic fraud.
Synthetic fraud is a form of identity theft. It’s like other identity theft tactics such as account takeover, where it leverages information stolen from actual cardholders. With this tactic, fraudsters use partial consumer data to forge a fictitious identity from whole cloth rather than impersonate an existing cardholder. The identity in question is literally “synthetic.”
A fraudster may have access to pieces of data from multiple consumers, which he could use to build a profile for a fake user. For instance, he can combine bits of data from different individuals to create a fake persona and obtain lines of credit in that individual’s name.
Social Security numbers are generally the primary targets for synthetic fraudsters. They’re the hardest to come by, but are the most useful to their ends.
This is partly why synthetic fraudsters target children even more than adults. One contributing factor was introduction of Social Security number randomization in 2011, but the primary reason is children don’t have any credit history. If a fraudster can steal a child’s Social Security number before that individual ever gets the chance to use it, all the easier to perpetrate fraud. In all,
With that much identity theft going on, it stands to reason the total financial impact will be huge. Not surprisingly, synthetic fraud is one of the fastest growing and most sophisticated forms of fraud in the U.S. today. It’s quickly developed into the primary method of attack for criminals due to just how hard it is to detect.
According to the State of Card Fraud 2018 report, synthetic fraud is estimated to account for 85% of all
Overall, synthetic fraud is believed to have cost U.S. businesses roughly $6 billion a year in 2016. The actual total is likely much higher; the $6 billion figure only accounts for identified cases and can’t factor in ancillary costs related to individual cases.
Businesses find themselves in a precarious position regarding synthetic fraud and other risk sources. They’re under pressure to minimize consumer friction and don’t want to create unnecessary barriers to consumers. The result: More synthetic fraud attacks get through each day.
How do we fight back? Is there an effective way to deal with this problem?
One fairly reliable approach is in-depth data analysis. It’s true not every user is online every moment of the day. Yet, even individuals who rarely do business digitally still leave trails behind. Financial information, past loans and a social media presence are all signs of a real person attached to an identity.
Verifying users based on available data could be a solid response to concerns about synthetic fraud. The problem is this data is not always accessible. With the General Data Protection Regulation (GDPR) and the soon-to-be-implemented
The key word here is “redundancy.” Using multiple layers of authentication to validate consumers’ identities provides a more detailed profile with greater insight. Online retailers can utilize a variety of anti-fraud tools to detect synthetic actors like geolocation and address verification. Thanks to mobile payments tools like Apple Pay, even biometrics are now an option.
Retailers can’t do this alone. Institutions should apply advanced screening processes to consumers before issuing cards or lines of credit. Relying primarily on a customer’s Social Security number to validate identity is not helpful when millions of Americans’ numbers
Even with these practices in place, there’s no guarantee against successful synthetic fraud attacks. However, a proactive and coordinated response will help protect businesses and consumers from the worst of it.
